Privacy and data management policy

1. Summary

Redbay Europe ltd. (hereinafter: the data controller) manages the data of website visitors, website registrants and customers (hereinafter collectively affected) during the operation of their websites. We collect and process all personal information only in accordance with the law. You can send a system message without your consent, but you can only send a DM letter with your consent. We store your data in the safest way possible, we only pass it on to third parties with your consent. You can request information about your personal data or its deletion in writing to

2. Name and contact details of the person responsible for the treatment

Name of the data controller: Redbay Europe ltd

The postal address of the controller is w55rp Ranelagh Rd, London

The email address of the data controller:

3. Purpose of the Privacy Policy

The purpose of this Data Management and Privacy Policy (the "Policy") is to establish the data protection and management principles applied by Redbay Euorepe LTD and the Company's data protection and management policy. The person in charge of the treatment recognizes that the content of this legal notice binds him. It undertakes that all data processing related to its activities complies with the requirements established in these regulations and applicable legislation. In relation to data processing, the Data Controller informs Users about the personal data managed on the Website, about the principles and practices followed in the field of personal data processing, as well as about the form and possibilities of exercise of the rights. of the interested parties.

The service provider respects the personal rights of visitors to its website; treat registered personal data confidentially, in accordance with data protection legislation and international recommendations, in accordance with this privacy statement. The Data Controller reserves the right to change this information at any time, the entry into force of which the Data Controller informs the Users, the interested parties must accept the changes in order to continue using the website in the manner provided by the Data Controller. The principles and procedures established in this data protection prospectus comply with the provisions of Law CXII of 2011 on the right to self-determination of information and freedom of information. (“Information Law”) and Regulation (EU) 2016/679 of the European Parliament and of the Council (“Regulation”).

4. The scope, time and purpose of the personal data processed

You can request the affected service during registration or login on the website of the data controller. The provision of data is voluntary, the Interested Party is not obliged to provide their personal data, however, in the absence thereof, in some cases (for example, when placing an order as a private individual), they cannot request the services provided. by our company.

The purpose of data processing with the consent of the data subject is to provide services, document the suitability of performance, prove the conclusion of contracts and comply with legal obligations (for example, issue an invoice). In the field of mandatory data management, the Data Controller complies with its legal obligations regarding the processing of certain data required by law, during the period that the law determines for the scope of the data that is mandatory by applicable legislation. The data controller is not responsible for the accuracy of the data provided.

Technical data

When using the website, the data controller automatically records the user's IP address, the type of operating system and browser used and other information for technical reasons. This data is continuously recorded, but is not linked to the data provided during registration or use. The data obtained in this way is not accessible to Users, only to the Service Provider.

The Service Provider may record the data of the Internet sites from which the User entered the Website, as well as the data of which the User visited the Website, as well as the time and duration of the visit. The person or profile of the interested party cannot be deduced from these data.

The website visitors' computer is connected to the system by a so-called is identified with a cookie.

The data controller uses the technical data only for the technical operation of the website and for statistical purposes.

Data provided during registration, purchase of the service and its management

During registration, the interested party must provide the following personal information: login ID, password, full name, billing address (zip code, city, street, house number), country, county, telephone number, address of own email.

After entering the data, the data controller will notify the data subject by email about the success of the registration.

After registration, the data subject can also provide additional data and comments on a non-mandatory basis, if necessary for the performance and facilitation of the service provided by the Service Provider.

The Data Controller agrees not to send emails to the email addresses provided by the Data Subject during registration, except for emails and system messages related to the services used by the Data Subject.

The purpose of data management: to document purchases, orders and payments; issue a financial document; performance of the service provider; Communication of changes that affect the service provided, sending a reminder (for example, request for a payment reminder, other technical information necessary for the provision of the service).

Legal basis for data management: the consent of the interested party or a legal requirement (Accounting Law).

Duration of data processing: 8 years in the case of mandatory data processing based on law, otherwise until the withdrawal of the consent of the data subject.

