Image Alt

Privacy Policy

  /  Privacy Policy

The “Bright Labs Incubator” Program, 2021 Edition – Information Note Concerning Data Processing

This information note is an integral part of the Registration Application for the “Bright Lab Incubator” Program and of the Regulation for Participation, and shall be filled in as per the provisions from the Privacy Policy available at


The operator responsible with the processing of your personal data is the “MAKE IT IN ORADEA / REUȘEȘTE ÎN ORADEA” Association, a non-profit legal person governed by private law headquartered in the Municipality of Oradea, Piața Rahovei nr. 1, Camera 1 (Rahova Square no. 1, Room 1) (The Association”), founded by Civil Decision no. 2043/08.10.2020 delivered by the District Court of Oradea for file no. 10981/271/2020, bearing the tax registration code 43347357, phone no. 0757 223 211, e-mail:, website:

Processed personal data

The Association shall process the categories of personal data collected from the Registration Application for the Program (i.e. name, surname, e-mail address, phone number, LinkedIn URL profile) or otherwise provided by the participants for the entire duration of the Program (i.e. identification data, including national identification numbers, professional data such as profession, professional experience, certifications, domicile, bank account).

Providing incorrect or incomplete data shall prevent the participant from registering in the Program, and may result in the removal of the participant from the Program when the data is not adequately rectified or filled in, and also may preclude them from receiving awards within the Program or from concluding Incubation Agreements in the case of participants selected to become interns of the Program’s Business Incubator.

Purposes for the personal data processing

Registering in the Program constitutes the participants’ express and unequivocal consent concerning the processing of their personal data by the Association or through an empowered person for the following processing purposes:

  1. registering in the Program and identifying the participants;
  2. verifying that the criteria for registration are met;
  3. effectively carrying out the Program and all of its stages, according to Chapter II of the Regulation;
  4. communicating with the participants;
  5. drawing up the selection reports, selecting the winning projects, awarding the winners, and publishing the name of the winners;
  6. fulfilling the tax and financial accounting obligations of the Association, including retaining and paying the tax for the income related to the prizes;
  7. fulfilling the objectives of the Program, as they are detailed in Chapter I of the Regulation;
  8. promoting the Program, Association, and External Partners through photographs from the events / meetings organized and carried out within the Program, and publishing them online;
  9. determining, exercising or defending certain rights of the Association, including the investigation of potential acts carried out by a participant that violate the Regulation or the applicable legal provisions;

Legitimate basis for processing

The data shall be processed on the basis of the consent expressed when registering in the Program (letters a-d and g from above), in order to fulfill the legal obligations imposed on the Association as an organizer (letter e from above), in order to fulfill certain legitimate interests of the Association (letters f and h from above) or in order to carry out an Incubation Agreement in the case of participants who become interns of the Program’s Business Incubator.

Categories of recipients

Personal data shall be available to the persons involved in the carrying out of the Program, such as the members of the Pre-Selection Commission, the Evaluation Commission, and the External Partners, and can be communicated, due to the obligations to report such data, to national or local bodies and authorities in order to comply with the legal provisions.

We hereby request that you keep in mind that the Program shall be carried out publicly. The name of the participants registered in the Program, information / data provided through the registration documentation, photographs, and other materials related to the business projects, as well as photographs taken during the events / meetings organized and carried out within the Program can be used by the Association online or offline in order to promote the Program and fulfill its objectives.

It may be necessary for us to reveal personal data (including by giving an entity a right to access it) to contractors or service providers that offer us operational services, with whom we have previously concluded adequate contractual agreements, such as delivery, telecommunications, IT, payments, processing, training, storage, archival or other services.

We may also reveal personal data when we consider, in good faith, that doing so is necessary to prevent fraud, combat money laundering or terrorist funding operations, as well as to protect the legitimate interests of the Association.

Storage durations

Personal data shall be stored for as long as we have a justified interest in retaining this data (i.e. for the entire period in which the Program is carried out) or for any other lengthier period of time provided for in the law (for example, 10 years in the case of financial accounting documents), in an applicable regulation for storing recordings, or as provided by the competent public authorities. In order to exercise, determine or protect certain rights, we may store personal data for the duration of the general limitation period (3 years) or until the conclusion of administrative, judicial or extra-judicial procedures, by case.

In the case of participants requesting withdrawal from the Program, we shall take all necessary measures to anonymize the data, with the exception of cases where this data is necessary to fulfill certain legal obligations.

