Privacy Policy
Effective: From 1 January 2025
1. Data controller information
| Name | Remicro Ltd. |
|---|---|
| Registered office | 9700 Szombathely, 11-es huszár út 186. |
| Company registration number | 18-09-109259 |
| Tax number | 11702579-2-18 |
| Telephone | +36 30 181 2500 |
| ugyfelszolgalat@microweb.hu | |
| Website | https://microweb.hu |
Remicro Ltd. (hereinafter: Data Controller, Service Provider or Company) provides internet access, television and other electronic communications services to residential and business customers.
The purpose of this Privacy Policy is to provide data subjects with detailed information about the processing of their personal data, the purpose, legal basis and duration of data processing, as well as the rights of data subjects and available remedies.
2. Legal background
In the course of data processing, the Data Controller takes into account the following legislation:
- Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
- Act CXII of 2011 (Infotv.) – on the right to informational self-determination and freedom of information
- Act C of 2003 (Eht.) – on electronic communications
- Act CVIII of 2001 (Eker. tv.) – on certain aspects of electronic commerce services and information society services
- Act C of 2000 (Számv. tv.) – on accounting
- Act CL of 2017 (Art.) – on the rules of taxation
- Act V of 2013 (Ptk.) – the Civil Code
3. Definitions
- Personal data
- Any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier.
- Processing
- Any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Controller
- The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processor
- A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Data subject
- Any identified or identifiable natural person whose personal data is processed by the controller.
- Consent
- Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- Personal data breach
- A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
4. Purposes and legal bases of data processing
The Data Controller processes personal data for the following purposes and on the following legal bases:
4.1. Conclusion and performance of subscriber contracts
| Purpose | Conclusion of subscriber contracts, provision of services, invoicing, maintenance of customer relationships, handling of fault reports |
|---|---|
| Legal basis | GDPR Article 6(1)(b) – processing necessary for the performance of a contract |
| Data subjects | Subscribers, contracting parties |
4.2. Compliance with legal obligations
| Purpose | Compliance with accounting and tax obligations, compliance with electronic communications legislation, response to official requests |
|---|---|
| Legal basis | GDPR Article 6(1)(c) – processing necessary for compliance with a legal obligation |
| Data subjects | Subscribers, persons involved in invoicing |
4.3. Recording of telephone conversations
| Purpose | Customer service quality assurance, documentation of complaint handling, evidence in legal disputes, improvement of service quality |
|---|---|
| Legal basis | GDPR Article 6(1)(f) – legitimate interests (documentation and quality assurance in the interests of the Data Controller and the customer) |
| Data subjects | Persons calling customer service |
| Note | An automatic notification is given at the beginning of the call about the recording. By continuing the call, the data subject acknowledges the recording, or may choose to contact us without recording by e-mail or in person. |
4.4. Handling contact requests
| Purpose | Responding to enquiries received by e-mail or other means, preparation of quotations |
|---|---|
| Legal basis | GDPR Article 6(1)(b) – taking steps at the request of the data subject prior to entering into a contract, and Article 6(1)(f) – legitimate interests |
| Data subjects | Persons initiating contact |
4.5. Cookies and web analytics (Google Analytics)
| Purpose | Ensuring the operation of the website, improving user experience, compiling visitor statistics, website development |
|---|---|
| Legal basis | GDPR Article 6(1)(a) – consent of the data subject (for non-essential cookies) |
| Data subjects | Website visitors |
5. Categories of data processed
5.1. Subscriber data
- Identification data: surname, first name, birth name, mother's maiden name, place and date of birth
- Identity document data: document type, number, validity
- Residential address, postal address
- Telephone number, e-mail address
- Service-related data: subscriber identifier, contract number, service type, package
- Invoicing data: bank account number, payment method, invoicing name and address
5.2. Contact data
- Name
- E-mail address
- Telephone number (optional)
- Content of the message
5.3. Telephone conversation recordings
- Caller's telephone number
- Audio recording of the conversation
- Date and time of the call
- Duration of the call
5.4. Technical data (website)
- IP address (anonymised for Google Analytics)
- Browser type and version
- Operating system
- Referrer URL
- Time of visit
- Pages viewed
- Screen resolution, device type
6. Data retention periods
| Data category | Retention period | Legal reference |
|---|---|---|
| Subscriber contractual data | 10 years from the termination of the contract | Eht. Section 157(2), Számv. tv. Section 169, Ptk. limitation rules |
| Invoicing data | 8 years | Számv. tv. Section 169 |
| Telephone conversation recordings | 1 year | Data Controller's internal policy |
| Contact enquiries | 5 years from the closure of the matter, or until withdrawal of consent | Ptk. limitation rules |
| Cookies – essential | Until end of session or 1 year | – |
| Cookies – preferences | 1 year | – |
| Cookies – statistics | 2 years | – |
| Cookies – marketing | 1 year | – |
7. Data transfers
7.1. Data transfers to third countries
When using the Google Analytics service, data may be transferred to the United States of America. Google LLC holds a certificate under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection pursuant to the European Commission's adequacy decision.
