Book a call
Apply now!

PRIVACY POLICY

Last update: 26.03.2025

This document details the practice of NGO “MAKE IT IN ORADEA / SUCCEED IN ORADEA” regarding the processing of personal data of the domain https://www.brightlabs.build/ (hereinafter briefly, generically, the Platform), with the aim of informing users on this topic.

By using the Site further, you acknowledge that you have read and agree to this Privacy Policy, as well as Cookie Policy, the Terms and Conditions.

Content:

1. Identification of the data controller

2. Contact details in the field of personal data protection

3. Source of data

4. Data subject

5. Processed personal data

6. Processing of personal data

7. Purpose

8. Recipients of the processing

9. Legal ground for processing

10. Type of processing

11. Processing and storing of data duration

12. Rights of the data subject

13. Obligations of MITO. Security measures applicable to the processed personal data

14. Liability of MITO

15. Transfer of personal data to third countries / international organizations

16. Final provisions

  1. Identification of the data controller

Name: Association “MAKE IT IN ORADEA / SUCCEED IN ORADEA”, legal person with no patrimonial purpose (hereinafter the NGO or MITO)

Headquarters: Romania, Bihor county, Oradea, 35, Emanuil Gojdu Square, Oradea Citadel, building I, ground floor

Fiscal no. 43347357

Email: chat@britghtlabs.build

  1. Contact details in the field of personal data protection

The contact details that the visitor can use to transmit any requests, notifications or claims regarding the Terms and Conditions, the Privacy Policy, the Cookie Policy, as well as any other information published on the Platform, policies or operations performed by MITO, are indicated at point 1 above. 

The deadline for MITO to send a response is no more than 30 days from the receipt of the request.

  1. Source of data

MITO collects information from users in the following ways: directly from the user, from traffic reports recorded by the servers hosting the Platform, and through cookies.

Information provided directly by the user:

  1. When the user fills in the fields in the Register Now! form, he/she indicates: name, first name, e-mail address, telephone number, address of current residence, age, social profile (all being personal data).

This information is required by MITO in order to sign that user as potential participant in the “Bright Labs Incubator” Program (hereinafter referred to as the Program), as well as to determine which of the persons that have submitted the form shall become actual participants in the Program.

In order for the registration form to be sent to the NGO, the two boxes placed at the end requiring to be checked.

  1. When a user wants to find out more about the Program, the name and email  address address (all of which may be personal data and shall be processed after clicking the “Schedule event” button) must be provided for scheduling an Ask me anything session with the Program Manager. 
  1. When a user has questions, the email address of MITO reachable using the Contact us link, can be used. If so, the user shall indicate the email address and potentially his/her name; surname, telephone number, as well as any other personal data not requested by the NGO.

MITO confirms that none of the personal data included at letters (i) to (iii) above, shall be used for purposes other than those expressly indicated and only by fully observing the applicable legal provisions.

Information obtained from the traffic reports recorded by server:

When a website is accessed, users automatically disclose certain information, such as the IP address, the time of the visit, the place where the website was accessed. MITO, like other controllers, registers this information.

Information obtained through cookie: 

All details on how data is processed in this context, are indicated in the Cookie Policy.

  1. Data subject

Given that MITO processes personal data of users, they hold the status of data subject and declare that they are over 18 years old.

In the event that the information/requests submitted by users also include personal data relating to other persons (and they thus acquire the status of data subject), MITO will process their data strictly in order to be able to respond to that information/request and does not assume any liability in addition to that expressly indicated herein, in the Terms and Conditions or in the applicable legislation.

  1. Processed personal data 

Any information regarding an identified or identifiable natural person, respectively the data subject, can be considered as personal data.

Considering the processing purposes indicated herein, MITO tries to reduce as much as possible the personal data processed. 

Thus, according to the Cookie Policy, the data subject shall be able to choose the types of cookies (applicable where their use is not automatically made for the functioning of the Platform) by checking a box, in order to ensure a more complete and better experience when browsing.

