Back to map

Privacy Policy

Last updated: 2026-04-09

1. Introduction

Cetmix OÜ (“Cetmix”, “we”, “us”, “MiaUmbria”) respects your privacy and is fully committed to protecting your personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit and use MiaUmbria, our map-first discovery platform for events in Umbria.

The policy is written in clear, plain language and is designed to be concise, transparent, intelligible, and easily accessible, in accordance with Article 12 GDPR.

2. Data Controller

Cetmix OÜ Registry code: 14805575 Registered office: Estonia Email: privacy@cetmix.com

Cetmix OÜ is the data controller within the meaning of Article 4(7) GDPR.

We have not appointed a Data Protection Officer, as we are not legally required to do so under Article 37 GDPR.

3. Scope

This Privacy Policy applies exclusively to personal data processed through the MiaUmbria platform (miaumbria.com and any associated subdomains or mobile web interfaces).

It does not apply to third-party websites, external event pages, or services you access via links on MiaUmbria.

4. Categories of Personal Data

4.1 Data You Provide Voluntarily

You are not required to provide any personal data to use MiaUmbria. You can browse the interactive map, filter events by category and date, view event details, and open external event pages without creating an account or providing any personal data.

Guest Event Submissions When you use our guest event submission form, we may process:

  • Name (optional)
  • Email address (optional)
  • Event URL, title, description, date, location, category, or any other details you submit

Your name and email (if provided) are used only for moderation and follow-up and are not published publicly.

Contact Inquiries When you contact us (e.g., by email), we process your contact details and message content to respond to your inquiry.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).

4.2 Automatically Collected Technical Data

When you access or interact with MiaUmbria, we automatically collect:

  • IP address (truncated before storage where technically feasible)
  • Browser type, version, and device information
  • Aggregated map interaction data (such as general area viewed, zoom level, or filters applied) without identifying individual users
  • Pages visited and general usage patterns
  • Referrer URL
  • Date and time of access

We do not collect precise geolocation data from your device unless you explicitly choose to enable location access (see section 4.3). Location-based discovery is otherwise handled locally in your browser.

Technical data is used for security, fraud prevention, platform integrity, and service improvement.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).

4.3 Location Data (Optional)

If you choose to enable location access in your browser, we may process your approximate location to display nearby events.

Location data is processed locally within your browser and is not stored on our servers or linked to your identity.

We do not track your location over time and do not use location data for profiling or analytics.

Legal basis: Consent (Art. 6(1)(a) GDPR), provided via your browser settings.

5. Analytics

5.1 Plausible Analytics

We use Plausible Analytics, a privacy-first tool configured to:

  • Use no cookies
  • Use no persistent identifiers
  • Collect only aggregated, anonymised usage statistics
  • Perform no cross-site or individual tracking

Plausible does not allow us to identify individual users and does not use cookies or store information on your device.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).

6. Legitimate Interests Assessment

We rely on legitimate interest as the legal basis for several processing activities. We have carefully assessed that our legitimate interests are not overridden by your rights and freedoms, given the minimal, non-intrusive, and privacy-preserving nature of the data processed. You have the right to object to such processing at any time (Art. 21 GDPR).

7. Legal Basis Overview

| Purpose | Legal Basis | | --------------------------------- | ------------------- | | Guest event submissions | Legitimate interest | | Responding to contact inquiries | Legitimate interest | | Platform security & integrity | Legitimate interest | | Analytics & service improvement | Legitimate interest | | Compliance with legal obligations | Legal obligation |

8. Cookies and Similar Technologies

We use cookies and similar technologies only where strictly necessary for:

  • Essential platform functionality (including interactive map operation)
  • Security and fraud prevention

Plausible Analytics operates without cookies. We do not use advertising, marketing, or tracking cookies.

For full details, please see our Cookie Policy.

9. Recipients of Personal Data

Personal data may be shared with:

  • EU-based hosting and infrastructure providers (e.g., Hetzner, Vercel)
  • Security and content delivery providers (e.g., Cloudflare)
  • Plausible Analytics (EU-hosted processor)

All processors are bound by data processing agreements compliant with Article 28 GDPR. We do not sell personal data.

We may also disclose personal data to courts, law enforcement agencies, or regulatory authorities where we are legally required to do so.

10. International Data Transfers

We primarily use service providers located in the European Union / European Economic Area.

If any transfer outside the EEA occurs, we implement appropriate safeguards (such as European Commission-approved Standard Contractual Clauses). You may request more information by contacting privacy@cetmix.com.

11. Data Retention

We retain personal data only as long as necessary.

| Data Category | Retention Period | | ------------------------- | -------------------------------------------- | | Guest event submissions | Until event date has passed + up to 6 months | | Contact inquiries | Up to 24 months after last contact | | Technical & security logs | 7 to 30 days | | Plausible Analytics data | Aggregated and short-term as configured |

12. Your Rights Under GDPR

You have the following rights:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)

To exercise these rights, email us at: privacy@cetmix.com. We will respond to your request within one month, as required by applicable law.

You also have the right to lodge a complaint with your local supervisory authority or with the Estonian Data Protection Inspectorate: https://www.aki.ee

13. Automated Decision-Making

We do not carry out automated individual decision-making or profiling (Art. 22 GDPR).

14. Children

MiaUmbria is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without appropriate consent, we will delete it promptly.

15. Security

We implement appropriate technical and organisational measures to protect your data, including safeguards implemented by our service providers, such as:

  • HTTPS encryption
  • Secure EU hosting infrastructure
  • Access controls and monitoring
  • Regular security updates

No system can guarantee absolute security.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top indicates the latest revision. We encourage you to review this policy periodically to stay informed about how we process your data.

The current version is always available at: this page

By using MiaUmbria, you acknowledge that you have read and understood this Privacy Policy.

If you have any questions, please contact us at privacy@cetmix.com.