Hexa Prop Ltd. (ADD MALTA LEVEL 2 HARDROCKS BUSINESS PARK, TRIQ BURMARRAD, NAXXAR, NXR 6345, Malta, represented by: András Kovács, Managing Director); hereinafter referred to as the “Data Controller” or the “Company” in this privacy notice) offers various educational programs to third parties as its main activity on the website hexaprop.com – an online trading platform developed by a unique third party. In connection with its activities, it processes information that qualifies as “personal data” under Article 4(1) of Regulation (EU) 2016/679 of the European Parliament and Council (GDPR), concerning the protection of natural persons regarding the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC. The Data Controller processes the personal data of the natural person concerned (hereinafter referred to as the “Data Subject” or “Data Subjects”) in compliance with the applicable provisions of the relevant data protection laws in force.

The Data Controller handles the data of the data subjects confidentially, ensures their protection, and takes the necessary technical and organizational measures, as well as establishes the procedural rules required to enforce the GDPR and other data and confidentiality protection regulations. This notice provides information on the processing of these personal data and on the rights of data subjects and the remedies available concerning data processing.

Our Privacy Notice provides information regarding the purposes, legal basis, and duration for which we process your personal data, as well as to whom we transfer such data. We also inform you about your rights in connection with our data processing activities.

Please carefully read our Privacy Notice, and if you have any questions or requests regarding the Data Controller’s data processing, feel free to contact us at the details below.

Hexa Prop Ltd.

The Data Controller processes data through automated means, with the physical location being the Data Controller’s headquarters.

Personal data is any information relating to an identified or identifiable natural person (the Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. For example, the name or address of the Data Subject is considered personal data.

The Data Controller is the person who alone or jointly with others determines the purposes and means of processing personal data. In relation to the data processing described in this Privacy Notice – unless otherwise stated by the Notice or the Company – the Company qualifies as the Data Controller.

A Data Processor is a person or entity that processes personal data on behalf of the Data Controller. The data processors who process personal data on behalf of the Data Controller are listed in this Privacy Notice.

The Data Controller is the owner of the hexaprop.com domain and operates the Website. The free content, information, summaries, and articles available on the Website do not constitute business/financial advice and do not replace business consultations tailored to the user’s specific circumstances and needs related to the subject matter. Accordingly, the materials available on the Website should not serve as a basis for making legal, business, financial, or other decisions, and the Data Controller excludes any liability in this regard.

The Website can be used without registration for general information purposes and for utilizing the live chat service. However, the following features of the Website can only be used by individuals over 18 years of age who have registered:

By registering, the user acknowledges that they act at their own risk during the registration process and when modifying data in their personal account and guarantees the accuracy of the data provided. The user acknowledges that the Data Controller bears no liability for any incorrectly or falsely provided data. The Company reserves the right to unilaterally restrict or delete a user’s access if it has reasonable grounds to believe that the user provided false, inaccurate, or incomplete data during registration.

The Company offers various trading programs to website visitors based on their trading style and market needs, in accordance with the General Terms and Conditions (GTC) through the Website. After selecting a trading program, the visitor must complete the “Challenge” phase (a program designed to evaluate the user’s trading abilities, skills, and performance) and then the “Verification” phase (a confirmation phase based on the results achieved during the “Challenge”). Upon successful completion of these phases, the Company provides the registered visitor with a “Hexa Account” (a trading platform and account).

During the “Challenge” and “Verification” phases, the Company collects, stores, and analyzes user response data provided throughout the program’s use. However, the Company stores this response data separately from all user contact and account (profile) information, ensuring that individual users cannot be identified.
The Company reserves the right to use user responses or parts thereof in an anonymized form for statistical purposes. In this context, the Company may conduct analyses, but these will not result in the identification of individual users.

During the analysis process, no profiling occurs, no automated decision-making is applied, it does not have legal effects, and it does not significantly affect the user.

Visitors to the Website can contact the Data Controller by clicking the “Contact us” tab or through live chat. When visitors initiate contact, the Data Controller processes all personal data provided by the visitor for the purpose of communication. The legal basis for this processing is the consent of the Data Subject, which is granted when the visitor initiates contact by clicking on the message button in either form of contact. The Data Controller also retains the data of the last access.

On the Website, the Data Controller offers visitors the option to subscribe to the Company’s newsletter. For this purpose, the Data Controller processes the name and email address of the Data Subjects. The legal basis for processing the subscriber’s personal data is the consent of the Data Subject, which is given when subscribing to the newsletter. The purpose of the processing is to send the newsletter via email. The personal data related to newsletter distribution are processed until the consent is withdrawn or the newsletter subscription is cancelled. If the subscribing visitor no longer wishes to receive the newsletter, they can unsubscribe at any time, free of charge and without providing any reason, by clicking the “unsubscribe” link at the bottom of the newsletter. Upon unsubscribing, the Data Controller will immediately cease processing their personal data.

