Privacy Policy
connection with the use of the MONTELINK online platform available at
www.montelink.com (the “Platform”).
Platform as described in the Terms and Conditions and employs the terminology
adopted therein.
“Operator” means the entity operating the Platform, being, as a rule, the controller of
personal data to the extent described in this document;
“Consultant” means an entity registered on the Platform for the purpose of providing
advisory (consultancy) services to Clients;
“Client” means an entity using the services of Consultants through the Platform;
“B2B Client” means a Client using the Platform in connection with a business or
professional activity;
“B2C Client” means a Client who is a consumer;
“User” means any person using the Platform, including a Consultant, a Client and a person
browsing publicly available content;
“Account” means an individual profile of a User on the Platform;
“Consultation” means an advisory service provided remotely by a Consultant to a Client
through the Platform or a tool designated by the Operator;
“Subscription Plan” means a paid model of a Consultant’s access to the functionalities of
the Platform; “Profile” means a Consultant’s public page on the Platform;
“User Content” means data, texts, descriptions, graphics, audio-visual materials, reviews,
comments, forms, files and other information posted or transmitted through the Platform;
“Offer” means a proposal for the conclusion of a contract concerning a consultation or a
digital product, made publicly available by a Consultant;
“Price List” means a schedule of fees, commissions, subscriptions and settlement
parameters published by the Operator.
business activity, natural persons acting on behalf of B2B Clients, Consultants,
persons representing or contacting on behalf of entities using the Platform, as well as
other Users availing themselves of publicly accessible functionalities of the Platform.
Platform is:
MONTEFILE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, having its
registered office in Warsaw, 00-764 Warsaw, ul. Jana III Sobieskiego 104, premises 39,
Warsaw, postal code 00-764 Warsaw, National Court Register (KRS) No. 0001181321,
Tax Identification Number (NIP) 5214123286
hereinafter referred to as the “Controller” or the “Operator”.
contacted at the following address: iod@montelink.com.
European Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and on the free movement of
such data, and repealing Directive 95/46/EC (the “GDPR”) as well as other applicable
legal provisions.
operation of the Platform as an electronic service and marketplace, in particular with
respect to the maintenance of User Accounts, the publication of Consultant Profiles
and Offers, the operation of the calendar, reservations, instant messaging, video
consultations, payments, the review system, reports and complaints concerning the
operation of the Platform, security, moderation of User Content, analytics and the
marketing of the Platform’s own services.
by it in connection with the conclusion and performance of a contract with a Client,
the assessment of a matter, the provision of a Consultation, the delivery of a digital
product, the keeping of its own accounts, the handling of complaints relating to its
services and the fulfilment of statutory and professional obligations.
Consultation, the data necessary for the performance of the given service is
disclosed to the Consultant to the extent required for the performance of the contract.
The rules governing the further processing of data by the Consultant should derive
from separate information provided by the Consultant to the Client.
service providers, video consultation tools, hosting, cloud, communication, marketing
automation, analytics and advertising providers – such entities must act as separate
controllers or processors, in accordance with their role in a given process and the
contractual documentation concluded.
– identification and contact data of Users;
– data necessary for the creation and maintenance of an Account;
– Consultant Profile data; data relating to Subscription Plans;
– data relating to Offers, reservations, the calendar and availability;
– data relating to payments, pre-authorisations, pay per minute settlements,
Consultation Fees and Service Fees;
– data relating to the instant messenger, video consultations and technical support;
– data contained in User Content, including in descriptions of matters, forms,
attachments and transmitted documents;
– data relating to reviews and ratings;
– as well as technical and operational data concerning the use of the Platform.
the data of representatives, attorneys-in-fact, employees, associates and other
contact persons which are provided in connection with the use of the Platform.
this is necessary for the handling of the Consultation or digital product process – from
the payment operator, and also automatically during the use of the Platform by
means of cookies, system logs and similar technologies.
performance of a contract for the provision of services by electronic means, enabling
login, maintenance of the Account and the use of the Platform’s functionalities
(Article 6(1)(b) GDPR).