In order to send answers to requests/questions communicated by users, to ensure the registration and selection in the Program, to offer Ask me anything sessions and to send information for marketing purposes, MITO processes the following personal data: 

  • personal data of those of the user:
  • by the Register now! form: name and email address of the user, IP, email address, telephone number, address of current residence, age, social profile
  • by the Ask me anything schedule form: name, email address, IP, any other personal data provided to MITO during that session without NGO asking for it
  • by the email exchange via Contact section: name and email address of the user, IP, any other personal data provided to MITO without NGO asking for it

Depending on the cookie settings, other data may also be processed (in particular data related to the visitor’s preferences and behaviour on the Platform).

  • other natural persons than the user

Depending on the content of the messages sent by the user or the information provided by the latter during the Ask me anything session, other data may be processed to the extent indicated, although not requested by MITO. 

NGO undertakes to comply with the legislation on the protection of personal data also in relation to these third parties, without, however, being obliged to obtain any separate consent in this respect. It is the user who has transmitted such information who assumes full responsibility in this respect and declares that they have consented to the processing carried out by MITO and that they have been fully informed in this respect.

  1. Processing of personal data 

It represents the processing of personal data, any operation or set of operations performed on personal data or on personal data sets, with or without the use of automated means.

NGO accesses, collects, uses and performs any other actions allowed by the applicable law on the personal data provided by users, within the limits indicated at art. 4 above and art. 6 below.

  1. Purpose

The user of the Platform is the person who accesses this page and who may become a participant in the Program, and in respect of whom certain personal data are processed for various purposes – namely:

For the personal data provided directly by the user:

  • providing answers, clarifications and remedying problematic situations in relation to requests and complaints submitted by the user;
  • registering and selecting the user as participant in the Program;
  • ensuring compliance with this Privacy Policy, the Terms and Conditions and the Cookie Policy, as well as applicable legal provisions to protect the rights of MITO and safety of the Platform

For the personal data provided by the traffic reports recorded by server:

  • identification of the sections of interest of the Platform
  • safer administration of the computer system 

For the personal data provided by the use of cookies: 

  • functioning and smooth operation of the Platform 
  • depending on the settings chosen by the user, additional personal data can be used for obtaining statistical information that allows to improve the practice, saving preferences, advertising etc. All details regarding this type of data processing can be found in the Cookie Policy.

If MITO intends to subsequently process the personal data for a purpose other than those indicated above, it shall provide the data subject prior to such further processing, additional relevant information regarding the secondary purpose, by completing the necessary formalities according to the law.

  1. Recipients of the processing 

The personal data may be provided to:

  • The members of NGO, external consultants, experts and mentors in the Program, employees/collaborators of MITO that deal with the administration of the Platform (including sale, technical assistance, maintenance and invoicing) and who are involved in the Program – will process the name and e-mail address as well as any other personal data submitted by message/registration form/ask me anything sessions;

Support service providers contracted by MITO to fulfil its contractual or legal obligations, such as: 

  • IT firm – can access all data recorded in NGO’s online records, including those of data subjects;
  • accounting firm – will process the name, surname, as well as any other bank details (if any payment is to be made in the Program);
  • law firms – may access all data recorded in MITO’s records in the event of legal issues arising which require their involvement;
  • advertising, PR and communications companies for marketing activity – may collect anonymised data via cookies or event registration or feedback forms, and to the extent that this happens, MITO will provide this information to data subjects in advance;

The list of providers indicated above is not exhaustive, but indicates the main such collaborating companies. They will be independent controllers, joint controllers or processors in relation to MITO. Regardless of their capacity, they are obliged to maintain the confidentiality and security of the data subject’s personal data by taking appropriate technical and organisational measures. 

Although they are not recipients according to legal interpretations, public authorities (including the fiscal authority and the courts may process all/any of the data subjects’ data obtained through the Platform.

