astronaut
Effective Date: May 14, 2021

Data Privacy

For visitors to https://remred.space

The Data Controller shall pay particular attention to the processing, storage and use of personal data in its system in accordance with the provisions of Regulation (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("Regulation").

In connection with the processing of data, the Data Controller hereby informs the visitors of the website (hereinafter referred to as the User) about the personal data processed by the Data Controller, the principles and practices followed in the processing of personal data, as well as the ways and means of exercising the User's rights.

The User shall have the right to withdraw his/her consent to the processing, in whole or in part, or to request the deletion of his/her data by written notice to the Data Controller, as specified in the information notice.

NAME OF DATA CONTROLLER

The data is processed by REMRED Kft.

Data Controller data

Name: REMRED Kft.
Registered office: 1121 Budapest, Konkoly-Thege Miklós street 29-33.
Company registration number: Cg. 01-09-277402
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: https://remred.space/

Laws on which the processing is based

  • Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as the "Infotv.")
  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) (the "Regulation"),
  • Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities.

I. DATA PROCESSING CASES

1. Personal data logged by the system

IP address - The identification number assigned by the ISP to the User's device when logging in to the system. It is processed by the Data Controller to ensure the IT security of the system.
Type of browser - Send html code according to the browser type.

Legal basis for processing: voluntary consent of the User pursuant to Article 6(1)(a) of the Regulation.

Possible consequences of not providing data: inaccuracy of analytical measurements, loss of user experience.

Duration of data processing: the system will store the data indicated here for 6 months from the date of their creation, after which they will be automatically deleted.

2. Cookie management

  • Type of cookie and it's name:
    • Persistent cookie
  • Scope of data processed:
    • Site visit recording
  • Purpose of data processing:
    • To provide a better user experience (e.g. providing optimised navigation, relevant advertising).
  • Time of data processing:
    • They are stored longer in the browser cookie file
      cookie file. The duration of this period depends on whether the User has used the Internet browser.

Legal basis for processing: the legal basis for processing is the voluntary consent of the User pursuant to Article 6(1)(a) of the Regulation.

Data source: recorded directly from the User.

Possible consequences of not providing data: inaccuracy of analytical measurements, lack of relevant targeted advertising.

3. Delete cookies

The User have the right to delete the cookie from your computer or disable the use of cookies in your browser. The management of cookies is usually possible in the Tools/Preferences menu of browsers under Privacy/Preferences/Custom Settings, under the menu item Cookie, Cookie or Tracking.

If the User would like to find out more about the cookies your browser uses, please visit one of the following websites, which are appropriate for your browser:

Google Chrome (https://support.google.com/chrome/answer/95647?hl=hu)
Mozilla Firefox (https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amitweboldak-haszn )
Windows Internet Explorer (https://support.microsoft.com/hu-hu/help/260971/description-ofcookies)
Safari (https://support.apple.com/hu-hu/guide/safari/manage-cookies-and-website-datasfri11471/mac)

Possible consequences of non-delivery of data: incomplete use of the services of the Website, inaccuracy of analytical measurements.

II. ACCESS TO DATA AND DATA SECURITY MEASURES, DATA PORTABILITY

1. Access to data, data transmission

Personal data may be accessed by employees of the Data Controller and the Data Processor of the Data Controller for the performance of their tasks.

The Data Controller shall only transfer personal data processed by it to other bodies or public authorities in the manner and for the purposes specified by law.

The Data Controller informs the User that the court, the prosecutor, the investigative authority, the law enforcement authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, or other bodies authorized by law may contact the Data Controller to provide information, to disclose or transfer data, or to provide documents.

The Data Controller shall disclose to the public authorities, where the public authority has indicated the precise purpose and scope of the data, only such personal data as are strictly necessary for the purpose of the request and to the extent strictly necessary for the purpose of the request.

2. Data security measures

The Data Controller shall take all reasonable steps to ensure the security of the data and shall ensure an adequate level of protection, in particular against unauthorised access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction or accidental damage. The Data Controller shall ensure the security of the data by appropriate technical and organisational measures.


The Data Controller selects and operates the IT tools used to process personal data in the course of providing the service in such a way that the processed data:

  • accessible to authorised persons (availability);
  • its authenticity and authenticity are assured (authenticity of processing);
  • its integrity can be verified (data integrity);
  • protected against unauthorised access (data confidentiality).

During the processing, the Data Controller shall keep:

  • confidentiality: it protects the information so that only those who are entitled to access it have access to it;
  • integrity: to protect the accuracy and integrity of the information and the processing method;
  • availability: it ensures that when the authorised user needs it, he has effective access to the information and the means to obtain it.

III. RIGHTS OF THE USER

1. Information and access to personal data

The User may request information from the Data Controller in writing via the contact details provided above, so that the Data Controller can inform:

  • what personal data,
  • on what legal basis,
  • for what purpose,
  • from what source,
  • for what purpose, for what purpose, for what purpose, for what purpose and for how long it is processed,

To whom, when, on the basis of which law, to which personal data, to whom the controller has given access or to whom the controller has transferred the personal data.