Platform’s model, Consultant data may be processed for the purpose of verifying
registration data, qualifications, billing data, integration with the payment tool and the
Consultation tool and the fulfilment of compliance and security requirements (Article
6(1)(b), (c) and (f) GDPR).
processing is necessary for the provision of the Platform’s services, the presentation
of Consultant Offers, the filtering of results, the provision of the calendar and
facilitating the Client’s selection of a Consultant (Article 6(1)(b) GDPR, and in the
relevant scope also Article 6(1)(f) GDPR).
necessary for the taking of steps at the request of the User prior to the conclusion of
a contract, for the organisation of Consultations, the conduct of communication
between the parties, the provision of a meeting link or room, the synchronisation of
the calendar and the handling of the service delivery process (Article 6(1)(b) GDPR).
necessity of performing a contract, including the collection of the Consultation Fee,
payment pre-authorisation, the settlement of the pay per minute model, the collection
of the Service Fee and the settlement of the Subscription Plan, as well as legal
obligations in the field of accounting and taxation (Article 6(1)(b) and (c) GDPR).
purpose of examining complaints concerning the operation of the Platform, the
technical coordination of complaints directed to the Consultant, the handling of
refunds, the moderation of reviews and ratings, as well as communication with Users
(Article 6(1)(b), (c) and (f) GDPR).
the basis of the legitimate interest of the Operator consisting in the protection of the
Platform’s infrastructure, the verification of the compliance of Users’ activities with the
Terms and Conditions, the prevention of fraud, payment abuse, circumvention of the
settlement system and the pursuit or defence of claims (Article 6(1)(f) GDPR).
use of cookies or similar technologies, the legal basis is the consent of the User
(Article 6(1)(a) GDPR), and in the remaining scope the legitimate interest of the
Operator consisting in the development, optimisation and testing of the Platform’s
functionalities (Article 6(1)(f) GDPR).
consent of the User – where required by law for a specific communication channel or
marketing technology – or the legitimate interest of the Operator consisting in the
conduct of direct marketing of its own services within the limits permitted by law
(Article 6(1)(a) and (f) GDPR).
maintenance and development, communication, helpdesk, analytics and advertising
services to the Operator, to the payment operator, to the video consultation tool
provider, to accounting, advisory and legal entities, as well as to Consultants
selected by the Client – to the extent necessary for the performance of a
Consultation within the Platform.
Stripe, Inc. or another payment operator implemented on the Platform, whilst the
video consultation function may be performed using Zoom Communications, Inc. or
another tool designated by the Operator. The scope of data actually transferred must
depend on the adopted architecture of the process and the configuration of the
integration.
on the basis of appropriate agreements and solely to the extent necessary for the
provision of a given service. Where they act as separate controllers, the legal bases
and rules for processing must also derive from the privacy documentation of such
entities. A list of entities acting on the instruction of the Operator constitutes Annex
No. [1] to the Terms and Conditions.
including the provision of services by electronic means, the personal data processed
by the Controller may be transferred to the following categories of recipients:
– state authorities, e.g. the public prosecutor’s office, the Police, the President of
the Personal Data Protection Office (PUODO), where they make a request to the
Controller, indicating the legal basis for their demands;
– service providers cooperating with the Controller, in particular for the purpose of
providing its services and maintaining the IT resources of the Website, i.e. with
respect to enabling the use of the Website and the provision of services and
delivery of its functionalities – providers responsible for the proper handling of the
Controller’s IT resources, information technology systems, Google Inc. with its
registered office in the USA or Google Ireland Ltd. with its registered office in
Ireland, as well as other external entities cooperating with the Controller in the
scope of its business activity. Depending on contractual arrangements and
circumstances, such entities must act on instruction or must independently
determine the purposes and means of processing;
– personal data may also be transferred to other entities – providers of tools whose
cookies are used.
the data subject.
subcontractors operating outside the territory of the EEA. Personal data transferred
outside the territory of the EEA is secured by appropriate legal safeguards so that the
receiving providers offer guarantees of a high level of personal data protection. Such
guarantees derive, in particular, from an undertaking to apply standard contractual
clauses adopted by the Commission (EU) or binding corporate rules duly approved
by a supervisory authority within the meaning of the GDPR. The manner of securing
data is compliant with the principles set forth in Chapter V of the GDPR.
