In this Personal Data Privacy Policy, you will find concrete answers about how your data is collected,

stored, and processed.

Contents:

  1. Our contact details
  2. The sites for which this Policy applies
  3. What personal data do we process
  4. The person responsible for the collection and processing of your data
  5. Collection of your personal data
  6. The legal basis for the processing of your personal data
  7. Using automated profiles and automated decisions
  8. The purpose for which we process personal data
  9. Time to keep your personal data
  10. Disclosure of your personal data
  11. Security of your personal data
  12. Your rights
  13. Exercise your rights
  14. Choice of privacy settings
  15. Information on changes in the privacy policy
  16. Explanations of the terms and expressions used in this information note

 

  1. Our contact details

SC Annapurna Sky SRL, headquartered in Bucharest, Sos. Pantelimon no. 225, bloc 66, sc. 5, Floor 6, ap 200, Sector 2, registered at the Trade Register Office under no. J40 / 6229/2015, fiscal identification code 34552174 (hello@montalive.com, 0749 113 834)

  1. The sites for which this policy applies

The personal data privacy policy applies to the following blog/site (including subdomains) www.montalive.com.

  1. What personal data do we process
  • We collect your email and name for communications for email marketing purposes and for administrative communications related to the courses you have enrolled in through your email delivery service provider.
  • When you make a registration we collect the invoicing data only to comply with the legal provisions regarding the issuance of proforma and fiscal invoices
  • The data collected may be processed for purposes of legitimate interest to create statistics that allow us to develop new products, make certain adjustments, make better business decisions or meet the expectations of customers or potential customers to the highest standards.
  1. The person responsible for the collection and processing of your personal data
  • We are responsible for the collection and processing of personal data
  • We decide how the data is processed and why this data is processed
  • The person responsible for the protection of personal data is Catalina

Tiron, 0749113834 administrator www.montalive.com

  1. Collection of your personal data
  • The data is collected directly from you by phone, the emails you send us, the web forms (registration forms or newsletter subscription)
  • Data is collected directly and indirectly through your equipment or devices depending on your privacy settings or browser preferences: resolution, location, IP or through cookies strictly necessary for the legitimate interest (eg Google Analytics, Facebook Pixel Code)
  • Data is collected indirectly when someone else (a legal or natural person) enrolls in a course for you
  • The provision of data by you is permitted and voluntary unless the provision of data is a legally mandatory requirement: conclusion of a contract, billing data, course enrollment data, or accounting
  1. The legal basis for the processing of your personal data
  • We only process insensitive personal data
  • The legal basis for the processing of your “insensitive” personal data is: your

consent, a contract to which you are a party, a request from you before entering into a contract, the request justifies the processing of your personal data, the need to comply with a legal obligation to which we are subject, our legitimate or legitimate interest of a third party

  • We process your personal data based on interests that are: legitimate, legal,

real, transparent and present.

  • Our legitimate interests can be removed by: your interests and your

fundamental rights.

  • We adequately protect your interests and rights and freedoms. • We offer

detailed explanations (this document) that explain that our interest is legal and legitimate and does not violate your interests or fundamental rights and freedoms.

  • The legal basis for the processing of your “sensitive” personal data is that the

processing only refers to personal data that you obviously make public (example: you post certain comments on the website)

  • We do not collect or store sensitive personal data in any way.
  1. Using automated profiling processes and automated decisions
  • We do not use your personal data to automatically assess aspects of your interests and we do not use automated decisions that are made based on the fully automated profile and are made only by a computer
  • Our “fully automated” decisions cannot affect you.
  1. The purpose for which we process personal data
  • We process your personal data for the purposes described in point
  • Our purposes for which we process personal data are real, present, and legitimate.
  • We do not process your personal data for secondary purposes that are incompatible with the main purposes for which your personal data is initially collected; without your prior consent, without a legitimate interest in this, and without a legal basis.
  • We inform you that we do not collect and process data that is incompatible with the stated purpose.
  1. Time to keep your personal data?
  • We limit the storage time of your personal data to what is necessary for our stated processing purposes
  • We review the need to keep your personal data: Every year we analyze

the data collected and processed, in order to filter, sort, and maintain processing only for data for which the purpose of processing is current.

