App Logo

Szerva

PRIVACY POLICY



Website: www.szerva.com
Last Updated: 27 April 2026

1. IDENTITY OF THE DATA CONTROLLER AND CONTACT INFORMATION

Szerva, operated by Dortana Kft. (company registration number: 13-09-243099; tax number: 32112904-2-13; EU VAT number: HU32112904), with its registered office at 2030 Érd, Ágota utca 4., Hungary (hereinafter "Szerva," "we," "us," or "our"), acts as the data controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "General Data Protection Regulation" or "GDPR") with respect to all personal data collected through the website at www.szerva.com and the dedicated mobile application for Experts (collectively, the "Platform").

For any questions, requests, or concerns regarding the processing of your personal data or the exercise of your data protection rights, you may contact us at:

Szerva
Operated by: Dortana Kft.
Registration Number: 13-09-243099
Tax Number: 32112904-2-13
EU VAT Number: HU32112904
Registered Office: 2030 Érd, Ágota utca 4., Hungary
Website: www.szerva.com
Email: support@szerva.com

The competent supervisory authority for data protection matters in Hungary is the Nemzeti Adatvédelmi és Információszabadság Hatóság ("NAIH"), located at 1363 Budapest, Pf. 9, Hungary; website: https://www.naih.hu; email: ugyfelszolgalat@naih.hu.

2. SCOPE AND APPLICATION

The present Privacy Policy applies to all personal data processed by Szerva in connection with the operation of the Platform. It governs data collected from both Customers (who access the Platform via the website) and Experts (who access the Platform via the mobile application), as well as any third-party service recipients whose personal data is submitted by Customers during the Order creation process. By registering for an account, browsing the website, using the mobile application, or otherwise interacting with the Platform, you acknowledge that you have read and understood the terms of the present Privacy Policy.

Where the Platform processes data on behalf of Experts in their capacity as independent service providers, the respective roles of Szerva and the Expert are determined as follows. When Szerva defines the purposes and means of processing (for example, when managing User accounts, operating the matching algorithm, or processing payments), Szerva acts as the sole data controller. When Szerva and an Expert jointly determine the purposes and means of processing in connection with the fulfilment of a specific Order (for example, when both parties require access to the service recipient's contact details to coordinate service delivery), Szerva and the Expert act as joint controllers within the meaning of Article 26 of the GDPR; in such cases, the essential terms of the joint controllership arrangement are made available to Users upon request. When Szerva processes personal data solely on the Expert's instructions and for the Expert's exclusive purposes (for example, where an Expert uses the Platform's communication tools to correspond with a Customer on a matter unrelated to Platform operations), Szerva acts as a data processor pursuant to Article 28 of the GDPR, subject to a data processing agreement setting out the obligations of each party.

3. CATEGORIES OF PERSONAL DATA COLLECTED

3.1 Data Collected During Registration

When Customers or Experts create an account on the Platform, the following personal data is collected: first name, last name, email address, and password (stored in encrypted form). An OTP is generated and sent to the User's email address to verify ownership; the OTP itself is transient and not retained once verification is completed.

3.2 Data Collected During Expert Onboarding

Following registration, Experts must complete an onboarding process that involves the collection of additional personal data, including: date of birth, residential address, phone number (verified via a separate OTP), expertise information (skills, experience, and proposed pricing), a copy of the Expert's identification card (front and back), a selfie photograph, and a proof-of-address document. These documents and data points are necessary to verify the Expert's identity, confirm their qualifications, and ensure the security and trustworthiness of the Platform for all Users.

3.3 Data Collected During Order Placement

When a Customer places an Order, the Platform may collect information about the service recipient, which may include: the recipient's full name, phone number, and address. Such information may pertain to the Customer directly or to a third party on whose behalf the service is being requested. The Customer bears full responsibility for ensuring that any third-party data submitted is accurate, current, and lawfully obtained, and that the Customer holds the necessary authorisation to share it. Where the Customer submits personal data relating to a third-party service recipient, the Customer is further obligated to inform the service recipient, prior to or at the time of data submission, that their personal data will be processed by Szerva and shared with the assigned Expert for the purpose of fulfilling the Order. The Customer shall direct the service recipient to the present Privacy Policy for full details on the processing, retention, and protection of their data. Szerva shall make available a concise informational notice, accessible on the Platform, to assist Customers in complying with this obligation in accordance with Article 14 of the GDPR.

