The Hungarian Intellectual Property Office (hereinafter ‘HIPO’) pays particular attention to proceeding in compliance with the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter ‘Information Act’), with other laws, as well as with the data protection practice of the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter ‘the Authority’), and to taking into account the relevant international recommendations in connection with data protection.
HIPO hereby informs its clients and the visitors of its website on the personal data it processes in connection with the website, on its practice in the processing of personal data, as well as on the organizational and technical measures taken in order to ensure the protection of personal data, and on the procedural rules and the possibilities for data subjects to enforce their rights.
We call your attention to the fact that the data processing rules of the website regarding the e-administration section are contained in a separate policy, which is accessible here.
HIPO (H-1081 Budapest, II. János Pál pápa tér 7.) is the controller of personal data in connection with the website.
Range of personal data processed, purpose, scope, legal basis and duration of the data processing
During visits to its website, HIPO processes, with regard to the establishment and maintenance of the internet connection, the technical data, considered as personal data, which are automatically generated (log data) concerning the type of the browser used, the IP-address, the URL, the date of access and the pages visited.
The purpose of data processing is the collection of statistical information necessary for developing the website, for preparing analyses concerning the attendance and use thereof (statistical purpose), as well as for the preventing of potential abuses and enabling their detection (information security purpose).
HIPO processes the log data for one year for statistical purposes and for two years for information security purposes.
The purpose of using cookies is the collection of statistical information necessary for the development of the website, and for the preparation of analyses concerning the attendance and use thereof. The imprints of cookies may not be connected to individual website browsing, from them only anonymous data for exclusively statistical purpose may be retrieved; such data are used to project the trends necessary for the development of the website.
The temporary cookies with qualifying purpose are deleted after the browsing activities, the cookies with a functional purpose are stored on the computer of the data subject for a quarter of a year, while the cookies with a statistical purpose for two years, provided that the data subject does not previously remove them.
The legal basis of data processing in respect of both the log data and the cookies is the consent of the data subject [Article 5(1a) of the Information Act, and in respect of the duration of data processing also Article 6(5) of the Information Act].
The purpose of the data processing is to inform subscribers of topical issues affecting directly or indirectly HIPO by transmitting the newsletter to them as well as to offer them the possibility of keeping in contact to this end.
On its website, HIPO makes available information on the news and events pertaining to its activities, including information on the winners of the tenders invited and the prizes awarded by HIPO, in respect of which it processes the data subjects’ certain, where applicable, publicly available personal data (e.g., name, CV data, photo). Data processing in respect of the Jedlik Ányos Award and the Hungarian Design Award is based on the relevant laws, in respect of other applications and prizes the legal basis is the authorization of the data subject. HIPO processes documents containing data as documents of lasting value, under the applicable law.
It is possible to ask questions in the forum section of the website. By using this section the visitor of the website uses the moderated service of the www.magyarorszag.hu governmental portal e-democracy site which is not a service provided by HIPO. The data related to the use of this section (with the exception of the data in connection with visiting the website of HIPO) are generated not at HIPO, therefore questions in connection with data processing related to the use of the forum can be answered by the operator of the www.magyarorszag.hu portal.
Persons having access to the data, data processors
The data are processed exclusively by the employees of HIPO authorized to do so.
HIPO transfers personal data to third persons only if this is prescribed by an Act of Parliament or if the data subject expressly and credibly consented thereto.
HIPO uses the services, considered data processing for the purposes of the Information Act, of the following companies:
- NISZ National Infocommunication Service Company Ltd. (H-1081 Budapest, Csokonai u. 3., company registration number: 01-10-041633) for the operation of the website,
- Bohl Software Consulting Informatics Ltd. (H-1131, Madarász Viktor u. 13., building 4, VI/97., company registration number: 01-09-949932) for the maintenance of the website.
The data processors perform tasks of a technical nature according to the instructions of HIPO.
