Privacy Policy
Last updated: 8 July 2026
This Privacy Policy explains how CEE Capital Projects (“we”, “us”, “our”) collects, uses, discloses and protects personal data when you visit CEE Capital Projects Intel (the “Site”) or interact with our services. We process personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”) and applicable national implementing laws.
1. Data controller
The controller responsible for the processing of your personal data is CEE Capital Projects. For any privacy-related questions or requests, contact us at Arpad Petri on LinkedIn.
2. Categories of personal data we process
- Reminder / newsletter signups: name, work email address, company name, and the date/time of your signup.
- Usage and analytics data: anonymous article views, click events, approximate reading time, referrer URL, user-agent string and a short-lived session identifier stored in your browser. This data is not linked to a signed-in identity.
- Technical data: essential cookies and local storage entries strictly required for the Site to function (e.g. remembering that you dismissed the cookie notice).
- Correspondence: any information you voluntarily share when you email us or otherwise get in touch.
We do not knowingly collect special categories of personal data or data from children under 16.
3. Purposes and legal bases of processing
- To deliver reminders and updates you signed up for — legal basis: your consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time.
- To operate and secure the Site (essential cookies, abuse prevention) — legal basis: our legitimate interest in providing a functioning, secure service (Art. 6(1)(f) GDPR).
- To measure aggregate readership and improve editorial content — legal basis: our legitimate interest in understanding which content is useful (Art. 6(1)(f) GDPR). The analytics we collect are pseudonymous and not used to profile individual visitors.
- To comply with legal obligations — legal basis: Art. 6(1)(c) GDPR.
4. Cookies and similar technologies
We use only strictly necessary cookies and browser local storage to keep the Site working (for example, to remember your cookie-notice choice and to attach a session identifier to analytics events). We do not use advertising cookies, cross-site tracking pixels, or third-party marketing tags. Because our analytics are limited to aggregate, pseudonymous measurement of our own content, we rely on legitimate interests rather than requiring prior consent for these cookies; you can still block or delete them in your browser settings at any time.
5. Recipients and processors
Personal data is accessed only by authorised personnel of CEE Capital Projects and by carefully selected service providers acting as processors on our behalf, including:
- Our hosting and database infrastructure provider (Supabase / Lovable Cloud), which stores signups and analytics events.
- Our email infrastructure provider, used solely to deliver the reminders you subscribed to.
We do not sell personal data and we do not share it with third parties for their own marketing purposes.
6. International transfers
Where our processors are located outside the European Economic Area (EEA), transfers are protected by appropriate safeguards under Art. 46 GDPR, in particular the European Commission’s Standard Contractual Clauses. You can request a copy of the safeguards in place by contacting us.
7. Retention
- Reminder signups: kept until you unsubscribe or ask us to delete your record.
- Analytics events: retained in aggregated form for up to 24 months, then deleted or fully anonymised.
- Correspondence: kept for as long as necessary to handle your request and for up to 3 years afterwards for record-keeping.
8. Your rights under GDPR
Subject to the conditions set out in the GDPR, you have the right to:
- access the personal data we hold about you (Art. 15);
- request rectification of inaccurate data (Art. 16);
- request erasure of your data (Art. 17);
- request restriction of processing (Art. 18);
- data portability (Art. 20);
- object to processing based on legitimate interests (Art. 21);
- withdraw consent at any time, without affecting the lawfulness of processing carried out beforehand (Art. 7(3)).
To exercise any of these rights, email Arpad Petri on LinkedIn. We will respond within one month, as required by Art. 12(3) GDPR.
You also have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR).
9. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction, including encryption in transit (TLS), access controls, database-level row-level security and regular review of our processors’ security practices.
10. Automated decision-making
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. Material changes will be signalled on this page with an updated “Last updated” date.
12. Contact
Questions, requests or complaints regarding this policy: Arpad Petri on LinkedIn.