GokartSim.hu - Magyarország legélethűbb gokartszimulátora

Docmet Systems Kft ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information in accordance with the General Data Protection Regulation (GDPR) and Hungarian data protection law.

1. Data Controller

DOCMET SYSTEMS Kft. 1013 Budapest, Attila út 4. I. em. 2. Company Registration: 01 09 988316 VAT: HU23995701-2-41 Email: info@docmet.com We are the data controller for personal data collected through our website and services.

2. Data We Collect

We collect the following categories of personal data: Account Information: • Name (first and last) • Email address • Password (encrypted) • Phone number (optional) Transaction Data: • Purchase history (simulator hours) • Booking history • Invoice details Payment Information: • Payment method type • Transaction IDs • Note: Card details are NOT stored by us - they are processed directly by our payment provider Technical Data: • IP address • Browser type and version • Device information • Cookie identifiers (with consent) Marketing Data (with consent): • Newsletter subscription status • Marketing preferences

3. Purpose of Processing

We process your data for the following purposes: Service Delivery: • Creating and managing your account • Processing simulator hour purchases • Managing session bookings • Sending booking confirmations and reminders Legal Obligations: • Issuing invoices (NAV Online Számla compliance) • Tax and accounting records • Responding to legal requests Legitimate Interests: • Fraud prevention and security • Service improvement and analytics • Customer support With Your Consent: • Marketing emails and newsletters • Analytics cookies • Marketing cookies

4. Legal Basis for Processing

We process your data based on the following legal grounds: Contract Performance (GDPR Art. 6(1)(b)): • Account creation and management • Processing purchases and bookings • Providing customer support for our services Legal Obligation (GDPR Art. 6(1)(c)): • Invoicing and tax compliance • Accounting records retention • Responding to legal authorities Legitimate Interests (GDPR Art. 6(1)(f)): • Website security and fraud prevention • Service improvement based on usage patterns • Essential analytics for website operation Consent (GDPR Art. 6(1)(a)): • Marketing communications • Non-essential cookies (analytics, marketing) • Newsletter subscription You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

5. Data Processors & Recipients

We share your data with the following categories of recipients: Payment Processors: • Revolut Pay / Stripe - for secure payment processing • They process: name, email, payment card details, transaction amount • Their privacy policies apply to payment data Hosting Provider: • Hetzner Online GmbH (Germany) • Processes: all data stored on our servers • EU-based, GDPR compliant Invoicing Software: • Számlázz.hu - for NAV Online Számla compliance • Processes: name, address, purchase details Email Service: • For transactional and marketing emails • Processes: email address, name Analytics: • Umami (self-hosted, privacy-focused) • Does not use cookies or collect personal data • Processes: anonymized page views and events only We do not sell your personal data to third parties.

6. Data Retention

We retain your data for the following periods: Account Data: • Active accounts: Until you request deletion • After account deletion: 30 days (recovery period), then permanently deleted • Exception: Data required for legal obligations Transaction & Invoice Data: • 8 years from the transaction date • Required by Hungarian tax and accounting law Booking History: • 3 years from the booking date • For service quality and dispute resolution Marketing Data: • Until you withdraw consent or unsubscribe • Unsubscribe records kept to honor your preference Cookie Data: • Session cookies: Until browser is closed • Persistent cookies: Maximum 13 months • Analytics data: 26 months (if consented) After retention periods expire, data is securely deleted or anonymized.

7. Your Rights

Under GDPR, you have the following rights: Right of Access (Art. 15): Request a copy of your personal data we hold. Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data. Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten"), subject to legal retention requirements. Right to Restrict Processing (Art. 18): Request limitation of how we use your data. Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format. Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing. Right to Withdraw Consent: Withdraw consent at any time for consent-based processing. How to Exercise Your Rights: Email: info@docmet.com Subject: "Data Protection Request" We will respond within 30 days. We may request identity verification before processing your request.

8. Cookies

We use cookies and similar technologies on our website. Strictly Necessary Cookies: • Session management • Security features • Cookie consent preferences • These cannot be disabled Analytics: • We use Umami, a privacy-focused analytics tool • Umami does not use cookies and does not collect personal data • Only anonymized page view and event data is collected • No consent required as no personal data is processed Marketing Cookies (with consent): • Track effectiveness of our marketing • May be used for retargeting • Affiliate tracking (KartSim referrals) Managing Cookies: • Use our cookie banner to set preferences • Change preferences anytime via the cookie settings link in footer • Browser settings can also block cookies

9. Data Security

We implement appropriate technical and organizational measures to protect your data: Technical Measures: • HTTPS encryption for all data transmission • Encrypted password storage (bcrypt) • Regular security updates • Access controls and authentication Organizational Measures: • Limited staff access to personal data • Data protection training • Incident response procedures Payment Security: • We do not store card details • PCI-DSS compliant payment processors • Strong Customer Authentication (SCA) for payments In case of a data breach that poses a risk to your rights, we will notify you and the supervisory authority within 72 hours.

10. International Transfers

Your data is primarily processed within the European Economic Area (EEA). Our hosting (Hetzner) is based in Germany. Some service providers may process data outside the EEA: • Payment processors may have global operations • Analytics providers may transfer data to the US For any transfers outside the EEA, we ensure appropriate safeguards: • EU Standard Contractual Clauses • Adequacy decisions where applicable • Binding Corporate Rules of service providers

11. Contact & Complaints

For privacy-related inquiries: Data Protection Contact: Docmet Systems Kft Email: info@docmet.com Address: 1013 Budapest, Attila út 4 We aim to resolve all complaints directly. If you are not satisfied with our response, you have the right to lodge a complaint with: National Authority for Data Protection and Freedom of Information (NAIH) Address: 1055 Budapest, Falk Miksa utca 9-11. Phone: +36 1 391 1400 Email: ugyfelszolgalat@naih.hu Website: https://naih.hu