Privacy

Who we are

MiceX is jointly operated by InScotia Limited (United Kingdom; the data controller for European data subjects) and MANU Group (India; the data fiduciary for Indian data principals). Together we operate the MiceX platform — the agentic exchange for MICE event travel — at micex.ai.

For privacy enquiries, write to privacy@micex.ai. For Data Protection Officer contact, write to dpo@micex.ai.

What we collect, and why

We collect only what we need to do the work you've asked us to do. The categories of personal data we may process are:

• Identity and contact data — name, email, phone (optional), employer. Used to onboard you onto MiceX and to communicate about your engagement with us.
• Event and booking metadata — for organisers, the event briefs and the vendors and delegates connected to them. For delegates, your travel itinerary and the preferences you've set.
• Operational telemetry — limited, privacy-preserving usage signals via Plausible (no cookies, no cross-site tracking, no personal-data fingerprinting).
• Communication content — when you send us a message, that message is stored against your contact record so we can respond.

We do not collect:

• Card-on-file data — payment is handled by our processor; primary account numbers never touch MiceX.
• Cross-site behavioural profiles — we do not buy or sell personal data.
• Sensitive personal data outside what's strictly required for the booking (e.g. dietary preferences are stored only when you provide them).

Lawful bases

Under the UK GDPR / EU GDPR, we rely on:

• Contract — for processing necessary to deliver the MiceX service to you.
• Legitimate interests — for limited operational telemetry, security, and improving the platform; balanced against your reasonable expectations.
• Consent — for the newsletter, optional marketing, and anything you've explicitly opted into. Consent is captured granularly and tied to the version of these terms in force when you gave it.
• Legal obligation — for retaining records required by law (tax, audit).

Under the DPDP Act, 2023 (India), we process personal data on the basis of consent or for legitimate uses recognised under the Act. Where consent is the basis, it is informed, specific, and revocable.

Data residency

Personal data of Indian data principals is stored on infrastructure provisioned in Indian regions. Personal data of European data subjects is stored in EU regions. Email transactional traffic for European recipients is routed via our email provider's EU region. Where we transfer data internationally, we rely on appropriate safeguards including Standard Contractual Clauses.

Sub-processors

We maintain a list of sub-processors at /trust/sub-processors.json. We give at least thirty days' notice for material changes via this page and to enterprise customers directly.

Your rights

Subject to applicable law, you have the right to access, rectify, port, restrict or object to processing of your personal data, and to request its erasure. To exercise any right, write to privacy@micex.ai or submit a request via our right-to-erasure endpoint. We respond within the statutory timeframe applicable to your jurisdiction.

Retention

We keep personal data only for as long as we need it to provide the service, comply with legal obligations, and resolve disputes. Default retention is two years from the last interaction; statutory retention may extend this.

Cookies and similar technologies

We use only essential first-party cookies (consent record, session) by default. Plausible is cookieless. We never load third-party marketing trackers. You can manage preferences via the Cookie banner or the "Manage preferences" link in the footer.

Changes to this policy

We update this policy when our practices change. Material changes are flagged at the top of this page and (for active users) communicated by email. The Last updated date above tracks the most recent change.

Contact

privacy@micex.ai — privacy enquiries.
dpo@micex.ai — Data Protection Officer.
security@micex.ai — security disclosures.