Product purchase

Our company provides the opportunity to buy products, handles the technical data generated during the use of the service and the data provided by the User during the order.

When placing an order, the User may also provide additional data (comments) on a non-mandatory basis, if necessary for the performance and facilitation of the service or supply of the product provided by the Service Provider.

The purpose of data management: to document purchases, orders and payments; issue a financial document; performance of the service provider; Communication of changes that affect the service provided, sending a reminder (for example, request for a payment reminder, other technical information necessary for the provision of the service).

Legal basis for data management: the consent of the interested party or a legal requirement (Accounting Law).

Duration of data processing: 8 years in the case of mandatory data processing based on law, otherwise until the withdrawal of the consent of the data subject.

Data provided during your subscription to the newsletter and its handling

The data controller does not currently send a newsletter or manage a database related to the sending of a newsletter.

Request a job advertisement

The data controller stores the applications received.

Purpose of data management: Request a job with a data controller, participating in the selection procedure

Legal basis for data processing: voluntary consent of the interested party.

Type of personal data processed: cover letters, resumes, applications and other personal data provided in them.

Duration of data management:

six months from the submission of the application.

Possible consequences of the failure to supply data: the interested party cannot apply electronically to the job offers published by the Data Controller.

Data stored in connection with non-service related emails sent to email addresses and their management

Data processed: email address, name, phone number, if also provided by the sender.

Purpose of data management: contact.

Legal basis for data processing: consent of the interested party.

Duration of data processing: until the withdrawal of consent.

Other data management

We provide information on data processing that is not listed in this leaflet at the time of data collection. Courts, prosecutors, investigating authorities, infringement authorities, administrative authorities, the National Authority for Data Protection and Freedom of Information or other bodies authorized by law may contact the data controller to provide information, disclose data, transfer documents or make the documents available. Personal data will be released to the authorities only if and to the extent that it is strictly necessary for the purpose of the request, provided that the authority has indicated the precise purpose and scope of the data.

5. Storage, protection of personal data, access to data

The data controller stores personal data on paper and by computer means at the headquarters of the data controller and on its own servers. The data controller keeps paper documents closed, ensuring that only those authorized to do so have access. The head and employees of the data controller have primarily the right to familiarize themselves with the data. As described in this brochure, certain data will be transferred to data processors and other data controllers (for example, a meter) to achieve the purposes described in this brochure.

In addition to the above, the transfer of personal data related to the User may take place only in cases specified by law (for example, in the case of contacting an authority authorized by law) or on the basis of consent. of the User.

The data controller protects the processed data against unauthorized access, alteration, transmission, deletion, as well as damage and destruction. The data controller must keep a data protection record that contains the scope of the personal data processed by him, the number and number of people involved in a possible data protection incident, the date, circumstances, effects and measures adopted. to prevent the data protection incident and others. data specified in the legislation on data processing.

6. Data security

The data controller will take all necessary measures to guarantee the security of the personal data provided by the interested party, both during network communication and during data storage and protection.

Access to personal data is strictly limited to prevent unauthorized access, unauthorized alteration or unauthorized use of personal data.

The data controller maintains confidentiality during data management: protects the information so that only those who are authorized to access it can access it; integrity - protects the accuracy and integrity of the information and the method of processing; availability: ensures that when an authorized user needs it, he can really access the information he wants and have the tools to do so. The data controller also prescribes the above obligation for employees who participate in its data management activities and for data processors acting on behalf of the data controller.

Privacy incident

A data protection incident is a breach of security that results in the destruction, loss, alteration, unauthorized disclosure or unauthorized access to, accidentally or illegally, personal data that is transmitted, stored or otherwise handled. The data controller will keep a record of data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to correct it. In the event of a data controller incident, unless it does not pose a risk to the rights and freedoms of natural persons, Contact will inform the data protection incident control authority without delay, but within a maximum period of 72 hours.

