Montandor

Privacy policy

Privacy policy

This privacy notice explains how Montandor Andorra S.L.U. ("Montandor", "we") collects, uses, retains and protects your personal data when you visit this website, contact us via the contact form, or interact with a member of our team at your request. It is drafted in compliance with Andorran data-protection law (Llei Qualificada de Protecció de Dades, LQPD), the EU General Data Protection Regulation (GDPR, EU 2016/679) where the visitor is located within the European Union, and the French, Spanish, Portuguese and Italian data-protection rules where they apply.

1. Data controller

Montandor Andorra S.L.U., registered office in Andorra la Vella, Principality of Andorra. For any privacy enquiry or to exercise your rights, contact us via the contact form selecting the "Privacy" category. We respond within the time limits set by applicable law and in any case within thirty days.

2. Data we collect

We collect three categories of data:

  • Data you provide via the contact form: full name, company, professional email, free-text message. Mandatory fields are strictly necessary to process your request.
  • Technical connection data: IP address, user agent, approximate country, page viewed, timestamp. These feed our access logs for security, fraud prevention and technical diagnostics.
  • Anonymous audience measurement: we use an analytics tool self-hosted on our own infrastructure (no third-party tracking cookies, no browser fingerprinting). The metrics collected are aggregated (page views, referrer source, average time on page, device type). No directly identifying data is retained. This tool requires no prior consent because it sets no persistent cookies and does not cross-reference your data with any external source.

We do not collect any sensitive data within the meaning of GDPR Article 9 (ethnic origin, political opinions, religion, health, sexual orientation, trade-union membership, biometric or genetic data). If you spontaneously share such data in a free-text message, we will delete it without delay after reading.

3. Purposes and legal basis

PurposeLegal basis
Respond to your enquiryPre-contractual measures or legitimate interest
Establish and perform a commercial relationshipContract / pre-contractual measures
Site security, fraud prevention, loggingLegitimate interest (information-system security)
Aggregate anonymous audience measurementLegitimate interest (service improvement, no individual tracking)
Legal obligations (accounting, tax, contract retention)Legal obligation

4. Retention periods

  • Contact form: three years after last contact if the enquiry led to no further engagement; for the duration of the commercial relationship plus ten years (accounting obligations) if it did.
  • Technical access logs: twelve months, then automatic deletion.
  • Aggregated audience measurement: thirteen rolling months.

5. Recipients and processors

Contact-form data is received by our internal team (Andorra, France, Spain) according to the topic of the enquiry. No transfer outside the operating perimeter of Montandor S.L.U. is performed without a clear legal basis. We work with a limited number of technical processors:

  • Infrastructure hosting: Microsoft Azure, Europe region (West Europe). Data stored within the EU.
  • Transactional email: a GDPR-compliant provider used to deliver form-submission acknowledgements.
  • Microsoft 365 services: internal professional email, calendars, documentation. Montandor tenant.

Each processor is bound by a Data Processing Agreement (DPA) covering the required contractual, organisational and technical safeguards. The current list is available on request via the contact form.

6. International transfers

Data collected via this site is stored and processed within the European Economic Area (Microsoft Azure West Europe). A transfer to the Principality of Andorra may take place for internal administrative operations — Andorra benefits from a European Commission adequacy decision (2010/625/EU), guaranteeing a level of protection considered equivalent. No transfer to a third country without an adequacy decision occurs without standard contractual clauses or equivalent safeguards.

7. Security

We implement reasonable technical and organisational measures to protect your data: end-to-end TLS encryption, strict access control to internal systems, access logging, multi-factor authentication for admin accounts, daily encrypted backups, separation of production and test environments, and periodic security audits. In the event of a breach likely to result in a risk to your rights and freedoms, we notify the competent supervisory authority within 72 hours and, where the risk is high, inform you directly.

8. Automated decisions

No decision producing legal effects or significantly affecting visitors is made by fully automated processing. All commercial contacts and engagement decisions are validated by a member of the Montandor team.

9. Your rights

Under the GDPR and Andorran LQPD, you have the following rights regarding the data concerning you:

  • Right of access to your data.
  • Right to rectification of inaccurate data.
  • Right to erasure ("right to be forgotten") under the conditions set by law.
  • Right to restriction of processing.
  • Right to portability of your data to another controller.
  • Right to object to processing based on legitimate interest.
  • Right to set post-mortem directives.
  • Right to lodge a complaint with the Andorran Data Protection Agency (APDA), the French CNIL or your local EU supervisory authority.

To exercise your rights, use the contact form selecting "Privacy". Reasonable proof of identity may be requested.

10. Changes to this notice

This notice may evolve. The last-updated date is shown at the bottom of the page. Substantial changes (change of controller, change of purposes, addition of a new major processor) will be highlighted via a dedicated information banner for thirty days.

Last updated : 26/04/2026