The Hungarian Intellectual Property Office (hereinafter referred to as “the HIPO”) pays particular attention to proceeding in compliance with the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Information Act) and other legislation, as well as with the data protection practice of the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter referred to as “the Authority”), and with the major international recommendations in connection with data protection.
The HIPO hereby informs its clients and the visitors of its website on the personal data it processes in connection with the website, on its practice in the processing of personal data, as well as on the organizational and technical measures taken in order to ensure the protection of personal data, and the procedural rules and the possibilities of the data subjects to enforce their rights.
We call your attention to the fact that the data processing rules of the website regarding the e-administration section are contained in a separate policy which is accessible here.
The HIPO (H-1081 Budapest, II. János Pál pápa tér 7.) is the controller of personal data in connection with the website.
Set of personal data processed, purpose, scope, legal basis and duration of the data processing
During visits to the website of the HIPO, it processes, with regard to access and maintenance of the internet connection, the technical data, considered as personal data, automatically generated (log data) concerning the type of the browser used, the IP-address, the URL, the date of access and the pages visited.
The purpose of data processing is the collection of statistical information necessary for the development of the website, for the preparation of analyses concerning the attendance and use thereof (statistical purpose), as well as the prevention of potential abuses and the practicability of their detection (information security purpose).
The HIPO will process the log data for two years for information security purpose, and for one year for statistical purpose.
The purpose of using cookies is the collection of statistical information necessary for the development of the website, and for the preparation of analyses concerning the attendance and use thereof. The imprints of cookies may not be connected to individual website browsing, from them only anonym data for exclusively statistical purpose may be retrieved, by which the trends necessary for the development of the website may be outlined.
The temporary cookie with qualifying purpose will be deleted after the given work process, the browsing, the cookie with functional purpose will be stored on the computer of the data subject for a quarter of a year, while the cookie with statistical purpose for two years, provided that the data subject has not removed them beforehand.
The legal basis of data processing in respect of both the log data and the cookies is the consent of the data subject [Article 5(1a) of the Information Act, in respect of the duration of data processing is Article 6(5) of the Information Act].
The purpose of the data processing is to inform the data subjects of the actualities affecting directly or indirectly the HIPO by delivering the newsletter to the user and to ensure the possibility of keeping in contact to this end.
On its website, the HIPO makes available information on the news and events pertaining to its activities, including information on the winners of the tenders invited and the prizes awarded by the HIPO, in respect thereof it processes the data subjects’ certain, where applicable, publicly available personal data (e.g., name, CV data, photo). Data processing in respect of the Jedlik Ányos Award and the Hungarian Design Award is based on the relevant legislation, in respect of other applications and prizes the legal basis is the authorization of the data subject. The HIPO processes the documents containing the data as documents of lasting value, under the applicable law.
It is possible to ask questions in the forum section of the website. By using this section the visitor of the website uses the moderated service of the www.magyarorszag.hu governmental portal e-democracy site which is not a service of the HIPO. The data related to the use of this section (with the exception of the data in connection with visiting the website of the HIPO) are generated not at the HIPO, therefore questions in connection with data processing necessary for using the forum can be answered by the operator of the www.magyarorszag.hu portal.
Persons having access to the data, data processors
The data are processed exclusively by the employees of the HIPO authorized to do so.
The HIPO transfers personal data to third persons only if it is prescribed by an Act of Parliament or if the data subject expressly and credibly consented thereto.
The HIPO uses the services, qualified as data processing by the Information Act, of the following companies:
- NISZ National Infocommunication Service Company Ltd. (H-1081 Budapest, Csokonai u. 3., company registration number: 01-10-041633) for the operation of the website,
- Bohl Software Consulting Informatics Ltd. (H-1131, Madarász Viktor u. 13., building 4, VI/97., company registration number: 01-09-949932) for the maintenance of the website.
The data processors perform their technical tasks according to the instructions of the HIPO.
