concerning the use of the website and of the e-administration services
The Hungarian Intellectual Property Office (hereinafter referred to as ‘HIPO’) pays particular attention to proceed in the course of its operations in compliance with the General Data Protection Regulation of the European Union (hereinafter referred to as ‘GDPR’), with the Hungarian Data Protection Act (hereinafter referred to as ‘Information Act’), with other laws, as well as with the guidelines of the Article 29 Working Party and the established data protection practice of the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter referred to as ‘the Authority’).
HIPO hereby informs the visitors of its website and the persons making use of its electronic administration (hereinafter referred to as ‘e-administration’) services on the personal data it processes in connection with the website and the e-administration services, on its practice in the processing of personal data, as well as on the procedural rules and the possibilities for data subjects to exercise their rights.
E-administration services are available through the website of HIPO or via the Government portal (www.magyarorszag.hu). Given the fact that these services, independently of how they are accessed, can be used by being redirected to the website of HIPO, information relating to visitors of the website apply also to users of those services.
We call your attention to the fact that – in order to ensure the security of your data – you should not give or make available your access code, password or other data necessary for using the e-administration services to any third party. HIPO does not assume responsibility for any damages incurred, claims made or abuses committed as a result of data so disclosed or made available to any third party.
I. The controller and its contact details
HIPO (headquarters: H-1081 Budapest, II. János Pál pápa tér 7., phone number: +36-1/312-4400, fax number: +36-1/474-5534, postal address: H-1438 Budapest, Pf. 415., e-mail address: sztnh  hipo  gov  hu) is the controller of the personal data.
II. The data protection officer and her contact details
- name of HIPO’s data protection officer: Krisztina Hegedüs
- e-mail address of HIPO’s data protection officer: adatvedelem  hipo  gov  hu
III. Range of personal data processed in connection with the website, the purpose, legal basis and duration of data processing
During visits to its website HIPO processes, with regard to the establishment and maintenance of the internet connection, the technical data (log data), considered as personal data, which are automatically generated concerning the type of browser used, the IP-address, the URL, the date of access and the list of pages visited.
The purpose of data processing is the collection of statistical information necessary for developing the website, preparing analyses concerning attendance and use of the website (statistical purpose), as well as the prevention of potential abuses and the enabling of their detection (information security purpose).
HIPO processes the log data for one year for statistical purposes and for two years for information security purposes.
The purpose of using cookies is the collection of statistical information necessary for the development of the website and for the preparation of analyses related to the number of visitors and the utilisation of the site. The imprints of cookies may not be connected to individual website browsing, only anonymous data may be retrieved from them for statistical purposes; such data can be used to project the trends necessary for the further development of the website.
Session cookies and cookies for qualification purposes are deleted after the given browsing session, functional cookies are stored for one quarter, while statistical cookies for two years on the computer of the data subject, provided that they do not remove them earlier.
The legal basis of data processing where it is done for information security purposes is compliance with the legal obligation incumbent on HIPO, and in respect of both the log data and the cookies the consent of the data subject. The withdrawal of consent does not affect the lawfulness of processing before its withdrawal.
The purpose of the data processing is to inform subscribers, by transmitting the newsletter to them, of topical issues affecting directly or indirectly HIPO as well as to offer them the possibility of keeping in contact to this end.
On its website, HIPO makes available information on the news and events pertaining to its activities, including information on the winners of the tenders invited and the prizes awarded by HIPO, in respect of which it processes the data subjects’ certain, where applicable, publicly available personal data (e.g. name, CV data, photo). The legal basis of data processing, taking into consideration the consent given by the applicant or the awardee, is compliance with the legal obligation incumbent on HIPO. The withdrawal of consent does not affect the lawfulness of processing before its withdrawal. HIPO processes documents containing data as documents of lasting value.
Failure to provide data result in restricted usability of the services of the website and inaccuracies of the analytical measurements.
It is possible to ask questions in the forum section of the website. When using this section the visitor of the website uses the moderated service of the www.magyarorszag.hu governmental portal e-democracy site which is not a service provided by HIPO. The data related to the use of this section (with the exception of data in connection with visiting the website of HIPO) are generated not at HIPO, therefore information in connection with data processing related to the use of the forum is provided by the operator of the www.magyarorszag.hu portal.
IV. Range of personal data processed in connection with e-administration services, the purpose, legal basis and duration of data processing
In the course of dealing with official matters related to intellectual property protection one can use the e-administration services.
On the “General information” subpage of the e-administration page, in the heading regarding the given title of protection you can find information on the conditions of using e-administration services in the different official procedures, and on the personal data processed by HIPO in the course of those procedures.
