Privacy Policy

This document sets forth the privacy policy (hereinafter referred to as the "Privacy Policy"), which determines how Montu SpA (hereinafter and indistinctly referred to as "Montu" or the "Supplier"), handles and treats Personal Data, as such term is defined in this Privacy Policy, of Users, as such terms are defined in the Terms and Conditions, when:

• Register on or visit the Site; and,
• Contact the Supplier to purchase any of the Services offered.

The Privacy Policy assumes that, in the event that the User is a legal entity, it will have, the express, sufficient and informed consent of those owners whose Personal Data are provided to the Supplier, for its processing, which the User warrants by accepting the Terms and Conditions. The Supplier will have no liability regarding the latter, in particular in terms of verifying that such consent was given in accordance with the law. This Privacy Policy only applies to the use of your Personal Data obtained by the Supplier. It does not apply to personal data collected during the communications with third parties. Users, as applicable, state that all Personal Data provided by each of them is true and correct and undertake to keep them updated. Each User will be responsible for the veracity of their Personal Data and will be solely liable for any disputes and litigation that may arise as a result of the falsehood of such Personal Data. In order to keep the data updated, it is important that the Users inform any amendment in them. The use of the Site and the Services made available by the Supplier is always subject to the Terms and Conditions, which are incorporated into this Privacy Policy by reference only. Unless otherwise specified or unless it is a proper noun and the initial word of any sentence, all terms used in this Privacy Policy without specific definition have the definitions given to them in the Terms and Conditions, available on the website www.montu.io, such definitions being extensive to both their singular and plural form. The Supplier is responsible for the Personal Data collected regarding the access to or use of the Services and the Site, and for their processing. This document was last updated on [*] [*] 2024. Any questions in this regard can be sent to the following e-mail address: hola@montu.io.

ARTICLE I

PROCESSING OF PERSONAL DATA

In order to contract the Services and access the Site, Users will be required to provide some data that may be considered as Personal Data, such as name(s), ID number, address, email address, telephone number, position, accounts registered in other applications, passwords and other data related to the Services. The Supplier may also obtain related information, such as information about how you interact with the Site, the pages you visit, the Montu applications and features used, the content you review on the Site related to the Services that may be of interest to you, advertisements you have interacted with, location information, technical or device usage information, information provided when participating in surveys, research or focus group studies, and transactional information regarding your interaction with Montu: purchases, inquiries, information about your account, including payment information, and information about interaction with Montu's social networks. (hereinafter, all of the foregoing referred to interchangeably as "Personal Data"). Additionally, by virtue of the provision of the Service, Montu collects and processes data obtained from social networks, which may be statistical data, personal data or sensitive data, in an ethical and legal manner, as well as data from private persons or institutions whose owner has shared with and given Montu authorization to process them, as stated in the Terms and Conditions. These data are excepted from the above definition of Personal Data because of their public nature and because they are legitimately accessible and processable by any person or Montu has been granted due authorization to process them, which are treated and regulated in the Terms and Conditions. Montu may obtain information about Users from external information providers and collect information about the websites visited by Users before or after having accessed the Site, all for strictly commercial reasons. The Users freely, informed, expressly, unequivocally, absolutely and fully consent and accept that their Personal Data may be compiled, processed, extracted and, in general, processed by Montu in the terms described in articles 3 and following of Law No. 19.628 on the Protection of Private Life, or the law that may replace it in the future, in its current and updated version (hereinafter, the "Personal Data Law"), for all the cases in which the Personal Data Law requires such authorization and for the following purposes:

• to fulfill, satisfy and manage the contractual relationship with the Users, and allow the use of the Site and the Services by the Users;
• to obtain, from the use of the Site, information about the Users, their interests and their behaviors in order to facilitate and strengthen the commercial relationship between the Supplier and the Users;
• customize the content of the Site and communications based on their preferences use of the Site, including specific content and advertisements provided under the Services through the Site;
• to improve and develop the Services and the Site, including testing, research, analysis and product development;
• protect or prevent fraudulent, unlawful or harmful actions and maintain the safety, security and integrity of the Services and the Site;
• respond to law enforcement requests and as required by governing law, court order or government regulation;
• send commercial communications and offers of products and services of Montu and, in some cases, those of its Related Persons, as such term is defined in Law No. 18.045 (hereinafter, the "Related Persons"), and of third parties with which commercial agreements exist, including targeted offers based on their interests, the characteristics of the business or their location;
• administer surveys and other promotional events;
• produce a report, grouped, anonymized and dissociated reports and statistics, which may be used to measure and analyze the behavior of Users and the market with which they interact, for marketing, promotional, market research and commercial purposes; and
• any other business reasons indicated when collecting your Personal Data or as set out in applicable data privacy laws.

The User authorize the Supplier, in the event that they contract the Services and/or access and use the Site, to use the Personal Data provided by them, to send notifications or alerts, and any other communication or notice related to the contracted Services. Furthermore, they expressly authorize the Supplier to use the name and brand or logo of the User for the purpose of including it in lists of clients or User of the Services and for commercial or marketing presentations relating to the Services in accordance with Supplier's standard commercial practices. This implies that the Supplier may anonymize, dissociate and aggregate the Personal Data, and generate reports for statistical, marketing, research and commercial purposes.

ARTICLE II

COOKIES AND OTHER SIMILAR TECHNOLOGIES

Montu and the Site uses cookies and similar technologies such as pixel tags, web beacons, clear GIFs and JavaScript, own or third party (hereinafter also referred to as "Cookies"). Users authorize the Supplier to collect and process Personal Data obtained by the Site through Cookies. Cookies allows Montu's servers to recognize web’s browser and determine how and when Users visit and use the Website, to analyze trends, know the User database and operate and improve the Services. In addition, the Supplier may work with external advertising companies for monitoring purposes and commercial studies. These external companies may install Cookies on the Site, exclusively for the purposes described above and without need of being provided by the Supplier of any personal data of the Users. Users can decide whether to accept or not Cookies through their Internet browser settings. They can also delete all Cookies that are already stored. However, if they do so, you may have to manually adjust some preferences each time you visit a website and some Services and functionalities may not work properly.

