GDPR Compliance

At MEGA PROMOTING S.R.L., the operator of the Kallina AI platform, we are committed to protecting our users' personal data in accordance with the highest data protection standards. This page describes how we comply with the General Data Protection Regulation (GDPR - EU 2016/679) and applicable national legislation. Data Controller: MEGA PROMOTING S.R.L. IDNO: 1019600021765 Address: mun. Chișinău, str. Alexandru cel Bun 51, of.51 Republic of Moldova IT Park Moldova Resident

We adhere to all 7 fundamental GDPR principles: Lawfulness, fairness, transparency: We process data only with valid legal basis, clearly inform about processing Purpose limitation: We collect data only for specific, explicit, and legitimate purposes Data minimization: We collect only strictly necessary data Accuracy: We keep data up-to-date and correct Storage limitation: We retain data only as long as necessary Integrity and confidentiality: We protect data against unauthorized access Accountability: We can demonstrate compliance with all principles

We process personal data based on the following legal grounds (Art. 6 GDPR): Consent (Art. 6(1)(a)): Marketing, newsletter, non-essential cookies Contract performance (Art. 6(1)(b)): Providing Kallina AI services, payment processing Legal obligation (Art. 6(1)(c)): Invoicing, tax reporting, legal compliance Legitimate interest (Art. 6(1)(f)): Security, fraud prevention, service improvement

Under GDPR, you have the following rights: Right of access (Art. 15): Obtain confirmation and access to your data Right to rectification (Art. 16): Correct inaccurate personal data Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten") Right to restriction (Art. 18): Restrict processing in certain situations Right to portability (Art. 20): Receive your data in a machine-readable format Right to object (Art. 21): Object to processing, especially for direct marketing Rights regarding automated decisions (Art. 22): Not be subject to automated decision-making

To exercise any of your GDPR rights: Email: Send a request to contact@kallina.info Online form: Access the "Privacy" section in your account Mail: Write to our address Response time: 30 days (can be extended by 60 days for complex requests)

We implement technical and organizational measures per Art. 32 GDPR: AES-256 encryption for data at rest TLS 1.3 for data in transit Multi-factor authentication (MFA) Role-based access controls Regular security audits Annual penetration testing Incident response plan We comply with ISO 27001:2022 and SOC 2 Type II standards.

Personal data may be transferred outside the EEA with appropriate safeguards: Standard Contractual Clauses (SCC) approved by the European Commission Transfer Impact Assessments (TIA) Additional technical security measures

You have the right to lodge a complaint with the supervisory authority: For Republic of Moldova: National Center for Personal Data Protection (CNPDCP) Address: MD-2004, mun. Chișinău, str. Serghei Lazo, 48 Tel: +373 22 820 801 Website: datepersonale.md For EU: The supervisory authority in your country of residence.

For any questions regarding GDPR compliance: MEGA PROMOTING S.R.L. IDNO: 1019600021765 Address: mun. Chișinău, str. Alexandru cel Bun 51, of.51 Republic of Moldova IT Park Moldova Resident Email: contact@kallina.info Phone: +373 61 066 888