Privacy & Cookie Policy

At MGT Montenegro we are committed to protecting the personal data of those who visit our website and use our services. This policy explains, under the EU General Data Protection Regulation (“GDPR”) and Türkiye’s Law No. 6698 on the Protection of Personal Data (“KVKK”), what personal data we process, for what purposes, with whom we share it, how long we keep it and what your rights are.

1. Data Controller

Your personal data is processed by MGT Montenegro as data controller, reachable at:

• Tivat (Head Office): Njegoševa 8A, 85320 Tivat, Montenegro — +382 67 065 094
• Istanbul: Hakkı Yeten Cd. Terrace Fulya, 34365 Şişli, Istanbul — +90 212 215 5575
• Email: [email protected]

2. Personal Data We Process

Through this website we process only the following data:

• Contact & appointment form data: your name, email address, phone/WhatsApp number, enquiry topic, preferred appointment day and time, and any information you include in your message.
• Technical data collected automatically: IP address, browser and device information, pages visited, referring link, and usage statistics obtained through cookies.

We do not request or knowingly process special category data (health, religion, biometric data, etc.). Please do not share such data through our forms.

3. Purposes of Processing

• Responding to your contact and appointment requests and scheduling meetings,
• Informing you about our consultancy, architecture and marketing services,
• Securing the website and preventing abuse (bots/spam),
• With your consent, analysing site usage via optional cookies to improve our services,
• Meeting our obligations under applicable law.

4. Legal Bases

Under GDPR Art. 6 and KVKK Art. 5, we rely on the following legal bases:

• Consent: submitting the contact form and accepting optional (analytics) cookies.
• Performance of a contract: responding to your request and delivering the service.
• Legitimate interest: website security and bot/spam protection.
• Legal obligation: where required by law.

5. Cookies

Our site uses strictly necessary cookies plus optional analytics cookies that load only with your consent. On your first visit, a cookie notice lets you accept or reject analytics cookies. If you do not consent, no analytics/measurement cookies are loaded. You can change your preference at any time via your browser settings.

Cookie / Technology	Purpose	Type	Duration
Cloudflare (hosting & security)	Site security, traffic management	Necessary	Session – 1 year
Cloudflare Turnstile	Form bot/spam protection	Necessary	Session
Cookie preference (mgt-cookie-consent)	Remember your cookie choice	Necessary	12 months
Google Tag Manager / Analytics (_ga, _gid)	Site usage statistics	Optional (consent-based)	_ga 24 months, _gid 24 hours
Meta Pixel (_fbp)	Ad measurement and remarketing (Facebook/Instagram)	Optional (consent-based)	~3 months
LinkedIn Insight Tag	Ad measurement and remarketing (LinkedIn)	Optional (consent-based)	~6 months

6. Third Parties & International Transfers

We do not sell your data to third parties for marketing. To provide the service we use the infrastructure of the providers below; as their servers may be located outside your country, the relevant data may be transferred internationally under GDPR Chapter V and KVKK Art. 9, based on your consent and/or appropriate safeguards:

• Cloudflare, Inc. — website hosting, security and bot protection (Turnstile).
• Google Ireland/LLC — Google Tag Manager and Analytics (only with your consent).
• Meta Platforms, Inc. — Meta (Facebook/Instagram) Pixel for ad measurement and remarketing (only with your consent).
• LinkedIn (Microsoft Corporation) — LinkedIn Insight Tag for ad measurement (only with your consent).
• Resend, Inc. — delivering form submissions by email.

7. Retention

We keep your contact and appointment data for as long as needed to handle your request and for a reasonable period thereafter (up to 24 months), after which we delete or anonymise it. Where the law requires, the statutory retention periods apply.

8. Data Security

We apply appropriate technical and organisational measures (encrypted connection/HTTPS, access restrictions, bot protection) to protect your personal data against unauthorised access, loss and misuse.

9. Your Rights

Under GDPR Art. 15–22 and KVKK Art. 11 you have the right to:

• Access your personal data and learn whether it is being processed,
• Request rectification of incomplete or inaccurate data,
• Request erasure,
• Object to or restrict processing,
• Request data portability,
• Withdraw your consent at any time.

10. Contact & Requests

To exercise your rights or for any privacy question, email [email protected] or reach us via our contact page. You also have the right to lodge a complaint with your local data protection authority.

11. Updates

We may update this policy from time to time. The current version is always published on this page, with the “Last updated” date shown above.