Privacy Policy

This Privacy Policy explains how Europa Monster collects, uses and protects personal data in accordance with Regulation (EU) 2016/679 (GDPR).

1. Data controller

Europa Monster is the controller of your personal data. Contact: help@europa.monster.

2. Data we collect

• Identification data: name, date of birth, nationality, passport details.
• Contact data: email, phone number, postal address.
• Case data: employment history, education, family status, documents you submit to us.
• Payment data: handled by our payment processors; we do not store full card numbers.
• Technical data: IP address, browser type, pages visited.

3. Purposes and legal bases

• Performing our contract with you (Art. 6(1)(b) GDPR).
• Complying with legal obligations (Art. 6(1)(c) GDPR).
• Legitimate interests in operating and improving our business (Art. 6(1)(f) GDPR).
• Your consent, where required (Art. 6(1)(a) GDPR).

4. Sharing your data

We share data only with vetted processors (hosting, email, payment, legal partners) under written agreements, and with public authorities when required by law. We do not sell your data.

5. International transfers

Where data is transferred outside the EEA, we rely on Standard Contractual Clauses or other approved safeguards.

6. Retention

We retain case files for up to 5 years after the end of the engagement, or longer where required by law (e.g. tax). Marketing data is retained until you withdraw consent.

7. Your rights

• Access, rectification, erasure and portability of your data.
• Restriction of and objection to processing.
• Withdrawal of consent at any time.
• Lodging a complaint with your local data protection authority.

To exercise any right, email help@europa.monster.

8. Security

We apply appropriate technical and organisational measures, including encryption in transit, access controls and least-privilege principles.

9. Changes

We may update this policy. The "Last updated" date reflects the most recent revision.