Back to m8 hub

Legal

Privacy and Data Protection

Last updated: 14 May 2026

This Privacy & Data Protection Policy explains how ARYA LINK S.R.L., trading as m8 hub, collects, uses, stores, and protects personal data in connection with the website m8hub.ro, bookings, venue services, events, communications, and related business activities.

1. Controller and contact

The data controller is:

ARYA LINK S.R.L.Trading as: m8 hubRegistered office: Strada Mărgăritarelor 8, 020564 București, RomaniaCUI: 54271394Trade Register no.: J2026017750004VAT status: neplătitor de TVA / not registered for VATEmail: contact@m8hub.ro

No Data Protection Officer has been appointed. Privacy requests can be sent to contact@m8hub.ro.

2. Personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

2.1 Identity and contact data

  • Name;
  • Company name;
  • Job title;
  • Email address;
  • Phone number;
  • Billing details;
  • Address;
  • CUI or other company identification details, where applicable.

2.2 Booking and event data

  • Booking date and time;
  • Event type;
  • Number of participants;
  • Requested services;
  • Venue setup preferences;
  • Catering preferences;
  • Special requirements;
  • Communication history;
  • Guest or participant information, if provided.

2.3 Payment and transaction data

  • Payment status;
  • Amount paid;
  • Invoice details;
  • Transaction references;
  • Payment method.

Card data is processed by payment processors such as NETOPIA Payments, where applicable. m8 hub does not store full card details on its own servers.

2.4 Website and technical data

  • IP address;
  • Browser type;
  • Device information;
  • Pages visited;
  • Cookies and analytics data;
  • Website usage data;
  • Security logs.

2.5 Marketing and communication data

  • Newsletter preferences;
  • Event invitations;
  • Consent records;
  • Responses to campaigns or forms.

2.6 Media data

Where applicable and with appropriate consent or lawful basis:

  • Photos;
  • Video recordings;
  • Audio recordings;
  • Testimonials;
  • Event images.

3. Purposes and legal bases of processing

We process personal data for the following purposes:

  • Handling booking requests and venue reservations — contract performance or steps before entering into a contract;
  • Providing venue, event, hospitality, and logistics services — contract performance;
  • Payment processing and invoicing — contract performance and legal obligation;
  • Accounting and tax records — legal obligation;
  • Customer support and operational communication — contract performance and legitimate interest;
  • Website security and fraud prevention — legitimate interest;
  • Improving services and website functionality — legitimate interest;
  • Sending marketing emails or event invitations — consent or legitimate interest, where permitted;
  • Using photos, videos, or testimonials for marketing — consent, where required;
  • Handling legal claims or disputes — legitimate interest and legal obligation.

4. Recipients and processors

We may share personal data with trusted recipients and processors, including:

  • Payment processors, including NETOPIA Payments where applicable;
  • Website hosting providers;
  • Email service providers;
  • Booking, CRM, analytics, and form tools;
  • Accounting and invoicing service providers;
  • Catering or event vendors, where required for service delivery;
  • IT, security, and technical support providers;
  • Legal, accounting, or professional advisors;
  • Public authorities, courts, or regulators where required by law.

We do not sell personal data.

5. Transfers outside the EEA

Some service providers may process data outside the European Economic Area.

Where this happens, we aim to ensure appropriate safeguards are in place, such as Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms under GDPR.

6. Retention periods

We keep personal data only as long as necessary for the purposes described in this Policy.

Typical retention periods include:

  • Booking and communication data: for the duration needed to provide the service and handle follow-up, claims, or disputes;
  • Accounting and invoice records: according to Romanian legal and tax requirements;
  • Marketing data: until consent is withdrawn or the data is no longer necessary;
  • Website analytics data: according to cookie settings and analytics tool retention periods;
  • Security logs: for a limited period necessary for security and fraud prevention.

Where a longer retention period is required by law or necessary for legal claims, we may retain the relevant data for that period.

7. Your rights

Under GDPR, you may have the following rights:

  • Right of access;
  • Right to rectification;
  • Right to erasure;
  • Right to restriction of processing;
  • Right to data portability;
  • Right to object;
  • Right to withdraw consent where processing is based on consent;
  • Right to lodge a complaint with a supervisory authority.

To exercise your rights, contact:

contact@m8hub.ro

We may need to verify your identity before responding.

8. Cookies

m8hub.ro may use cookies and similar technologies, including:

  • Essential cookies required for website functionality;
  • Analytics cookies;
  • Marketing or remarketing cookies;
  • Preference cookies.

Where required by law, non-essential cookies will only be used with your consent through a cookie banner or consent management tool.

You can manage cookies through the website banner, browser settings, or other available controls.

9. Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

These may include:

  • HTTPS/TLS encryption;
  • Access controls;
  • Secure payment processing;
  • Limited access to personal data;
  • Backups and security monitoring;
  • Use of reputable service providers.

No online system is completely secure, but we take data protection seriously and aim to reduce risk appropriately.

10. Minors

m8 hub is primarily intended for adults, companies, professionals, and business users.

If a booking or event involves minors, the client is responsible for obtaining all required parental, guardian, school, or organizational permissions and for supervising minors appropriately.

11. Photos, video, and media at events

For private events, the client is responsible for informing participants if photography, video, audio recording, or livestreaming will take place.

m8 hub will not use identifiable photos or videos of clients or guests for public marketing without appropriate consent or another valid legal basis.

12. Changes to this Policy

We may update this Privacy Policy from time to time.

The latest version will be published on m8hub.ro with the “Last updated” date.

13. Contact and supervisory authority

For privacy questions or requests:

ARYA LINK S.R.L. / m8 hubStrada Mărgăritarelor 8, 020564 București, RomaniaCUI: 54271394Trade Register no.: J2026017750004Email: contact@m8hub.ro

You may also lodge a complaint with the Romanian data protection authority:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal — ANSPDCP

Current contact details are available on the ANSPDCP website.