Cookie Policy
Privacy notice on the processing of data by means of cookies used on the website of the Hungarian Intellectual Property Office
I. The Controller of personal data
|
• name: |
• Hungarian Intellectual Property Office (the ‘HIPO’ or ‘Office’) |
|
• seat: |
1081 Budapest, II. János Pál pápa tér 7. |
|
• postal address: |
1438 Budapest, pf. 415. |
|
• phone number: |
06-1/312-4400 |
|
• e-mail address: |
Contact details of the HIPO’s data protection officer
|
• e-mail address: |
|
|
• phone number: |
06-20/297-1266 |
|
• Postal address: |
1438 Budapest, pf. 415. |
II. Applicable laws
|
GDPR |
General Data Protection Regulation. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. |
|
Information act |
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information. |
III. Purpose and operation of cookies in general
When someone visits a website, small files, so-called cookies are placed on their IT device (e.g. laptop, tablet, mobile phone, etc., hereinafter ‘device’). Cookies can serve a variety of purposes, and the data they collect and the length of time they remain on the user's device varies accordingly.
For example, some cookies distinguish between users who are viewing the website at the same time, other cookies collect and store the activity and preferences of website visitors, and there are cookies that remember the settings of website visitors (e.g. chosen language or currency) so that they do not need to be re-entered when the website is visited later. The owner of the website (the Controller) may also use cookies to collect information about the device and the activity of the website visitor (e.g. laptop or mobile phone; browser type, version and other data; operating system, version and IP address of the device; sub-pages viewed by the user and website functions used).
Some cookies are essential for the proper functioning of the website, without them the website cannot function properly, others collect information about the use of the website to make it more user-friendly and useful.
Cookies may also be used to collect anonymised (non-personally identifiable) statistical data, which can help the Controller to get an idea of the browsing habits and user experiences of visitors to the website.
The Controller may use its own cookies on the website; the purpose and function of these cookies are determined by the Controller and are not influenced by third parties.
The Controller may also use cookies from service providers that are considered third parties. Third parties include, for example, data analysis service providers who help the Controller to understand what content a website visitor views, and for how long, or what menu items or website functions they use, what they are interested in, etc. With this information, the Controller can plan the development of its website and/or services, their content, personalized services, etc.
Some cookies are only temporary and disappear when the browser session is closed, but others remain on the device for a longer period of time. Persistent cookies are those that, unlike session cookies, remain permanently on the device of the website visitor, are not automatically deleted when the browser program is closed, so it is up to the user to delete them from his/her device.
Different browsers allow you to change the default setting for accepting cookies, so that the user can prevent cookies from being automatically accepted or set a deletion time. For more detailed information on the cookie settings of the following browsers, click on the name:
IV. Main aspects of processing
Required cookies
The required cookies are used by HIPO to enable the browsing of its websites and the use of website functions. Without the use of these cookies, the smooth functioning of the website cannot be ensured.
Required cookies cannot in themselves identify the user visiting the website, so they do not allow for individualised (personalised) processing and storage. The purpose of the required cookies is to support and facilitate the usability and processes of the website, therefore, if you disable them, there is no guarantee that you will be able to use all the functions of the website in full.
The purpose of the required cookies is to support and facilitate the usability and processes of the website, therefore, if you disable them, there is no guarantee that you will be able to use all the functions of the website in full.
The required cookies listed in the table below do not collect individualized data that can be used to identify a person, and are simply not processed by the HIPO .
Required cookies
|
Name of cookie |
Purpose of cookie (description) |
Duration of processing |
|
consentTime |
This cookie stores date and time when the user consented to the use of cookies. |
365 days |
|
gdprLevel |
This cookie may store GDPR levels – for example, what type of cookies the user consented to (e.g. basic only, or statistical, marketing). |
365 days |
|
cookiePolicy |
It stores the fact that the cookie policy has been accepted. |
62 days |
|
sa-cookie-rama |
A cookie that stores the session ID. |
1 day |
Processing of data related to cookies for statistical purposes
|
Cookie name |
_ga |
|
Cookie function |
It records a unique identifier, which is used to generate anonymous statistical data about the use of the website. |
|
Purpose of processing |
to collect the statistical information necessary for the development of the website and to carry out analyses on the number of visits and usage |
|
Personal data processed |
IP address, traffic data such as number of visits, information on the duration of visits, approximate geolocation (estimated
geographic location based on IP address), and browser and device data |
|
Legal basis for processing |
The legal basis for statistical processing is the consent of the data subject (Article 6(1)(a) GDPR). |
|
Duration of data storage |
One year. The processing of statistical data that do not contain personal data will continue after this period. |
|
Sources of personal data |
The above personal data are partly provided directly by the data subject to the HIPO and partly generated in the course of processing. |
|
Automated decision-making |
None. |
|
Mandatory nature of data provision |
It is up to the data subject to decide whether or not to provide personal data. |
|
Rights of data subjects |
You may exercise your right of access, and your rights to rectification, erasure, restriction of processing and data portability.