HIPO processes personal data with the utmost care, in the strictest confidence and only to the extent required for the use of the services, and in case of consent, according to the instructions, if any, of the consenting person.
HIPO makes every effort to process personal data safely, therefore it took appropriate technical and organizational measures and adopted the procedural rules necessary to enforce the laws regarding data processing and data protection. HIPO revises these measures and rules at regular intervals and amends them, if necessary.
Rights of users in connection with the processing of their personal data and the modalities of exercising these rights
Everybody is entitled to request information on data relating to them and processed by HIPO or by a data processor on his behalf or according to his instructions, in particular on the sources of such data, on the purpose, legal basis and duration of processing, on the name and address of the data processor and on its activities related to data processing, on the circumstances and effects of any data protection incident which occurred and the measures taken in order to avert it, and – if the personal data of the data subject are transferred to third parties – on the legal basis of the transfer and the recipients of the data.
HIPO has to provide the information in writing and within the shortest possible period of time following the submission of the request, but at the latest within 25 days; the provision of information may be denied only in cases where this is prescribed by an Act of Parliament. Should the request for information be denied, HIPO must notify the data subject of this in writing by referring to the provision of the Act serving as a ground for the refusal, and also inform the data subject of the means for legal redress against the decision in question.
Where any personal data are inaccurate, the data subject may request their rectification. If the accurate personal data are available, HIPO must rectify the personal data in question.
Personal data shall be erased if
- their processing is unlawful;
- so requested by the data subject, except for cases where data processing is compulsory;
- they are incomplete or inaccurate and this deficiency cannot be lawfully remedied, provided that erasure is not prohibited by an Act;
- the purpose of processing ceased to exist or the time period for storing the data expired, except if the data carrier has to be transferred to an archive;
- so ordered by a court or by the Authority.
Erasure may be initiated by the data subject with a written request filed with HIPO.
HIPO blocks the personal data if the data subject requests this at least in a private document providing full evidence or, if based on the information available to HIPO, erasure of the data requested by the data subject would violate the legitimate interests of the data subject. Blocked personal data may be processed only as long as the purpose, which prevented erasure of the personal data, remains valid.
If the accuracy of an item of personal data is contested by the data subject and its inaccuracy cannot be ascertained beyond doubt, HIPO must mark the personal data in question.
The person filing the request must be notified by HIPO in writing ̶ with the consent of the person concerned by electronic means ̶ within the shortest possible period of time, but at the latest within 25 days from filing the request of any rectification, blocking, marking or erasure, of whether the request has been granted or whether there is an obstacle to do so. In the latter case, HIPO must also provide the factual and legal grounds for the refusal and inform the data subject of the possibilities for legal redress.
The data subject is entitled to object to the processing of personal data related to him if
- personal data have to be processed or transferred exclusively to comply with the legal obligations of HIPO, or to enforce the legitimate interests of the controller, the data recipient or a third party, unless processing is mandatory;
- personal data are used or transferred for the purposes of direct marketing, public opinion surveys or scientific research; and
- in other cases laid down in an Act.
HIPO must examine the objection lodged as soon as possible, but at the latest within 15 days of its receipt and make a decision about whether it is well-founded; it also has to notify the decision in writing to the person who filed the objection.
If the objection is well-founded, HIPO must terminate the data processing, block the data, and notify all those of the objection and the measures taken pursuant to it to whom the personal data have already been transmitted and who are also required to take measures in order to enforce the right to object.
If the person who filed the objection disagrees with the decision made in the case, or if HIPO fails to observe the statutory time limit, the person who filed the objection may bring proceedings before the court.
Everyone who considers that their rights were infringed in the course of the data processing by HIPO may turn to court or to the Authority. The court adjudicates such cases under an expedited procedure. The Budapest-Capital Regional Court (Fővárosi Törvényszék) is competent to hear the case, however, if so requested by the plaintiff, legal proceedings may also be brought before the court competent according to the plaintiff’s permanent or temporary residence.