When using the e-administration services you have to provide on the appropriate form only those personal data to HIPO which are prescribed by the relevant laws, and to the processing of which HIPO is authorised by the authorising provisions of those laws; in addition, HIPO also processes the e-mail address of the data subject as well as any other personal data that the data subject provides to it.
Following partner card registration, HIPO processes the name, user name, address, activity area, circumstances of the reasons for registration or data relating to the regional position (PATLIB centre, chamber info point, county) of the data subject, the source of obtaining information on the registration, and stores in an encoded manner the imprint of the password of the data subject.
Following identification by way of central identification agent and customer portal or by way of partner card based on customer portal identification, HIPO processes the code necessary for authentication of the client, which is forwarded to HIPO by the central system.
Where the data subject is obliged to provide the personal data, the legal basis of data processing is compliance with the legal obligation incumbent on HIPO or the performance of a task carried out in the public interest or in the exercise of official authority vested in HIPO, and where other data are provided, the consent of the data subject or compliance with the legal obligation incumbent on HIPO or the performance of a task carried out in the public interest or in the exercise of official authority vested in HIPO based on such consent.
Where data processing is required by laws, HIPO processes the data for the time period corresponding to the title of protection, where data are processed on the basis on consent, it processes the data for the time period laid down in law applying to HIPO, and in the absence thereof until the withdrawal of such consent. The withdrawal of consent does not affect the lawfulness of processing before its withdrawal. Personal data provided in the course of partner card registration are processed by HIPO until the erasure of partner card registration.
Where an electronic application based on central identification agent or customer portal identification is filed or answered electronically, HIPO forwards to the applicant the electronic documents containing personal data specified in the Acts pertaining to the given procedure via the governmental electronic communication services system.
The purposes of data processing are the following: consideration of the electronically filed application, the conducting of the official procedure, provision of information, electronic communication, in the case of two-way communication subject to identification by customer portal or partner card, the sending of the decision of HIPO or an extract from the register to the electronic storage space of the client, enforcement of the rights and compliance with the obligations connected with the given protection title.
Additional personal data related to electronic administration are processed by HIPO in accordance with the rules governing the title of protection for which e-administration is used.
Failure to provide the data entails impossibility to use the e-administration services or inability of HIPO to provide those services.
V Persons having access to the data, recipients
The data are processed exclusively by the employees of HIPO authorized to do so.
In the course of data processing HIPO does not use automated decision-making procedures.
HIPO transfers personal data to third persons only if this is prescribed by an Act or if the data subject has credibly consented thereto.
HIPO uses the services of the following companies:
- Invitech Solutions Private Company Limited by Shares (2040 Budaörs, Edison utca 4., company registration number: 13-10-041599) for the operation of the website,
- Bohl Software Consulting Informatics Limited Liability Company (H-1131, Madarász Viktor u. 13., building 4, VI/97., company registration number: 01-09-949932) for the maintenance of the website,
which enterprises are processors in the course of these activities pursuant to the GDPR.
The data processors perform tasks of a technical nature according to the instructions of HIPO.
VI. Rights of users in connection with the processing of their personal data related to the use of the website and the e-administration services, as well as the modalities of exercising these rights
1. Right of access
Everybody has the right to obtain information on his or her data processed by HIPO, in particular
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed by HIPO (in the case of recipients in third countries or international organisations, including the safeguards relating to such transfer);
- the envisaged period for which the personal data will be stored or the criteria used to determine that period;
- the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information;
- where the personal data are not collected from the data subject, any available information as to their source.
HIPO, if requested to do so, provides a copy of the personal data or of the documents containing those data, if this does not adversely affect the rights and freedoms of others.
2. Right to rectification
Everyone has the right to obtain from HIPO the rectification of inaccurate personal data concerning him or her; moreover – taking into account the purposes of the processing – he or she has the right to have incomplete personal data completed.
3. Right to erasure
At the request of the data subject HIPO erases the personal data concerning him or her where one of the following grounds applies
- the personal data are no longer necessary in relation to the purposes for which they were processed by HIPO;
- the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
- the data subject objects to the processing on grounds relating to his or her particular situation, and there are no overriding legitimate grounds for further processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation to which HIPO is subject;
- the personal data have been collected in relation to the offer of information society services.
Erasure may be initiated by the data subject with a written request filed with HIPO.
Where HIPO has made the personal data public and is obliged to erase the personal data, it takes the necessary steps, in accordance with the relevant provisions of the GDPR, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
HIPO does not comply with the request for erasure and does not inform the other controllers of the request for erasure to the extent that processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by law to which HIPO is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in HIPO;
- for reasons of public interest in the area of public health as laid down in the GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
4. Right to restriction of processing
The data subject has the right to obtain from HIPO restriction of processing if
- the accuracy of the personal data is contested by the data subject, for a period enabling HIPO to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- HIPO no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- if processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in HIPO or if processing is necessary for the purposes of the legitimate interests pursued by HIPO or by a third party, and the data subject has objected to the processing, pending the verification whether the legitimate grounds of HIPO override those of the data subject.