3.4 Data Generated Through Platform Use

During the use of the Platform, certain data is generated automatically or collected incidentally, including: Order history and transaction records, service ratings and reviews, communication logs between Customers and Experts through the Platform, timestamps related to Order milestones (such as "Order Started," "Performance Started," "Work Done," and "Money Collected"), electronic signatures captured upon service completion, and payment transaction details.

3.5 Technical and Device Data

When you access the Platform, we and our third-party analytics partners may collect technical data, including: IP address, device type and operating system, browser type and version, screen resolution, unique device identifiers, session duration, and pages or screens visited.

4. PURPOSES AND LEGAL BASES FOR PROCESSING

All processing of personal data by Szerva is carried out in accordance with the principles set forth in Article 5 of the GDPR and on the basis of one or more of the lawful grounds enumerated in Article 6(1) thereof. Below is a description of each processing purpose and the corresponding legal basis.

4.1 Account Creation and User Authentication

Personal data provided during registration (name, email, password) is processed for the purpose of creating and managing your account and authenticating your identity upon login. The legal basis for such processing is Article 6(1)(b) of the GDPR, as the processing is necessary for the performance of the contract between you and Szerva (i.e., the Terms and Conditions governing Platform access).

4.2 Expert Onboarding and Verification

The additional personal data and identity documents collected during Expert onboarding are processed for the purpose of verifying the Expert's identity, confirming their residential address, assessing their professional qualifications, and ensuring Platform safety. The legal basis is Article 6(1)(b) of the GDPR (contractual necessity for the provision of Platform services to the Expert), supplemented by Article 6(1)(f) of the GDPR (legitimate interest in maintaining a secure and trustworthy marketplace for all Users).

4.3 Order Processing and Service Delivery

Personal data provided during Order placement (including third-party service recipient data) is processed for the purpose of facilitating service delivery, enabling communication between the Expert and the service recipient, ensuring accurate location and contact details, processing payments, and calculating service fees. The legal basis is Article 6(1)(b) of the GDPR, as such processing is necessary for the performance of the contract requested by the Customer.

4.4 Payment Processing and Financial Record-Keeping

Transaction data, including Advance Payment details, final service costs, and Platform commission calculations, is processed for the purpose of executing payments and maintaining accurate financial records. The legal basis is Article 6(1)(b) (contractual necessity) and, for the retention of financial records, Article 6(1)(c) of the GDPR (compliance with legal obligations, including applicable Hungarian fiscal and accounting legislation).

4.5 Platform Improvement and Analytics

Technical and behavioural data collected through third-party analytics tools (detailed in Section 7 below) is processed for the purpose of improving Platform performance, understanding User behaviour, diagnosing technical issues, and optimising the user experience. The legal basis is Article 6(1)(a) of the GDPR (consent), obtained through the Platform's cookie consent mechanism prior to the activation of non-essential analytics cookies.

4.6 Compliance with Legal Obligations

Certain categories of personal data may be processed to comply with legal obligations incumbent upon Szerva under Hungarian and EU law, including obligations related to consumer protection, tax reporting, anti-money laundering, and responses to lawful requests from competent authorities. The legal basis is Article 6(1)(c) of the GDPR.

4.7 Establishment, Exercise, or Defence of Legal Claims

Personal data may be retained and processed where necessary for the establishment, exercise, or defence of legal claims, including in connection with disputes between Users, regulatory inquiries, or litigation. The legal basis is Article 6(1)(f) of the GDPR (legitimate interest).

5. DATA RETENTION

Szerva retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. The specific retention periods are as follows:

  • Account and registration data is retained for the duration of the User's active account and for a period of five (5) years following account deletion or deactivation, in accordance with the general limitation period under Act V of 2013 on the Civil Code of Hungary (Section 6:22).
  • Expert onboarding documents (identity card copies, selfie, proof-of-address) are retained for the duration of the Expert's active status on the Platform and for five (5) years after the termination of the Expert's relationship with the Platform, unless a longer retention period is mandated by applicable law.
  • Order-related data, including transaction records, payment details, and electronic signatures, is retained for a period of eight (8) years from the date of the relevant transaction, in compliance with Act C of 2000 on Accounting (Számviteli törvény), which prescribes the retention of accounting documents for this duration.
  • Analytics and technical data collected via cookies is retained for the periods specified by the respective third-party analytics providers (see Section 7 below), and in any event for no longer than is necessary for the stated analytical purposes.

