Privacy Policy

The data controller for this site is DField Kft., a limited liability company registered in Hungary. Company registration and registered-office details are published on our Imprint page.

For any question about this policy or your personal data, email privacy@remnavi.com. We aim to respond within 30 days.

We process the following categories of personal data for the following purposes. Each entry lists the legal basis under GDPR Article 6.

a) Newsletter subscribers

Data: email address, selected skill preferences, subscription timestamp, IP address at sign-up (for abuse prevention), delivery and engagement events from the SMTP provider.
Purpose: to send the weekly remote-jobs digest you asked for and prevent spam sign-ups.
Legal basis: consent (Art. 6(1)(a)) — given when you submit the form. You can withdraw consent at any time by clicking the unsubscribe link in any digest, or by emailing privacy@remnavi.com.

b) Advertisers (featured listings)

Data: the name, company, email address, and listing details you send us when you enquire about or buy a featured listing; invoice details (company name, address, VAT number) required to issue a VAT-compliant invoice; records of the listing(s) we published for you.
Purpose: to provide the featured-listing service, issue invoices, respond to support, and keep the statutory accounting records required in Hungary.
Legal basis: performance of a contract (Art. 6(1)(b)) for the service itself, and legal obligation (Art. 6(1)(c)) for the accounting records.

c) Payments

Data: payment metadata returned to us by Stripe (amount, currency, country, last four digits of card, Stripe customer and charge IDs). We never see or store your full card number. Full card data is processed directly by Stripe as an independent controller.
Purpose: to confirm payment and reconcile invoices.
Legal basis: performance of a contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)).

d) Server-side analytics and security logs

Data: IP address (truncated after 14 months to a /24 subnet), user-agent, referer, URL accessed, timestamp, response code.
Purpose: to measure aggregate traffic, debug errors, and defend against abuse (rate limiting, bot blocking).
Legal basis: legitimate interest (Art. 6(1)(f)) in running a secure, measurable service. You can object at any time — note that blocking access logs would make abuse prevention impossible.

We do not currently run client-side analytics. No Google Analytics, no Facebook pixel, no advertising or marketing SDKs. If this changes we will update this policy and — where required — request consent before any non-essential tracking loads.

e) Outbound click attribution

Data: when you click "Apply" on a listing we log the listing ID, a truncated IP, user-agent, and timestamp through our redirector (go.php), then forward you to the employer.
Purpose: aggregate click statistics we report to advertisers and use to rank listings.
Legal basis: legitimate interest (Art. 6(1)(f)) — data is aggregated, no user profile is built, and no identifier is shared with the employer.

f) A/B testing of editorial content

Data: a first-party cookie (RRS_VARIANT) stores the variant of the Real Remote Score explainer you were shown, so you see the same variant on return visits. No personal identifier is stored.
Purpose: to compare editorial presentations.
Legal basis: legitimate interest (Art. 6(1)(f)). See our Cookie Policy for details and how to opt out.

We share personal data only with the service providers we need to run the site. Each acts as a processor on our behalf under a data-processing agreement, except Stripe, which is an independent controller for payment data it processes.

• Hostinger International Ltd. (Cyprus/Lithuania) — website hosting, database, and transactional email relay.
• Stripe Payments Europe, Ltd. (Ireland) — payment processing for featured listings. Stripe may route transactions through Stripe Inc. (USA) under the EU–US Data Privacy Framework.
• GitHub, Inc. (USA, Microsoft group) — deployment infrastructure for the site code (does not receive end-user data).
• Cloudflare, Inc. (USA) — DNS and, where enabled, reverse-proxy caching. Processes IP addresses and request metadata.

We do not sell personal data. We do not share personal data with advertisers beyond aggregate statistics. We do not use your data to profile you, to retarget you, or to train third-party models.

Some of our processors are located outside the European Economic Area (notably Stripe Inc. and GitHub in the United States, and Cloudflare in the United States). Where that is the case, we rely on the EU–US Data Privacy Framework for certified recipients and on the European Commission's Standard Contractual Clauses for everyone else. You can request a copy of the relevant safeguards by emailing privacy@remnavi.com.

• Newsletter subscribers — until you unsubscribe; we then retain the email on a suppression list to prevent resubscription errors, and delete the suppression entry after 24 months.
• Advertiser records and invoices — 8 years, as required by Hungarian accounting law (Act C of 2000, § 169).
• Stripe payment metadata — 8 years, for the same reason.
• Server access logs — raw logs retained for 14 months, then aggregated and/or truncated; abuse-prevention rate-limit state retained for 30 days.
• Outbound click logs — raw events retained for 12 months, then aggregated into per-listing counts.
• A/B test variant cookie — 180 days from your last visit (local to your browser; we store no server-side record of the cookie value).

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to your personal data:

• Access — obtain a copy of the data we hold on you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — ask us to delete your data (subject to statutory retention periods, e.g. accounting records).
• Restriction — ask us to pause processing while a dispute is resolved.
• Portability — receive your data in a portable format.
• Objection — object to processing based on legitimate interest.
• Withdraw consent — where processing is based on consent (e.g. the newsletter), withdraw at any time without affecting prior lawful processing.

To exercise any of these rights, email privacy@remnavi.com. We may ask for information to verify your identity before we act on a request. We aim to respond within 30 days.

You have the right to lodge a complaint with a data protection supervisory authority. In Hungary this is the Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH):

Postal address: 1055 Budapest, Falk Miksa utca 9–11, Hungary
Telephone: +36 1 391 1400
Email: ugyfelszolgalat@naih.hu
Website: naih.hu

If you are located in another EU/EEA country, you may also complain to the supervisory authority in your country of residence or workplace.

A short list of cookies and local-storage keys is used to keep the site functional. Our Cookie Policy documents each one — what it does, how long it lasts, and which are strictly necessary versus which are used for editorial testing.

RemNavi is a professional site aimed at adults looking for remote work. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has submitted data to us, email privacy@remnavi.com and we will delete it.

We do not make decisions about you that have legal or similarly significant effects on the basis of automated processing. Listing ranking uses aggregate signals and editorial rules — no individual profile is used.

We use HTTPS site-wide, store subscriber data in an access-controlled database, require SSH key authentication for administrative access, and patch the stack regularly. No system is perfectly secure. If you believe your data has been exposed, email privacy@remnavi.com immediately.

We may update this policy from time to time. Material changes will be announced on the site and, where we hold an email address, by direct notice. The "Last updated" date above always reflects the most recent version.

Data protection: privacy@remnavi.com
General enquiries: hello@remnavi.com
Registered operator: DField Kft. — see Imprint.