Privacy Policy
Effective: 1 January 2026 · DVP Systems Kft.
This Policy applies only to data processing where DVP Systems Kft. acts as data controller (website visitors, trial sign-ups, B2B customer data, marketing).
On the SimpliFleet and SimpliTime Platform, DVP Systems handles the data of the Subscriber's employees and drivers as data processor acting on the Subscriber's instructions. That processing is governed by the Data Processing Agreement .
1. Details of the data controller
Company name: DVP Systems Kft.
Registered seat: 1141 Budapest, Szugló utca 125. G. ép. A. lház. 3. emelet 1. ajtó
Tax number: 32788156-2-42
Company registration number: 01 09 442670
Data protection contact: privacy@dvp.systems
Website: https://dvp.systems
DVP Systems Kft. (hereinafter: Data Controller) acts as data controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 (GDPR) for the personal data described in this Policy, in line with the GDPR, Act CXII of 2011 (the Hungarian Information Act, "Infotv.") and other applicable data protection laws.
Data Protection Officer (DPO): Given the Controller's current size (1 person) and the nature of its activities, it is not required to appoint a DPO (Article 37 GDPR). The Controller's data protection officer can be reached at privacy@dvp.systems .
2. Purposes, legal bases and retention periods
2.1 Website visitors
Data processed: IP address, browser type and version, operating system, pages visited, time of visit, HTTP header data.
Purpose: Keeping the website secure and running smoothly; identifying and preventing abuse and cyber-attacks.
Legal basis: Article 6(1)(f) GDPR — the Controller's legitimate interest (IT security, smooth operation).
Retention period: Up to 90 days, after which the data is deleted automatically.
Cookies: The Controller uses only technical cookies that are strictly necessary for the website to work (session ID, CSRF protection). Under Section 155(4) of the Electronic Communications Act ("Eht."), no consent is required to place these. No analytics, marketing or tracking cookies are used.
2.2 Trial sign-ups
Data processed: Full name, work email address, phone number (optional), company name, job title, time of sign-up and version identifier.
Purpose: Providing access to the trial; technical and customer-support communication; informing you about the end of the trial period.
Legal basis: Article 6(1)(b) GDPR — steps taken at your request before entering into a contract.
Retention period: From the end of the trial period: 90 days, after which the data is deleted, unless you have become a paying customer of the Controller. Keeping the data for marketing requires your explicit consent.
2.3 B2B customer data (billing, contract)
Data processed: Contact person's name, job title, work email address and phone number; billing address; contract data.
Purpose: Performing the subscription contract; billing; accounting and tax records.
Legal basis: Article 6(1)(b) GDPR (performance of a contract) and (c) (legal obligation — Section 169 of the Accounting Act, Act C of 2000).
Retention period: From the end of the contractual relationship: 8 years (for billing data, under Section 169 of the Accounting Act). Other contact data: 5 years from the end of the contract (the general limitation period under Section 6:22 of the Civil Code).
2.4 B2B marketing and prospects
Data processed: Business contact's name, email address, company name, industry classification.
Purpose: Promoting our B2B services for business purposes and sending offers.
Legal basis and distinction:
- Generic business email address (e.g. info@company.com): Article 6(1)(f) GDPR — the Controller's legitimate interest, with a documented Legitimate Interest Assessment (LIA). You can object at any time, without giving a reason (opt-out).
- Work email that identifies a person (e.g. john.smith@company.com): Article 6(1)(a) GDPR — only on the basis of your prior, freely given and explicit consent (opt-in) , within the meaning of Section 6(1) of the Advertising Act ("Grtv.").
Retention period: 3 years from the last contact, or from your objection / withdrawal of consent; in the event of an objection or withdrawal, the data is deleted immediately.
Unsubscribe: Via the "Unsubscribe" link in the email, or at the privacy@dvp.systems email address, at any time and without deadline.
