This document informs you, as a visitor to our website and user of our services, about our company’s data processing and privacy policies.

What principles do we follow in our data processing?

In processing data, our company follows these principles:

• We process personal data lawfully, fairly, and transparently for you.
• We collect personal data only for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
• The personal data we collect and process is adequate, relevant, and limited to what is necessary for the purposes of data processing.
• Our company takes all reasonable measures to ensure that the data we process is accurate and, where necessary, kept up to date; we delete or correct inaccurate personal data without delay.
• We store personal data in a form that allows identification of you only for as long as necessary to achieve the purposes of processing personal data.
• We ensure appropriate security of personal data through appropriate technical and organizational measures against unauthorized or unlawful processing, accidental loss, destruction, or damage.
• We process data based on your prior informed and voluntary consent and only to the necessary extent and always for specific purposes – i.e., we collect, record, organize, store, and use it.
• In some cases, the processing of your data is based on legal requirements and is mandatory; in such cases, we specifically draw your attention to this fact.
• In certain cases, our company or a third party has a legitimate interest in processing your personal data, such as for the operation, development, and security of our website.

Who are we?

Our company name is Lexunit Zrt.
Our company headquarters: 1136 Budapest, Tátra utca 15/A 3. em. 3. ajtó
Our company website: lexunit.hu, lexunit.ai
Postal address: 1136 Budapest, Tátra utca 15/A 3. em. 3. ajtó
Phone number: +36 30 890 50 75
Email address: info@lexunit.hu
Tax number: 27774009-2-41
Company registration number: 01 10 141771

Our company is not required to appoint a data protection officer under Article 37 of the GDPR.

Our company’s hosting provider:
Hosting provider name: Google Ireland Limited
Tax number: IE 6388047V
Hosting provider headquarters: Gordon House Barrow Street Dublin 4 Ireland
Hosting provider website: google.com

Data processed by us:

Activity name and purpose of data processing	Legal basis	Data processed	Duration
Website visit Purpose: to ensure proper and quality operation of the website, monitor and improve the quality of our services, identify malicious visitors attacking our website, measure traffic	Our company’s legitimate interest	IP address, time of visit, data of visited pages, operating system and browser type used by you	1 month
Registration on the website Purpose: to provide our visitors with a fuller user experience, notifications about message status, changes to our company’s contact information, etc.	Consent	Last name, first name, date of birth (to verify age 16 or 18), email address	Until deletion of registration or withdrawal of consent
Newsletter service Purpose: to maintain contact and inform you about our new promotions and products	Consent	Full name, date of birth (to verify age 16 or 18), email address, other non-mandatory information such as interests, residence, etc.	Until unsubscription from newsletter
Direct marketing service We prepare and send personalized offers based on analysis of your purchasing habits, contact you for business purposes, and send information about the products and services we offer	Consent	Full name, date of birth (to verify age 16 or 18), email address, other non-mandatory information such as interests, residence, etc.	Until unsubscription from direct marketing service
Complaints, comments, responses to complaints	Legal obligation	Full name, email address, phone number, mailing address, other personal messages	5 years

We only request personal data from our website visitors if they wish to register, log in, or participate in a prize draw.

We cannot link the personal data provided during registration or use of our marketing services to identify our visitors, and this is not our fundamental goal.

If you have questions regarding data processing, you can contact us at info@lexunit.hu by email or postal address for further information; we will send our response within 15 days (but at most within 1 month) to the contact details you provided.

What are cookies and how do we handle them?

Cookies are small data files (hereinafter: cookies) that are stored on your computer through the website as you use it, saved and stored by your internet browser. Most commonly used internet browsers (Chrome, Firefox, etc.) accept and allow the download and use of cookies by default, but it is up to you to reject or disable them by modifying the browser settings, or you can delete cookies already stored on your computer. The “help” menu of each browser provides more information about using cookies.

There are cookies that do not require your prior consent. Our website provides brief information about these when you first visit, such as authentication, multimedia player, load balancing, user interface customization cookies, and user-centric security cookies.

