This document contains all relevant information on data management in relation to the operation of the website in accordance with the General Data Protection Regulation of the European Union 2016/679 (hereinafter: GDPR) and the Act CXII of 2011 (hereinafter: Infotv.).

Data Controller
Name:Procopius Ltd.
Head office: 1064 Budapest, Vörösmarty utca 61.
Address for correspondence: 1064 Budapest, Vörösmarty utca 61.
E-mail: info@procopius.hu
Telephone number: 60 1 269 28 90
Website: https://procopius.hu/

Hosting
Name: Netteszt Informatikai Kft.
Location: 2013 Pomáz, Katona József utca 17/d.
E-mail address: info@netteszt.hu
Phone number: +36 1 445-0999

1. Information about the use of cookies

1.1. What is a cookie?
The Data Controller uses so-called cookies when you visit the website. A cookie is a set of information consisting of letters and numbers that the Controller's website sends to the User's browser in order to save certain settings, facilitate the use of the website and help to collect some relevant information of a statistical nature about the Users.

Some of the cookies do not contain any personal information and cannot be used to identify the individual user, but some of them contain a unique identifier - a secret, randomly generated sequence of numbers - that is stored on the User's device, thus ensuring their identification. The duration of each cookie is described in the relevant description of each cookie.

1.2. Legal background and legal basis for cookies
The legal basis for the processing is the legitimate interest of the controller pursuant to Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter "GDPR"). Therefore, in this case, the data subject's consent is not required for the processing, but he or she must be provided with appropriate information and the personal data must be processed only to the extent necessary and proportionate for the purpose, for the minimum period necessary (which, in the case of session cookies, means the end of the browsing session, i.e. closing the browser).
Furthermore, the legal basis for data processing is the consent of the User pursuant to Article 6 (1) (a) of the GDPR, with regard to Article 155 (4) of Act C of 2003 on electronic communications.

2. Data processed for the purposes of contracting and performance

2.1. Access to and transfer of data 
The personal data may be accessed by the Data Controller's employees in the performance of their duties. The Data Controller shall only transfer personal data processed by it to other public bodies in the manner and for the purposes specified by law. For example, if the Controller is approached by the police or a prosecutor's office and requests the transmission of documents containing the personal data concerned for the purposes of an investigation.
The Data Controller uses a Data Processor in the course of data processing. Processors do not take independent decisions and are only entitled to act in accordance with the contract concluded with the Data Controller and the instructions received. The Controller shall only use Processors that implement appropriate technical and organisational measures to ensure a level of data security appropriate to the level of risk. The specific tasks and responsibilities of the Processor shall be governed by the contract between the Controller and the Processor.
The Data Controller uses the following Data Processors in its data processing activities:

- accounting tasks

3. Data processing for marketing purposes

Pursuant to Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activity, the User may expressly consent in advance to the Service Provider contacting him/her with advertising offers and other mailings at the contact details provided at the time of registration.

In addition, the Customer may, subject to the provisions of this notice, consent to the processing of personal data by the Service Provider necessary for the sending of advertising offers.

The Service Provider will not send unsolicited commercial messages, and the User may unsubscribe from receiving such offers without any restriction and without giving any reason, free of charge. In this case, the Service Provider will delete all personal data necessary for sending advertising messages from its records and will not contact the User with further advertising offers. The User may unsubscribe from advertising by clicking on the link in the message.

4. Rights of the User in the course of data processing

During the period of data processing, the User has the following rights under the GDPR:

• the right to withdraw consent
• access to personal data and information on data management
• right to rectification
• restriction of processing,
• right to erasure
• right to protest
• the right to portability.

If the User wishes to exercise his/her rights, this will entail his/her identification, and therefore the provision of personal data will be required for identification purposes (but identification will only be based on data that the Data Controller already processes about the User), and the User's complaints about the processing will be available in the Data Controller's email account within the period indicated in this notice in relation to complaints.

The Data Controller shall respond to complaints about data processing within 30 days at the latest.

5. Data security measures

The Data Controller declares that it has implemented appropriate security measures to protect personal data against unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or damage and inaccessibility resulting from changes in the technology used.

The Data Controller will make every effort, within the organisational and technical possibilities, to ensure that its data processors also take appropriate data security measures when working with the User's personal data.

6. Remedies

If the User believes that the Data Controller has violated a legal provision on data processing or has failed to comply with a request, the User may initiate an investigation procedure with the National Authority for Data Protection and Freedom of Information (address: 1530 Budapest, PO Box 5, e-mail: ugyfelszolgalat@naih.hu).

You are also informed that you may bring a civil action against the Data Controller before a court in the event of a breach of the legal provisions on data processing or if the Data Controller has not complied with a request.

7. Amendments to the Privacy Notice

The Data Controller reserves the right to amend this Privacy Notice in a manner that does not affect the purpose and legal basis of the processing. By using the website after the amendment comes into force, you accept the amended privacy notice.

If the Data Controller intends to carry out further processing of the collected data for purposes other than those for which they were collected, the Data Controller shall inform the User of the purpose of the processing and the following information prior to the further processing:

• the duration of the storage of personal data or, where this is not possible, the criteria for determining that duration;
• the right to request from the Controller access to, rectification, erasure or restriction of processing of personal data concerning the User and, in the case of processing based on legitimate interest, to object to the processing of personal data and, in the case of processing based on consent or a contractual relationship, to request the right to data portability;
• in the case of data processing based on consent, that the User may withdraw consent at any time,
• the right to lodge a complaint with a supervisory authority;
• whether the provision of the personal data is based on a legal or contractual obligation or is a precondition for the conclusion of a contract, whether the User is obliged to provide the personal data and the possible consequences of not providing the data;
• the fact of automated decision-making (if such a process is used), including profiling, and, at least in these cases, clear information on the logic used and the significance of such processing and its likely consequences for the User.

Data processing can only start after this, if the legal basis for the processing is consent, the User must also consent to the processing in addition to the information.