Privacy Policy

This Privacy Policy describes how STRINGTECH CLOUD SRL (“we”, “us”) processes personal data when you use https://bucharestparty.com/ (“Bucharest Party”, the “Site”). It applies together with our Terms and Conditions and Cookie Policy.

We operate in Romania. Processing is carried out in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Romanian law, including where relevant Law no. 190/2018 implementing GDPR.

1. Data controller

STRINGTECH CLOUD SRL (Romania), VAT / fiscal identifier as shown on invoices and in the site footer. For privacy requests, use our Contact page.

2. What personal data we process

For general browsing of the Site we do not aim to build advertising profiles and we do not require an account. We process limited technical data typical of any website (for example through infrastructure and security providers such as Cloudflare), as described in our Cookie Policy.

Website usage statistics (Umami). We do not use first-party cookies on the Site for traffic or marketing analytics. To understand how the Site is used in the aggregate (for example which pages are viewed and at what rough volume), we use Umami (Umami Cloud), operated by Umami Software, Inc. According to Umami’s documentation, their tracking script does not use cookies. Umami still receives limited technical information from your browser when a page loads (such as the URL visited, referrer, and general browser/device characteristics). Umami describes minimising identifiers (for example hashing of IP addresses and not storing raw IP) in its privacy policy; we do not receive a list of identified individuals from this tool — we see aggregated statistics suitable for operating and improving the Site. If you block the Umami script in your browser, those statistics may not record your visit.

When you purchase tickets, we process the data needed to complete the order, validate tickets, comply with tax and accounting rules, and communicate about your purchase. That typically includes: email address, name, phone number if collected at checkout, billing address details as collected at checkout, order and ticket details (event, ticket type, quantity, price), and payment references (for example Stripe session or payment identifiers). Exact fields depend on what you enter and what our payment checkout collects.

3. Purposes and legal bases (GDPR)

  • Contract (Art. 6(1)(b) GDPR): selling and delivering tickets, order confirmation, support related to your order.
  • Legal obligation (Art. 6(1)(c) GDPR): invoicing, accounting, and tax retention where applicable.
  • Legitimate interests (Art. 6(1)(f) GDPR): fraud prevention, security, dispute handling, improving the reliability of the service, and understanding aggregate traffic to the Site via Umami (where not overridden by your rights and where we consider processing proportionate).

4. Recipients: Umami, Stripe, Brevo, and event organisers

We use service providers that process personal data on our behalf under appropriate agreements (processors under GDPR), including:

  • Umami Software, Inc. (Umami Cloud) — hosting and processing of the limited technical data described above for aggregated website statistics. Processing is governed by Umami’s terms and privacy documentation; we configure the Site to load Umami’s script from their infrastructure.
  • Stripe — payment processing. Checkout is hosted by Stripe; payment card and related payment data are handled by Stripe under its own terms and privacy policy. We receive order and customer details needed to fulfil tickets (for example email, name, phone, billing address as provided in checkout).
  • Brevo (Sendinblue) — sending transactional emails (for example purchase confirmation and ticket delivery by email). Data sent to Brevo is limited to what is needed for that email (such as recipient address, name where applicable, and content related to your order).

Event organisers: when you buy tickets to an event, we share the buyer and ticket information the organiser reasonably needs to operate the event and validate admission (for example identity of the purchaser, ticket codes or equivalent, and related order details). Each organiser is responsible for their own use of that data and should inform you where required by law.

5. Transfers outside the EEA

Umami, Stripe, and Brevo may process data in the European Economic Area and/or other regions (including the United States). Where data is transferred outside the EEA, we rely on mechanisms recognised under GDPR (for example Standard Contractual Clauses or adequacy decisions), as reflected in those providers’ documentation.

6. Retention

We keep order and ticket data for as long as necessary to provide the service, handle claims, and meet legal retention periods (including accounting and tax). After that, data is deleted or anonymised where possible. Aggregate statistics from Umami are retained according to Umami’s documentation and our operational needs.

7. Your rights

Under GDPR you may have the right to: access, rectification, erasure, restriction of processing, objection where based on legitimate interests, data portability (where applicable), and to withdraw consent where processing was based on consent. You may also lodge a complaint with a supervisory authority. In Romania the supervisory authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP).

To exercise your rights, contact us via the Contact page. We may need to verify your identity before responding.

8. Updates

We may update this Privacy Policy from time to time. The “last updated” indication is the publication date on the Site; material changes will be communicated where appropriate.

Last updated: May 2026

We use essential infrastructure (for example Cloudflare; it may set security-related cookies). We use Umami for aggregate traffic statistics; per Umami’s documentation, their tracking script does not use cookies. Stripe may set cookies when you pay on their pages. We do not load third-party advertising cookies on this site. Learn more