Join The Airport Chapter

Privacy Policy

Airport
Chapter

6-8 March, 2026 Oradea International Airport (OMR)

Register here

Privacy Policy

Hacktech – Airport Chapter

Last updated: 12th of February 2026

 

This Privacy Policy describes the manner in which Make IT in Oradea, a legal entity duly incorporated and existing under the laws of Romania, having its registered office at Emanuil Gojdu Square, no. 35, Oradea Fortress, ground floor, Romania, Bihor County, registered with the Trade Register under number 47/A/21.10.2020, fiscal identification code RO43347357 (hereinafter referred to as the “Organizer”, “Controller”, “we” or “us”), collects, uses, processes, stores, discloses, and otherwise handles personal data in connection with the organization and operation of Hacktech – Airport Chapter, an innovation and technology event held within the premises of Oradea International Airport (the “Event”).

This Privacy Policy is adopted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), as well as applicable Romanian data protection legislation.

By registering for, attending, or otherwise participating in the Event, or by interacting with the Organizer in relation to the Event, you acknowledge that you have read and understood the terms of this Privacy Policy. For airport-access/security processing, see the Data Protection Notice.

 
  1. Data Controller

The data controller responsible for the processing of personal data described in this Privacy Policy is:

Make IT in Oradea

Registered address: Emanuil Gojdu Square, no. 35, Oradea Fortress, ground floor, Romania, Bihor County

Email: hi@makeitinoradea.ro 

For Airport-access/security processing: For certain access and security-related processing required to hold the Event within the Airport perimeter, the Organizer cooperates with Oradea International Airport and/or competent authorities, which may act as independent or joint controllers (see the Data Protection Notice for details and contact points).

The Organizer has not appointed a Data Protection Officer according to Article 37 GDPR. All data protection inquiries shall be addressed to the contact details above.

  1. Scope of Application

This Privacy Policy applies to all individuals whose personal data are processed by the Organizer in connection with the Event, including but not limited to participants, mentors, speakers, judges, partners, sponsors, volunteers, service providers, and visitors (collectively, the “Data Subjects”).

  1. Categories of Personal Data Processed

In the context of organizing and conducting the Event, the Organizer processes the following categories of personal data, as applicable:

  • Personal identification data, including but not limited to full legal name, date and place of birth, nationality, national identification number or passport number, series and issuing authority, and a copy or image of a valid government-issued identity document.
  • Contact data, including but not limited to email address, telephone number, and mailing address.
  • Professional and organizational data, including company or startup name, professional role, affiliation, and participation status.
  • Technical and electronic data, including IP address, device identifiers, browser type, operating system, and other data collected through cookies or similar technologies when accessing the Event website or registration platform.
  • Visual and audiovisual data, including photographs, video recordings, and live or recorded streaming footage captured during the Event.
  • Optional health-related information (e.g., allergies/dietary restrictions) provided by the Data Subject for catering safety.
  • Any additional information voluntarily provided by the Data Subject during registration, communication, or participation in the Event.
 
  1. Mandatory Nature of Identification Data

Given that the Event is held within the secured perimeter of an international airport, the provision of identification and security-related personal data is mandatory for access clearance. Such data are required in order to comply with aviation security regulations, access control rules, and lawful instructions of airport authorities.

Failure or refusal to provide accurate and complete identification data shall result in denial of access to the Event, without prejudice to any applicable refund or cancellation policies set forth in the Terms and Conditions.

  1. Purposes of Processing

We process personal data exclusively for legitimate, explicit, and specified purposes, including but not limited to:

  • the registration, administration, and management of participation in the Event;
  • the verification of identity and facilitation of access to airport-restricted areas;
  • compliance with legal obligations imposed by aviation security regulations, airport authorities, and public institutions;
  • coordination with Oradea International Airport and authorized security service providers;
  • ensuring the safety, security, and integrity of participants, staff, and infrastructure;
  • communication regarding Event logistics, updates, and operational matters;
  • documentation, promotion, and public communication related to the Event;
  • the establishment, exercise, or defense of legal claims.
 
  1. Legal Bases for Processing

The processing of personal data is carried out on one or more of the following legal bases, as provided by Article 6 GDPR:

  • the performance of a contract or pre-contractual measures taken at the request of the Data Subject, namely Event registration and participation;
  • compliance with legal obligations to which the Organizer is subject, including aviation security and public safety regulations;
  • the legitimate interests of the Organizer or third parties, including Event organization, security, and risk management, insofar as such interests are not overridden by the rights and freedoms of the Data Subject;
  • the explicit consent of the Data Subject, where required, particularly in relation to marketing communications, media usage and recruitment profile sharing.

Where we process special-category data (e.g., allergies), we rely on Article 9(2)(a) GDPR (explicit consent).

 
  1. Recipients and Disclosure of Data

Personal data may be disclosed, strictly on a need-to-know basis, to the following categories of recipients:

  • Oradea International Airport authorities and competent public bodies;
  • Airport security and access control service providers;
  • Event partners, contractors, and service providers involved in registration, communication, IT infrastructure, and logistics (processors under art. 28 GDPR);
  • cloud service providers, email platforms, and data storage providers;
  • legal, accounting, and professional advisors.

All recipients are bound by contractual or statutory obligations to ensure confidentiality and data protection in accordance with GDPR. Sponsors or partners that receive personal data for their own purposes may act as independent controllers. Details and the applicable legal basis (including any consent where required) will be provided at the point of collection/opt-in.

The Organizer does not sell, lease, or otherwise commercially exploit personal data.


  1. International Data Transfers

Where personal data are transferred outside the European Economic Area, the Organizer ensures that such transfers are subject to appropriate safeguards in accordance with Chapter V GDPR, including adequacy decisions, standard contractual clauses, or other lawful mechanisms.


  1. Data Retention

Personal data are retained only for the period necessary to fulfill the purposes for which they were collected, as follows:

  • identification and security-related data are retained for a limited period following the conclusion of the Event, not exceeding 30 days, unless a longer retention period is required by law or competent authorities or needed for legal claims;
  • registration and participation data are retained for administrative and legal purposes; for up to 3 years after the Event (or longer if required by law or for legal claims);
  • media content retained as long as necessary for documentation/communication purposes, subject to periodic review; where processing is based on consent, consent may be withdrawn at any time without affecting prior lawful processing;
  • legal and accounting records are retained in accordance with statutory retention periods.

Upon expiration of the applicable retention period, personal data are securely deleted or anonymized.


  1. Data Subject Rights

    Data Subjects have the right to request access to their personal data, rectification of inaccurate or incomplete data, erasure, restriction of processing, data portability, and to object to processing, in accordance with Articles 15–21 GDPR. Where processing is based on consent, consent may be withdrawn at any time without affecting the lawfulness of prior processing.

    Requests may be submitted in writing to the contact details indicated above. Data Subjects also have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP).

  1. Security Measures

    The Organizer implements appropriate technical and organizational measures designed to ensure a level of security appropriate to the risk, including controlled access to data, secure storage solutions, confidentiality obligations, and internal data handling procedures.

  1. Cookies and Online Technologies

    The Event website uses cookies and similar technologies. Detailed information regarding such technologies is provided in the Cookie Policy, which forms an integral part of this Privacy Policy.

  1. Amendments

    The Organizer reserves the right to amend this Privacy Policy at any time. The updated version shall be published on the official Event website and shall become effective upon publication.

  1. Contact

All inquiries regarding personal data protection shall be addressed to:

Make IT in Oradea

Email: hi@makeitinoradea.ro