10% Off Sitewide – CÓDIGO: MAY10 ENDS SOON: --d --h --m --s -d --h restante
10% Off Sitewide — Code: JUNE10
MAY10

Privacy policy

Privacy Policy

What is this Privacy Policy for?

This privacy policy applies to websites operated by Monster Group Holdings Limited and its group companies, including www.monstershop.co.uk and our European websites.

It governs the privacy of users who choose to use our websites across the United Kingdom and the European Economic Area (EEA).

This policy sets out how we process, store, and protect personal data in compliance with:

  • UK General Data Protection Regulation (UK GDPR)
  • EU General Data Protection Regulation (EU GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR)
  • Applicable EU ePrivacy laws

For the purposes of data protection law, Monster Group Holdings Limited (or the relevant group entity operating the local website) acts as the data controller.

1. The Website

Our websites take a proactive approach to protecting user privacy and ensure necessary steps are taken to safeguard personal data throughout your visit.

We comply with applicable UK and EU data protection laws.

Legal Basis for Processing Personal Data

We process personal data under the following lawful bases:

Contractual Obligation – To fulfil orders, process payments, and deliver goods.

Legitimate Interest – To improve our services, manage customer queries, prevent fraud, and analyse sales trends.

Consent – For marketing communications and non-essential cookies.

Legal Compliance – To meet financial, tax, regulatory, and consumer protection obligations.

Where consent is relied upon, users have the right to withdraw consent at any time (see Section 6 – Your Rights).

2. Use of Cookies

Our websites use cookies and similar technologies to improve user experience and website performance.

Users are presented with a cookie consent banner when first visiting the site, allowing them to accept, reject, or customise cookie settings in accordance with UK PECR and EU ePrivacy requirements.

Types of Cookies Used

Essential Cookies – Required for core website functions (e.g., checkout, security, fraud prevention).

Functional Cookies – Enhance user experience (e.g., remembering preferences).

Analytics Cookies – Used for website tracking (Google Analytics 4).

Marketing Cookies – Used for advertising, remarketing, and social media integration.

Google Analytics 4 (GA4)

We use Google Analytics 4 (GA4) to understand how users interact with our websites and to improve usability and performance.

Google Analytics 4 may collect information such as:

  • Pages visited
  • Time spent on pages
  • Device and browser type
  • General geographic location (country/city level)
  • Interaction data

This data is collected using cookies and similar technologies.

Analytics cookies are only activated after the user has provided consent via our cookie banner. If you reject analytics cookies, Google Analytics tracking will not be enabled on your device.

Google may process analytics data on servers located outside the UK and EEA. Where personal data is transferred internationally, appropriate safeguards are implemented in accordance with UK GDPR and EU GDPR requirements, such as Standard Contractual Clauses or adequacy decisions where applicable.

Users can withdraw or modify cookie preferences at any time using our cookie settings tool.

You may also manage cookies via your browser settings.

Some third-party services (such as Google, Meta, or LinkedIn) may set cookies on your device when interacting with embedded content or advertising. These providers process data in accordance with their own privacy policies.

Further guidance on cookies is available from the UK Information Commissioner’s Office (ICO) and relevant EU supervisory authorities.

3. Contact & Communication

Users contacting us through our websites provide personal details at their own discretion.

How We Use Your Data

We may use personal data to:

  • Respond to enquiries
  • Process orders and manage accounts
  • Provide after-sales support
  • Deliver products and services
  • Prevent fraud and ensure website security
  • Send marketing communications (where consent has been provided)

Data Retention

We retain personal data only for as long as necessary for the purposes it was collected, including to meet legal and accounting obligations.

Typical retention periods include:

  • Customer order data: 6 years (for tax and accounting compliance)
  • Marketing data: Until consent is withdrawn
  • Customer service records: Up to 2 years

Retention periods may vary depending on legal requirements in the relevant jurisdiction.

Data Sharing

We do not sell personal data.

We may share personal data with trusted third parties where necessary for service delivery, including:

  • Payment processors
  • Courier and logistics providers (e.g., DPD, FedEx, DHL)
  • IT service providers
  • Marketing platforms (where consent has been given)

All third-party providers are required to process personal data in accordance with applicable data protection laws and under appropriate contractual safeguards. 

4. Email Newsletter & Marketing Communications

Users may subscribe to marketing communications via an opt-in process.

Marketing communications are sent only where:

  • The user has given explicit consent; or
  • Permitted under applicable soft opt-in rules (where legally applicable).

We do not use pre-ticked boxes.

Users may unsubscribe at any time using the unsubscribe link included in all marketing emails.

We may track email engagement (such as opens and clicks) to improve content and relevance.

5. International Data Transfers

As we operate across the UK and EEA, personal data may be processed in different countries within these regions.

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place in accordance with UK GDPR and EU GDPR requirements. These may include:

  • Adequacy decisions
  • Standard Contractual Clauses
  • Binding corporate rules (where applicable)

6. Your Data Protection Rights

Under UK GDPR and EU GDPR, individuals have the following rights:

  • Right of Access
  • Right to Rectification
  • Right to Erasure
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object
  • Right to Withdraw Consent

You also have the right to lodge a complaint with your local supervisory authority.

In the United Kingdom, this is the Information Commissioner’s Office (ICO) (www.ico.org.uk).

If you are located in the European Economic Area (EEA), you may lodge a complaint with the data protection authority in the country where you reside, work, or where you believe a data protection issue has occurred.

To exercise your rights, you can contact: admin@monstergroup.co.uk

7. Data Breach Notification

We take data security seriously and implement appropriate technical and organisational measures to protect personal data.

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours where required; and
  • Inform affected individuals where the breach is likely to result in a high risk to their rights and freedoms.

8. External Links

Our websites may contain links to external websites. We are not responsible for the privacy practices or content of third-party sites.

Users should review the privacy policies of any external websites they visit.

9. Contact Information

If you have questions about this policy or wish to exercise your data protection rights, please contact:

Monster Group Holdings Limited
Monster House
Alan Farnaby Way
Sheriff Hutton Industrial Estate
Sheriff Hutton
York
YO60 6PG
United Kingdom

Email: admin@monstergroup.co.uk

10. Updates to This Policy

This policy is reviewed regularly to ensure compliance with applicable data protection laws in the UK and EEA.

Last Updated: February 2026