We call your attention to the fact that – in order to ensure the security of your data – you should not give or make available your access code, password and other data necessary for using the e-administration services to any third party. HIPO does not assume responsibility for any damages incurred or abuses committed as a result of the disclosure or making available of such data to any third party.
HIPO (H-1081 Budapest, II. János Pál pápa tér 7.) is the controller of personal data.
Range of personal data processed, purpose, scope, legal basis and duration of the data processing
In official intellectual property matters it is possible to use the e-administration services.
Only those personal data must be provided to HIPO on the appropriate form through the e-administration services which are prescribed by the relevant laws and for the processing of which HIPO is authorized pursuant to the authorization rules of these laws; moreover, HIPO processes the data subject’s e-mail address and all further personal data that the data subject provides to it.
After registration of a partner card, HIPO processes the data subject’s name, user name, address, area of activity, the reasons for their registration or the data concerning their geographical location (PATLIB centre, chamber information point, county), the source of information on the registration opportunity, and it stores the imprint of the data subject’s password in an encoded form.
After identification by the client gateway or identification of a partner card based on identification by the client gateway, HIPO processes, besides the afore-mentioned, the data subject’s connection code necessary for their re-identification, which is forwarded to HIPO by the central system.
In the case of mandatorily provided personal data, the legal basis of data processing is formed by the provisions of the relevant laws [Article 114/G(9) to (12) of Act XXXIII of 1995 on the Protection of Inventions by Patents (Patent Act); Article 28(1) of Act XXXVIII of 1991 on the Protection of Utility Models (Utility Model Act); Article 53/D of the Patent Act with the application of Article 17(6) of Act XXXIX of 1991 on the Legal Protection of Topographies of Microelectronic Semiconductor Products (Topographies Act); Article 32/B of Act XLVIII of 2001 on the Legal Protection of Designs (Design Act); Article 46/D of Act XI of 1997 on the Protection of Trade Marks and Geographical Indications (Trade Mark Act) with the application of Article 112(6) to (8) and (9) of the Trade Mark Act; Articles 41/E and 41/G of Act LXXVI of 1999 on Copyright (Copyright Act); Articles 83 and 149 of Act XCIII of 2016 on the Collective Management of Copyright and Neighbouring Rights (Collective Management Act); Article 41 of Act LXXVI of 2014 on Scientific Research, Development and Innovation (RDI Act)], while in the case of voluntarily provided personal data, the legal basis of the data processing is the consent of the data subject, expressed in an implicit manner when filling in the data [on the basis of Article 5(1)(a), Article 6(7), as well as, if applicable, Article 6(5) of the Information Act]. HIPO processes the data in the case of mandatory data processing for a period appropriate to the type of industrial property protection, and in the case of voluntarily provided data until the withdrawal of the consent or for the period HIPO is mandated by a legal obligation to do so, and in the case where HIPO or a third party is enforcing its legitimate interest, for the period of such enforcement.
You can find information on the matters which can be managed electronically in the types of official procedure in question, and on the personal data processed in the course thereof by HIPO, on the e-administration page of the website under the ‘general information’ section, on the subpage relating to the given type of protection.
If an electronic request is filed on the basis of identification by the client gateway, HIPO forwards to the data subjects the electronic documents containing personal data defined in the industrial property Acts (Patent Act, Utility Model Act, Topographies Act, Design Act, Trade Mark Act), in the Copyright Act, the Collective Management Act and the RDI Act via the central electronic service system.
The purpose of data processing is the following: deciding on the request filed by electronic means and conducting the official proceedings; providing information; keeping in contact by electronic means; in case of a two-way communication subject to identification by the client gateway or identification by a partner card, sending of HIPO’s decision or the extract from the Register to the client’s electronic memory space; enforcing the rights and complying with the obligations in connection with industrial property protection.
HIPO processes any further personal data in connection with e-administration under the rules governing the title of protection in respect of which the electronic means were used. The personal data provided during partner card registration are processed by HIPO until erasure of that partner card registration.
Persons having access to the data
The data are processed exclusively by the employees of HIPO authorized to do so, HIPO does not use any data processors for processing the data.