Upon expiry of the applicable retention period, personal data is securely erased or anonymised so that it can no longer be attributed to an identified or identifiable natural person.

6. RECIPIENTS AND DISCLOSURE OF PERSONAL DATA

Szerva may share personal data with the following categories of recipients, strictly to the extent necessary for the purposes described in Section 4:

  • Experts and Customers receive personal data pertaining to one another (such as name, contact details, and service-related information) solely for the purpose of facilitating the agreed-upon service. An Expert receives Customer or service-recipient data only upon accepting an Order, and a Customer receives Expert data only upon the Expert's confirmation.
  • Payment service providers engaged by Szerva to process online transactions receive payment-related data necessary for the execution of Advance Payments, refunds, and fee calculations. Such providers operate as independent data controllers or, where applicable, as data processors under written data processing agreements compliant with Article 28 of the GDPR.
  • Cloud infrastructure and hosting providers engaged by Szerva to store and process data on servers located within the European Economic Area receive personal data to the extent necessary for the provision of hosting, storage, and computing services. Such providers operate as data processors under written data processing agreements compliant with Article 28 of the GDPR. Where any hosting provider stores data outside the EEA, the applicable safeguards for international transfers described in Section 8 of the present Privacy Policy shall apply.
  • Third-party analytics providers, namely Microsoft Clarity and Google Analytics (detailed in Section 7), receive technical and behavioural data in accordance with their respective privacy policies and data processing terms.
  • Public authorities and regulatory bodies may receive personal data where Szerva is compelled to disclose such data in response to a lawful order, subpoena, judicial request, or binding regulatory requirement. Disclosure in such circumstances is carried out pursuant to Article 6(1)(c) of the GDPR.
  • Professional advisors, including legal counsel, accountants, and auditors, may receive personal data on a strictly need-to-know basis in connection with the provision of their professional services to Szerva.

Szerva does not sell, rent, or trade personal data to third parties for marketing purposes.

7. THIRD-PARTY ANALYTICS AND TRACKING TECHNOLOGIES

7.1 Microsoft Clarity

Szerva utilises Microsoft Clarity, a user behaviour analytics tool operated by Microsoft Corporation, to capture information about how Users interact with the Platform through behavioural metrics, heatmaps, and session replay. Website usage data is captured using first-party and third-party cookies and other tracking technologies to determine the popularity of services and to analyse online activity. Such information is also used for site optimisation and security purposes. For further details on how Microsoft collects and uses data, Users may consult the Microsoft Privacy Statement at https://www.microsoft.com/privacy/privacystatement.

7.2 Google Analytics

Szerva employs Google Analytics 4, a web analytics service provided by Google LLC, for traffic analysis and usage statistics. Google Analytics collects data such as IP addresses (anonymised where technically feasible), browser and device information, pages visited, session duration, and referral sources. Google participates in the EU-U.S. Data Privacy Framework, as certified by the European Commission's Adequacy Decision of 10 July 2023 (Commission Implementing Decision (EU) 2023/1795), which facilitates the lawful transfer of personal data to Google's servers in the United States. Further information is available in Google's Privacy Policy at https://policies.google.com/privacy.

7.3 Cookie Consent

In accordance with Act CVIII of 2001 on Electronic Commerce and Information Society Services (Hungary), Act C of 2003 on Electronic Communications, and the ePrivacy Directive (Directive 2002/58/EC as amended by Directive 2009/136/EC), non-essential cookies, including those deployed by Microsoft Clarity and Google Analytics, are activated only after the User has provided explicit prior consent through the Platform's cookie consent mechanism. Essential cookies, which are strictly necessary for the functioning of the Platform (such as session management and security cookies), do not require consent but are disclosed in the Platform's Cookie Policy for full transparency.

8. INTERNATIONAL DATA TRANSFERS

Szerva primarily stores and processes personal data within the European Economic Area ("EEA"). Where personal data is transferred to recipients located outside the EEA, such as to Google LLC in the United States in connection with Google Analytics, such transfers are conducted on the basis of an adequacy decision adopted by the European Commission (including the EU-U.S. Data Privacy Framework, Commission Implementing Decision (EU) 2023/1795) or, where no adequacy decision applies, on the basis of Standard Contractual Clauses adopted by the European Commission pursuant to Article 46(2)(c) of the GDPR (Commission Implementing Decision (EU) 2021/914). Prior to any transfer, Szerva conducts a transfer impact assessment to verify that the legal framework of the recipient country provides a level of protection essentially equivalent to that guaranteed within the EEA, in line with the principles articulated in the Court of Justice of the European Union's ruling in Case C-311/18 (Schrems II) and EDPB Recommendations 01/2020. Szerva continuously monitors the status of any adequacy decision relied upon for international transfers, including the EU-U.S. Data Privacy Framework. Should any such adequacy decision be invalidated, suspended, or materially amended by a competent authority, Szerva shall promptly implement alternative transfer mechanisms, including the Standard Contractual Clauses adopted pursuant to Commission Implementing Decision (EU) 2021/914, to ensure the continued lawfulness of cross-border data transfers.

