Privacy policy

1. Who we are

This Privacy Policy explains how Minglum ehf. collects, uses, and protects personal data when you use our web-based event management service.

Minglum ehf. is the data controller for personal data processed through the service.

2. What information we collect

• Account data: name, email address, and account-related details.
• Event data: event titles, descriptions, dates, times, and locations that you create or manage.
• Invitation data: invitee email addresses, invitation delivery details, and RSVP status.
• Communication content: messages, comments, and support requests sent through the service.
• Technical data: IP address, browser/device information, usage data, and security/system logs.
• Location data: only if you grant permission.

3. Why we process your data

• To provide and operate the service, including account management, event features, and invitations.
• To maintain security, prevent abuse/fraud, and improve service reliability.
• To respond to support requests and service communications.
• To comply with legal and regulatory obligations.

4. GDPR legal bases

• Contract: processing needed to provide the service you request.
• Legitimate interests: service security, abuse prevention, troubleshooting, and reliability improvements.
• Consent: optional features such as location-based functionality.
• Legal obligations: processing required to comply with applicable laws.

5. Email invitations

When you invite someone to an event, we use invitee email addresses only to send invitations, related updates, and RSVP handling.

You are responsible for ensuring you have a valid reason to share invitee contact details with us.

6. How we use location data

If you enable location access, we use location data only for event-related features such as selecting or displaying event locations.

Location access is controlled by you and can be disabled at any time in your device or browser settings.

7. Data sharing

We do not sell personal data.

We share data only with trusted service providers who help operate, secure, and support the service.

If personal data is transferred outside the EEA, we apply appropriate GDPR safeguards such as adequacy decisions or approved contractual protections.

8. Data retention and deletion

• Account and event data: kept while your account is active and for a limited period afterward when needed for legal, operational, or dispute-handling reasons.
• Invitation and RSVP data: kept while relevant for event management and related account history.
• Support communications: kept as needed to resolve requests and improve support quality.
• Technical/security logs: generally kept for a limited period (for example, weeks or months), unless longer retention is required for security investigations or legal obligations.
• When data is no longer needed, it is deleted or anonymized.

9. Your rights

• Access to your personal data.
• Correction of inaccurate data.
• Deletion where legal conditions are met.
• Data portability.
• Objection to or restriction of processing where applicable.
• Withdrawal of consent at any time where processing is based on consent.
• The right to complain to a data protection authority.

10. Security

We use reasonable technical and organizational safeguards designed to protect personal data, including access controls, monitoring, and appropriate security procedures.

No system is completely risk-free, but we continuously work to improve security.

11. Contact

Minglum ehf.

support@minglum.is

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the service or another appropriate channel.

The "Last updated" date at the top shows the latest version.