Privacy Policy

The data controller for this site is DField Kft., a limited liability company registered in Hungary, with registered office at 2120 Dunakeszi, Torony köz 5. 1.ajtó; company registration number 13-09-242182 (Pest Vármegyei Törvényszék Cégbírósága); Hungarian tax number 32876217-2-13; EU VAT number HU32876217. Full legal and supervisory details — including the competent data-protection authority (NAIH) — are published on our Imprint page.

For any question about this policy or your personal data, email privacy@remnavi.com. We aim to respond within 30 days.

We have not appointed a Data Protection Officer because RemNavi's processing does not currently meet the criteria that make a DPO mandatory under GDPR Art. 37. Data-protection enquiries can be sent to the address above.

We process the following categories of personal data for the following purposes. Each entry lists the legal basis under GDPR Article 6.

a) Newsletter subscribers

Data: email address, selected skill preferences, subscription timestamp, IP address at sign-up (for abuse prevention), and digest engagement events. Engagement events include delivery and bounce status from our SMTP relay, unsubscribes, outbound clicks (routed via our redirector go.php), and opens (measured via a 1×1 transparent image served by /px.php). Open rates are directional only — many mail clients block or pre-fetch remote images, so the signal is not authoritative about individual reading behaviour.
Purpose: to send the weekly remote-jobs digest you asked for, measure whether the digest is being delivered and read, and prevent spam sign-ups.
Legal basis: consent (Art. 6(1)(a)) — given when you submit the form. You can withdraw consent at any time by clicking the unsubscribe link in any digest, or by emailing privacy@remnavi.com.

b) Advertisers (featured listings)

Data: the name, company, email address, and listing details you send us when you enquire about or buy a featured listing; invoice details (company name, address, VAT number) required to issue a VAT-compliant invoice; records of the listing(s) we published for you.
Purpose: to provide the featured-listing service, issue invoices, respond to support, and keep the statutory accounting records required in Hungary.
Legal basis: performance of a contract (Art. 6(1)(b)) for the service itself, and legal obligation (Art. 6(1)(c)) for the accounting records.

c) Payments

Data: payment metadata returned to us by Stripe (amount, currency, country, last four digits of card, Stripe customer and charge IDs). We never see or store your full card number. Full card data is processed directly by Stripe as an independent controller under Stripe's own privacy policy.
Purpose: to confirm payment and reconcile invoices.
Legal basis: performance of a contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)).

d) Visitor analytics and server logs

Data (visitor analytics): when you visit a page, a lightweight first-party script sends a request to our own server (/analytics_tracker.php). We record: the page path and title, the referring URL domain, a coarse device type (desktop / tablet / mobile), a browser family, a country code derived from your IP address via a geo-lookup cache, and a daily-rotating visitor identifier.
The visitor identifier is derived from a SHA-256 hash of your IP address, the current UTC date, a purpose-specific prefix, and a server-side secret. Only a shortened 16-character excerpt is stored. Your raw IP address is never written to our analytics database. Because the date is included, the identifier resets every midnight UTC. It is not designed to link visits across days, and we do not use it to build cross-day profiles. The hash is not practically reversible by us because it is generated using a server-side secret.
Data (server access logs): the web server retains standard access logs (IP address, user-agent, URL, timestamp, response code) for up to 14 months for security and debugging. After 14 months, logs are aggregated or truncated so the remaining record can no longer identify an individual household.
Purpose: to measure aggregate traffic, understand which pages and referral sources drive visitors, debug errors, and defend against abuse — including bot activity, credential-stuffing, and year-over-year traffic anomalies. We do not build individual user profiles and do not use this data for advertising or retargeting.
No third-party analytics SDKs. The analytics beacon is a first-party call to our own server only. No Google Analytics, no Meta Pixel, no advertising or marketing SDKs.
Legal basis: legitimate interest (Art. 6(1)(f)) — processing is minimised, proportionate to our legitimate interest in measuring and securing the service, and avoids creating a persistent cross-day visitor identifier. The analytics beacon does not set cookies, use local storage, or read any equivalent browser-side identifier. We therefore treat it as first-party, cookieless analytics handled under legitimate interest rather than cookie consent. Non-essential cookies, such as the A/B test cookie described in §2(f), are only set after consent. You can object at any time by emailing privacy@remnavi.com; we will assess your objection as required by GDPR Art. 21 and, where compelling legitimate grounds do not override your interests, stop the relevant processing.

e) Outbound click attribution

Data: when you click "Apply" on a listing, our apply-click tracker (event.php) records the listing identifier, the employer, the listing category and source board, a timestamp, and the same daily-rotating visitor hash described in §2(d) above. Your raw IP address is never stored in click logs. The hash rotates daily, is not designed to link clicks across days, and is not used to build individual profiles. You are then forwarded directly to the employer's application page.
Digest outbound links are routed through a separate redirector (go.php) that records the same categories of data under the same mechanism.
Purpose: aggregate click statistics we use internally to understand listing performance, improve relevance, and provide anonymised aggregate reporting to advertisers — total click counts and listing-level trends only. Advertisers receive aggregate reporting only — they never receive individual visitor identifiers, IP addresses, or any record that could isolate a specific visitor.
Legal basis: legitimate interest (Art. 6(1)(f)) — data is minimised (no raw IP, daily hash rotation), no user profile is built, and no identifier is shared externally.