ARTICLE III

RELEASE OF INFORMATION TO THIRD PARTIES

The Supplier will not sell, rent, lease, transfer or share Users' personal information, except as set forth in the Terms and Conditions, and in this Privacy Policy. Users expressly consent to the Supplier transferring all or part of their Personal Data to any of its Related Persons, to third parties with whom it has commercial agreements, to its service providers and/or to third parties other than those mentioned above, at any time, in the manner and under the conditions it deems appropriate, without prejudice to the fact that they will only use it for the purposes enumerated below. Related Persons, as well as business partners, service providers and third parties, are obliged by law or contract to protect Personal Data and to use it only in accordance with their instructions. Users may request a list of these third parties by sending an email to hola@montu.io. Personal Data may be transmitted and/or transferred nationally and internationally to third parties under the terms of the previous paragraph, only for the following purposes:

• to provide the Services, and to enable the operation of the Site;
• when necessary, in connection with the sale or transfer of business assets of the Supplier and/or its Related Persons, to enforce its rights, to protect its assets or its rights, the assets or the safety of third parties;
• perform an external audit or legal compliance and corporate governance functions;
• detecting security incidents, protection against malicious, deceptive, fraudulent or illegal activities, and prosecution of those responsible for such activities;
• conduct internal research for technological development and demonstration, and verify or maintain the quality or safety of a service that the Supplier owns or controls; and,
• comply with any legal obligation or regulatory requirement.

The above authorizations exclude personal information that may fall under the definition of sensitive data contained in the Personal Data Law with respect to the private life of the Users. The third party cannot market, publish, sublicense or in any other way distribute, in its own or other media, magnetic or otherwise, the Personal Data, being the sole responsibility of the third party for any improper use of it.

ARTICLE IV

RIGHTS OF USERS

Users may, at any time, exercise the rights granted by the Personal Data Law, especially the rights to information, cancellation, blocking, modification and updating, as well as to oppose the processing of Personal Data, requesting the termination of the contracted Services, and to be informed of the transfers carried out, and especially may:

• request information about the Personal Data relating to their person, their source and recipient, the purpose of storage and the identification of the persons or entities to which their Personal Data are regularly transmitted;
• request the amendment of their Personal Data if it is incorrect or out of date, if applicable;
• request the deletion or cancellation of the Personal Data submitted when their storage lacks legal grounds or when they are out of date, or when the User has voluntarily provided his Personal Data or they are used for commercial communications and does not wish to continue to be included in the respective register; and,
• oppose to the use of your Personal Data for advertising, market research or opinion polling purposes.

In order to exercise their rights, Users should contact Montu via the following email address: hola@montu.io. All information provided by Users to the Supplier must be accurate, correct and up to date. Users may at any time revoke the authorization given to the Supplier for the processing of their data in accordance with the provisions of the Personal Data Act.

ARTICLE V

SECURITY OF INFORMATION

The Supplier has deployed an information security policy and procedure that includes administrative, technical and physical controls designed to safeguard Personal Data and information generated and collected in connection with the use of the Website and the contracting of the Services, which ensure the confidentiality, integrity, traceability and availability of the information assets. However, such security systems are not infallible and there is a risk of data infiltration, interception, interruption, change or loss. The Supplier shall not be liable for leaks or disclosure of stored data except under the terms of Section IV about Disclaimer of Warranties and Liability of the Terms and Conditions. It is hereby stated that the use of the Internet is exposed to the malicious or negligent intervention of third parties, which may cause damage to Users or their computer equipment, a situation that Montu cannot be held liable for under any circumstances. Consequently, the Users, having become aware of this fact and having voluntarily chosen to use the Site, assume under their own responsibility and liability the risks of possible damages to which they may be exposed as a result of the actions of third parties that are not part of Montu or its Related Persons. The links on the Site that provide links to other websites are provided solely for the purpose of providing relevant information to Users. Notwithstanding the above, the Supplier is not responsible in any case for the contents of other Sites, nor for any damages that the information contained therein may cause to the Users. It is expressly stated that the fact that third party websites are published on the Site does not mean under any circumstances that the Supplier approves, authorizes, or sponsors such websites, nor that it has any alliance or relationship whatsoever with them. The Supplier may at any time, and at its own discretion, add and/or remove links to external websites, without prior notice to Users. Except in special cases, the Supplier will retain the relevant Personal Data for at least [two (2)] years from the date of the last interaction with the Users, or longer if it is obliged to do so in accordance with the applicable legal regulations in each case or if expressly agreed in writing with any User. In certain cases, the Supplier will keep Personal Data on file even if its storage has no legal grounds or has expired, for the purpose of resolving disputes or complaints, detecting problems or incidents and resolving them, and complying with the provisions of the Terms and Conditions for a certain period, in accordance with the law. Thus, Personal Data may not be removed immediately, for legal and technical reasons, including security support systems. Therefore, there should be no expectation that all Personal Data will be permanently deleted from our databases immediately. The Supplier undertakes to protect Users' Personal Data, and to take all relevant security measures to warrant their privacy and to prevent unauthorized access and/or use. The Supplier works in a secure environment (https), encrypting communications using the SSL encryption protocol, also encrypting Users' credentials used on the Site, storing the different types of information in different environments, which makes it impossible to relate the files containing each type of information without knowing the Users' identifiers.