For cookies requiring consent – if data processing begins upon visiting the page – our company informs you and requests your consent at the start of your first visit.

Our company does not use or allow cookies that would enable third parties to collect data without your consent.

Accepting cookies is not mandatory, but our company is not responsible if the website does not work as expected due to cookies being disabled.

What cookies do we use?

Name	Provider	Purpose	Expiration	Type
_ga	lexunit.hu	Registers a unique ID that generates statistical data on how visitors use the website	2 years	HTTP
_gat	lexunit.hu	Used by Google Analytics to throttle request rate	Session	HTTP
	lexunit.hu	Registers a unique ID that generates statistical data on how visitors use the website	Session	HTTP
collect	google-analytics.com		Session	Pixel

Detailed information about third-party cookies can be found at
https://www.google.com/policies/technologies/types/, and privacy information at
https://www.google.com/analytics/learn/privacy.html?hl=hu

What else you need to know about data processing on our website

You voluntarily provide personal data to us during registration or when contacting our company, which is why we ask that you carefully ensure the authenticity, correctness, and accuracy of your data when providing it, as you are responsible for this. Incorrect, inaccurate, or incomplete data may prevent you from using our services.

If you provide personal data of someone other than yourself, we assume that you have the necessary authorization to do so.

You can withdraw your consent to data processing at any time free of charge by:

• Deleting your registration,
• Withdrawing consent to data processing, or
• Withdrawing consent or requesting blocking of any mandatory data during registration.

We undertake to register the withdrawal of consent within 30 days for technical reasons, but we draw your attention to the fact that we may continue to process certain data even after withdrawal of consent for the purpose of fulfilling legal obligations or asserting our legitimate interests.

In case of use of misleading personal data or if any of our visitors commits a crime or attacks our company’s system, we will delete the visitor’s data immediately upon terminating their registration, or if necessary, we will retain them for the duration of establishing civil liability or conducting criminal proceedings.

What you need to know about direct marketing and newsletter data processing

By making a statement during registration or later, by modifying your personal data stored on the newsletter and/or direct marketing registration interface (i.e., by explicitly declaring your consent), you can give your consent for us to use your personal data for marketing purposes. In this case – until withdrawal of consent – we process your data for direct marketing and/or newsletter purposes, and we send you advertisements and other mailings, as well as information and offers, and/or forward newsletters (Section 6 of Grtv.).

You can give your consent for direct marketing and newsletters together or separately, and you can withdraw it/them free of charge at any time.

We consider deletion of registration as withdrawal of consent in all cases. We do not interpret withdrawal of consent for direct marketing and/or newsletter purposes as withdrawal of consent for data processing related to the website. In each case, each consent is for a specific purpose, so registering on the website and signing up for the newsletter are two separate purposes, two separate databases, and the two cannot be dependent on each other.

We undertake to register withdrawal or cancellation of individual consents within 15 days for technical reasons.

What you need to know about prize draws

Our company may organize prize draws on a campaign basis, with specific conditions set out in separate regulations. The current promotion regulations can always be found on the homepage of our website, in a centrally located link.

Other data processing questions

We can only transfer your data within the framework defined by law; in the case of our data processors, we ensure through contractual conditions that they cannot use your personal data for purposes contrary to your consent. Further information can be found in point 2.

Our company does not transfer data abroad.

Courts, prosecutors, and other authorities (e.g., police, tax office, National Authority for Data Protection and Freedom of Information) may contact our company to provide information, disclose data, or provide documents. In these cases, we must fulfill our data provision obligation, but only to the extent absolutely necessary to achieve the purpose of the request.

Our company’s collaborators and employees involved in data processing and/or data processing are authorized to access your personal data to a predetermined extent – subject to confidentiality obligations.

We protect your personal data with appropriate technical and other measures, ensure data security and availability, and protect it from unauthorized access, modification, damage, disclosure, and any other unauthorized use.

