Privacy Policy

Last updated: 11 October 2025

This Privacy Policy explains how personal data is collected and processed through the website challenge.relativity.ro (the “Site”). The Site is operated by the Relativity Team – the robotics team of Liceul Teoretic de Informatică „Alexandru Marghiloman” Buzău (the “Organiser”), with technical hosting and web development provided by EssenByte Solutions. The Policy complies with Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”) and Law 190/2018.

Article 1 – Identity of the Controller

1. The controller responsible for processing personal data is the Relativity Team of Liceul Teoretic de Informatică „Alexandru Marghiloman” Buzău. The Organiser determines the purposes and means of data processing related to the competition.
2. EssenByte Solutions acts exclusively as technical service provider, offering secure hosting and infrastructure maintenance. EssenByte Solutions does not access, use, or distribute participants’ data except as strictly necessary for hosting and system operation.
3. Contact for data protection matters: privacy@essenbyte.com. Educational and participation-related inquiries should be addressed to the Organiser through the official contact channels provided on the Site.

Article 2 – Categories of Personal Data

Depending on participation and use of the Site, the following categories of personal data may be processed:

1. Account data: name, email address, password (stored securely), and team information.
2. Competition data: project descriptions, technical files, uploaded documentation, photos, and videos submitted for judging or publication.
3. Communication data: emails or messages exchanged via contact forms or competition support channels.
4. Technical data: IP address, browser type, operating system, and server logs used to ensure security and prevent abuse.
5. Consent records: confirmations for image rights, parental permissions, and cookie preferences.

Article 3 – Purposes of Processing

1. Competition administration: to manage registrations, validate eligibility, communicate competition rules, and publish results.
2. Account management: to create, maintain, and secure participant accounts and teams.
3. Communication: to respond to questions, send official notices, and share event updates. Marketing communications are not performed.
4. Security and analytics: to maintain system integrity, detect technical issues, and generate anonymised usage statistics.
5. Legal compliance: to meet obligations under applicable education, data protection, or court regulations.

Article 4 – Legal Basis for Processing

1. Contractual necessity: for account and participation management.
2. Consent: for use of images, videos, and optional data disclosures. Consent may be withdrawn anytime.
3. Legitimate interest: for site protection and performance improvement.
4. Legal obligation: for compliance with regulatory or judicial requirements.

Article 5 – Data Recipients and Transfers

1. Technical provider: EssenByte Solutions (Romania) – responsible for server hosting, backups, and platform security. Bound by confidentiality and processing-only agreements.
2. Public authorities: data may be disclosed when legally required or requested by educational or judicial bodies.
3. International transfers: none are foreseen; all data is stored within the European Union.

Article 6 – Data Retention

1. Account data is stored for the duration of participation and up to three years after closure for legal documentation.
2. Competition submissions may be archived for up to five years for educational and historical record purposes.
3. Server logs and analytics data are stored for up to one year.
4. After expiry, data is securely deleted or anonymised.

Article 7 – Rights of the Data Subject

Under Articles 12–22 of the GDPR and Law 190/2018, you have the right to:

1. Access your personal data and obtain a copy.
2. Request correction of inaccurate or incomplete information.
3. Request deletion of data where processing is no longer justified.
4. Restrict or object to processing in certain cases.
5. Receive your data in a portable format.
6. Withdraw consent at any time.
7. Lodge a complaint with the Romanian Data Protection Authority (ANSPDCP).

All requests will be handled within one month, in accordance with Article 12 GDPR.

Article 8 – Security Measures

1. The Site uses encryption (HTTPS/TLS), server isolation, access logging, and routine vulnerability testing.
2. Any personal data breach will be reported to ANSPDCP within 72 hours, and to affected users when required.
3. Hosting infrastructure is regularly updated and monitored by EssenByte Solutions under strict data-handling limitations.

Article 9 – Cookies and Tracking Technologies

1. The Site uses only essential and analytical cookies. No marketing or profiling cookies are deployed.
2. Non-essential cookies are stored only with the user’s explicit consent, in accordance with Law 506/2004.
3. Details about specific cookies and management options are provided in the Cookie Policy.

Article 10 – Children’s Data

1. Accounts for individuals under 16 years require verified parental consent in compliance with Article 8 GDPR.
2. If consent is not provided or validated, the related account will be removed without delay.

Article 11 – Contact and Complaints

1. For privacy matters: privacy@essenbyte.com (Data Protection Contact).
2. For competition or educational matters: use the contact section of this Site.
3. Supervisory authority: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP), B-d Gheorghe Magheru 28–30, Sector 1, 010336, Bucharest, Romania.

Article 12 – Changes to this Policy

1. Any updates will be published here with a revised “Last updated” date.
2. Significant changes affecting participants’ rights will be notified through the Site or via email.