This Privacy Policy describes the manner in which Make IT in Oradea, a legal entity duly incorporated and existing under the laws of Romania, having its registered office at Emanuil Gojdu Square, no. 35, Oradea Fortress, ground floor, Romania, Bihor County, registered with the Trade Register under number 47/A/21.10.2020, fiscal identification code RO43347357 (hereinafter referred to as the “Organizer”, “Controller”, “we” or “us”), collects, uses, processes, stores, discloses, and otherwise handles personal data in connection with the organization and operation of Hacktech – Airport Chapter, an innovation and technology event held within the premises of Oradea International Airport (the “Event”).

This Privacy Policy is adopted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), as well as applicable Romanian data protection legislation.

By registering for, attending, or otherwise participating in the Event, or by interacting with the Organizer in relation to the Event, you acknowledge that you have read, understood, and accepted the terms of this Privacy Policy.

1. Data Controller

The data controller responsible for the processing of personal data described in this Privacy Policy is:

Make IT in Oradea

Registered address: Emanuil Gojdu Square, no. 35, Oradea Fortress, ground floor, Romania, Bihor County

Email: hi@makeitinoradea.ro

The Organizer has not appointed a Data Protection Officer, as it is not legally required to do so under Article 37 GDPR. All data protection inquiries shall be addressed to the contact details above.

2. Scope of Application

This Privacy Policy applies to all individuals whose personal data are processed by the Organizer in connection with the Event, including but not limited to participants, mentors, speakers, judges, partners, sponsors, volunteers, service providers, and visitors (collectively, the “Data Subjects”).

3. Categories of Personal Data Processed

In the context of organizing and conducting the Event, the Organizer processes the following categories of personal data, as applicable:

Personal identification data, including but not limited to full legal name, date and place of birth, nationality, national identification number or passport number, series and issuing authority, and a copy or image of a valid government-issued identity document.

Contact data, including but not limited to email address, telephone number, and mailing address.

Professional and organizational data, including company or startup name, professional role, affiliation, and participation status.

Technical and electronic data, including IP address, device identifiers, browser type, operating system, and other data collected through cookies or similar technologies when accessing the Event website or registration platforms.

Visual and audiovisual data, including photographs, video recordings, and live or recorded streaming footage captured during the Event.

Any additional information voluntarily provided by the Data Subject during registration, communication, or participation in the Event.

4. Mandatory Nature of Identification Data

Given that the Event is held within the secured perimeter of an international airport, the provision of identification and security-related personal data is mandatory. Such data are required in order to comply with aviation security regulations, access control rules, and lawful instructions of airport authorities.

Failure or refusal to provide accurate and complete identification data shall result in denial of access to the Event, without prejudice to any applicable refund or cancellation policies set forth in the Terms and Conditions.

5. Purposes of Processing

The Organizer processes personal data exclusively for legitimate, explicit, and specified purposes, including but not limited to:

• the registration, administration, and management of participation in the Event;
• the verification of identity and facilitation of access to airport-restricted areas;
• compliance with legal obligations imposed by aviation security regulations, airport authorities, and public institutions;
• coordination with Oradea International Airport and authorized security service providers;
• ensuring the safety, security, and integrity of participants, staff, and infrastructure;
• communication regarding Event logistics, updates, and operational matters;
• documentation, promotion, and public communication related to the Event;
• the establishment, exercise, or defense of legal claims.

6. Legal Bases for Processing

The processing of personal data is carried out on one or more of the following legal bases, as provided by Article 6 GDPR:

the performance of a contract or pre-contractual measures taken at the request of the Data Subject, namely Event registration and participation;

compliance with legal obligations to which the Organizer is subject, including aviation security and public safety regulations;

the legitimate interests of the Organizer or third parties, including Event organization, security, and risk management, insofar as such interests are not overridden by the rights and freedoms of the Data Subject;

the explicit consent of the Data Subject, where required, particularly in relation to marketing communications or media usage.

7. Recipients and Disclosure of Data

Personal data may be disclosed, strictly on a need-to-know basis, to the following categories of recipients:

Oradea International Airport authorities and competent public bodies;

airport security and access control service providers;

Event partners, contractors, and service providers involved in registration, communication, IT infrastructure, and logistics;

cloud service providers, email platforms, and data storage providers;

legal, accounting, and professional advisors.

All recipients are bound by contractual or statutory obligations to ensure confidentiality and data protection in accordance with GDPR.

The Organizer does not sell, lease, or otherwise commercially exploit personal data.

8. International Data Transfers

Where personal data are transferred outside the European Economic Area, the Organizer ensures that such transfers are subject to appropriate safeguards in accordance with Chapter V GDPR, including adequacy decisions, standard contractual clauses, or other lawful mechanisms.

9. Data Retention

Personal data are retained only for the period necessary to fulfill the purposes for which they were collected, as follows:

identification and security-related data are retained for a limited period following the conclusion of the Event, not exceeding 30 days, unless a longer retention period is required by law or competent authorities;

registration and participation data are retained for administrative and legal purposes for a period not exceeding 30 days;

media content is retained until consent is withdrawn or no longer necessary for legitimate communication purposes;

legal and accounting records are retained in accordance with statutory retention periods.

Upon expiration of the applicable retention period, personal data are securely deleted or anonymized.

10. Data Subject Rights

Data Subjects have the right to request access to their personal data, rectification of inaccurate or incomplete data, erasure, restriction of processing, data portability, and to object to processing, in accordance with Articles 15–21 GDPR. Where processing is based on consent, consent may be withdrawn at any time without affecting the lawfulness of prior processing.

Requests may be submitted in writing to the contact details indicated above. Data Subjects also have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP).

11. Security Measures

The Organizer implements appropriate technical and organizational measures designed to ensure a level of security appropriate to the risk, including controlled access to data, secure storage solutions, confidentiality obligations, and internal data handling procedures.

12. Cookies and Online Technologies

The Event website uses cookies and similar technologies. Detailed information regarding such technologies is provided in the Cookie Policy, which forms an integral part of this Privacy Policy.

13. Amendments

The Organizer reserves the right to amend this Privacy Policy at any time. The updated version shall be published on the official Event website and shall become effective upon publication.

14. Contact

All inquiries regarding personal data protection shall be addressed to:

Make IT in Oradea

Email: hi@makeitinoradea.ro