The Data Controller uses cookies and other software on the Website to ensure its functionality, facilitate its use, learn about users’ needs and behaviors, and improve the Website accordingly. When a user first visits the Website and uses its services, cookies are placed on the user’s browser. A cookie is a file of letters and numbers that the Data Controller sends to the user’s device from the server. The cookie enables the identification of the user’s last login to the Website. It also identifies the visitor, allowing the Data Controller to enhance the services and content of the Website based on visitors’ interests. If users do not consent to the use of cookies, they can disable or revoke them via browser settings. Data processing through cookies is carried out anonymously by the Data Controller.

The Data Controller uses the following two categories of cookies on the Website:

Necessary Cookies are technically indispensable for the operation of the Website (or support the operation of the Website in such a fundamental way that their use does not require the user’s specific consent under applicable laws). The website visitor has no individual choice regarding cookies in this category on the Website’s “cookie panel”. If the website visitor does not want these cookies to be stored on their computer or other device, they must adjust the settings in their browser for accepting these cookies or leave the Website. If the user does not allow these cookies in their browser, the Website may not function or may not function properly.

The Necessary Cookies used by the Data Controller can be viewed in the Cookie Policy.

The Data Controller aims to provide users with a seamless and efficient experience while using the Website by enabling certain features that enhance usability and functionality. To achieve this, the Data Controller intends to use functional cookies that support specific functions, such as enabling content sharing on social media platforms and gathering user feedback. These cookies ensure the smooth operation of certain third-party features, ultimately contributing to a more user-friendly and engaging experience on the Website.

The use of Functional cookies requires your consent as a user. Please give your consent to the use of these cookies on the “cookie panel” so that we can provide enhanced functionality and a more personalized experience on the Website (you can modify your settings regarding Functional cookies at any time by clicking on the “Cookie” panel that appears later on the Website).

The Functional Cookies used by the Data Controller can be viewed in the Cookie Policy.

The Data Controller’s goal is to enable the user to access professional and other quality information efficiently and quickly through the Website, which may be of interest and useful to them. To this end, the Data Controller intends to use certain analytical cookies (i.e., cookies that inform the Data Controller about the browsing habits of visitors) on the Website. This allows the Data Controller to continuously improve the Website based on feedback and provide the user with the best possible user experience.

The use of Analytical cookies requires your consent as a user. Please give your consent to the use of these cookies on the “cookie panel” so that we can tailor the Website to the real needs of our visitors (you can modify your settings regarding Analytical cookies at any time by clicking on the “Cookie” panel that appears later on the Website).

The Analytical Cookies used by the Data Controller can be viewed in the Cookie Policy.

Data Controller intends to use certain performance cookies that allow the monitoring and analysis of key performance metrics of the Website. This will enable the Data Controller to continuously enhance the Website’s performance based on insights, ensuring that users receive the best possible experience.

The use of Performance cookies requires your consent as a user. Please give your consent to the use of these cookies on the “cookie panel” so that we can analyze and improve the Website’s performance for a better user experience (you can modify your settings regarding Performance cookies at any time by clicking on the “Cookie” panel that appears later on the Website).

The Performance Cookies used by the Data Controller can be viewed in the Cookie Policy.

The Data Controller aims to provide users with a personalized and relevant experience while using the Website by delivering tailored advertisements based on their interests and preferences. To achieve this, the Data Controller intends to use advertisement cookies that track users’ previous interactions with the Website and other sites. These cookies allow for the assessment of advertising effectiveness and enable the Data Controller to refine advertising strategies, ultimately enhancing user engagement and satisfaction on the Website.

The use of Advertisement cookies requires your consent as a user. Please give your consent to the use of these cookies on the “cookie panel” so that we can provide enhanced functionality and a more personalized experience on the Website (you can modify your settings regarding Advertisement cookies at any time by clicking on the “Cookie” panel that appears later on the Website).

The Advertisement Cookies used by the Data Controller can be viewed in the Cookie Policy.

Regarding the installation of cookies on your computer or other device, you have the following options:

Upon your first visit to the Website (within 90 days), you will be prompted to set your cookie preferences on the “Cookie panel” that appears on your screen. Please note that you cannot configure the Necessary cookies essential for the operation of the Website on the “Cookie panel.”

Later, you will have the option to modify your previous cookie preferences at any time. To do this, click the “Cookie Settings” button at the Cookie Policy page of the Website and adjust the desired settings.

If you want to block or allow certain cookies, follow your browser’s instructions for setting cookies. The user of the Website has the right to delete cookies from their computer or block their use in their browser. Managing cookies is typically available in the browser’s Tools/Settings menu, under Privacy/History/Custom Settings, referred to as cookies, tracking, or similar terms.