|
With Google Analytics, we get a more complete picture of the main characteristics of user behaviour. For more information about Google Analytics service cookies, please follow the link below: https://support.google.com/analytics/answer/11397207?hl=hu
Log analysis for information security purposes
|
Purpose of processing |
preventing, detecting and managing information security incidents – e.g. identifying attack patterns, detecting unauthorised access attempts by examining individual sessions, visits (WAF and log analysis) |
|
Personal data processed |
the WAF (Web Application Firewall) and the web server log information about HTTP/HTTPS requests (IP address, user-agent, URL, timestamp) Log data is not used by the Office to profile or track individual visitors. The possibility of identification exists only in principle (e.g. if someone misuses something, it may be possible to trace it back based on IP address). |
|
Legal basis of processing |
processing is necessary for the performance of tasks carried out in the public interest |
|
Duration of data storage |
The retention period for backups from the central log collection server is 5 years. |
|
Source of personal data |
The above personal data are partly provided directly by the data subject to the HIPO and partly generated in the course of processing. |
|
Automated decision-making |
None |
|
Mandatory nature of data provision |
Providing data is a condition of visiting the website |
|
Rights of data subjects |
You may exercise your right of access, and your rights to rectification, erasure, restriction of processing and data portability.
|
V. Further recipients of personal data, data transfers
Where proceedings have been brought before a court or other authority which require the transfer of personal data to that
court or authority, the court or authority may also have access to the personal data.
In the event of a failure or other problem in the IT systems of the HIPO, the systems containing personal data may also be accessed by authorised staff of the processor responsible for certain operational tasks of the IT infrastructure of the Office.
The relevant processors are as follows:
Mitte Communications Kft.
|
name: |
Google Analytics account management |
|
company registration number: |
01-09-179304 |
|
seat: |
1137 Budapest, Jászai Mari tér 5-6. |
New Land Media Advertising, Service and Trading Kft.
|
name: |
performs certain tasks related to the public relations of HIPO |
|
company registration number: |
01-09-176515 |
|
seat: |
1025 Budapest, Felső Zöldmáli út 72. |
Lounge Design Kft.
|
name: |
performs certain tasks related to the public relations of HIPO |
|
company registration number: |
01-09-940287 |
|
seat: |
1025 Budapest, Felső Zöldmáli út 72. |
Valkyr Informatics Kft.
|
name: |
operator of the port security system used by HIPO (in relation to processing for information security purposes) |
|
company registration number:: |
01-09-929529 |
|
seat: |
1025 Budapest, Szeréna köz 6/b. |
VI. Data security
Technical measures
The Office and its processors are entitled to access the personal data of the data subjects to the extent necessary for the performance of their tasks or duties. The HIPO takes all security, technical and organisational measures that guarantee the security of personal data.
The HIPO stores the data on its own equipment in a data centre. The IT tools that store the data are stored in a separate, locked server room with an alarm system, protected by a multi-level access control system with authorisation control.
The HIPO protects its internal network with multiple layers of firewall protection. The access points to the public networks used are always equipped with hardware border protection devices (firewalls). Data are stored by the HIPO on multiple servers to protect them from destruction, loss or damage due to malfunction of IT equipment, or from unlawful destruction.
The HIPO protects its internal networks from external attacks with multiple layers of active, complex malware protection (e.g. virus protection). Indispensable external access to the IT systems and databases operated by the HIPO is provided via an encrypted data connection (VPN).
The HIPO does its utmost to ensure that its IT tools and software are constantly in line with the technological solutions generally accepted in the market.