The Data Controller uses the Google Analytics 4 service with IP address anonymisation, so IP addresses are not stored in their complete form.
7.2. Data processors
The Data Controller may use the following data processors in the course of providing services:
| Data processor | Activity | Data processed |
|---|---|---|
| Google LLC | Web analytics (Google Analytics 4) | Anonymised IP address, browsing data, device information |
7.3. Data transfers to authorities
The Data Controller is obliged to provide data to the following bodies upon request on the basis of a legal obligation:
- Courts
- Investigating authorities (police, public prosecutor)
- National security services
- National Media and Infocommunications Authority (NMHH)
- National Authority for Data Protection and Freedom of Information (NAIH)
- Tax Authority (NAV)
8. Data subject rights
Under the GDPR, the data subject may exercise the following rights in relation to the processing of their personal data:
8.1. Right to information (GDPR Articles 13-14)
The data subject has the right to receive information about the circumstances of data processing prior to the commencement of data processing. This Privacy Policy serves to fulfil this obligation.
8.2. Right of access (GDPR Article 15)
The data subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them is being processed, and if so, to have access to the personal data and to information concerning the data processing, and to request a copy of the data.
8.3. Right to rectification (GDPR Article 16)
The data subject may request the rectification of inaccurate personal data held by the Data Controller, or the completion of incomplete data.
8.4. Right to erasure ("right to be forgotten") (GDPR Article 17)
The data subject may request the erasure of their personal data if:
- the data are no longer necessary in relation to the original purpose of processing;
- the data subject withdraws consent and there is no other legal basis for processing;
- the data subject objects to the processing and there are no overriding legitimate grounds for processing;
- the personal data have been unlawfully processed;
- erasure is required by law.
Important: The right to erasure cannot be exercised if processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.
8.5. Right to restriction of processing (GDPR Article 18)
The data subject may request restriction of processing if:
- the accuracy of the personal data is contested;
- the processing is unlawful but the data subject opposes erasure;
- the Data Controller no longer needs the personal data, but the data subject requires them for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing and it has not yet been determined whether the Data Controller's legitimate grounds override those of the data subject.
8.6. Right to data portability (GDPR Article 20)
The data subject has the right to receive the personal data concerning them in a structured, commonly used and machine-readable format and to transmit those data to another controller, where the processing is based on consent or contract and is carried out by automated means.
8.7. Right to object (GDPR Article 21)
The data subject has the right to object at any time, on grounds relating to their particular situation, to processing of personal data based on legitimate interests. In such cases, the Data Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
8.8. Withdrawal of consent
Where processing is based on consent, the data subject has the right to withdraw consent at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
8.9. Exercising rights
The data subject may exercise their rights by:
- E-mail: ugyfelszolgalat@microweb.hu
- Post: 9700 Szombathely, 11-es huszár út 186.
