Airport
Chapter

6-8 March, 2026 Oradea International Airport (OMR)

GDPR

HackTech Airport Chapter 2026

Last Updated: February 12, 2026

This GDPR Agreement describes how your personal data is collected, used, and protected during the HackTech Airport Chapter (the “Event”). By registering, you enter into a multi-party agreement regarding data processing between you, the organizers, and the venue authorities.

1. DATA CONTROLLERS

Your personal data is jointly processed and controlled by:

Association “MAKE IT IN ORADEA” (MITO): Responsible for event organization, communication, and participant management.

Headquarters: Romania, Bihor county, Oradea, 35, Emanuil Gojdu Square, Oradea Citadel, building I, ground floor

Fiscal no. 43347357

Email: chat@britghtlabs.build

ORADEA INTERNATIONAL AIRPORT (Regia Autonomă Aeroportul Oradea): Responsible for security clearance, physical access, and safety protocols within the airport infrastructure.

Where MITO and the Airport jointly determine purposes and means for access-related processing (e.g., badge issuance and access lists), they act as joint controllers under Article 26 GDPR. In such cases, MITO is the main contact point for data protection requests, and the Airport handles security-clearance decisions and access enforcement. Data subjects may exercise their rights against either controller.

2. MANDATORY SECURITY DATA COLLECTION (CRITICAL)

⚠️ IDENTIFICATION REQUIREMENT: Because this event takes place within a high-security international transport hub, all participants are subject to mandatory background checks.

We will collect a digital copy of your National ID or Passport.

Purpose: This data is shared directly with the Airport Security Department and the Romanian Border Police to verify your identity, to grant you access to restricted “Airside” zones and to comply with security instructions.

Legal Basis:

For Organizer: Art. 6(1)(b) GDPR (participation requires access clearance) + Art. 6(1)(f) GDPR (security, safety), as applicable.
For Airport and Authorities: often Art. 6(1)(c) GDPR (legal obligation)

Necessity: Providing this data is a strict requirement for entry. Failure to provide a legible copy of your ID will result in the immediate cancellation of your registration. Any refund or cancellation consequences are governed exclusively by the Terms & Conditions.

3. CONTENT CREATION & MEDIA CONSENT

The Event is a documented public tech competition. By registering, you agree to the following regarding media production:

Production/Event documentation: The organizers and official partners will record photographs, aftermovies, and video/audio testimonials during the event, based on legitimate interests (Article 6(1)(f) GDPR). You may object on grounds of GDPR in particular situations; we will assess and, where feasible, implement measures (e.g., avoiding publication of identifiable close-ups).
Featured content (promotional close-ups / testimonials / interviews): Where you are clearly identifiable and featured (e.g., interviews, testimonials, promotional portraits), we will rely on your consent (Article 6(1)(a) GDPR). You can withdraw consent at any time, without affecting prior lawful use.
Sharing: This content (including your image) will be shared on Social Media platforms (LinkedIn, Facebook, Instagram, YouTube) and with the Official Partners and Sponsors of the event for post-event reporting and marketing. Any separate sponsor marketing use requires an appropriate legal basis and, where required, your consent.

4. DATA CATEGORIES AND USAGE

We process your data for the following purposes:

Identity and Access Data (Name, ID Copy, CNP/Passport No): For security screening and printing official airport badges.
Contact Data (Email, Phone): For technical briefs, emergency updates, and logistical information.
Professional Data (GitHub/LinkedIn, Skills): To facilitate team matchmaking and mentor support.
Health Data (Allergies/Dietary): information is optional (art. 9 GDPR); if you do not provide it, we cannot tailor catering precautions.
Technical data (e.g., IP address, device and cookie identifiers): when you use the Event platform, as described in the Cookie Policy.

5. DATA SHARING & THIRD PARTIES

Your data will only be shared with:

Airport Authorities & Police: Solely for security clearance.
Official Event Partners: Limited to media content (photos/videos) and, where explicit consent is given, your professional profile for recruitment purposes.
Ticketing/IT Providers: For the technical management of your registration.