2.5 System logs and audit trails
Data processed: IP address, session identifiers, login timestamps, API call logs, activity logs.
Purpose: IT security, abuse prevention, troubleshooting, and proving legal claims.
Legal basis: Article 6(1)(f) GDPR — the Controller's legitimate interest.
Retention period: 90 days (normal operation); up to 5 years in the event of a security incident or legal claim (the limitation period under Section 6:22 of the Civil Code).
3. Sub-processors and data transfers
To process personal data, the Controller uses the following categories of processors, with whom it has signed the required data processing agreements in writing:
| Category | Purpose | Location | Legal basis |
|---|---|---|---|
| Cloud infrastructure | Hosting, database, backups | EU (Frankfurt/Dublin) | Processing within the EU |
| Email provider | Transactional notifications | EU | Processing within the EU |
| Monitoring tool | System monitoring, logging | EU | Processing within the EU |
| CRM / Support | Customer support, ticket handling | EU | Processing within the EU |
The Controller transfers data outside the EU/EEA only with the safeguards set out in Articles 44–49 GDPR (the EU–US Data Privacy Framework adequacy decision, or Standard Contractual Clauses plus a Transfer Impact Assessment). An up-to-date list of the processors used is available on request (privacy@dvp.systems).
4. Your rights
Right of access (Article 15)
You can ask for information about the data processed, a copy of it, and details of the processing.
Right to rectification (Article 16)
You can ask us to correct inaccurate data or complete incomplete data.
Right to erasure (Article 17)
You can ask us to delete your data once the legal basis for processing no longer applies. Deletion is not possible where a legal obligation applies (e.g. the Accounting Act).
Right to restriction (Article 18)
You can ask us to restrict processing in the event of an accuracy dispute, unlawful processing, or a legal claim.
Data portability (Article 20)
Where processing is automated and based on consent or a contract, you can ask for your data in a machine-readable format.
Right to object (Article 21)
You can object at any time to processing based on legitimate interest (marketing, analytics) — at which point the processing stops immediately.
Automated decision-making (Article 22)
You can ask not to be subject to a decision based solely on automated processing that produces legal effects for you. Compliance alerts and warnings are decision-support tools, not automated decisions.
How to exercise your rights
You can submit your request at the privacy@dvp.systems email address. The Controller will respond to the request within 30 days of receiving it (which may be extended by 60 days where justified; we will notify you if so). As a rule, this information is provided free of charge.
5. Personal data breaches
The Controller keeps a record of personal data breaches, including cases that do not need to be reported (Article 33(5) GDPR).
If a breach is likely to result in a risk to people's rights, the Controller reports it to the NAIH within 72 hours of becoming aware of it. If the breach is high-risk (e.g. location data or identifiable fleet data becoming public), the Controller also notifies the affected individuals directly (Article 34 GDPR).
As a data processor, the Provider reports breaches to the Subscriber within 24 hours at the latest, under the Data Processing Agreement.
6. Complaints to the supervisory authority (NAIH)
If you believe the Controller is processing your personal data in breach of applicable data protection law, you have the right to lodge a complaint with the Hungarian data protection supervisory authority:
National Authority for Data Protection and Freedom of Information (NAIH)
Office address: 1055 Budapest, Falk Miksa utca 9–11.
Mailing address: 1363 Budapest, Pf. 9.
Phone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Website: www.naih.hu
The right to lodge a complaint does not affect your right to a judicial remedy under Article 79 GDPR if you believe your personal data has been processed in breach of the Regulation. You may also bring proceedings against the Controller before the civil court with jurisdiction over your home or place of stay (the Code of Civil Procedure, Act CXXX of 2016).
7. Changes to this Policy
The Controller reserves the right to change this Policy. We will inform affected individuals of material changes by email. The current version of the Policy is always available at dvp.systems/adatvedelmi-nyilatkozat .
Version: 2026-v1.0 · Effective: 1 January 2026