If you need help configuring your browser settings, please visit one of the following websites depending on the browser you use:

In addition to the above, the following social media service provider has access to the data of users visiting the Company’s social media pages:

In connection with the Company’s Facebook and Instagram pages, Meta Platforms Ireland Limited (address: 4 Grand Canal Square, Dublin 2, Dublin, Ireland) acts as a joint data controller with the Company and, in the case of data processing related to other services on Facebook or Instagram, acts as an independent data controller according to its own data privacy policies (https://hu-hu.facebook.com/privacy/explanation; https://help.instagram.com/519522125107875/?maybe_redirect_pol=0).

If the Data Controller wishes to carry out further data processing, it will provide prior information about the essential circumstances of the data processing (the legal background and legal basis of the data processing, the purpose of the data processing, the scope of the data processed, the duration of the data processing).

If the Data Controller intends to carry out further data processing for purposes other than the original purpose of the data collection, it will inform you of the new purpose and the following information before the further data processing:

Data processing may only begin after this, and if the legal basis for the processing is consent, you must give your consent in addition to receiving the information.
We inform you that the Data Controller must fulfill written data requests from authorities based on legal authorization. The Data Controller keeps records of data transfers in accordance with sections 15 (2)-(3) of the Info Act (which authority received what personal data, on what legal basis, and when), and upon request, the Data Controller will provide information about the content of these records, unless prohibited by law.

The Company is committed to protecting personal data and takes all necessary measures to handle personal data in accordance with the law. The Data Controller has implemented appropriate security measures to protect personal data from unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as from accidental destruction and damage, and to ensure the accessibility of the data in the event of technological changes. The Company adheres to the following principles in its data processing activities:

To the best of its organizational and technical abilities, the Data Controller ensures that its data processors also implement appropriate data security measures when handling your personal data.

What are your rights and remedies concerning the data processing activities carried out by the Company?

The data protection rights and remedies of data subjects (including you, if the Company processes your personal data) are detailed in the relevant provisions of the GDPR (in particular Articles 15, 16, 17, 18, 19, 21, 77, 78, 79, 80, and 82).

The following summary contains the most important provisions, and the Company provides information to data subjects about their rights and remedies related to data processing accordingly.

The Company will inform the data subject without undue delay and within one month of the receipt of the request related to the exercise of their rights (see GDPR Articles 15-21) about the measures taken in response to their request. If necessary, considering the complexity of the request and the number of requests, this deadline may be extended by an additional two months. The Company will notify the data subject of the reason for the delay within one month of receiving the request. If the data subject submitted the request electronically, the response should be provided electronically, where possible, unless the data subject requests otherwise.

If the Company does not take action in response to the data subject’s request, it will inform the data subject without delay and within one month of receiving the request of the reasons for not taking action and of their right to file a complaint with a supervisory authority and to seek judicial remedy.
The Company will provide the information requested by the data subject in writing, or, if the data subject has submitted the request electronically or specifically requested electronic communication, electronically.

The Data Controller uses the data processor(s) named in this Notice to carry out its activities. The data processor does not make independent decisions and is only authorized to act in accordance with the contract concluded with the Data Controller and the instructions received. The Data Controller monitors the work of the data processor. The data processor is only permitted to engage a further data processor if allowed by law and with the prior written consent of the Data Controller. The Data Controller will inform the Data Subject about any additional data processors not listed in this section at the latest when the contract is concluded.

The Data Controller primarily obtains any personal data relating to the Client from the Data Subject, based on the Data Subject’s voluntary provision of data, or in relation to the Client and/or from a third party authorized to disclose data by law.

According to the GDPR, personal data can only be transferred to a third country or international organization if the protection of the personal data is guaranteed following the data transfer and is ensured at a level equivalent to the protection within the European Union (GDPR, Article 44).

Transfers of data abroad within the European Union do not constitute a transfer to a third country. Third countries are considered to be countries outside the European Economic Area (EEA).

The Data Controller lawfully transfers personal data to data processors listed in Section V of this Notice to third countries. In the case of the United States (USA), this is done based on the Trans-Atlantic Data Privacy Framework, while in the case of Australia, it is carried out in compliance with Articles 46-47 of the GDPR. The Data Controller also lawfully transfers data indirectly to U.S.-based service providers based on an adequacy decision (GDPR, Article 45), such as:

Based on GDPR Recitals (90)-(91) and Article 37, the Data Controller is not required to conduct an impact assessment or appoint a data protection officer.

The Data Controller reserves the right to unilaterally modify this Notice in a manner that does not affect the purpose and legal basis of the data processing. By continuing to use the Website after the modifications take effect, you accept the amended data processing notice.