Privacy Policy
Last updated: 2026-03-02
1. Introduction
Cetmix OÜ (“Cetmix”, “we”, “us”) respects your privacy and processes personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).
This Privacy Policy explains how we collect and process personal data when you visit:
This policy is provided in a concise, transparent, intelligible, and easily accessible form using clear and plain language in accordance with Article 12 GDPR.
2. Data Controller
Cetmix OÜ Registry code: 14805575 Registered office: Estonia Email: privacy@cetmix.com
Cetmix OÜ is the data controller within the meaning of Article 4(7) GDPR.
We have not appointed a Data Protection Officer, as we are not legally required to do so under Article 37 GDPR.
3. Scope
This Privacy Policy applies exclusively to personal data processed via:
It does not apply to third-party websites, services, or platforms not operated by Cetmix OÜ.
4. Categories of Personal Data
4.1 Data You Provide Voluntarily
If you contact us via the website (e.g., contact form or email), we may process:
- Name
- Company name
- Email address
- Phone number (if provided)
- Message content
Legal basis: Legitimate interest (Art. 6(1)(f)) in responding to inquiries.
4.2 Automatically Collected Technical Data
When you visit the website, certain technical data may be processed:
- IP address
- Browser and device information
- Pages visited
- Referrer URL
- Date and time of visit
IP addresses are anonymised or truncated as soon as technically feasible (e.g., masking the last octet), where possible.
Technical logs are used strictly for security, integrity, and troubleshooting purposes.
Legal basis: Legitimate interest (Art. 6(1)(f)).
5. Analytics
5.1 Plausible Analytics
We use Plausible Analytics, a privacy-focused analytics tool.
Plausible is configured to:
- Avoid the use of cookies
- Avoid persistent identifiers
- Collect only aggregated, anonymised usage data
- Avoid cross-site tracking
In this configuration, Plausible does not enable identification of individual users and does not store information on your device.
Legal basis: Legitimate interest (Art. 6(1)(f)) in understanding general website performance.
We have assessed that our legitimate interest in obtaining basic, aggregated website usage insights is not overridden by your rights and freedoms, given the strictly anonymised and non-identifying nature of the data processed.
Plausible acts as a processor where applicable under Article 28 GDPR.
6. Legal Basis Overview
| Purpose | Legal Basis |
|---|---|
| Responding to inquiries | Legitimate interest |
| Website security | Legitimate interest |
| Plausible analytics | Legitimate interest |
| Legal compliance | Legal obligation |
Our legitimate interest consists of operating, securing, and improving our website.
You have the right to object at any time to processing based on legitimate interest (Art. 21 GDPR).
7. Cookies and Similar Technologies
We use cookies only where strictly necessary for:
- Essential website functionality
- Security
Plausible Analytics does not rely on cookies in its privacy-preserving configuration.
We do not use advertising, marketing, or tracking cookies.
For more information, please see our Cookie Policy.
8. Recipients of Personal Data
Personal data may be shared with:
- Hosting providers (EU-based infrastructure providers)
- Security and content delivery providers
- Plausible Analytics (EU-hosted, processor where applicable)
All processors are bound by data processing agreements pursuant to Article 28 GDPR.
We do not sell personal data.
Personal data is disclosed to public authorities only where required by law.
9. International Data Transfers
We primarily use service providers located within the European Union.
Where personal data is transferred outside the European Economic Area (EEA), appropriate safeguards are implemented in accordance with Chapter V GDPR, such as Standard Contractual Clauses approved by the European Commission.
You may request further information regarding applicable safeguards by contacting privacy@cetmix.com.
10. Data Retention
We retain personal data only for as long as necessary.
Retention criteria include:
- Duration of communication
- Legal obligations
- Statutory limitation periods
- Legitimate interest in follow-up
- Defence of legal claims
Retention periods:
| Data Category | Retention Period |
|---|---|
| Contact inquiries | Up to 24 months after last communication |
| Email correspondence | Duration of communication + up to 12 months |
| Technical security logs | Typically 7–30 days |
| Plausible data | Aggregated, short-term storage as configured |
11. Your Rights Under GDPR
You have the following rights:
- Right of access (Art. 15) – obtain confirmation whether we process your data and receive a copy.
- Right to rectification (Art. 16) – correct inaccurate data.
- Right to erasure (Art. 17) – request deletion where applicable.
- Right to restriction (Art. 18) – limit processing in certain cases.
- Right to data portability (Art. 20) – receive your data in structured format where applicable.
- Right to object (Art. 21) – object to processing based on legitimate interest.
To exercise your rights, contact:
You have the right to lodge a complaint with:
Estonian Data Protection Inspectorate https://www.aki.ee(opens in new tab)
12. Automated Decision-Making
We do not carry out automated individual decision-making, including profiling, within the meaning of Article 22 GDPR.
13. Children
Our website is not directed at children under 16 years of age, and we do not knowingly collect personal data from children.
14. Security
We implement appropriate technical and organisational measures including:
- HTTPS encryption
- Secure hosting infrastructure
- Access controls
- Monitoring and updates
However, no system can guarantee absolute security.
15. Changes to This Policy
We may update this Privacy Policy to reflect changes in legal requirements or website operations.
The current version is always available at: