PRIVACY POLICY
DREM KFT
Last updated: August 31, 2020
I. INTRODUCTION
The Drem Kft. (1033 Budapest, Szentendrei út 93., hereinafter Data Controller) as data controller considers this notice as a legally binding document and taking commitment to fulfill all of the relevant legal requirements regarding data protection laws. The privacy statement of the Drem Kft. and the Bee By Drem application is available at https://beebydrem.com/adatvedelem/
The Drem Kft. reserves the right to change its Privacy Statement of which every mobile application user and webpage visitor will be informed.
In case of further questions contact us via info@beebydrem.com
It is important for us to protect the personal data of our users and partners, hence their personal data are taking care of and kept confidential. The Data Controler does every safety, technical and structural measures in order to guarantee the safety of any data in its possession.
II. LEGAL FRAMEWORK OF THE DATA PROCESSING
This Privacy Statement reflects the requirements of the European Data Protection Regulation (“GDPR”) as it comes into effect on May 25, 2018. Drem´s products and services offered in the European Union are GDPR ready and this Privacy Statement provides you with the necessary documentation of the readiness.
The services of the Drem Kft are based on voluntary provided information. However, there may be situations where your providing of your personal information is necessary in order to grant a service or is required by law. Please note that in certain cases, we may be unable to grant you our services unless you provide the necessary information. Drem Kft will let the user know when the providing of his/her personal information is necessary.
Drem Kft as the data controller and its data management activity is conform to the operative data protection laws, especially to the following:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR)
Important: In case the user does not provide his/her own personal data, it his/her duty to provide the consent of the person of subject.
III. DEFINITIONS
Control means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term “Controlled” shall be construed accordingly.
Controller means an entity that determines the purposes and means of the processing of Personal Data.
Customer Data means any data that DigitalOcean and/or its Affiliates processes on behalf of Customer in the course of providing the Services under the Agreement.
Data Protection Laws means all data protection and privacy laws and regulations applicable to the processing of Personal Data under the Agreement, including, where applicable, EU Data Protection Law.
EU Data Protection Law means (I) prior to May 25, 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (“Directive”) and on and after May 25, 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); and (II) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (in each case, as may be amended, superseded or replaced).
Personal Data means any Customer Data relating to an identified or identifiable natural person to the extent that such information is protected as personal data under applicable Data Protection Law.
Processor means an entity that processes Personal Data on behalf of the Controller.
Processing has the meaning given to it in the GDPR and “process”, “processes” and “processed” shall be interpreted accordingly.
Security Incident means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data.
Services means any product or service provided by Drem Kft to Customer pursuant to and as more particularly described in the Agreement.
IV. DATA MANAGEMENT OF THE BEE BY DREM APPLICATION
The Drem Kft is developing an application called Bee by Drem that contains a database of the available EV charging points that located in Hungary and provides effective route planning services. The Bee by Drem application is available at Google Play Store and Apple Store. Their Terms and Conditions can be found in the following links
Google Play Store: https://play.google.com/intl/en_en/about/play-terms.html
Apple Store: https://www.apple.com/legal/internet-services/itunes/
The Bee By Drem application uses Twilio to send push notifications. Twilio does not collect or store personal information while using the application. You can read Twilio's privacy policy here:
https://www.twilio.com/legal/privacy
The downloaded Bee by Drem application is provided and operated by Drem Kft.
During the use of the application, the user’s smartphone will ask for permission to use its location services, thus gain access to the location of the user. During user activity location data is sent to the Bee by Drem server, but only the last location is stored on it.
Data stored exclusively on the mobile device by the application: every route planning related search, that helps the usage of the app, location and time date data, other customized settings (e.g. ChargePoint power, ChargePoint types, which country’s chargepoint to show). The ChargePoint database is saved locally, hence there is no need for continuous internet useage.
Amend and delete data:
The erase of the app inherently deletes all data stored on the device. The Bee by Drem App does not track and store data besides that.
1. Data Controller
Controller’s Name | Drem Korlátolt Felelősségű Társaság |
---|---|
Address | 1033 Budapest Szentendrei út 93. |
Email Address | info@drem.hu |
Webpage | https://drem.eu/ |
2. Data Processors
Processor’s Name | Smart Charging Kft. |
---|---|
Address | 3200 Gyöngyös, Rigó utca 7., |
Webpage | https://smartcharging.hu/ |
info@beebydrem.com | |
Processor’s Role | Application and wabepage developer and operator. Database and IT system maintenance, saving, developing and updating tasks on the webpage |
Processor’s Name | BlazeArts Kft. |
---|---|
Address | 6090 Kunszentmiklós, Damjanich u. 36. 1/8. |
Phone Number | +36 76 550 175 |
Webpage | https://www.arubacloud.hu/ |
Processor’s Role | Webhosting provider |
Processor’s Name | Billingo Technologies Zrt. |
---|---|
Address | 1133 Budapest, Árbóc utca 6. 3. emelet |
Webpage | www.billingo.hu |
hello@billingo.hu | |
Processor’s Role | Billing modul provider |
Processor’s Name | OTP Mobil Kft. |
---|---|
Address | 1143 Budapest, Hungária krt. 17-19. |
Webpage | https://simple.hu/simplepay |
ugyfelszolgalat@simple.hu. | |
Processor’s Role | OTP Simple payment modul provider |
The location data of the mobile device, the Google Maps or the Apple iOS Maps services are used for the visualisation of the charge points in the app and also for the route planning feature, although they do not store this data.
The google.com/maps and Apple’s data controlling activities are available in detail at:
[ https://policies.google.com/]( https:/policies.google.com/ /)
https://www.apple.com/legal/privacy/
V. DATA TRANSMISSION STATEMENT
Simple Pay
„I acknowledge the following personal data stored in the user account of Drem Kft. (1033 Budapest Szentendrei út 95.) in the user database of https://app.beebydrem.com will be handed over to OTP Mobil Ltd. (1143 Budapest, Hungária krt. 17-19.) and is trusted as data processor. The data transferred by the data controller are the following: Name, email address, phone number, billing address.
The nature and purpose of the data processing activity performed by the data processor in the SimplePay Privacy Policy can be found at the following link: http://simplepay.hu/vasarlo-aff ”
VI. CONTACT
1. Contact with clients
In case you would like to contact us please email us to [ info@beebydrem.com ](mailto: info@beebydrem.com ) or via https://beebydrem.com/support/
Every incoming email with all the contained data and information is stored for maximum 5 years by Drem Kft.
Processed Data | name and email address of the sender, date, and location and other provided personal data in the email |
---|---|
The aim of Data processing | contact with clients |
Legal aspect | the sender’s personal consent |
Length of Data processing | maximum 5 (five) years |
The consequence of the failure of data service | the sender and the receiver Drem Kft will not be able to contact |
2. Error reporting
If you acknowledge error during use of the app, please report to us at info@beebydrem.com
Controller’s Name | Drem Korlátolt Felelősségű Társaság |
---|---|
Address | 1033 Budapest Szentendrei út 93. |
Email Address | info@drem.hu |
Webpage | https://drem.eu/ |
Processor’s Role | processing of the error reporter’s personal data |
Processed Data | name and email address of the sender, date, and location and other provided personal data in the email |
---|---|
The aim of Data processing | client contact in regards to error reporting handling |
Legal aspect | fulfillment of the GDPR |
Length of Data processing | 1 year + 30 days from the date of the error report |
Consequence of the failure of Data service | the error will not be acknowledged |
VII. PERSONAL DATA STRORAGE MANAGEMENT AND DATA SAFETY
The Drem Kft. protects the company data by sufficient measures against unauthorized access, change, transmission, unintended disclosure, intended and unintended deletion or destroy, damage, actions making them inaccessible.
The Drem Kft is running processes and technical measures which ensures that the stored data – exemption declared by the related laws - cannot be connected to persons/personal identification.
The Drem Kft. an IT Security Strategy which ensures that the actual/newest IT security technology is taken into consideration for data protection, and organisational processes related to the data protection are defined in that way which minimise the data protection related risks
The Drem Kft. operates a data protection policy which:
· protects information and grant access to data only for those persons who are authorized for that.
· runs the information processing in that way, which ensured the integrity of the information
· ensures the availability of the information for the authorised persons.
In order to ensure the availability, integrity and confidentiality of the information handled the information technology network and infrastructure of Drem Kft. are protected against access to the network by unauthorized persons, compromising confidential information, concealing user identity, damage caused by a third party, destruction of records, disclosure of information, eavesdropping, failure of communication links, falsification of records, malfunction of equipment , theft, unintentional change of data in an information system, unauthorized access to the information system, unauthorized physical access, unauthorized use of software. The operator of the servers used by Bee by Drem implements server level and application level protection techniques.
The Drem Kft. as “Data Controller” administers and logs all the incident related the data protection, store all the details of the incidents including impact, risk, severity and applied measures. The incidents related to data protection are reported to the “Nemzeti Adatvédelmi és Információszabadság Hatóság” (National Data-protection Authority) within 72 hours.
VIII. DATA SUBJECTS’ RIGHTS
1. The right to be informed
Organisations need to tell individuals what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties. This information must be communicated concisely and in plain language.
2. The right to rectification
The right to rectification: If the individual discovers that the information an organisation holds on them is inaccurate or incomplete, they can request that it be updated. As with the right to access, organisations have one month to do this, and the same exceptions apply.
3. The right to erasure
The right to erasure (also known as ‘the right to be forgotten’): Individuals can request that organisations erase their data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed or it no longer meets the lawful ground for which it was collected. This includes instances where the individual withdraws consent
4. The right to restrict processing
Individuals can request that organisations limit the way an organisation uses personal data. It’s an alternative to requesting the erasure of data, and might be used when the individual contests the accuracy of their personal data or when the individual no longer needs the information but the organisation requires it to establish, exercise or defend a legal claim.
5. The right to object
Individuals can object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority. Organisations must stop processing information unless they can demonstrate compelling legitimate grounds for the processing that overrides the interests, rights, and freedoms of the individual or if the processing is for the establishment or exercise of defence of legal claims.
6. The right to data portability
The right to data portability: Individuals are permitted to obtain and reuse their personal data for their own purposes across different services. This right only applies to personal data that an individual has provided to data controllers by way of a contract or consent.
7. The right to withdraw consent
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
8. Complaints and remedies
In case you have any questions or problems related to the data processing of Drem Kft., please do not hesitate to contact us via info@beebydrem.com
With regards to the provisions of GDPR, Drem Kft. shall not be obliged to designate a data protection officer.
Every data subject should have the right to a judicial remedy related to data processing. In case of unlawful data processing, data subjects can apply to the court and commence a civil procedure against the data controller. Civil procedures fall within the jurisdiction of the Regional courts of Hungary. In respect of civil procedures, Regional court of where the defendant is seated or the data subject is domiciled would have general jurisdiction. You can find the list of the Regional courts here: http://birosag.hu/torvenyszekek
Address | 1125 Budapest, Szilágyi Erzsébet fasor 22/C. |
---|---|
Postal Address | 1530 Budapest, Pf.: 5. |
Email Address | ugyfelszolgalat@naih.hu |
Webpage | http://www.naih.hu |
Phone Number | +36 1 391 1400 |
Fax Number | +36 1 391 1410 |
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes GDPR.
Data subjects shall have the right to be provided with judicial redress and to make complaints to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes GDPR. Find more information about NAIH here: https://naih.hu/general-information.html
Please read carefully the following information on data protection. If you have any questions or feedback in connection with the information on data protection, the data processing or the interpretation of legislation and regulations, please do not hesitate to contact us.