safeguards applied in this regard, obtain a copy of such safeguards and information
on the place of their disclosure. In addition, the Controller must inform the data
subject of the intention to transfer personal data outside the EEA at the stage of data
collection.
which it was collected, and subsequently for the period required by law or necessary
for the establishment, pursuit or defence of claims. In practice, this means, in
particular, the retention of Account data until the Account is deleted, data relating to
the Subscription Plan, payments and settlements for the period required by
accounting and tax regulations, data relating to reports, reviews and correspondence
for the period necessary for the handling of the matter and any potential claims, and
marketing data until the withdrawal of consent or the lodging of an objection.
instant messenger, video consultations and the transmission of documents, the
Operator should establish separate, proportionate retention periods corresponding to
the actual function of such data within the system.
accordance with the rules set forth in the GDPR – to the following rights:
a) the right of access to data, i.e. the right to obtain from the Controller confirmation as
to whether it processes the personal data of such person and, where this is the case,
the right to obtain access to such data as well as information concerning, in
particular, the purposes of processing, the categories of data, the recipients or
categories of recipients, the planned period of data retention, the source of data
acquisition, and the right to obtain a copy of the data;
b) the right to rectification of data, i.e. the right to request the immediate correction of
inaccurate data and the supplementation of incomplete data;
c) the right to erasure of data (“the right to be forgotten”), where one of the grounds
specified in the GDPR exists, in particular where the data is no longer necessary for
the purposes for which it was collected, consent has been withdrawn and there is no
other legal basis for processing, an effective objection to processing has been
lodged, or the data has been processed unlawfully;
d) the right to restriction of processing, in particular where the data subject contests the
accuracy of the data, objects to the erasure of data processed unlawfully, requests its
retention for the purposes of the pursuit or defence of claims, or has lodged an
objection to processing – pending the determination of whether the legitimate
grounds on the part of the Controller override the grounds of the objection;
e) the right to data portability, i.e. the right to receive the personal data provided to the
Controller in a structured, commonly used and machine-readable format and – where
technically feasible – the right to request the transmission of such data to another
controller; this right applies solely to data processed on the basis of consent or a
contract and by automated means;
f) the right to object to the processing of personal data based on Article 6(1)(f) GDPR,
i.e. on the legitimate interest of the Controller, on grounds relating to the particular
situation of the data subject; where data is processed for the purposes of direct
marketing, the objection may be lodged at any time, in which case the data may no
longer be processed for that purpose;
g) the right to withdraw consent at any time, where processing is based on consent; the
withdrawal of consent must not affect the lawfulness of processing carried out prior to
its withdrawal.
12–23 GDPR. As a rule, the Controller must provide information on the actions taken
in connection with the request of a data subject without undue delay, and no later
than within one month of receipt of the request. Where – due to the complex nature
of the request or the number of requests – it is not possible to provide a response
within such period, this period may be extended by a further two months, of which the
data subject is informed within one month, together with an indication of the reasons
for the delay. Within the same period, the Controller must also inform of a refusal to
take action and the reasons therefor.
from the provisions of law or from the necessity of protecting the rights and freedoms
of other persons, professional secrecy, trade secrets, archiving, accounting or
evidentiary obligations, as well as from the obligation to ensure the integrity and
security of the Platform and the protection of the rights of Consultants, Clients and
other Users.
Personal Data Protection Office where it considers that the processing of its personal
data infringes the provisions of the GDPR or other applicable data protection
regulations.
personal data.
pertain to the personal data of persons acting on their behalf, in particular
representatives, attorneys-in-fact, employees or contact persons.
personalisation, the assignment of marketing activities and the presentation of
Profiles and Offers using filters, rankings and other sorting mechanisms.
to the query, the availability of the Consultant, the price, the response time, the
quality and completeness of the Profile, Client ratings, the performance history, the
level of activity, the selected Subscription Plan and – where the Operator applies
such measures – promotional designations or paid promotion of the Offer.
automated processing which would produce legal effects concerning them or
similarly significantly affect them, unless a given process has been expressly
described separately and based on an appropriate legal basis.