  • We delete your personal data within a specified time: We delete your data

one year from the date on which your relationship with us ends (the clause applicable in the case of unopened newsletters, from the moment the reader no longer accesses the content of the newsletters our).

  • We delete your data at the time you request this, except for data whose

supply and processing is required by law, which we delete within the period provided by law for this (billing data in 5 years, participation in courses, for an indefinite period).

  • If the retention of your personal data is necessary for the purposes

specified by law, we may still retain your personal data (example: participation in courses, completion of exams)

10.Disclosure of your personal data

  • Your insensitive personal data cannot be processed by third parties.
  1. Security of your personal data
  • We keep your personal data safe, with appropriate technical measures,

with appropriate organizational measures, with an adequate level of security, against unauthorized processing, against illegal processing, against accidental or illegal loss, against accidental or illegal destruction; against accidental or illegal damage.

  • We have implemented measures to discover security breaches, document

the causes of the security incident, document which personal data are affected by the security incident, document actions (and reasons for actions) to remedy the security breach, limit the consequences of the security incident, recover data return to a normal state of processing of personal data.

  • If we have a reasonable degree of certainty that there has been a breach

of the security of the processing of your personal data, then we report the security incident to the management of our company and designate a person responsible for:

  • analyze whether the security breach may have an adverse effect on you,
  • inform the relevant staff in our organization,
  • determine the extent to which it is necessary to notify the Supervisory Authority of the security incident, and
  • determine if it is necessary to provide you with information about the security incident.
  • investigate the security incident if necessary and try to prevent the security incident from leading to:

 

  • accidental or illegal destruction of personal data,
  • accidental or illegal loss of control of personal data,
  • accidental or illegal loss of access to personal data,
  • accidental or illegal alteration of personal data,
  • unauthorized disclosure of personal data, or
  • an unauthorized access to personal data.
  • we make every effort to mitigate the immediate risk of injury.
  • Notify the Surveillance Authority of the security incident if the breach is likely to pose a high risk to your rights and freedoms
  • We inform you about the security breach if the breach is likely to lead to a high risk to your rights and freedoms, as soon as possible, through appropriate contact channels, e.g. by e-mail, SMS, prominent banners on our website, postal communications, prominent advertisements in the media, etc.
  • We are not obligated to inform you directly if: we have taken steps to make your personal data incomprehensible to anyone who is not authorized to access it, immediately after the security incident, we have taken steps to ensure that the high risk for your rights and freedoms it is no longer possible to produce or would involve disproportionate efforts. In such a case, we will inform you through public networks.
  1. Your rights

We respect your rights regarding the protection of your personal dataAveți dreptul să solicitați abonarea sau dezabonarea la newsleter (materiale de content marketing, informări de marketing, etc)

If we process your personal data for direct marketing purposes, including the fully automated profile (insofar as it is linked to such direct marketing), you have the right to object to the processing of your personal data for this purpose.

  • Your right to object to the processing of your personal data for direct marketing purposes is a right that you have at any time, does not include anonymous data, includes personal data concerning you, does not include personal data that does not concern you, includes pseudonymous data that may be clearly related to you
  • If you object to the processing of your personal data for direct marketing purposes, then we must omit the processing of your personal data for this purpose.
  • If we process your personal data for direct marketing purposes, including profiling (insofar as it relates to such direct marketing), then we must explicitly inform you of this right at the latest at the time of the first communication with you and we must present this right to you clearly and separately from any other information.
  • You have the right to access your personal data

We must give you access to your personal data if:

  • ask us to confirm whether or not we process your personal data and
  • we process your personal data and request access to your personal data.