  1. Legal ground for processing 
  • Art. 6 letter (a) of GDPR – processing is carried out on the basis of the data subject’s consent -> applicable situation when data processing is done in the context of cookies accepted by the user and which are not necessary for the functioning of the Platform;
  • Art. 6 letter (b) GDPR – processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the user prior to entering into a contract -> applicable situation when data processing is done in the context of filling in data in the Register now!/Ask me anything form, signing other documents regarding the participation in the Program or when sending an email using the Contact link;
  • Art. 6 letter (f) GDPR – processing is necessary for the purposes of the legitimate interests pursued by MITO or a third party, provided that the fundamental rights and freedoms of the data subject are not violated -> situation applicable in the context of data processing for the purposes of the ordinary operation and administration of the Platform.

  1. Type of processing

Data processing activities performed by MITO, mainly refer to: 

  • collecting the data indicated by the user in the Register now!/Ask me anything form or during the scheduled session, and also when discussing after the visitor has sent an email using the Contact link;
  • use of data for providing answers to the messages transmitted by the user;
  • use of data for the conclusion and execution of the documents needed for the participation in the Program;
  • use of data for the purpose of each category of cookies chosen by the user;
  • collecting other unsolicited data if provided by the data subject (user) in a communication, request or complaint addressed to MITO, so that it can respond and solve the request or remedy the incident;
  • storing personal data according to the law and within the limits necessary to achieve the purpose, in the electronic and secure database held by MITO;
  • allowing access to personal data to certain employee and external collaborator who provide support services for MITO, whose activity involves the processing of personal data under the condition of undertaking the obligation of confidentiality and standard contractual clauses agreed by the European Commission (in the case of collaborators from EU third countries);
  • allowing access to personal data to the competent authorities, insofar as the law obliges.

  1. Processing and storing of data duration 

The storage period of the personal data collected, is:

  • until the withdrawal of the consent or the exercise of the right to data erasure (right to be forgotten) of the user – for the processing of personal data based on the consent of the data subject;
  • for 3 years after receiving the message from the user in order to be able to demonstrate the measures taken by MITO in consideration of the request/question received, considering the duration of the general limitation period for the right to action before the courts regulated by the Romanian Civil Code;
  • a longer period than the abovementioned, when the law regulates in such manner or when there is a well-justified ground for this action (for example, to exercise a right before the court in a litigation started before the expiry of the storage period indicated herein, data will be kept until a final ruling is obtained).

Upon expiry of the aforementioned periods, all data shall be deleted from MITO’s records.

  1. Rights of the data subject 
  1. The right to be informed 

The internal regulations and policies of NGO are always available to the data subject, being posted on the Platform. See in this regard the present policy, the Cookie Policy and the Terms and Conditions.

MITO reserves the right to modify / update the content of the Platform, including the policies to which references are made, at its sole discretion, at any time and for any reason (including but not limited to the occurrence of legislative or jurisprudential changes that may affect the consequences to those published on the Platform). The revision of this policy in the future shall be signalled by modifying the “Last updated” date at the top of this document. After the date the updated policy is published, accessing the Platform shall represent the user’s acceptance of these updated conditions.

However, if there shall be significant changes that could affect the rights and freedoms of the users or if it shall become obligatory to obtain their consent, informing them about these changes shall be made by easily visible indications posted on the Platform (pop-ups) or by transmitting e-mails to the addresses provided (if applicable). Such significant changes shall have effects for users within 15 days from the time of the posting the pop-up in question or of sending the email (how the information shall be decided by MITO, on a case by case basis).

Regardless of the extent of the change, the responsibility to check the content of the Platform (including this Privacy Policy, as well as the Terms and Conditions and other policies displayed on the Platform), to be up to date with the latest versions, will be entirely the responsibility of the user. Thus, THE ANALYSIS OF TERMS AND CONDITIONS, BUT ALSO OF THIS PRIVACY POLICY AND OF THE COOKIE POLICY, MUST BE PERFORMED BY THE USERS WHENEVER THEY ACCESS THIS PLATFORM AND BEFORE MAKING ANY REGISTRATION OR PROVIDING DATA, WHEREAS CHANGES CAN APPEAR.