It is not necessary to inform the interested party if any of the following conditions are met:

The Data Controller has implemented the appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures, such as the use of encryption, that make it incomprehensible to non-people. authorized to access personal data. data, data;

the data controller has adopted new measures after the data protection incident to ensure that the high risk to the rights and freedoms of the data subject referred to in article 33 (1) of the Regulation is no longer likely to materialize;

the information would require a disproportionate effort. In such cases, the data subject will be informed through publicly available information or a similar measure will be taken to ensure that the data subject is informed equally effectively.

7. User Rights and Enforcement Options 

The data subject has the right to request information about the personal data managed by the Data Controller at any time, and may change them at any time. The data subject is also entitled to request the deletion of his / her data via the contact details provided in this section. The data subject may request that the Data Controller inform him / her about the handling of his / her personal data, the correction of his / her personal data, with the exception of the mandatory data processing, with the exception of the data protection. Rights of data subjects Access right Right to rectification Right of cancellation · Right to restrict data management · Right to data portability

The data subject may exercise his rights at the contact details below:

If you have any questions or comments about data management, please contact the employee of the data controller through the contact details above.

The person in charge of the treatment is obliged to provide the information in writing, in an understandable way, in the same way as the request, as soon as possible after the presentation of the request, and within a maximum period of 25 days.

The interested party has the right at any time to request the correction or deletion of incorrectly recorded data. Some of the data on the website may be corrected by the interested party; In other cases, the Data Controller will delete the data within 3 business days of receiving the request, in which case they will not be recoverable.

The interested party has the opportunity to request the deletion of his personal data, which the Data Controller will comply with within a maximum period of 15 days. The cancellation does not apply to data processing required by law (for example, accounting regulations), it will be retained by the Data Controller for the required period.

At the request of the data subject, the data controller will restrict the data processing if the accuracy of the personal data is questioned or if the data processing is illegal or if the data subject objects to the data processing and if the data controller already you do not need personal data.

The interested party will also have the right to receive the personal data concerning him / her made available to him in a structured, widely used and machine-readable format and to transfer said data to another data controller without being prevented by the Data Controller, provided that the data controller the necessary conditions are met.

Affected by the Metropolitan Court, 1055 Budapest, Markó u. 27. or, at the option of the interested party, you can also enforce your rights in the county court of the person's place of residence / domicile (legal background: Section 22 (1) of Law CXII of 2011 on the right to information self-determination and freedom of information). The President of the National Authority for Data Protection and Freedom of Information can also request: Dr. Attila Péterfalvi (1024 Budapest, Szilágyi Erzsébet fasor 22 / C.,,, Tel. : + 36 -1 / 391-1400) also helps.

The Data Controller may refuse to inform the data subject only in the cases and for the reasons specified in the Information Act or the Decree. In such a case, the Data Controller shall inform the data subject in writing on the basis of which provision of the Information Act or the Decree the refusal to provide information was made. In the event of a refusal to provide information, the Data Controller shall inform the data subject of the legal remedies. If the Data Subject has provided the data of a third party during the registration in order to use the service, the Data Controller shall provide all possible assistance to the acting authorities in identifying the person infringing.

8. Cookies policy

What are cookies?

The website stores small text files on your computer, mobile device or tablet when you visit it. This allows you to remember the username for a certain period of time, for example, so that you don't have to re-enter it all the time. It is a condition of several similar convenience services that you enable the use of cookies. We do not sell cookies or data collected through cookies to third parties nor do we use them for identification purposes.

We use cookies on our websites. Personally, we cannot and do not want to identify you based on the information stored in them, we only use it to know if you have visited our website before and, if so, which pages you have visited and which of our services may be of most interest to you. . You have the option of rejecting these cookies through your browser settings, however, in this case, you may not be able to use all the functions of our website.

B. Why do we use cookies?

Our website uses cookies to record display settings, such as: font size settings,

Browser type and version, operating system, referrer URL (previously visited site), IP address of the computer used to access and date and time of the visit, whether you have responded to our current satisfaction survey, accepted or not our website using cookies, what products you have added to your shopping cart, traffic patterns and user behavior that will allow us to improve our website and our services.

