Privacy Policy

Last updated: April 4, 2026

This is an English translation of the Czech original. In case of discrepancy, the Czech version prevails.

Privacy Policy

1. Data Controller

The controller of your personal data is:

Schindler Systems, s.r.o.
Company ID: 27902510
VAT ID: CZ27902510
Registered office: V Edenu 380, Škvorec, 250 83, Czech Republic
Email: info@remoacc.com

We are committed to protecting your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Czech data protection legislation.

2. Purposes and Legal Basis of Processing

  • Provision of the Service (Art. 6(1)(b) GDPR — contract performance): Processing of Device identifiers, machine fingerprints, IP addresses, and session data is necessary to authenticate Devices and establish remote desktop connections.
  • Admin Panel account management (Art. 6(1)(b) GDPR): Processing of email addresses and password hashes is necessary to create and manage Admin Panel accounts.
  • Security and fraud prevention (Art. 6(1)(f) GDPR — legitimate interest): We process connection logs, IP addresses, and rate-limit events to detect and prevent unauthorised access and security incidents.
  • Legal compliance (Art. 6(1)(c) GDPR): We may process data where required by applicable law.
  • Email notifications (Art. 6(1)(b) or Art. 6(1)(a) GDPR): Service notifications based on your Admin Panel settings.

3. Categories of Personal Data

  • Machine fingerprint: A cryptographic hash derived from hardware identifiers. Raw hardware identifiers are not transmitted; only the hash is used.
  • IP address and public IP: Collected during connection for routing, security, and geo-location.
  • Geo-location data: Approximate country and city derived from IP. Processed locally using our own GeoLite2 database — IP addresses are not sent to any third-party geo-location service.
  • Session connection history: When Sessions were initiated, duration, data volumes. Retained for 90 days.
  • Audit logs: Significant events (authentication, session creation, configuration changes). Retained for 90 days.
  • Email address (Admin Panel only): For authentication, password reset, and notifications.
  • Password hash: Stored exclusively as bcrypt hashes. We do not store plaintext passwords.

4. Recipients of Personal Data

We do not sell your personal data. We may share data with:

  • Hosting provider: Acting as a data processor under a data processing agreement.
  • SMTP provider: For transactional emails (verification, password reset, notifications).
  • Legal authorities: Where required by applicable law.

Geo-location is processed locally. Relay nodes forward encrypted packets without the ability to decrypt Session content.

5. Retention Periods

  • Session connection history: 90 days, then automatically deleted.
  • Audit logs: 90 days, then automatically deleted.
  • Account data: Retained for the duration of the account and deleted upon closure.

6. Rights of Data Subjects

Under the GDPR, you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), and withdrawal of consent (Art. 7(3)).

You may lodge a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.

Contact us at info@remoacc.com to exercise your rights. We will respond within one month.

7. Security Measures

  • All data in transit protected by TLS (HTTPS/WSS).
  • Session content protected with end-to-end encryption.
  • Passwords stored as bcrypt hashes.
  • Session password brute-force protection with account lockout.
  • Security headers (HSTS, CSP, X-Frame-Options) on all web interfaces.

8. Cookies

Our websites use only strictly necessary technical cookies. See our Cookie Policy for details.

9. Changes to this Privacy Policy

We may update this Privacy Policy. The current version is always at www.remoacc.com/privacy. Material changes will be notified at least fifteen (15) days in advance.