COOKIE POLICY

Website: www.szerva.com
Last Updated: 27 April 2026

1. INTRODUCTION

The present Cookie Policy explains what cookies and similar tracking technologies are, how they are used on the website at www.szerva.com and the associated mobile application (collectively, the "Platform"), operated by Dortana Kft. (company registration number: 13-09-243099; tax number: 32112904-2-13; EU VAT number: HU32112904), with its registered office at 2030 Érd, Ágota utca 4., Hungary ("Szerva," "we," "us," or "our"), and what choices you have regarding their activation and management. The present Cookie Policy should be read in conjunction with our Privacy Policy and Terms and Conditions, both accessible on the Platform.

Szerva is committed to transparency and compliance with all applicable data protection and electronic privacy legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the "GDPR"), Act CVIII of 2001 on Electronic Commerce and Information Society Services (Hungary) (the "E-Commerce Act"), Act C of 2003 on Electronic Communications (Hungary), and Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (the "ePrivacy Directive"), as amended by Directive 2009/136/EC.

For any questions or requests related to cookies or your privacy preferences, you may contact us at: support@szerva.com.

2. WHAT ARE COOKIES?

Cookies are small text files placed on your device (computer, tablet, smartphone, or other internet-enabled device) when you visit a website. They are widely used to make websites function, to improve user experience, and to provide analytical information to site operators. Cookies may be set by the website you are visiting ("first-party cookies") or by third-party services embedded within the website ("third-party cookies").

Beyond traditional cookies, similar tracking technologies may also be deployed, including pixel tags, web beacons, local storage objects, and JavaScript-based tracking scripts. All references to "cookies" in the present Cookie Policy shall be understood to encompass these similar technologies as well, unless the context requires otherwise.

Cookies can be classified by their lifespan into two principal categories. "Session cookies" are temporary files that are deleted from your device once you close your browser.

"Persistent cookies" remain on your device for a defined period or until you manually delete them; they allow the website to recognise your device on subsequent visits.

3. LEGAL FRAMEWORK FOR THE USE OF COOKIES IN HUNGARY

The use of cookies on websites accessible to Users in Hungary is governed by a multi-layered legal framework. Article 5(3) of the ePrivacy Directive, as transposed into Hungarian law through the E-Commerce Act and Act C of 2003 on Electronic Communications, establishes the foundational rule that the storage of information, or the gaining of access to information already stored, on a User's terminal equipment is permitted only on condition that the User has given informed consent, having been provided with clear and comprehensive information about the purposes of the processing.

An exemption from the consent requirement exists for cookies that are strictly necessary for the provision of an information society service explicitly requested by the User. Such essential cookies may be placed without prior consent, provided that the User is informed of their existence and purpose.

Where cookies process personal data (for instance, through unique identifiers, IP addresses, or behavioural tracking), the GDPR applies in parallel. In such cases, the processing must satisfy the requirements of Article 6(1) of the GDPR, and the data subject must receive the information mandated by Articles 13 and 14 of the GDPR.

The Nemzeti Adatvédelmi és Információszabadság Hatóság ("NAIH"), Hungary's competent data protection authority, has actively enforced cookie compliance obligations. In case no. NAIH-3195-11/2022, the NAIH imposed a fine of HUF 10 million on a data controller for failing to provide adequate information to users about cookies and for operating a non-transparent and unclear consent management mechanism. The present Cookie Policy has been drafted with due regard to the standards articulated in that enforcement action.

4. CATEGORIES OF COOKIES USED ON THE PLATFORM

4.1 Strictly Necessary Cookies (Essential Cookies)

Strictly necessary cookies are indispensable for the basic functioning of the Platform. They enable core features such as session management, security authentication, load balancing, and the preservation of User preferences required for navigation. Without these cookies, the Platform cannot operate as intended, and certain functionalities (such as logging in or maintaining items in a service request) would be unavailable.