The HIPO is developing systems in which logging can be used to control and monitor the operations carried out and to detect incidents (e.g. unauthorised access).
VII. Data subjects' rights in connection with processing
The HIPO will assist anyone in exercising their rights if they can identify the person making the request. In order to comply
with the request, the HIPO is obliged to verify whether it is really the person entitled to exercise the rights who intends
to do so. In the event that the HIPO cannot identify the person making the request, it will ask for any additional information
necessary to establish the identity of the person. HIPO will inform you as soon as possible, but within a maximum of one month
– or, taking into account the complexity of the request and the number of requests made to it by anyone, a maximum of two
additional months – of the action taken or not taken on your request. In the event of an extension of the time limit, the
HIPO will provide information within one month, with an indication of the reasons.
The HIPO will provide information about the action or failure to take action in the form you specify (primarily by post or electronic means), provided that it is able to comply with the request. If you have submitted your request electronically, the information will be provided electronically unless you request otherwise. The HIPO will provide the requested information free of charge, if the request is not clearly unfounded or excessive. The HIPO will inform each recipient to whom or to which the personal data have been communicated of any rectification, erasure or restriction of processing that it has carried out, unless this proves impossible or involves a disproportionate effort. At your request, the HIPO will inform you of these recipients.
The rights of the data subject are:
|
Access |
The data subject has the right to request confirmation at any time that the Controller is processing his or her personal data. In this case, the data subject has the right to receive information about this processing (e.g. which recipients can access the data or for how long it is stored) and to request a copy of his or her personal data. A copy of the personal data may be provided to the data subject in a commonly used computer-readable format (PDF/XML) or in a printed paper version thereof. The first request for a copy is free of charge. |
|
Rectification |
The data subject may request that |
|
Erasure |
The data subject may request the erasure of personal data relating to him or her processed by the Controller if one of the
following conditions is met: - the Controller no longer needs the data concerned, or - the data subject has concerns about
the lawfulness of the processing of his or her data. |
|
Withdrawal of consent as erasure |
Where the processing of personal data is based on consent, the data subject may withdraw his or her consent at any time without giving reasons. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. Meanwhile, the Controller will no longer carry out operations using the personal data concerned and will erase them. |
|
Restriction of processing |
During the period of restriction of processing, the Controller may not perform any processing operations, except storage.
|
|
Data portability |
The data subject may also request that personal data relating to him or her be made available to him or her, or that they
be transferred directly to another Controller designated by him or her. We provide personal data in a structured, widely used,
computer-readable format (PDF/XML). |
|
Objection |
The data subject may object to the processing of his or her personal data if the processing is necessary for the performance of a public task or if it is based on the legitimate interest of the Controller. If there are no compelling reasons to continue processing the personal data, the Controller ceases to process the personal data and erases them. The Controller is entitled to continue to process the data despite the objection, if the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the data subject, or are related to the establishment, enforcement or defence of legal claims. |
|
Exercise of rights after the death of the data subject |
Within five years of the death of the data subject, the right of access, and the rights to rectification, erasure, restriction
of processing or objection may be exercised by the person whom the data subject has authorised by administrative provision
or by a declaration in an authentic instrument or private document having full probative value made to the Controller. |
VIII. Right to complain and seek redress
If you believe that your rights have been infringed as a result of the processing of your data by the HIPO,
- you may submit a complaint to the HIPO using one of the above contact details.
- to protect your data, you may have recourse to the courts, which will act out of turn. The action may be brought before
the Budapest-Capital Regional Court (Fővárosi Törvényszék) competent for the seat of the Office (1055 Budapest, Markó utca
27, phone number: +36-1/354-6000, website: https://fovarositorvenyszek.birosag.hu/), or the court competent for the place of residence or domicile of the person concerned, which can be found at the following
website: https://birosag.hu/torvenyszekek;
- you can also lodge a complaint with the National Authority for Data Protection and Freedom of Information (seat: 1055 Budapest,
Falk Miksa utca 9-11., postal address: 1374 Budapest, Pf. 603., phone number: +36-1/391-1400, fax number: +36-1/391-1410,
e-mail address: ugyfelszolgalat@naih.hu, website contact details: https://www.naih.hu/).