f) A/B testing of editorial content

Data: a first-party cookie (rn_rrs_bucket) stores the variant of the Real Remote Score explainer you were shown, so you see the same variant on return visits. No personal identifier is stored.
Purpose: to compare editorial presentations.
Legal basis: two separate bases apply. Consent (Art. 6(1)(a)) is the basis for setting the non-essential cookie itself — the cookie is only set after you accept non-essential cookies in our consent banner, in line with the EU ePrivacy Directive. Legitimate interest (Art. 6(1)(f)) is the basis for the aggregate evaluation of which variant performed better, where no individual profile is built and the analysis operates on counts.
See our Cookie Policy for details and how to opt out.

We share personal data only with the service providers we need to run the site. The role each provider plays — processor acting on our instructions, or independent controller processing data under its own terms — is spelled out below.

• Hostinger International Ltd. (Cyprus/Lithuania) — website hosting, database, DNS, and email delivery relay (including the weekly digest). Acts as our processor under a data-processing agreement.
• Stripe Payments Europe, Ltd. (Ireland) — payment processing for featured listings. Stripe processes full card and payment data under its own terms and privacy policy. We receive only limited payment metadata needed to confirm payment and reconcile invoices. Stripe may route transactions through Stripe Inc. (USA) under the EU–US Data Privacy Framework.
• GitHub, Inc. (USA, Microsoft group) — code hosting and deployment infrastructure. GitHub is not intended to receive end-user personal data; production data is not deliberately sent to GitHub.

We do not sell personal data. We do not share personal data with advertisers beyond aggregate statistics. We do not use your data to profile you, to retarget you, or to train third-party models.

Some of our processors are located outside the European Economic Area (notably Stripe Inc. and GitHub in the United States). Where that is the case, we rely on the EU–US Data Privacy Framework where the specific recipient is certified under it, and on the European Commission's Standard Contractual Clauses for recipients that are not DPF-certified or for transfers the DPF does not cover. You can request a copy of the relevant safeguards by emailing privacy@remnavi.com.

• Newsletter subscribers — until you unsubscribe; we then retain the email on a suppression list to prevent resubscription errors, and delete the suppression entry after 24 months.
• Advertiser records and invoices — 8 years, as required by Hungarian accounting law (Act C of 2000, § 169).
• Stripe payment metadata — 8 years, for the same reason.
• Newsletter delivery, open, and click events — retained for 12 months, then aggregated or deleted.
• Server access logs — raw logs retained for 14 months, then aggregated and/or truncated; abuse-prevention rate-limit state retained for 30 days.
• Outbound click logs — raw events retained for 12 months, then aggregated into per-listing counts.
• A/B test variant cookie (rn_rrs_bucket) — 30 days from your last visit (local to your browser; we store no server-side record of the cookie value). Only set after you accept non-essential cookies via our consent banner.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to your personal data:

• Access — obtain a copy of the data we hold on you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — ask us to delete your data (subject to statutory retention periods, e.g. accounting records).
• Restriction — ask us to pause processing while a dispute is resolved.
• Portability — receive your data in a portable format.
• Objection — object to processing based on legitimate interest.
• Withdraw consent — where processing is based on consent (e.g. the newsletter), withdraw at any time without affecting prior lawful processing.

To exercise any of these rights, email privacy@remnavi.com. We may ask for information to verify your identity before we act on a request. We aim to respond within 30 days.

You have the right to lodge a complaint with a data protection supervisory authority. In Hungary this is the Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH):

Postal address: 1055 Budapest, Falk Miksa utca 9–11, Hungary
Telephone: +36 1 391 1400
Email: ugyfelszolgalat@naih.hu
Website: naih.hu

If you are located in another EU/EEA country, you may also complain to the supervisory authority in your country of residence or workplace.

A short list of cookies and local-storage keys is used to keep the site functional. Our Cookie Policy documents each one — what it does, how long it lasts, and which are strictly necessary versus which are used for editorial testing.

RemNavi is a professional site aimed at adults looking for remote work. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has submitted data to us, email privacy@remnavi.com and we will delete it.

We do not make decisions about you that have legal or similarly significant effects on the basis of automated processing. Listing ranking uses the public Real Remote Score (a rule-based metric computed from each listing's structured metadata) and editorial rules. No individual visitor profile is used.

We use HTTPS site-wide, store subscriber data in an access-controlled database, require SSH key authentication for administrative access, and patch the stack regularly. No system is perfectly secure. If you believe your data has been exposed, email privacy@remnavi.com immediately. Access to production data is limited to authorised operators.

We may update this policy from time to time. Material changes will be announced on the site and, where we hold an email address, by direct notice. The "Last updated" date above always reflects the most recent version.

Data protection: privacy@remnavi.com
General enquiries: hello@remnavi.com
Registered operator: DField Kft. — see Imprint.