Strictly necessary cookies do not collect information that could be used for marketing or profiling purposes. Pursuant to Article 5(3) of the ePrivacy Directive and the corresponding provisions of Hungarian law, these cookies are exempt from the requirement to obtain prior consent. They are, however, disclosed in the present Cookie Policy for reasons of full transparency. The principal strictly necessary cookies deployed on the Platform are as follows:

• Session Identifier Cookie: A first-party session cookie that maintains the User's authenticated session while navigating the Platform, enabling the system to associate requests with the correct User account. Expiration: end of browser session.
• CSRF Token Cookie: A first-party session cookie that provides protection against cross-site request forgery attacks by validating that form submissions originate from the Platform. Expiration: end of browser session.
• Cookie Consent Preferences Cookie: A first-party persistent cookie that stores the User's cookie consent selections, ensuring that the consent banner is not displayed repeatedly and that the User's choices are respected on subsequent visits. Expiration: 1 year.

The exact names, number, and technical specifications of strictly necessary cookies may vary as the Platform's infrastructure evolves. Any changes shall be reflected in updates to the present Cookie Policy.

4.2 Analytics and Performance Cookies

Analytics cookies allow Szerva to collect aggregated, statistical information about how Users interact with the Platform, including which pages are visited most frequently, how long sessions last, where Users encounter errors, and how Users navigate between pages. The data gathered through these cookies assists Szerva in understanding usage patterns, diagnosing technical problems, and improving the overall user experience.

Analytics cookies deployed on the Platform are provided by the following third-party services:

Google Analytics 4 (provided by Google LLC)

Google Analytics 4 uses first-party cookies to distinguish unique Users and to persist session state. The principal cookies set by Google Analytics 4 are:

• _ga: A persistent first-party cookie used to distinguish unique Users. Default expiration: 2 years. Browsers may enforce shorter lifespans (for example, Safari limits first-party cookies set via JavaScript to 7 days if the User does not return within that period).
• ga<container-id>: A persistent first-party cookie used to persist session state. Default expiration: 2 years.

Google Analytics collects data such as IP addresses (anonymised where technically feasible), browser and device information, pages visited, session duration, and referral sources. Google participates in the EU-U.S. Data Privacy Framework, and the lawfulness of data transfers to Google's servers in the United States is supported by the European Commission's Adequacy Decision of 10 July 2023 (Commission Implementing Decision (EU) 2023/1795).

For further information, refer to Google's Privacy Policy at https://policies.google.com/privacy.

Microsoft Clarity (provided by Microsoft Corporation)

Microsoft Clarity is a user behaviour analytics tool that captures information on how Users interact with the Platform through behavioural metrics, heatmaps, and session replays. Microsoft Clarity sets the following cookies:

• _clck: A persistent first-party cookie that stores the Clarity User ID and preferences, ensuring that activity on the Platform is attributed to the same unique user. Expiration: 1 year.
• _clsk: A first-party cookie that connects multiple page views by a User into a single Clarity session recording, providing a comprehensive view of the User's visit. Expiration: 1 day.
• CLID: A third-party cookie that identifies the first time Clarity observed a User on any site using Clarity. Expiration: 1 year.
• ANONCHK: A third-party cookie that indicates whether the MUID cookie is transferred to ANID (a cookie used for advertising). Clarity does not use ANID; accordingly, the value is always set to 0. Expiration: 10 minutes.
• MR: A third-party cookie that indicates whether to refresh the MUID. Expiration: 7 days.
• MUID: A third-party cookie set by Microsoft to identify unique web browsers visiting Microsoft sites, used for site analytics and other operational purposes. Expiration: 1 year.
• SM: A third-party cookie used to synchronise the MUID across Microsoft domains. Expiration: session.

Website usage data captured by Microsoft Clarity is collected using first-party and third-party cookies and other tracking technologies to analyse online activity. Such information is used for site optimisation and security purposes.

Szerva has configured Microsoft Clarity to mask sensitive input fields (including, but not limited to, password fields and payment data entry fields) so that keystrokes entered in such fields are not captured or recorded during session replays. Notwithstanding this measure, Users are advised that heatmaps and session replay recordings may capture general interaction patterns, including mouse movements, scrolling behaviour, and clicks on non-sensitive interface elements.

For further details on how Microsoft collects and uses data, refer to the Microsoft Privacy Statement at https://www.microsoft.com/privacy/privacystatement.