These data are recorded for internal and statistical purposes only.

Our website may use the following cookie:

Temporary cookies, strictly necessary for its operation: this temporary data is only stored in the cookie file until the end of your browsing. These are essential for the proper functioning of certain functions related to our website.

Cookies to improve the user experience: We collect information about the use of the website by the user, such as which pages you visit most often or what error messages you receive from the website. These cookies do not collect information that identifies the visitor, that is, they work with completely general and anonymous information. The data obtained from these is used to improve the performance of the website. The useful life of these types of cookies is limited only to the duration of the session.

Cookies received from third parties:

- Google Analytics

_utma; _utmb; _utmv; _utmz; _utmx: these cookies collect anonymous information about how visitors use our website, based on which we can improve usability. It is not possible to identify the User. Learn more at


datr; LSD; reg_ext_ref; reg_fb_gate; reg_fb_ref; wd: You can share the content of our website with your friends on the Facebook community page. This service may place cookies on your computer over which we have no control. Using a Facebook remarketing code, the Data Manager displays various promotions to the user. It is not possible to identify the User.


__utma; __utmb; __utmc; __utmv; __utmz; _twitter_sess; external_referer; guest_id; k; original_referer: You can share the content of our website with your friends on the Twitter community page. This service may place cookies on your computer over which we have no control. It is not possible to identify the User.


GALX; GAPS; GoogleAccountsLocale_session - You can share our website content with your friends on Google Social. This service may place cookies on your computer over which we have no control. It is not possible to identify the User.

- Google Adwords

NID and SID cookies: the website uses Google Adwords remarketing tracking codes. The remarketing code uses cookies to tag visitors. Website users have the option to disable these cookies. It is not possible to identify the User.

Our website also uses LuckyOrange, as well as Inspectlet and Smartlook, which is a software that is used to know the behavior and browsing habits of visitors, which allows us to offer a better user experience to our visitors. For more information, visit,,

The website contains remarketing tags for the purpose of creating a remarketing list, so that after visiting them, third-party service providers, including Google and Facebook, can display ads on their websites. interest-based advertising. Remarketing lists are not personally identifiable, do not contain the visitor's personal information, and only identify the browser software. Vendors use cookies for remarketing tags. The website is called uses conversion tracking to measure the effectiveness of its Google Adwords ads. The conversion tracking cookie exists for a limited time only, it is not required to be accepted, and it does not record or use any personal information.

Attendance analysis: our website keeps statements and analyzes made from user data using general and / or automatic statistical methods for an unlimited period of time. No personal data of the informant can be reproduced from these data by any procedure. We do not combine the personal data collected in the web shop with any data from other sources that is not intended to keep the customer in contact with the Service Provider.

C. If you want to know more about the topic, there are many articles available on the Internet, for example, in Hungarian -felhasznalok- trace-on-the-internet /

For more information on how to change your cookie settings, see your browser's help or the link below:

Mozilla Firefox:

Google Chrome:

Internet Explorer:



The user can delete the cookie from their own computer or disable the use of cookies in their browser. Cookies can generally be managed in the Tools / Browser Settings menu under Privacy / History / Custom Settings, under the name of cookie, cookie or tracking.


The data controller reviews this leaflet annually. The Service Provider reserves the right to unilaterally modify this Privacy Statement with prior notice to the Interested Party. The controller is obliged to review what is written in this brochure even if a significant change in legislation comes into force, or if its data protection and management processes and procedures change significantly. In such cases, the data controller shall modify this brochure accordingly and publish it on its website, at the same time drawing attention to the changes. Our website is not responsible for the privacy practices of other external websites. The person responsible for the treatment does not verify the personal data that is provided to him. The person who provided the data is solely responsible for the veracity of the information provided. By providing the email address of any Affected Party, you are also responsible for ensuring that only he / she uses the service from the provided email address.

This prospectus is effective as of May 25, 2018.