Privacy Statement

Your privacy is respected by Montisoro.

Your personal data is handled and secured with care. We comply in all cases with the General Data Protection Regulation (GDPR).

GDPR compliant Fully transparent Never resold
Last updated · May 2026
The starting point

One conviction first: trust is infrastructure.

Montisoro records your data to inform you about relevant developments. Under no circumstances is permission granted to other companies or institutions to use your data.

We are fully transparent about the data we use and record. No fine print, no hidden agenda.

The promise

"No commercial use. Period."

We never share your data with other parties for commercial purposes. Not today. Not tomorrow. Not under any circumstance.

Purpose & processing

What we record and why.

Recording personal data and special categories of personal data is necessary for the performance of an agreement in the field of guiding and developing individuals, whether or not employed by an organization.

Each processing activity serves one clear purpose. We never collect more than we need for it.

Data is stored on servers within the European Union (AWS, EU region), encrypted in transit and at rest. Access is strictly limited to authorised staff, with authentication and two-factor verification. With Casey AI the case manager stays in charge — there are no solely automated decisions with legal effect.

"

We never share this data with other parties for commercial purposes.

Consent is given freely and unambiguously, as the person concerned is informed in advance about which data we wish to receive and why.

Your rights

Three rights that are unchangeable.

Independent of context, jurisdiction or agreement, these three rights always remain yours.

The person concerned always has the right to see how we use the data. One email is enough, no form, no barrier.

The person concerned has the right to erasure: the complete deletion of personal data. We carry this out without questions.

For every new processing activity we explain in advance which data we wish to receive and why, so that consent always remains free and unambiguous.

Which data, in which case

Four moments when we record data.

For every type of interaction we know exactly what we record and why.

Fit check

You complete the fit check; we send you the result and report by email.

Recorded
Name Organisation Work email Phone

Absence calculator

You calculate your absence cost; the substantiated report is emailed to you.

Recorded
Name Organisation Work email Phone

Booking a call

You book a diagnostic call via the scheduler. We use your data only to confirm and prepare the appointment.

Recorded
First & last name Email Phone Organisation Topic

Reintegration files (Storm)

On behalf of the employer we manage files during incapacity for work. Health data is strictly shielded and processed only on the proper legal basis.

Recorded
File data Health data (special category)
Cookies & local storage

No tracking cookies. Period.

Our site runs without tracking, advertising or marketing cookies. Here's exactly what we do and don't do.

No tracking, advertising or marketing cookies. The site works entirely without cookies that follow your behaviour or build a profile, so you don't need to accept anything to use it.

Today we use no optional cookies, so there is nothing to manage. Should we ever introduce them, we will first ask your consent via a cookie banner.

We measure visits with our own cookieless counter. Per page view we record only: the page visited, the external referring website, your language, your device type (mobile/tablet/desktop) and the screen width.

"

No IP address, no cookie, no fingerprint. We respect your browser's Do-Not-Track setting.

To make the site work we keep a few preferences locally in your browser (not cookies): your cookie preference, your language and your progress in the calculator, fit check or booking planner.

This data stays on your device and is never used to track you.

Legal framework

The details a DPO wants to see.

We process on the basis of: contract (art. 6.1.b) for the fit check, calculator and booking; legal obligation (art. 6.1.c) for reintegration; and legitimate interest (art. 6.1.f) for our cookieless website measurement. Health data is processed only on your explicit consent or the exemptions for employment and social-security law (art. 9.2.b/h GDPR).

Absence and reintegration files contain health data. In Storm these are strictly shielded and viewed only by authorised case managers. The medical assessment stays with the occupational physician.

File data is kept for the duration of the agreement and any legally required retention period thereafter. Lead and contact data is kept for a maximum of 24 months after your last contact.

Each under a data-processing agreement: AWS (hosting, EU), Supabase (database, EU), Microsoft 365 (email & calendar) and transactional email services (Mandrill, Amazon SES, Resend).

Within the EU in principle. Where a sub-processor processes outside the EU, this happens under the standard contractual clauses (SCCs).

The controller is Montisoro BV, Tisseltstraat 25, 1880 Ramsdonk (BE0733840137), at hello@montisoro.com. You may lodge a complaint with the Belgian Data Protection Authority (Drukpersstraat 35, 1000 Brussels — contact@apd-gba.be). On a data breach with risk, we notify the DPA within 72 hours.

Contact

Questions about your data?

In our activities, the general rules of good conduct and fair dealing apply.

Ask your question to hello@montisoro.com