We must provide you with a copy of your personal information if:

  • ask us to confirm whether or not we process your personal data and
  • we process your personal data and request access to your personal data.
  • You have the right to ask us to confirm whether or not we process your personal

data, then you have a right that obliges us to confirm that we process your personal data or do not process your personal data

  • Your right to obtain confirmation from us that we process (or do not process) your personal data
  • Does not include anonymous data, includes only personal data about you, includes pseudonymous data that may be clearly related to you.
  • You have the right to information about the guarantees we have implemented for

the transfer of your personal data to a country outside the EU and the EEA if:

  • ask us to confirm whether or not we process your personal data and
  • we process your personal data and request access to your personal data.
  • You have the right to the rectification of your personal data.
  • The right to obtain the rectification of your personal data that are inaccurate

does not include anonymous data, includes only personal data about you, includes pseudonymous data that may be clearly related to you.

We must rectify your personal data if:

  • we process your personal data, and
  • Your personal data is inaccurate, and you request that your personal data be rectified
  • We must communicate the rectification of your personal data to the recipients of your personal data (if any). We do not communicate the rectification of your personal data to the recipients of your personal data if the communication to the intended recipient is impossible, or involves a disproportionate effort. You have the right to provide us with an additional statement.

We must complete your personal data if:

  • we process your personal data, and
  • Your personal data is incomplete, and you request that your personal data be completed.

You have the right to delete your personal data.

We must delete your personal data without undue delay if:

  • request the deletion of your personal data,
  • your personal data is not necessary for our purposes for the processing of your personal data.
  • you withdraw your consent on which the processing of your personal data is based, and
  • there is no other legal basis for the processing of your personal data.
  • object to our processing of your personal data,
  • you challenge our processing of your personal data for direct marketing purposes,
  • the processing of your personal data is illegal.
  • personal data must be deleted in order to comply with a legal obligation incumbent on us under Union or national law of a Member State
  • your personal data has been collected in connection with the provision of information society services

We need to communicate the deletion of your data:

  • personal to the recipients to whom we disclose (if any).
  • We do not communicate the deletion of your personal data to the recipients to whom we disclose it, if communication to the recipient is impossible or involves a disproportionate effort.

You have the right to obtain from us the restriction of the processing of your personal data.

  • Your right to obtain restrictions on the processing of your personal data: does not include anonymous data, includes personal data concerning you. includes pseudonymous data that may be clearly related to you,
  • We must restrict the processing of your personal data for a period of time in order to verify the accuracy of your personal data if you request that you obtain a restriction on the processing of your personal data and challenge the accuracy of your personal data.

We must restrict the processing of your personal data if:

  • request that you obtain a restriction on the processing of your personal data and
  • the processing of your personal data is illegal and
  • You object to the deletion of your personal data.
  • we do not need your personal data for the purpose of our processing,
  • request your personal data to establish a legal claim or,
  • request your personal data to lodge a legal complaint or,
  • You need your personal data to defend yourself against a legal complaint.
  • request that you restrict the processing of your personal data and object to the processing of your personal data that are necessary for the performance of a task that we perform in the public interest or oppose the processing of your personal data that are necessary in the exercise of official authority. is entrusted and you object to the processing of your personal data which is necessary for the purpose of the legitimate interests we pursue and wait to verify whether the processing of your personal data has a legitimate reason that does not exceed your objection.

We must notify the restriction of the processing of your personal data to

  • recipients of your personal data (if any).
  • We do not communicate the restriction of the processing of your personal data to the recipients of your personal data if the communication to the recipient is impossible or involves a disproportionate effort.

If we restrict the processing of your personal data, then we can

  • store your personal data,
  • process your personal data based on your consent,
  • process your personal data in order to file a legal complaint,
  • process your personal data in order to file a legal complaint,
  • process your personal data to protect us against a legal complaint,
  • process your personal data to protect a person’s rights,
  • process your personal data for reasons of public interest of the Union or a Member State.

