Privacy Policy

Last updated: 02.05.2026

CYBERSKILL SRL ("we", "the organizer") processes your personal data when you register for, attend, or interact with AI Minds 2026. This policy explains what we collect, how we use it, and your rights under the EU General Data Protection Regulation (GDPR).

1. Data controller

CYBERSKILL SRL. Contact: contact@theaiminds.ro.

2. Data we collect

You provide directly

  • Name, email, phone, country — for ticket issuance and event communication.
  • Job title, company, industry — for badge personalization and aggregated event analytics.
  • Billing details (company name, VAT, country, address) — only when an invoice is requested.
  • Newsletter preference — only if you explicitly opt in.

Collected automatically when you buy a ticket

  • IP address, user agent (browser/OS), HTTP referrer, browser language;
  • Approximate geolocation derived from IP: country, region, city, postal code, timezone, latitude/longitude (city-level precision), ISP/organization, AS number;
  • Timestamps of all attempts and successful purchases.

Generated by us during the event

  • Ticket scan logs: scan timestamp, scanner identity (admin or volunteer), scanner IP and user agent, result (valid / already used / void / invalid), check-in location.

Payment data

Card details are entered directly on Stripe Checkout and are never seen or stored by us. We retain only the Stripe identifiers (session ID, payment intent ID, last 4 digits, card brand) that we receive back from Stripe.

3. Why we use it (legal bases under GDPR Art. 6)

  • Performance of contract — issuing and validating your ticket, sending order confirmations and the QR code, processing refunds.
  • Legitimate interest — fraud prevention, security logs, IP geolocation enrichment for abuse detection and basic event analytics, scan audit trail to prevent ticket reuse.
  • Legal obligation — accounting, invoicing, tax records.
  • Consent — newsletter, marketing, optional sharing with sponsors. You can withdraw consent any time.

4. Who we share data with

  • Stripe Inc. — payments processor (data subject to Stripe's privacy policy).
  • Google (Workspace) — outgoing email delivery.
  • Hosting provider — server infrastructure inside the EU.
  • ip-api.com — receives the visitor IP for geolocation lookup; no other personal data is sent.
  • Tax authorities, our accountants and lawyers — only when required by law.

Sponsors and partners do not receive your contact data unless you explicitly opt in at the event.

5. Retention

  • Order, ticket and invoice records — 10 years (Romanian accounting law).
  • Scan logs and IP/geolocation data — 12 months after the event, then deleted or anonymized.
  • Newsletter contacts — until you unsubscribe.

6. Your rights

Under GDPR you can access, rectify, erase, port, restrict, or object to the processing of your data. You can also lodge a complaint with the Romanian data protection authority (ANSPDCP, dataprotection.ro). Write to contact@theaiminds.ro and we'll respond within 30 days.

7. Cookies

We use only strictly necessary cookies (session, CSRF). No third-party tracking or advertising cookies are set without your consent.

8. Security

Data is transmitted over HTTPS. Database access is restricted to authorized personnel. Tickets are validated against a one-time check-in flag to prevent reuse.

9. Changes

We may update this policy. Material changes will be communicated by email to ticket holders.