- Telephone: +36 30 181 2500
The Data Controller shall inform the data subject of the action taken on the request within one month of receipt of the request. Where necessary, taking into account the complexity of the request and the number of requests, this period may be extended by a further two months.
9. Remedies
9.1. Complaint to the Data Controller
The data subject may primarily address their complaint to the Data Controller at the contact details above.
9.2. Complaint to the supervisory authority (NAIH)
If the data subject considers that the processing of their personal data infringes the GDPR, they may lodge a complaint with the National Authority for Data Protection and Freedom of Information:
| Name | National Authority for Data Protection and Freedom of Information (NAIH) |
|---|---|
| Registered office | 1055 Budapest, Falk Miksa utca 9-11. |
| Postal address | 1363 Budapest, Pf. 9. |
| Telephone | +36 1 391 1400 |
| ugyfelszolgalat@naih.hu | |
| Website | https://www.naih.hu |
9.3. Judicial remedy
The data subject may – irrespective of lodging a complaint with NAIH – bring proceedings before a court if they consider that the Data Controller has infringed their rights to the protection of their personal data. Proceedings may also be brought before the court of the data subject's place of residence or habitual residence, at their choice.
10. Cookie management
10.1. What is a cookie?
Cookies are small text files that the website stores in your browser. They enable the website to remember your preferences and visit information, thus providing a more personalised and efficient browsing experience.
10.2. Cookies used on the website
Our website uses the following cookie categories:
Essential (necessary) cookies
These cookies are essential for the basic operation of the
website. This includes storing cookie consent
(cookie_consent_v1). These cookies do not
collect personal data for marketing purposes.
Legal basis: Necessary for the operation of the website (GDPR Article 6(1)(f) – legitimate interests)
Preference cookies
These cookies enable the website to remember your preferences, such as the selected language.
Legal basis: Consent (GDPR Article 6(1)(a))
Statistics cookies
Using the Google Analytics 4 service, we collect anonymous statistical data about the use of the website. IP addresses are processed in anonymised form.
| Cookie name | Provider | Purpose | Expiry |
|---|---|---|---|
_ga |
Google Analytics | Identifying unique visitors | 2 years |
_ga_* |
Google Analytics | Storing session state | 2 years |
Legal basis: Consent (GDPR Article 6(1)(a))
More information about Google's privacy practices: Google Privacy Policy
Marketing cookies
These cookies enable the display of personalised advertisements and the measurement of advertising campaign effectiveness. We do not currently use active marketing cookies on our website.
Legal basis: Consent (GDPR Article 6(1)(a))
10.3. Managing cookies
When you first visit the website, a cookie banner appears where you can select which cookie categories to allow. You can change your decision at any time by clicking on the icon at the bottom of the website.
You can also manage cookies in your browser settings. Most browsers accept cookies by default, but you can also set them to reject cookies or notify you when a cookie arrives.
Please note: Disabling cookies may affect the functionality of certain features of the website.
11. Data security
The Data Controller implements appropriate technical and organisational measures to protect personal data, in particular:
- Encrypted connection: The website uses the HTTPS protocol, which encrypts communication between the browser and the server.
- Access control: Only authorised employees have access to personal data, to the extent necessary.
- Password protection: IT systems are password-protected, with passwords of appropriate complexity.
- Regular backups: Data is backed up regularly.
- Physical security: Servers and storage devices are located in physically protected locations.
- Employee training: Employees receive regular data protection training.
In the event of a personal data breach, the Data Controller shall act in accordance with the legislation and, where necessary, notify NAIH and the data subjects.
12. Final provisions
This Privacy Policy enters into force on 1 January 2025.
The Data Controller reserves the right to amend this Privacy Policy unilaterally. Data subjects will be informed of any amendments via the website. The amended Privacy Policy shall enter into force on the date of publication.
In matters not regulated by this Privacy Policy, the GDPR, Infotv. and the relevant Hungarian legislation shall apply.
Szombathely, 1 January 2025
Remicro Ltd.
Data Controller