6. DATA RETENTION

ID/Passport Copies: These sensitive files are stored in an encrypted environment, access-restricted and will be permanently deleted from the organizers’ servers within 30 days after the event (unless a longer retention is required by competent authorities or needed to establish/defend legal claims).
General Data: Contact and professional info are kept for 3 years for legal and administrative purposes (or longer if required by law/claims).
Media Content: Photos and videos are kept as part of the event’s historical archive. These data are retained as long as necessary for documentation and communication purposes, subject to periodic review and rights requests (withdrawal for consent-based items; objection for legitimate-interest items).

7. LEGAL GROUND FOR PROCESSING

In accordance with GDPR Art. 6, we process your data based on:

Art. 6 (1) (a) Consent: For the collection of media (photos/videos), marketing communications and recruitment profile sharing.
Art. 6 (1) (b) Contract: Necessary for the performance of the contract (your registration and participation in the Event) and to perform pre-contractual steps requested by you.
Art. 6 (1) (c) Legal Obligation: Specifically, regarding aviation security laws and mandatory identity verification for airport access.
Art. 6 (1) (f) Legitimate Interest: For the administration, security of the computer systems, and safety of the Event platform.

8. RIGHTS OF THE DATA SUBJECT

As a data subject, you hold the following rights under GDPR:

Right to be Informed: To know how your data is used (as detailed in this policy).
Right of Access: To obtain confirmation and a copy of the data we process.
Right to Rectification: To have inaccurate or incomplete data corrected.
Right to Restrict Processing: To limit how we use your data in specific circumstances.
Right to Object: To object to processing based on legitimate interests or for direct marketing.
Right to Lodge a Complaint: With the National Supervisory Authority for Personal Data Processing (ANSPDCP).

9. ADDITIONAL INFORMATION

Processors: We use service providers (e.g., registration platform, hosting, email) under Art. 28 GDPR with appropriate contracts and instructions.

International transfers: If data is transferred outside the EEA (e.g., by a cloud provider), we rely on adequacy decisions or Standard Contractual Clauses (SCCs) and supplementary measures where required.

Automated decision-making: The Organizer does not carry out automated decision-making producing legal or similarly significant effects. Airport access decisions may be taken by the Airport/authorities under their rules.

Security: We apply access controls, encryption (where appropriate), and organizational policies to protect personal data.

Source of data: We collect data directly from you; access-security requirements may also involve confirmations from the Airport/authorities.

Contact: Use the contact details in Section 1 for rights requests and questions.

10. FINAL PROVISIONS

MITO and Oradea Airport reserve the right to modify or update this Notice at any time. Any significant changes that affect your rights will be signaled via visible indications on the platform or via email.

Regardless of the extent of changes, the responsibility to check the content of the policy to stay up to date lies entirely with the user.

This Notice is provided for transparency and does not require or imply consent unless explicitly stated for specific optional processing.

CHECKBOXES:

Terms & Conditions	I have read and agreed to Terms & Conditions.
Privacy documentation acknowledgement	I have read and understood the Privacy Policy, Cookie Policy, and Data Protection Notice.
Airport access requirement acknowledgement	I acknowledge that providing a copy of my ID/passport is mandatory for airport access clearance and that without it I cannot access restricted areas and cannot participate.
Accuracy declaration	I confirm that the information and documents I provide are accurate and belong to me.
Allergies / dietary (shown only if the user fills the field)	I consent to the processing of my allergy/dietary information for catering safety purposes during the Event.
Featured promotional media	I consent to being featured in promotional photos/videos/interviews (e.g., close-ups, testimonials) as described in the Data Protection Notice.
Recruitment / sponsor sharing	I agree to share my professional profile (name, role, skills, LinkedIn/GitHub) with selected Event sponsors/partners for recruitment and networking purposes, as described in the Data Protection Notice.
Marketing about future events	I would like to receive email updates about future events and initiatives from the Organizer (I can unsubscribe at any time).