The Data Controller will provide the information to the User in a commonly used electronic format, unless the User requests it in writing on paper. The Data Controller shall not provide oral information over the telephone.

The Data Controller will provide the User with a copy of the personal data (in person at the Customer Service) for the first time free of charge. For additional copies requested by the Controller, the Controller may charge a reasonable fee based on administrative costs. If the Controller requests a copy by electronic means, the information shall be provided to the Controller by e-mail in a commonly used electronic format.

Following the information, if the User does not agree with the data processing or the accuracy of the data processed, the User may request the rectification, supplementation, erasure or restriction of the processing of personal data concerning the User, as specified in point III, or object to the processing of such personal data, or initiate the procedure specified in point IV.

2. Right to rectification and integration of personal data processed

At the User's written request, the Data Controller shall, without undue delay, correct inaccurate personal data provided by the User in writing or in person at one of the Data Controller's shops, or complete the incomplete data with the content indicated by the User. The Controller shall inform each recipient to whom it has disclosed the personal data of the rectification or completion, unless this proves impossible or involves a disproportionate effort. The User shall inform such recipients of the data if they so request in writing.

3. Right to restriction of processing

  • The User may, by written request, ask the Data Controller to restrict the processing of his or her data if the
  • If the User contests the accuracy of the personal data, the limitation applies for the period of time that allows the Controller to verify the accuracy of the personal data,
  • the processing is unlawful, and the User opposes the erasure of the data and requests instead the restriction of their use,
  • The Controller no longer needs the personal data for the purposes of processing, but the
  • The User requires it for the establishment, exercise or defence of legal claims,
  • The User objects to the processing: in this case, the restriction applies for the period until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the User.

Personal data of the User may be processed, except for storage, only with the consent of the User or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State during this period. The Data Controller shall inform the User, at whose request it has restricted processing, in advance of the lifting of the restriction of processing.

4. Right to erasure (right to be forgotten)

The Data Controller shall pay particular attention to the processing, storage and use of personal data in its system in accordance with the provisions of Regulation (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("Regulation").

In connection with the processing of data, the Data Controller hereby informs the visitors of the website (hereinafter referred to as the User) about the personal data processed by the Data Controller, the principles and practices followed in the processing of personal data, as well as the ways and means of exercising the User's rights.

The User shall have the right to withdraw his/her consent to the processing, in whole or in part, or to request the deletion of his/her data by written notice to the Data Controller, as specified in the information notice.

5. Right to data portability

If the processing is necessary for the performance of a contract, or if the processing is based on the User's voluntary consent, the User has the right to request to receive the data provided by the User to the Controller in a machine-readable form. If technically feasible, he or she may request that the data be transferred to another controller. In all cases, the right is limited to the data transmitted by the User, no other data may be transferred. (e.g. statistics, etc.)

The User provides the personal data concerning the User that are stored in the Data Controller's system (e.g. when subscribing to a newsletter):

  • in a structured, commonly used, machine-readable format,
  • the User is entitled to transmit it to another controller,
  • request the direct transfer of the data to another controller - if technically feasible in the controller's system.

The Data Controller will only grant a request for data portability on the basis of a written request sent by email or post. In order to grant the request, the Data Controller must ensure that the User who is entitled to exercise the right is the one who intends to exercise it. The User may request the portability of the data that he/she has provided to the Data Controller. Exercising this right does not automatically entail the deletion of the data from the Controller's systems, and therefore the User will be recorded in the Controller's systems after exercising this right, unless he/she also requests the deletion of his/her data.

6. Objection to the processing of personal data

The User may object to the processing of his or her personal data by means of a statement addressed to the Data Controller if the legal basis for the processing is

  • Article 6 of the GDPR. (1)(e) of the GDPR, or
  • a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.

In case of exercising the right to object, the Data Controller may no longer process the personal data, unless it proves that the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the User or are related to the establishment, exercise or defence of legal claims. The Data Controller shall decide whether the processing is justified by compelling legitimate grounds. It shall inform the User of its position in this regard in an opinion.

The User may also object in writing (by e-mail or post) or, in the case of a newsletter, by clicking on the unsubscribe link in the newsletter. 

7. Enforcement by others of the rights of the deceased affected User

Within five years after the death of the User concerned, the rights of the deceased during his/her lifetime, such as the right of access, rectification, erasure, restriction of processing, data portability and objection, may be exercised by the person authorised by the deceased by means of an administrative order or a declaration in a public or private document of full probative value made to the Data Controller. If the deceased has made more than one such declaration to the Controller, the person named in the declaration made at a later date may assert those rights.

If the deceased did not make such a declaration, the rights to which the deceased was entitled during his or her lifetime and set out in the previous paragraph may be exercised by the close relative of the person concerned within five years of the death of the person concerned (in the case of more than one close relative, the first to exercise the rights shall be the closest relative).