All analytics cookies deployed on the Platform are classified as non-essential cookies and require your explicit prior consent before they may be activated on your device.

4.3 Functional, Marketing, and Targeting Cookies

As of the date of publication of the present Cookie Policy, the Platform does not deploy functional cookies (designed to remember User preferences beyond those strictly necessary for Platform operation), marketing cookies, or targeting cookies (designed to track Users across websites for the purpose of displaying personalised advertising). Should Szerva introduce any such cookies in the future, the present Cookie Policy shall be updated accordingly, and your explicit consent shall be obtained before any such cookies are activated on your device.

5. CONSENT MECHANISM

5.1 How Consent is Obtained

Upon your first visit to the Platform, a cookie consent banner is displayed, requesting your explicit, informed, and freely given consent before any non-essential cookies (including analytics cookies from Google Analytics and Microsoft Clarity) are placed on your device. Essential cookies are activated by default, as they are strictly necessary for the Platform's operation and are legally exempt from the consent requirement.

The consent banner provides you with clear and accessible information about each category of cookies used, the purposes for which they are deployed, and the identities of the third-party providers involved. You may accept or refuse each category of non-essential cookies individually. No non-essential cookies are set, and no behavioural data is collected through such cookies, until and unless you affirmatively grant consent.

5.2 Withdrawal of Consent

You may withdraw your consent at any time, without any adverse consequences to your use of the essential functionalities of the Platform. To modify or withdraw your cookie preferences, you may access the cookie settings panel available on the Platform at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent before its withdrawal, in accordance with Article 7(3) of the GDPR.

Upon withdrawal of consent for a specific category of cookies, Szerva shall cease setting the relevant cookies on your device going forward. Existing cookies that have already been placed may be deleted manually through your browser settings (see Section 6 below).

6. MANAGING AND DELETING COOKIES THROUGH YOUR BROWSER

In addition to using the Platform's cookie consent mechanism, you retain the ability to manage, block, or delete cookies through your browser settings at any time. Each browser provides different procedures for controlling cookies. Below are links to the cookie management instructions for the most commonly used browsers:

• Google Chrome: https://support.google.com/chrome/answer/95647
• Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Apple Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471
• Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

Please note that disabling or deleting certain cookies may impair the functionality of the Platform. If strictly necessary cookies are blocked, certain core features of the Platform may become inaccessible or may not function correctly.

7. THIRD-PARTY COOKIES AND EXTERNAL LINKS

The Platform may contain links to third-party websites or services that are not operated by Szerva. Should you follow such links, you will leave the Platform and become subject to the cookie and privacy policies of those third-party websites. Szerva has no control over, and assumes no responsibility for, the content, privacy practices, or cookie policies of any third-party websites. We recommend that you review the applicable policies of any external site before accepting cookies or providing personal data.

8. DATA PROTECTION RIGHTS

Where cookies process personal data, you may exercise the data protection rights afforded to you under the GDPR and Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Hungary), as described in full in our Privacy Policy. In particular, you have the right to access information about the personal data collected through cookies, the right to request rectification or erasure of such data, the right to restrict or object to its processing, and the right to data portability, where applicable. Requests may be submitted to support@szerva.com.

If you believe that the processing of your personal data through cookies infringes applicable law, you have the right to lodge a complaint with the NAIH (website: https://www.naih.hu; email: ugyfelszolgalat@naih.hu; address: 1363 Budapest, Pf. 9, Hungary) or to seek a judicial remedy before the competent Hungarian courts.

9. AMENDMENTS TO THE COOKIE POLICY

Szerva reserves the right to amend or update the present Cookie Policy at any time, in particular to reflect changes in the cookies deployed on the Platform, updates to applicable legislation, or revised regulatory guidance. Any material modifications shall be communicated to Users through the Platform's cookie consent banner or via a notice on the website. The date of the most recent update is indicated at the top of the document. Continued use of the Platform after the revised Cookie Policy enters into force constitutes acceptance of the amended terms. Where a change in cookie usage requires renewed consent under applicable law, Szerva shall re-prompt Users to provide their consent prior to the deployment of any new non-essential cookies.

This Cookie Policy is effective as of 23 April 2026.