HIPO transfers data to third persons only if this is prescribed by an Act of Parliament or if the data subject expressly and credibly consented thereto.
HIPO processes personal data with the utmost care, in the strictest confidence and only to the extent required for the use of e-administration and, in the case of consent, according to the instructions, if any, of the consenting person.
HIPO makes every effort to process personal data safely, therefore it took appropriate technical and organizational measures and adopted the procedural rules necessary to enforce the laws regarding data processing and data protection. HIPO revises these measures and rules at regular intervals and, if necessary, amends them.
Rights of users in connection with the processing of their personal data and the modalities of exercising these rights
Everybody is entitled to request information on data relating to them and processed by HIPO, in particular on the sources of such data, on the purpose, legal basis and duration of processing, on the circumstances and effects of any data protection incident which occurred and the measures taken in order to avert it, and – if the data of the data subject are transferred to third parties – on the legal basis of the transfer and the recipients of the data.
HIPO has to provide the information in writing and within the shortest possible period of time following the submission of the request, but at the latest within 25 days; the provision of information may be denied only in cases prescribed by an Act of Parliament. Should the request for information be denied, HIPO must notify the data subject of this in writing by referring to the provision of the Act serving as a ground for the refusal, and also inform the data subject of the means for legal redress against the decision in question.
Where any personal data processed by HIPO proved to be inaccurate, the data subject may request their rectification. If the accurate personal data are available, HIPO must rectify the personal data in question.
Personal data shall be erased if
- their processing is unlawful;
- so requested by the data subject, except for cases where data processing is compulsory;
- they are incomplete or inaccurate and this deficiency cannot be lawfully remedied, provided that erasure is not prohibited by an Act;
- the purpose of processing ceased to exist or the time period for storing the data expired, except if the data carrier has to be transferred to an archive;
- so ordered by a court or the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter ‘the Authority’).
Erasure may be initiated by the data subject with a written request filed with HIPO.
HIPO blocks the personal data if the data subject requests this in a private document providing full evidence or, if based on the information available to HIPO, erasure of the data requested by the data subject would violate the legitimate interests of the data subject. Blocked personal data may be processed only as long as the purpose which prevented erasure of the personal data remains valid.
If the data subject contests the accuracy of an item of personal data and its inaccuracy cannot be ascertained beyond doubt, HIPO must mark the personal data in question.
The person filing the request must be notified by HIPO in writing ̶ with the consent of the concerned by electronic means – within the shortest possible period of time, but at the latest within 25 days from filing the request of any rectification, blocking, marking or erasure, of whether the request has been granted or whether there is an obstacle to do so. In the latter case, HIPO must also provide factual and legal grounds for the refusal and inform the data subject of the possibilities for legal redress.
The data subject is entitled to object to the processing of personal data related to him
- if personal data have to be processed or transferred exclusively to comply with the legal obligations of HIPO, or to enforce the legitimate interests of HIPO, the data recipient or a third party (unless processing is mandatory);
- if personal data are used or transferred for the purposes of direct marketing, public opinion surveys or scientific research; and
- in other cases laid down in an Act.
HIPO must examine the objection lodged within the shortest possible period of time, but at the latest within 15 days of its receipt and make a decision about whether it is well-founded; it also has to notify the decision in writing to the person who filed the objection.
If the objection is well-founded, HIPO must terminate the data processing, block the data, and notify all those of the objection and the measures taken pursuant to it to whom the personal data have already been transmitted and who are also required to take measures in order to enforce the right to object.
If the person who filed the objection disagrees with the decision made in the case, or if HIPO fails to observe the statutory time limit, the person who filed the objection may bring proceedings before the court.
Everyone who considers that their rights were infringed in the course of the data processing by HIPO may turn to court or to the Authority. The court adjudicates such cases under an expedited procedure. The Budapest-Capital Regional Court (Fővárosi Törvényszék) is competent to hear the case, however, if so requested by the plaintiff, legal proceedings may also be brought before the court competent according to the plaintiff’s permanent or temporary residence.