Upon request, the data subject shall be informed about the essence of the contracts concluded with the abovementioned recipients of personal data where possible, and also of the data source.

  1. The right of access the personal data processed

If the data subject wishes to receive information regarding the processing of data performed by MITO, he/she can send a request to the NGO, and a response shall be provided within 30 days as of reception.

  1. The right to data rectification 

If the data subject wishes to rectify / amend the inaccurate / incomplete personal data concerning him or her as provided to MITO, he / she can send a request to the NGO, and a response shall be provided within 30 days of reception.

  1. The right to data erasure (right to be forgotten) 

The data subject shall have the right to obtain the erasure of personal data concerning him / her:

  • at the expiration of the processing duration;
  • if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; 
  • if the data subject withdraws his / her consent on which the processing is based and where there is no other legal ground for the processing;
  • if the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • if the processing is illegal, the personal data being unlawfully processed; 
  • the personal data have to be erased for compliance with a legal obligation. 

The exceptional cases provided in art. 17 paragraph 3 of GDPR are applicable.

Some data are part of MITO’s records, which it keeps in relation to its legal obligations or its legitimate interest. Therefore, not all data can be erased, according to the law. However, any refusal to delete the data shall be motivated by NGO and shall be based on a clear legal basis.

  1. The right to restriction of processing and the right to object

The restriction of processing can be applied if the data subject finds out that:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; 
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; 
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; 
  • the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject. 

MITO may continue processing the restricted personal data if it is necessary to establish, exercise or defend a right in court, or protect / defend a person but only with the consent of the data subject.

MITO shall communicate to the recipients that a rectification, deletion or restriction of the personal data took place, unless it is impossible or it involves disproportionate efforts.

  1. The right to data portability 

The data subject or a third party indicated by him / her, can receive on request, the personal data processed by MITO. NGO assumes no responsibility for the data processing performed by that third party.

The obligation to ensure the right to portability is the responsibility of MITO only if the processing of the personal data is based on the consent of the data subject or on the conclusion and execution of the contract. The actions shall be taken within 30 days from the receipt of the request.

  1. The right to object 

The data subject shall have the right to object, on grounds relating to his / her particular situation, at any time to processing of personal data based on the legitimate interest of MITO (including profiling). 

Regardless of the above, if an NGO demonstrates well justified legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims, the processing of data can continue.

  1. The right to submit a claim

The data subject may submit:

  • a request / a claim using the contact data of MITO, as indicated at art. 1 above;
  • an action before the competent court;
  • a complaint before the Romanian National Supervisory Authority for the Processing of Personal Data (www.dataprotection.ro).

However, MITO wishes any conflict / dispute to be resolved amicably and provides all availability in this regard.

  1. The right to withdraw the consent given 

The data subject may withdraw his / her consent at any time, without however affecting the legality of the processing before the withdrawal nor the one based on another legal grounds.

  1. The right to not be subject to an automated decision 

MITO does not take any decision based solely on automatic processing of personal data. 

  1. Obligations of MITO. Security measures applicable to the processed personal data

MITO complied with the provisions of the data protection legislation and has implemented appropriate technical and organizational measures to ensure the security of the processed personal data and the rights of the data subjects. Thus, NGO has implemented measures such as:

  • the conclusion of contracts with collaborators which have undertook the obligation of confidentiality in relation to the personal data processed, as well as the general obligation to comply with the applicable legislation in the field of personal data protection;
  • training the employees and collaborators on the importance of personal data protection, as well as limiting their access to data according to their attributions and competences;
  • establishing internal procedures having the purpose of protecting personal data;
  • indicating specially contact data which can be used for questions/claims regarding personal data (ie. the one indicated in art. 1 of the present policy);
  • implementing information security measures;
  • not installing cookies in addition to those necessary for the functioning of the Platform and offering the users at all times the possibility to choose the additional cookies accepted.