9. DATA SUBJECT RIGHTS

Under the GDPR and Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Hungary), you are entitled to exercise the following rights in relation to your personal data:

  • Right of Access (Article 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you is being processed and, where that is the case, to access such data together with information regarding the purposes of processing, the categories of data involved, the recipients, the envisaged retention period, and the existence of your other rights.
  • Right to Rectification (Article 16 GDPR): You have the right to obtain the correction of inaccurate personal data without undue delay, and the right to have incomplete personal data completed.
  • Right to Erasure (Article 17 GDPR): You have the right to obtain the deletion of personal data concerning you where the data is no longer necessary for its original purpose, where you withdraw consent and no other legal basis exists, where you object to processing and no overriding legitimate grounds apply, where the data has been unlawfully processed, or where erasure is required to comply with a legal obligation.
  • Right to Restriction of Processing (Article 18 GDPR): You may request that the processing of your personal data be restricted while the accuracy of the data is being verified, while the lawfulness of processing is contested, while Szerva no longer needs the data but you require it for legal claims, or while your objection to processing is under evaluation.
  • Right to Data Portability (Article 20 GDPR): You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit such data to another controller without hindrance.
  • Right to Object (Article 21 GDPR): You have the right to object, on grounds relating to your particular situation, to the processing of personal data that is based on legitimate interests. Where personal data is processed for direct marketing purposes, you have the right to object at any time.
  • Right to Withdraw Consent (Article 7(3) GDPR): Where processing is based on your consent, you may withdraw such consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
  • Right Not to Be Subject to Automated Decision-Making (Article 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of the above rights, you may submit a request to us at support@szerva.com. We shall respond to your request without undue delay and, in any event, within one (1) month of receipt. Where the complexity or volume of requests warrants, this period may be extended by a further two (2) months, in which case you shall be informed of the extension and the reasons therefor within the initial one-month period.

10. DATA SECURITY

Szerva implements appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage, in accordance with Article 32 of the GDPR. Such measures include, but are not limited to: encryption of data in transit and at rest, access controls restricting data access to authorised personnel only, secure storage of identity documents and sensitive onboarding data, regular security assessments and vulnerability testing, and incident response procedures for the prompt detection, reporting, and mitigation of data breaches.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, Szerva shall notify the NAIH without undue delay and no later than seventy-two (72) hours after becoming aware of the breach, in accordance with Article 33 of the GDPR. Where the breach is likely to result in a high risk to the rights and freedoms of affected individuals, Szerva shall also communicate the breach to the affected data subjects without undue delay, as required by Article 34 of the GDPR.

11. CHILDREN'S DATA

The Platform is not directed at individuals under the age of sixteen (16). Szerva does not knowingly collect personal data from children under sixteen. In the event that we become aware that personal data has been collected from a child under sixteen without verifiable parental or guardian consent, we shall take steps to delete such data without undue delay. If you believe that a child under sixteen has provided personal data to us, please contact us at support@szerva.com.

12. COMPLAINTS

If you believe that the processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with the NAIH at the contact details provided in Section 1 above. You also have the right to seek a judicial remedy before the competent Hungarian courts. In accordance with Article 79 of the GDPR, proceedings may be brought before the courts of the Member State where the NAIH is established or where you have your habitual residence.

13. AMENDMENTS TO THE PRIVACY POLICY

Szerva reserves the right to modify or update the present Privacy Policy at any time, to reflect changes in our processing activities, applicable legislation, or regulatory guidance. Any material amendments shall be communicated to Users via the Platform (through email notification or a prominent notice on the website and mobile application) at least fifteen (15) calendar days before the amended Privacy Policy enters into force. The date of the most recent update is indicated at the top of the document. Continued use of the Platform following the effective date of any amendment constitutes acceptance of the revised terms.

This Privacy Policy is effective as of 23 April 2026.