BlazorUI

Privacy Policy

MONOVANCE LTD – BlazorUI (v 1.0)
Effective date: 7 July 2025
Compliance: UK GDPR; Data Protection Act 2018; PECR 2003 (as amended)


1. Data Controller

Legal entity:MONOVANCE LTD (Company No 16379928 – England & Wales)
Registered office:71‑75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom
Trading name:BlazorUI – blazorui.com
Data Protection Officer (DPO):Alihan Güdenoğlu
E‑mail:dpo@monovance.com / alihan.gudenoglu@monovance.com
ICO registration:ZB889945 (pending update to MONOVANCE LTD)

2. Scope of this Notice

This Privacy Policy explains how we collect, use, disclose and secure personal data when you visit blazorui.com, purchase digital content, obtain consultancy services, or otherwise interact with MONOVANCE LTD (together, "Services"). It supplements any product‑specific notices and forms part of our contractual terms.

3. Lawful Bases & Processing Purposes

Purpose UK GDPR Legal Basis Details
Account creation & order fulfilmentArt 6 (1)(b) – contractManage user registration; deliver digital content; schedule consultancy sessions.
Payment processing & fraud preventionArt 6 (1)(b)(f) – contract / legitimate interestExchange necessary data with Stripe Payments Europe and our banking partners; monitor unusual activity.
Statutory record‑keepingArt 6 (1)(c) – legal obligationRetain transaction data for HMRC, Companies Act 2006 and bookkeeping rules.
Service analytics (non‑essential cookies disabled by default)Art 6 (1)(a) – consentUnderstand aggregate usage patterns to improve Services.
Marketing communicationsArt 6 (1)(a) – consentOccasional e‑mails about new templates or features; you may opt out at any time.
Security & system integrityArt 6 (1)(f) – legitimate interestLog IP addresses and access events to detect abuse and ensure availability.

We do not engage in automated decision‑making producing legal or similarly significant effects (Art 22 UK GDPR).

4. Categories of Personal Data Collected

  • Identity & contact – full name (mandatory), e‑mail (mandatory), telephone (optional).
  • Credentials & authentication – salted/hashed password, session tokens.
  • Transaction data – purchased items, Stripe charge ID, currency, amount. Payment card numbers are handled solely by Stripe (PCI‑DSS Level 1); MONOVANCE never stores raw card details.
  • Technical logs – IP address, user‑agent string, device identifiers, timestamp, error traces.
  • Consent artefacts – wording & version of policies accepted, opt‑in check‑box state, acceptance timestamp, hash of the page.

We operate on a data‑minimisation principle and will not request information deemed unnecessary for the stated purposes.

5. Cookies & Similar Technologies

Category Name / Lifespan Purpose Default State
Essentialblazorui_session (7 days)Maintains login across pages.Active
Securitycsrf_token (session)Protects forms from CSRF.Active
Analyticsanalytics_id (1 year)Pseudonymous analytics via Plausible Analytics (self‑hosted).Disabled until consent
MarketingNoneWe do not set third‑party ad or profiling cookies.N/A

Browser Do Not Track signals are honoured; essential cookies cannot be declined without losing core functionality.

6. International Transfers

  1. Hosting – Production servers are located in ISO 27001‑certified data centres in Helsinki, Finland (EEA). Under the UK adequacy regulations (28 June 2021) the EEA is deemed to provide an "essentially equivalent" level of protection.
  2. Payments – Stripe Payments Europe, Avoca Court, Lower Hatch Street, Dublin 2, Ireland (EEA adequacy).
  3. Other third countries – If we must make a "restricted transfer" outside approved regions, we will implement IDTA or the UK Addendum to the EU SCCs, together with supplementary measures where required.

A copy of relevant transfer mechanisms can be requested from the DPO.

7. Data Sharing

  • Payment processor: Stripe Payments Europe (PCI‑DSS Level 1).
  • Infrastructure providers: Upcloud Oy (hosting); Cloudflare Inc. (global CDN & DDoS mitigation).
  • Professional advisers: accountants, auditors and legal counsel subject to confidentiality.
  • Government & courts: where mandated by law or to establish, exercise or defend legal claims.

We never sell or rent personal data to advertisers or other third parties.

8. Retention Periods

Data set Retention Trigger Duration
Identity & contact detailsAccount deletionUp to 180 days, then anonymised or securely erased.
Transaction & invoice dataFinancial year end6 years (HMRC / Companies Act).
Consent & log recordsDate of collection6 years to evidence compliance.
Technical backupsRolling 30‑day cycleAutomatic encrypted destruction thereafter.

Backups are encrypted at rest (AES‑256) and inaccessible to operational staff without dual control.

9. Security Measures

  • TLS 1.3 with HSTS and TLS OCSP stapling.
  • Server hardening, container isolation and least‑privilege IAM roles.
  • Nightly off‑site encrypted backups; quarterly disaster‑recovery drills.
  • Mandatory MFA for staff and administrators; privileged actions are audit‑logged.
  • Annual CREST‑approved penetration tests and dependency vulnerability scanning.

Despite robust controls, the internet is inherently insecure; MONOVANCE accepts no liability for unauthorised access beyond our reasonable control (data at rest and in transit are encrypted; however total immunity cannot be guaranteed).

10. Your Rights (UK GDPR Arts 15‑21)

You may exercise the following rights, subject to statutory exemptions:

  1. Access – obtain a copy of your personal data.
  2. Rectification – correct incomplete or inaccurate data.
  3. Erasure – request deletion where no lawful basis remains.
  4. Restriction – suspend processing pending verification.
  5. Portability – receive data in a machine‑readable format.
  6. Object – to processing based on legitimate interest or direct marketing.
  7. Withdraw consent – without affecting prior lawful processing.

Where requests are manifestly unfounded or excessive we may charge a reasonable fee or refuse (Art 12 (5)). Identity verification is required before release.

11. How to Make a Request

Write to the DPO at dpo@monovance.com or blazorui@monovance.com with:

  • subject‑line: "Data Subject Request";
  • the right you wish to exercise;
  • sufficient information to verify identity (order ID, registered e‑mail, etc.).

We will respond within one month (extendable by two months for complex cases). If you are dissatisfied, you may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or call +44 303 123 1113.

12. Children's Data

BlazorUI is not directed at individuals under 16 years of age. We do not knowingly process children's data. If we learn that such data has been collected, it will be erased without delay.

13. Limitation of Liability

Except for death or personal injury caused by our negligence, we shall not be liable for any indirect, consequential or incidental losses (including loss of profits or data) arising out of or in connection with the processing of personal data, to the maximum extent permitted by law. Nothing in this notice limits data subjects' statutory rights.

14. Changes to this Policy

MONOVANCE LTD reserves the right to amend this Privacy Policy at any time. Material changes will be announced via the website and, where appropriate, by e‑mail. The "Effective date" at the top will change; continued use of the Services after that date constitutes acceptance of the updated terms.

15. Governing Law & Jurisdiction

This Policy and any dispute or claim arising from it shall be governed by English law. Exclusive jurisdiction lies with the courts of England & Wales.

16. Contact

Questions, concerns or requests should be directed to:

We aim to resolve all privacy‑related issues promptly and fairly.