The HIPO processes personal data with the utmost care, in strictest confidence and only to the extent required for the use of the services, and in case of consent, according to the instructions, if any, of the consenting person.
The HIPO endeavours with the utmost care to process personal data safely, therefore it took the appropriate technical and organizational measures and adopted the procedural rules necessary to give effect to the legislation regarding data processing and data protection. The HIPO will revise these measures and rules at regular intervals and amend them, if necessary.
Rights of users in connection with the processing of personal data relating to them and the modalities of exercising such rights
Everybody is entitled to request information on data relating to them and processed by the HIPO or by a data processor on his behalf or according to his instructions, on the sources from where they were obtained, on the purpose, legal basis and duration of processing, on the name and address of the data processor and on its activities related to data processing, on the circumstances and effects of any data protection incident which occurred and the measures taken in order to counteract it, and – if the personal data of the data subject are transferred to third parties – on the legal basis of the transfer and the recipients of the data.
The HIPO provides the information in writing and within the shortest possible period of time following the submission of the request, however, not later than within 25 days; the provision of information may be denied only in cases defined by the relevant Act of Parliament. Should the request for information be denied, the HIPO notifies the data subject of this in writing by referring to the provision of the Act serving as a ground for the refusal, and also informs the data subject of the means available for legal redress against the decision.
Where any personal data processed by the HIPO are deemed to be inaccurate, the data subject may request that they be corrected. If the correct personal data are at the controller’s disposal, the HIPO rectifies the personal data in question.
Personal data shall be erased if
- their processing is unlawful;
- so requested by the data subject;
- they are incomplete or inaccurate and this deficiency cannot be lawfully remedied;
- the purpose of the processing ceased to exist or the time period for storing the data expired;
- so ordered by court or by the Authority.
The erasure may be initiated by the data subject with a written request filed with the HIPO.
The HIPO blocks the personal data if the data subject requests this at least in a private document providing conclusive evidence or, based on the information available to the HIPO, erasure of the data requested by the data subject would presumably violate the legitimate interests of the data subject. Blocked personal data may be processed only as long as the purpose which prevented erasure of the personal data remains valid.
If the accuracy of an item of personal data is contested by the data subject and its inaccuracy or incorrectness cannot be ascertained beyond doubt, the HIPO tags the personal data in question.
The person filing the request must be notified by the HIPO in writing ̶ with the consent of the concerned by electronic means ̶ within 25 days from filing the request of any correction, blocking, tagging or erasure, i.e. that the request has been granted or that there is an obstacle to do so. In the latter case the HIPO must also provide the factual and legal grounds for the refusal and inform the data subject of the possibilities for seeking legal redress.
The data subject is entitled to object to the processing of personal data related to him if
- personal data have to be processed or transferred exclusively to comply with the legal obligations of the HIPO, or to enforce the legitimate interests of the HIPO, the data recipient or a third party, unless processing is mandatory;
- personal data are used or transferred for the purposes of direct marketing, public opinion surveys or scientific research.
The HIPO examines the objection lodged within 15 days of its receipt and grants the request expressed in the objection if it can establish beyond doubt that the objection is well-founded; it also notifies the decision in writing to the person who filed the objection. In case the request is rejected, the HIPO must notify the person filing the objection in writing, within 15 days following the submission, stating the grounds for its decision, in a form conforming to the objection (on paper or in electronic way).
In case of rejection of the objection, if the data subject disagrees with the decision made in the case, or if the HIPO fails to observe the deadline, the data subject may turn to court.
Everyone who considers that their rights were infringed in the course of the data processing by the HIPO may turn to court or to the Authority. The court hears such cases in priority proceedings. The Budapest-Capital Regional Court (Fővárosi Törvényszék) is competent to hear the case, however, if so requested by the data subject, legal proceedings may also be started before the court competent according to the permanent or temporary residence of the data subject.