If you obtain a restriction on the processing of your personal data, we must inform you before lifting the restriction.

 

  1. Exercise your rights
  • We invite you to contact us about the exercise of your rights regarding the

protection of your personal data.

  • We only accept written requests, because we cannot deal with verbal requests immediately, without first analyzing the content of the request and without first identifying you.
  • You can send your request regarding the protection of your personal data to hello@montalive.com
  • Your application must contain a detailed and accurate description of the right you wish to exercise

You must provide us with a copy of an identification document to confirm your identities, such as an identity card or passport.

o Any other data contained in the copy of the identification document, such as a

photograph or any other personal characteristics, may be hidden.

o We will not accept other means to prove your identity, especially if you want us

provide you with the data we hold, because we run the risk of transmitting your data to unidentified persons.

o If you want to propose alternatives, we will evaluate them on a case-by-case

basis.

o The use of the information in your identification document is limited to the

activity of confirming your identity and will not generate storage of your personal data longer than necessary for this purpose.

You will receive our response to your requests regarding the protection of your personal data at the email address from which you sent us the request.

  • We have appointed a person responsible for processing your requests regarding the protection of your personal data.
  • We have implemented policies that ensure that a request regarding the protection of your personal data is recognized, resolved within the time limits provided by law.
  • We inform you about how we handle your request (by which you exercise your rights) regarding the protection of your personal data: within one month from the date of receipt of the request.
  • You have the right to file complaints by sending them to hello@montalive.com
  • You can lodge a complaint with a supervisory authority: at your usual residence in the EU and EEA, at your place of work in the EU and EEA, at the place of the alleged infringement in the EU and EEA.
  • The supervisory authority must inform you within a reasonable time of the progress of the complaint and the outcome of the complaint.
  • You can mandate an organization to file a complaint on your behalf with a supervisory authority.
  • The supervisory authority must inform you within a reasonable time of the progress of the complaint and the outcome of the complaint.
  • You have the right to exercise legal redress in the EU and the EEA against an operator, a proxy, and a Supervisory Authority.
  • You can mandate an organization to exercise, on your behalf, the right to a legal remedy, to compensation for damage resulting from a breach of the law on the protection of personal data.

14.Choosing privacy settings

  • At this time we only collect data that serves legitimate or legal interests
  • You cannot currently choose to have your data processed in any other way than we do at this time, but we accept your suggestions.
  1. Information on changes in privacy policy
  • If we change our privacy policy, we will publish a new version of it on the website.
  • Upon request, we can provide you with previous versions of our privacy policy.

16.Explanations regarding the terms and expressions used in this information note

  • All terms and expressions used in this Privacy Policy shall have the meaning set

forth below, unless otherwise stated in this policy.

An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifying element, such as:

      • a name
      • an identification number
      • location data
      • an online identifier
      • the physical identity of a natural person
      • the physiological identity of a natural person
      • the genetic identity of a natural person
      • the psychic identity of a natural person
      •  the economic identity of a natural person
      • the cultural identity of a natural person

 

  • Sensitive personal data are – according to GDPR – called special categories of personal data.

We do not collect, disclose or process sensitive personal data

Personal data is sensitive if the processing of such personal data reveals:

  • an ethical and racial origin
  • political opinions,
  • religious beliefs,
  • philosophical beliefs,
  • a union membership.
  • genetic data
  • biometric data
  • Health data,
  • Data concerning the sexual life of a natural person,
  • Data concerning the sexual orientation of an individual.
  • Ordinary personal data arein the GDPR: There is no exhaustive list of such personal data.
  • Pseudonymisation of Personal Data means the processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to measures. of a technical and organizational nature to ensure that such personal data are not assigned to an identified or identifiable natural person.
  • Processing means any operation or set of operations performed on personal data or personal data sets, with or without the use of automated means, such as:
  • collect,
  •  recording,
  •  organization,
  • structure,
  • storage,
  • adaptation,
  • alteration,
  •  retrieval,
  •  consultation
  •  use
  • deletion or destruction
  • Restriction of processing means the marking of stored personal data in order to limit their processing in the future.
  •  The purpose of the processing means the reason for which the processing of personal data is performed.
  • Profiling (Automatic Profile) must be an automatic form of processing, which includes:
  • Exclusively automatic processing (referred to in Art. 22 of the