Where processing has been restricted, such personal data are, with the exception of storage, only processed by HIPO with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
A data subject who has obtained restriction of processing is informed by HIPO before the restriction of processing is lifted.
5. Notification obligation regarding rectification or erasure of personal data or restriction of processing
HIPO communicates any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
6. Right to data portability
Everyone has the right to receive the personal data concerning him or her, which he or she has provided to HIPO, in a structured, commonly used and machine-readable format, where the processing is based on consent or on a contract to which the data subject is party and the processing is carried out by automated means, in so far as the exercise of this right does not adversely affect the rights and freedoms of others.
7. Right to object
Everybody has the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, if processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in HIPO or if processing is necessary for the purposes of the legitimate interests pursued by HIPO or by a third party. In spite of the objection HIPO may continue data processing if there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for scientific or historical research purposes or statistical purposes, the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
VII. The procedure of HIPO where the data subject exercises his or her rights
HIPO assists everybody in the exercise of his or her rights, if it can identify the person filing the request or if there is no need for identification. If HIPO cannot identify the person filing the request, it asks for further information necessary for identification.
HIPO should reply to such requests within the shortest possible period of time which should not exceed one month and provide information of the measure taken pursuant to the request; taking into account the complexity of the request and additional requests filed by any other third parties thereto, the time limit for providing information of the measures taken may be extended to a maximum of three months. If the time limit is extended, HIPO notifies the person concerned within one month and indicates the reasons therefor.
HIPO provides the information in the same manner (primarily by post or electronically) as it received the request, unless requested otherwise by the person filing the request and provided HIPO can comply with that request.
If the request is clearly unfounded or excessive, HIPO may charge a fee based on administrative costs in accordance with the provisions of laws or may refuse to take any measure.
Anybody who considers that his or her rights as a data subject have been infringed as a result of the processing of personal data by HIPO, may request information from or lodge a complaint with HIPO or the Authority, or may seek judicial remedy in the cases provided for by the GDPR.
 Information on the data protection policy of the Hungarian Intellectual Property Office covering all its operations and activities is available, in Hungarian, at the following webpage: https://www.sztnh.gov.hu/hu/adatvedelem
 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
 Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information
 The guidelines of the Article 29 Working Party are available at
 The website of the Hungarian National Authority for Data Protection and Freedom of Information is available at http://www.naih.hu/
 Article 6(1)(c) of GDPR, and Act L of 2013
 Article 4 point 11, Article 6(1)(a) and Article 7 of GDPR
 Article 6(1)(c) and Article 6(2) to (3) of GDPR, Section 115/K(c) to (d) and (g) of Act XXXIII of 1995 (hereinafter referred to as ’the Patent Act’), Section 5(2) of Decree 16/1996. (III. 20.) IKM, Section 1(7) of Decree 17/2005. (III. 26.) GKM, Section 7 of Act CXCVI of 2011, Sections 1 and 2 of Act CVI of 2007
 Section 3(j) of Act LXVI of 1995
 Article 6(1)(c) or (e) and Article 6(2) to (3) of GDPR, Section 114/G(9) to (12) of the Patent Act, Section 28(1) of Act XXXVLIII of 1991, Section 53/D of the Patent Act with the application of Section 17(6) of Act XXXIX of 1991, Section 32/B of Act XLVIII of 2001, Section 46/D of Act XI of 1997 (hereinafter referred to as ’Trade Mark Act’) with the application of Section 112(6) to (8) and (9), Sections 41/E and 41/G of Act LXXVI of 1999, Sections 83 and 149 of Act XCIII of 2016, Section 41 of Act LXXVI of 2014, Section 27 of Act CL of 2016, point 11 of Section 1, Sections 2 and 25 of Act CCXXII of 2015
 Article 4 point 11, Article 6(1)(a) and Article 7 of GDPR
 Article 6(1)(c) or (e) and Article 6(2) to (3) of GDPR, Section 114/G(9) to (12) of the Patent Act, Section 28(1) of Act XXXVLIII of 1991, Section 53/D of the Patent Act with the application of Section 17(6) of Act XXXIX of 1991, Section 32/B of Act XLVIII of 2001, Section 46/D of Act XI of 1997 with the application of Section 112(6) to (8) and (9), Sections 41/E and 41/G of Act LXXVI of 1999, Sections 83 and 149 of Act XCIII of 2016, Section 41 of Act LXXVI of 2014, Section 27 of Act CL of 2016, point 11 of Section 1, Sections 2 and 25 of Act CCXXII of 2015