This Policy is subject to periodic updates, in particular in the event of amendments to the
law, changes to the operating model of the Platform, the scope of services, technology
providers or tools used.
The Platform uses cookies and similar technologies.
Cookies are used in accordance with applicable laws, in particular taking into account
the principles arising from electronic communications law and the GDPR.
Platform, including the login module, the calendar, payments, the instant messenger,
video consultations, document transmission, including Google Analytics, Microsoft
Clarity, Google Tag Manager and Meta Facebook Pixel.
operation of the Platform, maintaining the User’s session, remembering settings and
preferences, maintaining security, supporting login, integration with external tools,
analysis of traffic and the manner of use of the Platform, as well as – upon obtaining
appropriate consent – for marketing and advertising purposes.
checkout, payment pre-authorisation, the instant messenger, video consultation
sessions, forms and the process of transmitting User Content, insofar as the given
technical solution requires it.
a) strictly necessary cookies – necessary for the operation of the Platform and the
performance of functions requested by the User, including login, session
maintenance, security, payments and the handling of Consultations;
b) functional cookies – remembering selected settings, preferences and interface
parameters;
c) analytical and statistical cookies – serving the measurement of traffic, testing and the
analysis of User behaviour;
d) marketing cookies – serving the personalisation of advertisements, remarketing and
the assessment of campaign effectiveness.
consent of the User, where such consent is required by law.
of previously granted consents or withdraw them, by using the cookie management
mechanism available on the Platform.
cookies through the settings of its internet browser; however, the restriction of certain
cookies may affect the proper functioning of selected functionalities of the Platform.
5.1. Google Analytics
The Operator may use Google Analytics for the purpose of analysing traffic on the Platform,
measuring the sources of visits, examining the effectiveness of content and improving the
functionalities of the website. To the extent that the use of this tool is based on non-essential
cookies or similar technologies, it is activated upon obtaining the consent of the User.
5.2. Microsoft Clarity
The Operator may use Microsoft Clarity for the purpose of analysing the manner of use of
the Platform, improving interface usability, diagnosing issues and assessing User paths. This
tool may record information on clicks, scrolling, navigation between sub-pages and technical
session parameters. To the extent required by law, Clarity is activated upon obtaining the
consent of the User.
5.3. Marketing Automation Tools
The Operator may use marketing automation tools provided by various suppliers for the
purpose of conducting informational and marketing campaigns, audience segmentation,
communication automation, sending reminders, analysing reactions to content and
supporting the sales funnel. The scope of data and communication channels used should in
each case correspond to the consents granted and the applicable laws.
5.4. Meta Pixel (Facebook Pixel)
The Operator may use Meta Pixel for the purpose of measuring the effectiveness of
advertising campaigns, remarketing, creating audiences and matching advertisements to the
activity of Users on the Platform. This tool is used upon obtaining the consent of the User,
where such consent is required by law.
5.5. Functional Integrations
Where the Platform uses embedded or integrated third-party solutions – in particular a
payment operator, a video consultation tool, an instant messenger, authentication, file
hosting or electronic signature – such solutions may use cookies or similar technologies to
the extent necessary for the operation of the given function. The qualification of such
technologies as strictly necessary or non-essential requires verification on a case-by-case
implementation basis.
5.6. Current List of Cookies and Partners
Due to the possibility of technological changes and implementation configurations, the
current list of cookies, tags and similar technologies – together with their functions,
categories, providers and operating periods – should be presented in the consent
management tool implemented on the Platform. The description contained in this Policy is of
a general nature and should remain consistent with the actual configuration of the Platform.
6. Cookie Duration
Cookies may be of a session nature – deleted upon the termination of the browser session –
or persistent, stored for a specified period indicated in the configuration of the given tool or
until their deletion by the User. The specific operating periods should derive from the actual
configuration of the Platform and the list of cookies made available in the consent
management module.
7. Amendments to the Cookies Policy
This Cookies Policy is subject to updates in the event of a change in the technologies used
on the Platform, legal requirements or the configuration of the consent management tool.
The current version of the document is published on the Platform.