PRIVACY POLICY

DREM KFT

Last updated: August 31, 2020

I. INTRODUCTION

The Drem Kft. (1033 Budapest, Szentendrei út 93., hereinafter Data Controller) as data controller considers this notice as a legally binding document and taking commitment to fulfill all of the relevant legal requirements regarding data protection laws. The privacy statement of the Drem Kft. and the Bee By Drem application is available at https://beebydrem.com/adatvedelem/

The Drem Kft. reserves the right to change its Privacy Statement of which every mobile application user and webpage visitor will be informed.

In case of further questions contact us via info@beebydrem.com

It is important for us to protect the personal data of our users and partners, hence their personal data are taking care of and kept confidential. The Data Controler does every safety, technical and structural measures in order to guarantee the safety of any data in its possession.

II. LEGAL FRAMEWORK OF THE DATA PROCESSING

This Privacy Statement reflects the requirements of the European Data Protection Regulation (“GDPR”) as it comes into effect on May 25, 2018. Drem´s products and services offered in the European Union are GDPR ready and this Privacy Statement provides you with the necessary documentation of the readiness.

The services of the Drem Kft are based on voluntary provided information. However, there may be situations where your providing of your personal information is necessary in order to grant a service or is required by law. Please note that in certain cases, we may be unable to grant you our services unless you provide the necessary information. Drem Kft will let the user know when the providing of his/her personal information is necessary.

Drem Kft as the data controller and its data management activity is conform to the operative data protection laws, especially to the following:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR)

Important: In case the user does not provide his/her own personal data, it his/her duty to provide the consent of the person of subject.

III. DEFINITIONS

Control means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term “Controlled” shall be construed accordingly.

Controller means an entity that determines the purposes and means of the processing of Personal Data.

Customer Data means any data that DigitalOcean and/or its Affiliates processes on behalf of Customer in the course of providing the Services under the Agreement.

Data Protection Laws means all data protection and privacy laws and regulations applicable to the processing of Personal Data under the Agreement, including, where applicable, EU Data Protection Law.

EU Data Protection Law means (I) prior to May 25, 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (“Directive”) and on and after May 25, 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); and (II) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (in each case, as may be amended, superseded or replaced).

Personal Data means any Customer Data relating to an identified or identifiable natural person to the extent that such information is protected as personal data under applicable Data Protection Law.

Processor means an entity that processes Personal Data on behalf of the Controller.

Processing has the meaning given to it in the GDPR and “process”, “processes” and “processed” shall be interpreted accordingly.

Security Incident means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data.

Services means any product or service provided by Drem Kft to Customer pursuant to and as more particularly described in the Agreement.

IV. DATA MANAGEMENT OF THE BEE BY DREM APPLICATION

The Drem Kft is developing an application called Bee by Drem that contains a database of the available EV charging points that located in Hungary and provides effective route planning services. The Bee by Drem application is available at Google Play Store and Apple Store. Their Terms and Conditions can be found in the following links

Google Play Store: https://play.google.com/intl/en_en/about/play-terms.html

Apple Store: https://www.apple.com/legal/internet-services/itunes/

The Bee By Drem application uses Twilio to send push notifications. Twilio does not collect or store personal information while using the application. You can read Twilio's privacy policy here:

https://www.twilio.com/legal/privacy

The downloaded Bee by Drem application is provided and operated by Drem Kft.

During the use of the application, the user’s smartphone will ask for permission to use its location services, thus gain access to the location of the user. During user activity location data is sent to the Bee by Drem server, but only the last location is stored on it.

Data stored exclusively on the mobile device by the application: every route planning related search, that helps the usage of the app, location and time date data, other customized settings (e.g. ChargePoint power, ChargePoint types, which country’s chargepoint to show). The ChargePoint database is saved locally, hence there is no need for continuous internet useage.

Amend and delete data:

The erase of the app inherently deletes all data stored on the device. The Bee by Drem App does not track and store data besides that.

1. Data Controller

Controller’s Name Drem Korlátolt Felelősségű Társaság
Address 1033 Budapest Szentendrei út 93.
Email Address info@drem.hu
Webpage https://drem.eu/

2. Data Processors

Processor’s Name Smart Charging Kft.
Address 3200 Gyöngyös, Rigó utca 7.,
Webpage https://smartcharging.hu/
Email info@beebydrem.com
Processor’s Role Application and wabepage developer and operator. Database and IT system maintenance, saving, developing and updating tasks on the webpage
Processor’s Name BlazeArts Kft.
Address 6090 Kunszentmiklós, Damjanich u. 36. 1/8.
Phone Number +36 76 550 175
Webpage https://www.arubacloud.hu/
Processor’s Role Webhosting provider
Processor’s Name Billingo Technologies Zrt.
Address 1133 Budapest, Árbóc utca 6. 3. emelet
Webpage www.billingo.hu
Email hello@billingo.hu
Processor’s Role Billing modul provider
Processor’s Name OTP Mobil Kft.
Address 1143 Budapest, Hungária krt. 17-19.
Webpage https://simple.hu/simplepay
Email ugyfelszolgalat@simple.hu.
Processor’s Role OTP Simple payment modul provider

The location data of the mobile device, the Google Maps or the Apple iOS Maps services are used for the visualisation of the charge points in the app and also for the route planning feature, although they do not store this data.

The google.com/maps and Apple’s data controlling activities are available in detail at:

[ https://policies.google.com/]( https:/policies.google.com/ /)

https://www.apple.com/legal/privacy/

V. DATA TRANSMISSION STATEMENT

Simple Pay

„I acknowledge the following personal data stored in the user account of Drem Kft. (1033 Budapest Szentendrei út 95.) in the user database of https://app.beebydrem.com will be handed over to OTP Mobil Ltd. (1143 Budapest, Hungária krt. 17-19.) and is trusted as data processor. The data transferred by the data controller are the following: Name, email address, phone number, billing address.

