Skip to content

Privacy Policy

Effective date: 26 January 2025 This privacy policy outlines how we handle your personal information and protect your data.

Monj is committed to protecting personal data and complying with applicable UK data-protection and electronic-commerce laws. This Privacy Policy explains how personal data is collected, used, stored, and protected when you use this website.

This policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the UK Electronic Commerce (EC Directive) Regulations 2002.

1. Personal Data We Collect

We collect only limited personal data:

  • Email addresses voluntarily provided when you contact us.

We do not require user accounts and do not collect payment details, medical information, or personal data for marketing, profiling, or advertising purposes.

2. Lawful Basis for Processing

Personal data is processed under the following lawful bases (Article 6 UK GDPR):

  • Legitimate interests – to respond to enquiries initiated by users
  • Consent – where users voluntarily provide personal data to contact us

3. How Personal Data Is Used

Email addresses are used solely to:

  • Respond to enquiries or messages you send to us
  • Handle follow-up communication directly related to your enquiry

We do not send marketing communications and do not share personal data with advertisers or affiliate networks.

4. Email Hosting and Processing (Microsoft Exchange Online)

Email communications sent to Monj are hosted and processed using Microsoft Exchange Online (Microsoft 365 / Exchange 365).

Microsoft acts as a data processor for email infrastructure, security, and service availability. Processing by Microsoft is governed by its contractual obligations and privacy commitments.

Further information on Microsoft’s data-protection practices can be found here:
Microsoft Privacy Statement:
https://privacy.microsoft.com/en-gb/privacystatement

Microsoft Products and Services Data Protection Addendum:
https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA

Monj does not permit third-party access to email content except where technically required to provide secure email delivery, storage, and protection.

5. Analytics and Technical Data (Google Analytics)

This website uses Google Analytics to understand aggregated website usage.

Google Analytics may process limited technical data such as:

  • IP address
  • Browser type
  • Device type
  • Approximate geographic location

This data:

  • Is processed in aggregated form
  • Is not used by Monj to identify individuals
  • Is not combined with contact data

Google acts as an independent data controller for analytics data it processes.

Further information is available here:
Google Privacy Policy:
https://policies.google.com/privacy

Google Analytics Data Safeguards:
https://support.google.com/analytics/answer/6004245

6. Cookies

This website uses limited cookies for essential functionality and aggregated analytics only.

Cookies do not store personal information. You can manage or disable cookies via your browser settings. Disabling cookies may affect site functionality.

7. Data Retention

Personal data is retained only for as long as necessary to respond to enquiries or comply with legal obligations. Data is reviewed periodically and securely deleted when no longer required.

8. Data Security

Appropriate technical and organisational measures are applied to protect personal data, including access controls, network security, and encryption where appropriate. No system can be guaranteed to be completely secure.

9. Abusive or Malicious Communications

Monj may retain and record communications that are abusive, threatening, or malicious where necessary for security, legal compliance, or evidential purposes. Such processing is carried out under legitimate interest and data is retained only for as long as reasonably necessary.

10. Your Rights

Under UK GDPR, you have the right to access, correct, or delete your personal data, object to or restrict processing, and withdraw consent where applicable.

How to Make a Request

The quickest way to contact us is via the website contact form.

Written requests sent by post will also be accepted.

Response Time

We aim to respond to valid data-rights requests without undue delay and within one month of receipt, regardless of whether the request is made electronically or by post.

Where a request is complex or multiple requests are received, this period may be extended by up to a further two months, in accordance with Article 12 UK GDPR. You will be informed if an extension is required.

11. Complaints

If you believe your personal data has been handled improperly, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
https://ico.org.uk

We encourage users to contact us first so concerns can be addressed directly.

12. Children’s Data

This website is not directed at children. We do not knowingly collect personal data relating to individuals under the age of 13. Any such data identified will be deleted promptly.

13. Changes to This Policy

This Privacy Policy may be updated to reflect legal, technical, or operational changes. Updates will be published on this page with a revised effective date.

14. Controller and Contact Details

For privacy enquiries or data-rights requests, please use the website contact form.

Written correspondence may be sent to:

Nick Johnson
Monj
124 City Road
London
EC1V 2NJ
United Kingdom

Share this page

Share on Reddit Share on WhatsApp Share on Bluesky