Privacy Policy

LAST UPDATED: JUN 2026

1. Who We Are

2. What Personal Data We Collect

3. How We Collect Personal Data

4. Why We Use Your Personal Data

5. Legal Bases for Processing Personal Data

6. Cookies and Similar Technologies

7. Marketing Communications

8. Photos, Videos and Event Media

9. Minors

10. Who We Share Personal Data With

11. International Data Transfers

12. How Long We Keep Personal Data

13. How We Protect Personal Data

14. Your Rights Under GDPR

15. Right to Lodge a Complaint

16. Third-Party Websites and Social Media

17. Social Media Interactions

18. Forms and Access Requests

19. Legal and Safety Disclosures

20. Changes to This Privacy Policy

21. Contact

This Privacy Policy explains how OFFLIMITS (“OFFLIMITS”, “we”, “us”, or “our”) collects, uses, stores and protects personal data when you visit our website, submit a form, request access to an experience, contact us, or interact with our projects, including Project X Bucharest.


OFFLIMITS is an event concept brand based in Bucharest, Romania, creating event experiences built around music, atmosphere, access and social energy.


This Privacy Policy is intended to provide clear information about how we process personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

1.Who We Are

he website is operated by:

OFFLIMITS
Country: Romania
Email: contact@offlimits.ro
Website: https://offlimits.ro


For the purposes of GDPR, OFFLIMITS may act as a data controller when we decide why and how personal data is processed, for example when we collect contact form submissions, access requests, collaboration inquiries or website analytics data.


If you have any questions about this Privacy Policy or how we process your personal data, you can contact us at:


Email: contact@offlimits.ro

2.What Personal Data We Collect

We may collect the following categories of personal data, depending on how you interact with our website and services.

2.1 Contact and Identity Data

When you submit a contact form, request access, join a list, or contact us directly, we may collect:

  • Name

  • Email address

  • Phone number, if provided

  • Instagram, TikTok or other social media handle, if provided

  • Company or brand name, if you contact us for collaboration

  • Message content submitted through the form

  • Any other information you voluntarily provide

2.2 Access Request Data

If you request access to an OFFLIMITS experience or Project X Bucharest, we may collect:

  • Name

  • Email address

  • Phone number, if provided

  • Social media handle, if provided

  • Requested access type, such as General Access, VIP Access or Partner Access

  • Guest list or waiting list status

  • Communication history related to access

  • Any information required to manage safe and controlled event access

2.3 Collaboration and Commercial Inquiry Data

If you contact us as a brand, partner, sponsor, creator, supplier, venue, service provider or collaborator, we may collect:

  • Name

  • Company or brand name

  • Business email

  • Phone number

  • Role or position

  • Website or social media links

  • Proposal details

  • Commercial preferences or collaboration requirements

  • Communication history

2.4 Website Usage Data

When you visit our website, we may automatically collect limited technical and usage information, such as:

  • IP address

  • Browser type and version

  • Device type

  • Operating system

  • Pages visited

  • Time spent on pages

  • Referral source

  • Approximate location based on IP address

  • Interaction with buttons, links or forms

  • Cookie and analytics identifiers, where applicable

2.5 Event-Related Data

If you attend or interact with an OFFLIMITS event in the future, we may collect or process:

  • Access confirmation

  • Ticket or access status

  • Wristband or QR validation data

  • Guest list information

  • Entry time or access validation records

  • Communication regarding the event

  • Safety or incident-related information, where necessary

  • Photo or video content captured at the event, subject to applicable law and event notices

2.6 Payment Data

If paid tickets, paid access, deposits, reservations or commercial services become available, payment may be processed through third-party payment providers.

OFFLIMITS does not intend to store full payment card details directly on its website. Payment providers may process:

  • Payment method details

  • Transaction ID

  • Billing details

  • Payment status

  • Refund status

  • Fraud prevention information

The payment provider’s own privacy policy will also apply.