Automated decision-making processes

As a rule, during our activities, we do not use automated decision-making processes as presented in Art. 22 of Regulation (EU) 2016/679. Should we ever implement such processes in the future, we shall inform the persons in question separately, in accordance with the applicable provisions.

Data transfers

Unless the law provides otherwise, we shall not transfer your personal data outside the European Economic Area. Determined protection measures shall be implemented in the case of such transfer, and you shall be consequently notified.

Exercise of rights

To the extent that these rights are compatible with the data processing described in this document, you may request: access to your personal data, the rectification of incorrect personal data, deletion of the data, restriction on processing, the porting of data to a different operator or your opposition towards the processing of your personal data. You also have the right to address the National Supervisory Authority for Personal Data Processing (

If you wish to ask any question or to exercise certain rights, please contact us in writing using the contact data in the Operator Section above.

Privacy Policy

1. The principles governing personal data processing

Collecting your data shall only be carried out for specified, explicit and legitimate purposes. The data shall not be processed by third parties in a manner that is incompatible with these purposes. The personal data shall be exact and, wherever necessary, updated. The processing of your data shall be carried out in a legal, correct and transparent manner. All of your data shall be confidential and stored in a manner that ensures the necessary security.

Your data shall not be distributed to third parties unless this is necessary for the provision of services according to the agreements. The persons in question have the right to request access to the personal data, as well as their rectification and deletion, the right to oppose or restrict the data processing, and the right to oppose or restrict the right to port the data.

2. What is personal data

Personal data is any information that can be related to an identified or identifiable natural person (person in question).

Personal data includes all types of direct or indirect information (meaning the data used in connection to other data) that refer to the person in question, such as names, birth dates, addresses, e-mails, phone numbers.

3. The personal data collected

The categories of Personal Data related to you which we process and the manner in which we process it can vary in accordance with the services that you use and are subscribed to, the manner in which you use the services and our website, and the manner in which you have interacted with us.

The data related to you that we may collect:

  1. Name, birth date, citizenship, address, personal identification number, identity document, landline and / or mobile phone number, e-mail address;
  2. Education, professional data (profession, professional experience, certifications);
  3. Information on how you have used our website and / or our application – data on your device and the manner in which you and the device interact with our services. This includes data on the operating system, the IP address, regional and language settings.
  4. The communications you carry out with us or direct to us via letters, e-mails, chat services, phone calls and social media.

4. Disclosure of personal data to other third parties

In accordance with the applicable legal provisions, your personal data can be provided, for the purposes highlighted above, to the following entities or third parties in Romania or the European Economic Area:

– contractors or service providers that offer us operational services, such as delivery, telecommunications, IT, payment, processing, training, storage, archival and other services;

Unless the law provides otherwise, we shall not transfer your personal data outside the European Economic Area. Determined protection measures shall be implemented in the case of such transfer, and you shall be consequently notified.

5. The security of processing

We shall use all reasonable endeavors to protect the personal data that is in our possession or under our control by establishing reasonable security measures to prevent unauthorized access, collection, utilization, disclosure, copying, alteration or discarding, as well as other similar risks.

While we shall do our best to protect your personal data, we cannot take responsibility for, nor can we ensure the security of the information that you transmit via the Internet, and hereby urge you to take all precautionary measures to protect your personal data when using such platforms. We recommend that you change your passwords often, use a combination of letters and digits, and make sure that you are using a secure browser.

6. Your rights

Unless the law provides otherwise, you have the following rights in relation to your personal data:

  1. To request information on holding personal information about you.
  2. To request access to your processed personal information.
  3. To request the rectification of the personal information that we hold.
  4. To request the deletion of the personal information about you that we hold.
  5. To oppose, for well-founded and legitimate reasons related to a particular situation, the processing of your personal data, to the extent that the legal conditions are met.
  6. Not to be the subject of a decision based exclusively on automated processing – including the creation of profiles producing legal effects that concern the person in question or similarly affect them to a significant extent.
  7. To request a restriction on the processing of your personal data.
  8. To request the transfer of your personal data, in an electronic and structured form, to you or another party – the right to “data portability.”
  9. The right to forward a complaint to the supervisory authority (the National Supervisory Authority for Personal Data Processing).

For any nonconformity, complaint, or clarification, please contact us at our e-mail address