Propelance Kft. ("Propelance," "we") is committed to protecting your personal data. This policy explains what personal data we process, for what purpose and for how long, and what rights you have in this regard.
This policy is in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR") and Hungarian Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information ("Info Act").
1.The Data Controller
Under GDPR and the Info Act, Propelance is not required to designate a Data Protection Officer (DPO), as our core activities do not involve regular and systematic monitoring of data subjects on a large scale, nor large-scale processing of special categories of data. For data protection matters, please contact us at adatvedelem@propelance.com.
2.Our Data Processing Principles
We process your personal data in accordance with the following principles:
- Lawfulness. Every processing activity has a clear legal basis.
- Purpose limitation. We use your data only for specified purposes — we do not add it to mailing lists or sales lists.
- Data minimisation. We collect only the data we strictly need.
- Accuracy. Upon request, we correct or delete your data.
- Storage limitation. We retain your data only as long as necessary or legally required.
- Confidentiality and integrity. We protect your data with appropriate technical and organisational measures. For business partners, this is reinforced by contractual confidentiality (NDA).
3.Data Categories and Processing Purposes
3.1Contact via Website, Email or Phone
Data processed: first and last name, company name, business email, optionally phone number, message content, technical connection data (timestamp).
Purpose: responding to your enquiry, contact, processing the request, clarifying potential collaboration.
Legal basis:
- Article 6(1)(f) GDPR — Propelance's legitimate interest (responding to business enquiries).
- Article 6(1)(b) GDPR — pre-contractual measures, where you initiate a contractual relationship.
Retention period: 24 months from the date of contact, unless an ongoing client relationship is established — in which case the rules in 3.2 apply.
3.2Client Relationship and Project Delivery
Data processed: contact person's name, position, email, phone number, company and operational data necessary for project delivery, project documents.
Purpose: preparation and execution of the contract, invoicing, project communication, fulfilling legal obligations.
Legal basis:
- Article 6(1)(b) GDPR — performance of contract.
- Article 6(1)(c) GDPR — legal obligation (e.g. accounting requirements).
- Article 6(1)(f) GDPR — legitimate interest (maintaining client relationships, debt management).
Retention period: 8 years following termination of the contract for accounting documents (under Section 169 of Act C of 2000 on Accounting). Other project documents are retained for 5 years following termination, or for the period specified in the NDA.
3.3Website Visits and Cookies
Data processed: IP address, browser and device data, visit time, page view paths.
Purpose: ensuring website operation, security checks, measuring user experience.
Legal basis:
- For functional (necessary) cookies — legitimate interest under Article 6(1)(f) GDPR.
- For analytical and marketing cookies — your explicit consent under Article 6(1)(a) GDPR.
Retention period: varies by cookie type. Details are provided in the Cookie Policy.
3.4Bot Filtering (Cloudflare Turnstile)
We use Cloudflare Turnstile on our contact form to filter automated abuse. Cloudflare collects technical data (IP address, browser characteristics) for this purpose.
Legal basis: Article 6(1)(f) GDPR — legitimate interest (preventing abuse).
Details: Cloudflare's data processing practices are described at https://www.cloudflare.com/privacypolicy/.
3.5Business Relationships and LinkedIn Activity
Data processed: contact person's name, position, business email, publicly available professional profile data (e.g. LinkedIn).
Purpose: establishing and maintaining business contacts, professional networking, B2B outreach.
Legal basis: Article 6(1)(f) GDPR — legitimate interest (developing business relationships). You may request deletion of your data at any time (see Section 7).
Retention period: 24 months from the most recent meaningful contact, unless a client relationship is established before that.
3.6Recruitment (when applying for a position)
Data processed: CV, cover letter, contact details, professional background, references.
Purpose: filling employment positions, conducting selection process.
Legal basis: Article 6(1)(a) GDPR — your explicit consent.
Retention period: 6 months following the closing of the selection process, unless you have consented to longer retention.
4.Data Processors and Recipients
The following types of data processors may handle personal data on our behalf, under written contractual obligations:
We do not transfer your data to third parties for sales, marketing or newsletter purposes.
In case of authority requests, data disclosure takes place in accordance with applicable law.
5.Transfers to Third Countries
Some of our data processors (in particular Cloudflare) carry out part of their processing outside the European Economic Area, typically in the United States. Such transfers are based on one of the following safeguards:
- adequacy decision of the European Commission (EU–US Data Privacy Framework), or
- Standard Contractual Clauses adopted by the European Commission.
6.Data Security
We protect personal data through appropriate technical and organisational measures:
- encrypted data transmission (HTTPS/TLS),
- strict access control (only authorised staff have access),
- regular security review,
- confidentiality obligations for all employees and subcontractors,
- contractual confidentiality (NDA) for client data.
In case of a data breach, we act in accordance with GDPR — notifying the NAIH within 72 hours where required, and informing you directly if the breach poses a high risk to your rights.
7.Your Rights
Under GDPR, you have the following rights:
- Right to information — request information on the data we process about you.
- Right of access — request a copy of the data processed.
- Right to rectification — request correction of inaccurate data.
- Right to erasure ("right to be forgotten") — in certain cases, request deletion of your data.
- Right to restriction of processing — request temporary suspension of processing.
- Right to data portability — request your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interest.
- Right to withdraw consent — for data processed on the basis of consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
To exercise your rights, send a request to adatvedelem@propelance.com. We will respond within 30 days at the latest. In complex cases, this period may be extended by 60 days, of which we will notify you in advance.
8.Right to Lodge a Complaint
If you have a complaint regarding our data processing, we kindly ask you to contact us first — we strive for prompt, substantive resolution.
In addition, you may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):
- Address: 1055 Budapest, Falk Miksa utca 9-11, Hungary
- Postal address: 1363 Budapest, Pf. 9, Hungary
- Phone: +36 (1) 391 1400
- Email: ugyfelszolgalat@naih.hu
- Website: www.naih.hu
You also have the right to seek judicial remedy before the competent court.
9.Automated Decision-Making
Propelance does not engage in automated decision-making or profiling that would produce legal effects concerning you or similarly significantly affect you.
10.Changes to This Policy
We update this policy as needed — for example, when introducing new services, new data processors, or following regulatory changes. The current version is always available on this page. For material changes, we notify registered clients before the changes take effect.