3.How We Collect Personal Data

We collect personal data in the following ways:

  • When you fill out a contact form

  • When you request access or join a waiting list

  • When you contact us by email, social media or messaging platforms

  • When you interact with our website

  • When you communicate with us about collaborations or partnerships

  • When you attend or participate in an OFFLIMITS experience

  • Through cookies, analytics tools and similar technologies, where applicable

  • From third-party service providers that support our website, forms, analytics, communications or event operations

We do not intentionally collect personal data from you unless there is a relevant purpose for doing so.

4.Why We Use Your Personal Data

We may use personal data for the following purposes.

4.1 To Respond to Inquiries

We use contact data to reply to messages, answer questions and communicate with people who contact OFFLIMITS.

4.2 To Manage Access Requests

We may use personal data to manage access requests, waiting lists, guest lists, VIP requests, partner access and event-related communications.

4.3 To Operate OFFLIMITS Projects

We may use personal data to plan, organize and manage OFFLIMITS experiences, including Project X Bucharest and future projects.

4.4 To Communicate Updates

We may send updates about access status, event details, project announcements, changes, safety information or collaboration opportunities.

Where required by law, marketing communications will only be sent with your consent or where otherwise permitted.

4.5 To Manage Commercial Collaborations

We use business contact data to evaluate sponsorship, brand activation, venue, supplier, creator, service provider and commercial collaboration opportunities.

4.6 To Improve the Website

We may use analytics and technical data to understand how visitors use the website, improve design, fix issues, measure campaign performance and improve user experience.

4.7 To Ensure Safety and Security

We may process data where necessary to protect guests, staff, venues, property, event operations, website security and legal interests.

4.8 To Comply With Legal Obligations

We may process personal data where required for accounting, tax, legal, regulatory, security or compliance reasons.

4.9 To Protect Our Rights

We may process personal data where necessary to prevent fraud, handle disputes, enforce terms, protect intellectual property or defend legal claims.

5.Legal Bases for Processing Personal Data

Under GDPR, we must have a legal basis for processing personal data. Depending on the situation, we may rely on one or more of the following legal bases:

5.1 Consent

We may rely on your consent when:

  • You subscribe to updates or marketing communications

  • You accept non-essential cookies

  • You agree to receive promotional communications

  • You voluntarily submit certain optional information

You can withdraw your consent at any time.

5.2 Performance of a Contract or Pre-Contractual Steps

We may process data when necessary to provide information, manage access requests, process event participation, handle paid access, or take steps before entering into a contract.

5.3 Legitimate Interests

We may process data based on our legitimate interests, such as:

  • Responding to inquiries

  • Managing access and guest flow

  • Improving the website

  • Protecting our brand and operations

  • Communicating with business contacts

  • Preventing misuse or fraud

  • Managing event safety and security

When relying on legitimate interests, we consider whether your rights and freedoms override our interests.

5.4 Legal Obligation

We may process personal data where required by law, including tax, accounting, consumer protection, regulatory, legal or security obligations.

5.5 Vital Interests

In rare cases, we may process personal data if necessary to protect someone’s life, health or physical safety during an event or emergency.

6.Cookies and Similar Technologies

Our website may use cookies and similar technologies to make the website work, improve performance, analyze traffic and measure campaigns.

Cookies are small text files stored on your device when visiting a website. The Romanian data protection authority provides information about cookies and their role in website operation and data protection.  

We may use the following types of cookies:

6.1 Essential Cookies

These cookies are necessary for the website to function properly, such as page loading, security and form functionality.

6.2 Analytics Cookies

These cookies help us understand website traffic and user behavior, such as page visits and interactions.

6.3 Marketing Cookies

These cookies may help us measure advertising campaigns or show relevant content on platforms such as Meta, TikTok or Google, if used.

6.4 Preference Cookies

These cookies may remember choices such as language or interface preferences.

Where required, we will ask for consent before using non-essential cookies. You can manage cookie preferences through the cookie banner or your browser settings.

For more details, please read our Cookie Policy.