Also, MITO shall inform the competent data protection authority in the event of an breach concerning data security which generate risks for the data subject, without undue delay and, if possible, within 72 hours from the moment it became aware of it, unless it is unlikely to create a risk for the rights and freedoms of individuals. If the notification to the authority shall not be made within the 72 hours, it shall be accompanied by a justified explanation for the delay.

In the event of an incident concerning the security of personal data, MITO shall also inform the data subject without undue delay, if the breach of the security of personal data is likely to generate a high risk for his / her rights and freedoms. However, informing the aforementioned data subject is not necessary if any of the following conditions is met:

  • MITO has implemented adequate technical and organizational protection measures, and these measures have been applied in the case of the personal data affected by the security breach;
  • MITO has taken further measures to ensure that the high risk for the rights and freedoms of the data subjects is no longer likely to occur;
  • would require a disproportionate effort. In this situation, a public notification shall be conducted instead or a similar measure shall be taken, so that the data subjects are informed in an equally effective manner.

Any statistics regarding the traffic of the users on the Platform, which MITO shall provide to third party advertising networks or to other sites, shall have a data set form and shall not include any identifiable information about any individual user.

Unfortunately, no data transmission through the internet can be guaranteed to be 100% secure. Consequently, despite MITO’s efforts to protect users’ personal data, it cannot guarantee or ensure the security of information transmitted by them through the Platform. Users are therefore warned that any information sent through the online environment shall be done at their own risk.

To mitigate this risk, one of the measures took by NGO is to offer all interested users the possibility to send requests / requests / addresses / messages in material form, to the MITO headquarters, and not necessarily through the Platform.

  1. Liability of MITO 

MITO’s liability in relation to the data subject shall be established in relation to the quality held in the respective data processing operation, the reason and place of the incident, the security measures taken, the measures took to avoid incidents and the observance of the other legal obligations.

  1. Transfer of personal data to third countries / international organizations 

MITO does not transfer personal data of the data subjects outside the EU territory and hence no transfer of personal data is made according to GDPR.

  1. Final provisions

This policy applies to MITO and to the Platform visitors.

MITO reserves the right to modify / update the content of the Platform, including the policies to which reference is made, at its sole discretion, at any time and for any reason (including but not limited to the occurrence of legislative or jurisprudential changes that may affect the consequences to those published on the Platform). The revision of this policy in the future shall be indicated by modifying the date of “Last update” at the top of the page. After the date the updated policy is published, accessing the Platform will represent the user’s acceptance of these updated conditions.

However, if there are significant changes that could affect the rights and freedoms of visitors, informing them about those changes will be made by easily visible indications posted on the Platform (pop-ups) or by sending emails on the addresses provided, if applicable. Such significant changes will have effects for visitors within 15 days from the time of the posting of the pop-up in question or of sending the email by NGO (how the information will be made being decided by MITO, by on a case by case basis).

However, regardless of the extent of the change, the responsibility to check the content of the Platform (including the Terms and Conditions, as well as the other policies displayed), to be up to date with the latest versions, will be entirely the responsibility of the user. Thus, THE STUDY OF TERMS AND CONDITIONS, BUT ALSO OF THIS PRIVACY POLICY AND OF THE COOKIE POLICY, MUST BE PERFORMED BY THE USER WHENEVER THEY ACCESS THIS PLATFORM AND BEFORE MAKING ANY REGISTRATION OR PROVIDING DATA, WHEREAS CHANGES CAN APPEAR.

This document is part of MITO’s set of security policies. Other policies can be applied to the topics addressed in this document and shall be reviewed according to specific needs.

startup incubator

Where there are no excuses,
you just have to build it!

July - October
Location: Startup Fortress, Oradea
Apply now!
Contact us
Linkedin Instagram X-twitter Envelope
Powered by Make IT in Oradea
Program Regulation
Privacy Policy
Terms and Conditions
Cookie Policy