Course Blog Consulting

Privacy Policy

How we collect, use, and protect your personal data

Last updated: June 2026

1. Identity of the Data Controller

Massimiliano Trincas | Operating as: Max.mt | Website: https://max.mt | Contact: hello@max.mt | Location: Malta

2. What Personal Data We Collect

2.1 Data you provide directly

  • Name, email (forms)
  • Phone (if provided)
  • Business name and role (B2B)
  • Payment info (Systeme.io, we don't store card details)
  • Intake form info

2.2 Data collected automatically

  • IP, location
  • Browser, device
  • Pages visited, time spent
  • Referring URL

2.3 Data from email interactions

  • Open/click data via Brevo
  • Replies to emails

3. Legal Basis for Processing (GDPR Art. 6)

  • Consent (Art. 6(1)(a)) — opt-in to mailing list
  • Contractual necessity (Art. 6(1)(b)) — deliver services
  • Legitimate interest (Art. 6(1)(f)) — analytics, security
  • Legal obligation (Art. 6(1)(c)) — tax/accounting

4. How We Use Your Personal Data

  • Respond to enquiries
  • Deliver courses
  • Marketing emails (with consent)
  • Manage CRM
  • Process payments
  • Legal compliance
  • Improve website

We will NEVER sell, rent, or trade your personal data to third parties for their own marketing.

5. Third-Party Data Processors

5.1 Systeme.io

CRM, funnel, course delivery, payments. EU-compliant. Privacy: systeme.io/privacy-policy

5.2 Brevo

Email delivery. France (EU), GDPR compliant. Privacy: brevo.com/legal/privacypolicy

5.3 Cloudflare

DNS, security, performance. IP addresses. EU data processing available. Privacy: cloudflare.com/privacypolicy

6. Data Retention

  • Marketing contacts: until unsubscribe
  • Client records: up to 7 years
  • Payment records: 5–7 years per Maltese law
  • Analytics: 12–26 months

7. Your Rights Under GDPR

  • Access (Art. 15)
  • Rectification (Art. 16)
  • Erasure (Art. 17)
  • Restriction (Art. 18)
  • Portability (Art. 20)
  • Objection (Art. 21)
  • Withdraw consent

Contact hello@max.mt. Response within 30 days. Complaint: IDPC Malta — idpc.org.mt

8. Cookies and Tracking Technologies

This website uses cookies and similar tracking technologies to improve user experience and analyse website traffic.

8.1 Types of cookies

  • Essential (always on, required for site function)
  • Analytics (Systeme.io) — understand visitor interaction
  • Marketing (Systeme.io) — track funnel performance

You may control cookie preferences through our cookie consent banner or your browser settings. Withdrawing consent for non-essential cookies will not affect your ability to use the site. Essential cookies cannot be disabled as they are required for the site to function correctly.

Our cookie consent banner allows you to accept or reject non-essential cookies on your first visit. You may change your preference at any time by clicking the cookie icon in the bottom-left corner of any page. Your choice is stored in your browser's local storage and is not shared with any third party.

9. International Data Transfers

Some processors may process data outside the EEA. We ensure appropriate safeguards: Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions where applicable.

10. Data Security

  • Encrypted email (TLS)
  • HTTPS via Cloudflare
  • SPF, DKIM, DMARC
  • Access controls
  • 72-hour breach notification to supervisory authority per GDPR Art. 33

11. Children's Privacy

Not directed at under-16. We do not knowingly collect data from minors.

12. Changes to This Privacy Policy

Updated from time to time. Material changes notified by email or prominent notice. Continued use = acceptance.

13. Contact Us

Massimiliano Trincas | Email: hello@max.mt | Website: https://max.mt