7.Marketing Communications

If you sign up for updates, join a list, request access or contact us, we may send you relevant communications about OFFLIMITS, Project X Bucharest, access opportunities, upcoming experiences or commercial collaborations.

We will only send marketing communications where we have a valid legal basis, such as your consent or another lawful basis under applicable law.

You can unsubscribe or opt out of marketing communications at any time by:

  • Clicking an unsubscribe link, where available

  • Contacting us at contact@offlimits.ro

  • Replying to the message, where applicable

Operational or transactional messages, such as access confirmations, event updates, safety notices or direct replies to your inquiries, may still be sent where necessary.

8.Photos, Videos and Event Media

OFFLIMITS experiences may include photography, videography or content capture for documentation, promotion, social media, safety or brand communication purposes.

Where media is captured at events, we may use:

  • Wide crowd shots

  • Atmosphere shots

  • Event recap content

  • Social media content

  • Promotional images or videos

  • Behind-the-scenes content

We will aim to provide appropriate notice at events where photography or videography takes place.

If you are clearly identifiable in a photo or video and have concerns about how it is used, you may contact us at contact@offlimits.ro We will review reasonable requests in accordance with applicable law.

For specific shoots, interviews, influencer content, promotional campaigns or close-up identifiable content, we may request additional consent or release forms where appropriate.

9.Minors

OFFLIMITS is not intended for children.


If an OFFLIMITS event or experience has an age restriction, such as 18+, this will be communicated through official channels.


We do not knowingly collect personal data from children under the age required by applicable law without appropriate authorization. If we become aware that we have collected personal data from a child without a valid legal basis, we will take steps to delete it.


If you believe a minor has submitted personal data to us, please contact us at contact@offlimits.ro

10.Who We Share Personal Data With

We may share personal data only where necessary and appropriate.

Possible recipients include:

10.1 Website and Hosting Providers

For website hosting, form handling, performance, security and maintenance.

10.2 Email and Communication Providers

For sending and receiving messages, access updates, collaboration replies and newsletters.

10.3 Analytics and Marketing Providers

For website analytics, campaign measurement and advertising performance, where applicable and subject to cookie consent where required.

10.4 Payment Providers

If paid access, tickets or commercial services are available, payment providers may process payment-related data.

10.5 Event Service Providers

Where necessary, we may share limited data with service providers involved in event operations, such as:

  • Access control providers

  • Ticketing or QR validation providers

  • Security teams

  • Venue operators

  • Guest list managers

  • Event staff

  • Technical providers

10.6 Professional Advisers

We may share data with accountants, lawyers, insurers or consultants where necessary.

10.7 Authorities or Legal Recipients

We may share data where required by law, court order, regulatory request, police request, tax authority request or to protect rights, safety and security.

We do not sell personal data.

11.International Data Transfers

Some service providers may process personal data outside Romania or the European Economic Area.

Where personal data is transferred outside the EEA, we will aim to ensure appropriate safeguards are used, such as:

  • Adequacy decisions

  • Standard Contractual Clauses

  • Contractual safeguards

  • Security measures required by applicable law

Some third-party platforms, such as analytics, email, advertising, hosting, payment or social media tools, may process data in other countries according to their own privacy terms.

12.How Long We Keep Personal Data

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy.

Retention periods may vary depending on the type of data and purpose.

12.1 Contact Form Data

We may keep contact inquiries for up to 24 months after the last communication, unless a longer period is needed for legal, commercial or dispute-related reasons.

12.2 Access Request Data

We may keep access request and guest list data for up to 24 months after the relevant event or project, unless needed for legal, security, accounting or dispute purposes.

12.3 Collaboration Data

We may keep business and collaboration inquiries for up to 36 months after the last communication, unless a longer period is justified by ongoing discussions or legal requirements.

12.4 Payment and Accounting Data

Payment, invoice and accounting records may be kept for the period required by applicable tax and accounting laws.