GDPR) andPartially automatic processing (if a natural person is involved in the processing of personal data does not necessarily mean that the processing does not constitute profiling) must be performed on personal data and the purpose of profiling must be to assess personal issues related to a natural person, in particular to analyze or make predictions about people.

  • Keep in mind that simply assessing or classifying people

automatically based on characteristics such as their age, gender, and height could be considered automatic profiling, regardless of the predictive purpose.

Decisions based exclusively on automatic processing:

  •  means making decisions by technological means without human involvement;
  • automatic processing is based on personal data provided directly by the

persons concerned (such as questionnaire replies); or observed with respect to persons (such as location data, collected through an application) or derived or deduced, such as the profile of the person who made certain purchases, may be made with or without profiling; profiling can take place without making automatic decisions.

Operator means the natural or legal person, public authority, agency or other body which, alone or together with others, establishes the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or national law, the controller or the specific criteria for its designation may be laid down in Union or national law.

Power of attorney means the natural or legal person, public authority, agency or other body that processes personal data in the name and on behalf of the controller

Recipient means the natural or legal person, public authority, agency or other body to whom the personal data are disclosed, whether or not it is a third part

  • However, public authorities to which personal data may be disclosed in the course of a particular investigation in accordance with Union or national law are not considered recipients; the processing of such data by the public authorities concerned shall comply with the applicable data protection rules, in accordance with the purposes of the processing.
  • Third Part means a natural or legal person, public authority, agency or body other

than the data subject, the controller, the controller and persons who, under the direct authority of the controller or the controller, are authorized to process personal data Representative means a natural or legal person established in the Union, designated in writing by the operator or the person empowered by the operator pursuant to Article 27, who represents the operator or person empowered in respect of their respective obligations under this Regulation.

  • Supervisory authority means an independent public authority established by a Member State under Article 51 GDPR.
  • Binding corporate rules means personal data protection policies that must be complied with by an controller or a controller established in the territory of a Member State, in relation to transfers or sets of transfers of personal data to a Member State. operator or a person authorized by the operator in one or more third countries within a group of undertakings or a group of undertakings engaged in a joint economic activity.
  • EU-US Privacy Shield:

 The EU-US Privacy Shield framework has been developed by the US Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with the requirements. data protection when transferring personal data from the European Union to the United States in support of transatlantic trade. On 12 July 2016, the European Commission approved the EU-US Privacy Shield framework as appropriate to allow the transfer of data in accordance with EU law

  • Commission Adequacy Decisions: The European Commission has the power to

determine, on the basis of Article 45 GDPR, whether a non-EU country offers an adequate level of data protection, either through domestic law or through its international commitments.

The effect of such a decision is that personal data may come from the EEA (EU and Norway, Liechtenstein and Iceland) in that third country, without the need for any other protection measures.

  • The European Commission has so far recognized an adequate level of protection for Andorra, Argentina, Canada (trade organizations – PIPEDA), the Faroe Islands, Guernsey, Israel, the Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the USA ( limited to the Privacy Shield framework).
  • Violation of the security of personal data means a breach of security that leads, accidentally or illegally, to the destruction, loss, alteration, or unauthorized disclosure of personal data transmitted, stored or otherwise processed, or to access unauthorized to them.
  • Enterprise means a natural or legal person who carries out an economic activity, regardless of its legal form, including partnerships or associations that regularly carry out an economic activity.
  • Enterprise group means an undertaking that exercises control and the undertakings controlled by it;
  • International organization means an organization and its subordinate bodies governed by public international law or any other body which is established by an agreement concluded between two or more countries or under such an agreement