Privacy Policy

1. Controller

The controller responsible for processing personal data on this website within the meaning of Art. 4(7) GDPR is:

Magic Monkey Marketing LLC, 7901 4th St N Ste 300, St. Petersburg, FL 33702, USA. General contact: mail@magicmonkeymarketing.com. For data protection requests please use the same address with the subject line 'GDPR'.

3. Data Protection Officer

We are not legally required to appoint a Data Protection Officer under Art. 37 GDPR. For all data protection matters, please contact us at mail@magicmonkeymarketing.com.

4. Scope

This policy explains what data we process when you visit magicmonkeymarketing.com, contact us via the website, or use our services. It applies to visitors from the EU/EEA, UK and Switzerland under the GDPR, UK GDPR and Swiss FADP, and to all other visitors as a matter of policy.

5. Data we process

When you use the site we may process the following categories of data:

Technical data automatically sent by your browser: IP address, user agent, referrer, requested URL, timestamp.
Contact data you submit via forms or email: name, email address, company, message content.
Consent data: your cookie choice, the timestamp and the version of the consent banner.
Usage data via analytics (only if you opt in): pages viewed, device type, approximate region, session duration.
Marketing data via advertising pixels (only if you opt in): conversion events, ad click identifiers.

6. Purposes and legal basis

We process data only for the purposes listed below and only on a valid legal basis under Art. 6 GDPR:

Operating the website and ensuring security - Art. 6(1)(f) GDPR (legitimate interest in a working, secure site free of abuse).
Responding to your inquiries - Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in answering business contacts).
Storing your cookie consent - Art. 6(1)(c) GDPR (legal obligation to document consent under Art. 7(1) GDPR).
Analytics and marketing cookies - Art. 6(1)(a) GDPR (your explicit consent), revocable at any time with effect for the future.

7. Provision of data: voluntary or required

Providing personal data is neither legally nor contractually required. You are not obliged to provide data. However, without the data marked as required in our contact form we cannot answer your inquiry. Visiting the website itself only requires the technical data your browser transmits automatically.

8. Recipients and processors

We share personal data only with the following categories of recipients, all of which act under a data processing agreement (Art. 28 GDPR) where required:

Hosting and content delivery: Cloudflare, Inc. (USA) - delivers the website and protects it against attacks.
Transactional email: our email service provider - delivers messages from the contact form to us.
Analytics (only with consent): Google Ireland Ltd. / Google LLC - aggregated website usage statistics.
Advertising (only with consent): Google Ireland Ltd. and Meta Platforms Ireland Ltd. - measurement of ad performance.
Authorities and courts: only if we are legally obliged to disclose data.

9. Cookies and tracking

We use a consent banner that blocks all non-essential cookies until you actively opt in. Necessary cookies store only your language and your consent decision and are set on the basis of legitimate interest.

Analytics and marketing tools (for example Google Analytics, Google Ads, Meta Pixel) are loaded only after you give consent for the corresponding category. You can change your choice any time via or the link in the footer.

10. Hosting and infrastructure

The website is hosted on Cloudflare's edge network. Cloudflare processes connection metadata (IP address, request headers) to deliver content and protect against attacks. A data processing agreement under Art. 28 GDPR is in place.

11. Contact form and email

When you contact us via the contact form or by email, we receive the data you provide plus your IP address and timestamp. We use this data only to handle your request. Email is delivered via a transactional email provider acting as our processor.

12. International transfers

Our company is based in the United States and several of our processors are located in the US or other third countries. Personal data of EU/EEA visitors may therefore be transferred outside the EU/EEA. We rely on the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) and, where applicable, on the EU-US Data Privacy Framework as the legal basis for these transfers and apply additional technical and organisational measures where appropriate. A copy of the safeguards is available on request.

13. Retention

We keep personal data only as long as needed for the purpose it was collected and for any legal retention periods.

Server logs: deleted or anonymised within 30 days.
Contact inquiries: up to 24 months after the last exchange, unless a contract or legal obligation requires longer storage.
Consent records: up to 24 months after withdrawal, as evidence of compliance with Art. 7 GDPR.
Accounting documents (if applicable): up to 10 years under tax law.

14. Your rights

Under the GDPR you have the following rights and may exercise them free of charge by contacting mail@magicmonkeymarketing.com:

Right of access (Art. 15) - obtain confirmation and a copy of the data we hold about you.
Right to rectification (Art. 16) - have inaccurate or incomplete data corrected.
Right to erasure / 'right to be forgotten' (Art. 17).
Right to restriction of processing (Art. 18).
Right to data portability (Art. 20) - receive your data in a structured, machine-readable format.
Right to object (Art. 21) - object to processing based on legitimate interests; for direct marketing you may object at any time without giving reasons.
Right to withdraw consent (Art. 7(3)) - any time, with effect for the future and without affecting prior processing.
Right to lodge a complaint with a supervisory authority (Art. 77) - in the EU/EEA member state of your habitual residence, place of work or place of the alleged infringement.