The nature and purpose of the data processing activity performed by the data processor in the SimplePay Privacy Policy can be found at the following link: http://simplepay.hu/vasarlo-aff

VI. CONTACT

1. Contact with clients

In case you would like to contact us please email us to [ info@beebydrem.com ](mailto: info@beebydrem.com ) or via https://beebydrem.com/support/

Every incoming email with all the contained data and information is stored for maximum 5 years by Drem Kft.

Processed Data name and email address of the sender, date, and location and other provided personal data in the email
The aim of Data processing contact with clients
Legal aspect the sender’s personal consent
Length of Data processing maximum 5 (five) years
The consequence of the failure of data service the sender and the receiver Drem Kft will not be able to contact

2. Error reporting

If you acknowledge error during use of the app, please report to us at info@beebydrem.com

Controller’s Name Drem Korlátolt Felelősségű Társaság
Address 1033 Budapest Szentendrei út 93.
Email Address info@drem.hu
Webpage https://drem.eu/
Processor’s Role processing of the error reporter’s personal data
Processed Data name and email address of the sender, date, and location and other provided personal data in the email
The aim of Data processing client contact in regards to error reporting handling
Legal aspect fulfillment of the GDPR
Length of Data processing 1 year + 30 days from the date of the error report
Consequence of the failure of Data service the error will not be acknowledged

VII. PERSONAL DATA STRORAGE MANAGEMENT AND DATA SAFETY

The Drem Kft. protects the company data by sufficient measures against unauthorized access, change, transmission, unintended disclosure, intended and unintended deletion or destroy, damage, actions making them inaccessible.

The Drem Kft is running processes and technical measures which ensures that the stored data – exemption declared by the related laws - cannot be connected to persons/personal identification.

The Drem Kft. an IT Security Strategy which ensures that the actual/newest IT security technology is taken into consideration for data protection, and organisational processes related to the data protection are defined in that way which minimise the data protection related risks

The Drem Kft. operates a data protection policy which:

· protects information and grant access to data only for those persons who are authorized for that.

· runs the information processing in that way, which ensured the integrity of the information

· ensures the availability of the information for the authorised persons.

In order to ensure the availability, integrity and confidentiality of the information handled the information technology network and infrastructure of Drem Kft. are protected against access to the network by unauthorized persons, compromising confidential information, concealing user identity, damage caused by a third party, destruction of records, disclosure of information, eavesdropping, failure of communication links, falsification of records, malfunction of equipment , theft, unintentional change of data in an information system, unauthorized access to the information system, unauthorized physical access, unauthorized use of software. The operator of the servers used by Bee by Drem implements server level and application level protection techniques.

The Drem Kft. as “Data Controller” administers and logs all the incident related the data protection, store all the details of the incidents including impact, risk, severity and applied measures. The incidents related to data protection are reported to the “Nemzeti Adatvédelmi és Információszabadság Hatóság” (National Data-protection Authority) within 72 hours.

VIII. DATA SUBJECTS’ RIGHTS

1. The right to be informed

Organisations need to tell individuals what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties. This information must be communicated concisely and in plain language.

2. The right to rectification

The right to rectification: If the individual discovers that the information an organisation holds on them is inaccurate or incomplete, they can request that it be updated. As with the right to access, organisations have one month to do this, and the same exceptions apply.

3. The right to erasure

The right to erasure (also known as ‘the right to be forgotten’): Individuals can request that organisations erase their data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed or it no longer meets the lawful ground for which it was collected. This includes instances where the individual withdraws consent

4. The right to restrict processing

Individuals can request that organisations limit the way an organisation uses personal data. It’s an alternative to requesting the erasure of data, and might be used when the individual contests the accuracy of their personal data or when the individual no longer needs the information but the organisation requires it to establish, exercise or defend a legal claim.

5. The right to object

Individuals can object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority. Organisations must stop processing information unless they can demonstrate compelling legitimate grounds for the processing that overrides the interests, rights, and freedoms of the individual or if the processing is for the establishment or exercise of defence of legal claims.

6. The right to data portability

The right to data portability: Individuals are permitted to obtain and reuse their personal data for their own purposes across different services. This right only applies to personal data that an individual has provided to data controllers by way of a contract or consent.

The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.

8. Complaints and remedies

In case you have any questions or problems related to the data processing of Drem Kft., please do not hesitate to contact us via info@beebydrem.com

With regards to the provisions of GDPR, Drem Kft. shall not be obliged to designate a data protection officer.

Every data subject should have the right to a judicial remedy related to data processing. In case of unlawful data processing, data subjects can apply to the court and commence a civil procedure against the data controller. Civil procedures fall within the jurisdiction of the Regional courts of Hungary. In respect of civil procedures, Regional court of where the defendant is seated or the data subject is domiciled would have general jurisdiction. You can find the list of the Regional courts here: http://birosag.hu/torvenyszekek

Address 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal Address 1530 Budapest, Pf.: 5.
Email Address ugyfelszolgalat@naih.hu
Webpage http://www.naih.hu
Phone Number +36 1 391 1400
Fax Number +36 1 391 1410

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes GDPR.

Data subjects shall have the right to be provided with judicial redress and to make complaints to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes GDPR. Find more information about NAIH here: https://naih.hu/general-information.html

Please read carefully the following information on data protection. If you have any questions or feedback in connection with the information on data protection, the data processing or the interpretation of legislation and regulations, please do not hesitate to contact us.