  • A close relative is defined in the Civil Code as. 8:1 (1) 1) of the Civil Code, a spouse, a relative in the direct line of relationship, an adopted, step- or foster child, an adoptive, step- or foster parent and a brother or sister. The close relative of the deceased must provide proof:
  • the fact and date of the death of the deceased person concerned by means of a death certificate or a court order, and
  • certify his or her identity and, where necessary, that of his or her next of kin, by means of a public document.

The person asserting the rights of the deceased - in particular in proceedings against the Data Controller and before the National Authority for Data Protection and Freedom of Information and the courts - shall be entitled to the rights and shall be subject to the obligations to which the deceased was entitled during his or her lifetime in accordance with the Data Protection Act and the Regulation.

The controller shall, upon written request, inform the next of kin of the action taken, unless the deceased has expressly prohibited this in a statement.

8. Deadline for fulfilling the request

The Data Controller shall inform the User of the measures taken without undue delay, but in any event within one month of receipt of the request. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months, but in that case the Data Controller shall inform the User within one month of receipt of the request, stating the reasons for the delay, and that the User may lodge a complaint with the supervisory authority and exercise his/her right to judicial remedy.

If the User's request is manifestly unfounded or excessive (in particular in view of its repetitive nature), the Data Controller may charge a reasonable fee for complying with the request or refuse to act on the basis of the request. The burden of proof shall be on the Data.

If the User has submitted the request by electronic means, the Data Controller shall provide the information by electronic means, unless the User requests otherwise.

The Data Controller shall inform each recipient to whom or with which the personal data have been disclosed of any rectification, erasure or restriction of processing that it has carried out, unless this proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the User of these recipients.

9. Damages and restitution

Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of the Regulation shall be entitled to compensation from the Data Controller or the processor for the damage suffered. A processor shall be liable for damage caused by processing only if it has failed to comply with the obligations expressly imposed on processors by law or if it has disregarded or acted contrary to lawful instructions from the Controller. The Controller or the processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.

IV. ENFORCEMENT OPTIONS

The User exercise your rights by sending a written request by e-mail or post.

The User's rights cannot be enforced if the Data Controller proves that it is not in a position to identify the User. If the User's request is manifestly unfounded or excessive (in particular in view of its repetitive nature), the Data Controller may charge a reasonable fee for complying with the request or refuse to act. The burden of proof shall be on the Data Controller. If the Data Controller has doubts about the identity of the natural person making the request, it may request additional information necessary to confirm the identity of the applicant.

User pursuant to the Info.tv., the Regulation and the Civil Code (Act V of 2013)

  • National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa street 9-11.; www.naih.hu) or
  • Enforcement of your rights before a court of law. At the User's option, the lawsuit may also be brought before the court of the User's place of residence (for a list of courts and their contact details, please click on the link below: http://birosag.hu/torvenyszekek).

V. HANDLING DATA BREACHES

A data breach is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. The Data Controller shall keep a register for the purposes of monitoring the measures taken in relation to the personal data breach, informing the supervisory authority and informing the User, which shall include the scope of the personal data affected by the breach, the number and type of data subjects, the date of the breach, the circumstances and effects of the breach and the measures taken to remedy the breach. In the event of an incident, the Data Controller shall inform the User and the supervisory authority of the data protection incident without undue delay and within 72 hours at the latest, unless the incident does not pose a risk to the rights and freedoms of natural persons.

VI. BACKUP MANAGEMENT POLICY

As part of its IT security duties, the Data Controller shall ensure in particular that measures are in place to ensure the possibility of restoring data files, including regular backups and the separate, secure management of copies (backup).

Accordingly, in order to prevent the loss of electronically stored data, the Processor regularly backs up the data in its database containing personal data to a separate storage medium three times a day.

The place of storage of the backups from the website server is the seat of the Data Controller.

Duration of backup storage: 5 years.

Backup deletion policy: in an anonymised registry, individual deletions can be tracked and automatic deletions are done on a per-option basis.

Access to the backup: Access to the backup is restricted, only persons with specific rights have access. Access to the data is only possible after proper identification (at least username and password).

VII. OTHER PROVISIONS

The Data Controller reserves the right to unilaterally modify this Privacy Policy, with prior notice to Users using the Website through its website. The amendments shall take effect for the User on the date indicated in the notification, unless the User objects to the amendments. 

If the User has provided third party data for the use of the service when subscribing to the newsletter or for any other purpose, or has caused damage in any way during the use of the Website, the Data Controller is entitled to claim damages from the User.

The Data Controller does not verify the personal data provided to it. The person providing the data is solely responsible for the correctness of the data. Any User who provides personal data shall be responsible for the accuracy of the data provided, for the User own personal data and for the use of such data only by the User.

The date of entry into force of this Privacy Notice:
31. 05. 2021.