Within the framework of organizational measures, we control physical access in our buildings, continuously train our employees, and keep paper-based documents under appropriate protection. Within the framework of technical measures, we use encryption, password protection, and antivirus software. However, we draw your attention to the fact that data transmission over the internet cannot be considered completely secure data transmission. Our company does everything to make the processes as secure as possible, but we cannot assume full responsibility for data transmission through our website, although we maintain strict provisions regarding data received by our company in terms of your data security and prevention of unauthorized access.

Regarding security issues, we ask for your help in carefully safeguarding your website access password and not sharing this password with anyone.

What are your rights and remedies?

Regarding data processing, you can:

• Request information and request correction, modification, and supplementation of your personal data processed by us,
• Object to data processing and request deletion and blocking of your data (except for mandatory data processing),
• Seek legal remedy before a court,
• File a complaint with the supervisory authority or initiate proceedings (https://naih.hu/panaszuegyintezes-rendje.html).

Supervisory Authority: National Authority for Data Protection and Freedom of Information

• Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
• Mailing address: 1530 Budapest, P.O. Box: 5.
• Phone: 4-36 (1) 391-1400
• Fax: 436 (1) 391-1410
• Email: ugyfelszolgalataenaih.hu

Website: https://naih.hu/

Upon your request, we will provide information about your data processed by us or processed by us – or by our authorized data processor:

• Your data,
• Their sources,
• The purpose and legal basis of data processing,
• Their duration, or if this is not possible, the criteria for determining this duration,
• The name and address of our data processors and their activities related to data processing,
• The circumstances, effects, and measures taken to prevent and remedy data protection incidents,
• Further measures taken, and
• In case of transfer of your personal data, the legal basis and recipient of the data transfer.

We provide information within 15 days (but at most within 1 month) from receipt of the request. The information is free of charge except when you have already submitted an information request for the same data set in the current year. We will refund the cost already paid by you if the data was processed unlawfully or if the information request led to correction. We can only refuse to provide information in cases provided by law, indicating the legal provision, and informing you of the possibility of court remedy or contacting the Authority.

Our company will notify you and all those to whom the data was previously transferred for data processing purposes about the correction, blocking, marking, and deletion of personal data, unless such notification does not violate your legitimate interests.

If we do not fulfill your request for correction, blocking, or deletion, we will send you written notification or – with your consent – electronically within 15 days (but at most within 1 month) of receiving the request, explaining the reasons for our refusal and informing you about the possibility of court remedy and contacting the Authority.

If you object to the processing of your personal data, we will examine the objection within 15 days (but at most within 1 month) from receipt of the request and inform you of our decision in writing. If we decide that your objection is justified, we will terminate data processing – including further data collection and data transfer – and block the data, and notify all those to whom we previously transferred the personal data covered by the objection, and they must take action to enforce the right to object.

We will refuse to comply with the request if we prove that data processing is justified by such compelling legitimate grounds that take precedence over your interests, rights, and freedoms, or that are related to the establishment, exercise, or defense of legal claims. If you do not agree with our decision, or if we miss the deadline, you can go to court within 30 days from the notification of the decision or the last day of the deadline.

Data protection lawsuits fall within the jurisdiction of the regional court, and the lawsuit can also be initiated before the regional court having jurisdiction over the data subject’s place of residence or stay – at the data subject’s choice. Foreign citizens can also file a complaint with the supervisory authority having jurisdiction over their place of residence.

We ask that before turning to the supervisory authority or court with your complaint – for consultation and faster resolution of the issue – please contact our company.

What are the main governing laws for our activities?

• Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (GDPR)
• Act CXII of 2011 on informational self-determination and freedom of information (Info Act)
• Act V of 2013 on the Civil Code (Civil Code)
• Act CVIII of 2001 on certain issues of electronic commerce services and information society services (E-commerce Act)
• Act C of 2003 on electronic communications (Electronic Communications Act)
• Act CLV of 1997 on consumer protection (Consumer Protection Act)
• Act CLXV of 2013 on complaints and public interest disclosures (Complaints Act)
• Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising activities (Advertising Act)

Modification of the Privacy Policy

Our company reserves the right to modify this Privacy Policy, about which it will inform the data subjects in an appropriate manner. Information related to data processing is published on the lexunit.hu website.

November 12, 2025