12.5 Website Analytics Data

Analytics data may be kept according to the settings of the analytics provider and our internal needs.

12.6 Event Safety or Incident Data

Where data relates to safety, security, incidents, disputes or legal claims, we may keep it for as long as necessary to investigate, resolve or defend the matter.

When data is no longer needed, we will delete it, anonymize it or securely archive it where appropriate.

13.How We Protect Personal Data

We take reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration or disclosure.

These measures may include:

  • Access controls

  • Secure hosting and service providers

  • Password-protected systems

  • Limited access to personal data

  • Use of reputable third-party platforms

  • Internal data handling practices

  • Security monitoring where applicable

However, no website, online system or electronic communication method is completely secure. We cannot guarantee absolute security, but we work to reduce risks and protect personal data responsibly.

14.Your Rights Under GDPR

If GDPR applies to your personal data, you may have the following rights:

14.1 Right of Access

You may request confirmation of whether we process your personal data and request a copy of that data.

14.2 Right to Rectification

You may request correction of inaccurate or incomplete personal data.

14.3 Right to Erasure

You may request deletion of your personal data in certain circumstances.

14.4 Right to Restrict Processing

You may request that we restrict processing of your personal data in certain circumstances.

14.5 Right to Data Portability

You may request to receive certain personal data in a structured, commonly used and machine-readable format.

14.6 Right to Object

You may object to processing based on legitimate interests or direct marketing.

14.7 Right to Withdraw Consent

Where we rely on consent, you may withdraw your consent at any time.

14.8 Right Not to Be Subject to Automated Decisions

You may have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

The European Commission explains that individuals have rights to access personal data and receive information about how it is processed under EU data protection rules.  

To exercise your rights, contact us at:

Email: contact@offlimits.ro

We may need to verify your identity before responding. We will respond within the time required by applicable law.

15.Right to Lodge a Complaint

If you believe your personal data has been processed unlawfully or your rights have not been respected, you have the right to lodge a complaint with a data protection authority.


In Romania, the supervisory authority is:


Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
National Supervisory Authority for Personal Data Processing
Website: dataprotection.ro


The Romanian supervisory authority is responsible for personal data protection matters in Romania.  


We encourage you to contact us first so we can try to resolve your concern.

16.Third-Party Websites and Social Media

Our website may include links to third-party websites, platforms or social media pages, such as Instagram, TikTok, payment providers, ticketing platforms or partner websites.


We are not responsible for the privacy practices, content or security of third-party websites or platforms. When you use third-party services, their own privacy policies apply.

17.Social Media Interactions

If you interact with OFFLIMITS through social media platforms, such as Instagram, TikTok or other platforms, those platforms may process your personal data according to their own privacy policies.


We may process messages, comments, account names, public interactions or inquiry details you send to us through social media, only for purposes such as communication, access inquiries, collaboration or support.

18.Forms and Access Requests

Submitting a form does not automatically guarantee access to an OFFLIMITS experience, Project X Bucharest, VIP entry, collaboration approval or partnership.


We may review requests manually and may decide whether to respond, approve, reject, prioritize or request additional information.


If access, tickets or participation become subject to separate Terms & Conditions, those terms will apply in addition to this Privacy Policy.

19.Legal and Safety Disclosures

We may process or disclose personal data if necessary to:

  • Comply with law

  • Respond to lawful requests from authorities

  • Protect guests, staff, venues or the public

  • Prevent fraud or abuse

  • Enforce our terms

  • Protect OFFLIMITS rights and property

  • Investigate security or safety incidents

  • Defend legal claims

20.Changes to This Privacy Policy

We may update this Privacy Policy from time to time.


When we make changes, we will update the “Last updated” date at the top of this page. If changes are significant, we may provide additional notice where appropriate.


We encourage visitors to review this Privacy Policy regularly.

21.Contact

For questions, privacy requests or concerns, contact us at:


OFFLIMITS
Email: contact@offlimits.ro
Website: offlimits.ro

‹ Cookie Policy