We call your attention to the fact that – in order to ensure the security of your data – you should not give or disclose your access code, password and other data necessary for using the e-administration service to any third party. The HIPO does not assume responsibility for any damages incurred or abuses committed as a result of giving or disclosing such data to any third party.
The HIPO (H-1081 Budapest, II. János Pál pápa tér 7.) is the controller of personal data.
Set of personal data processed, purpose, scope, legal basis and duration of the data processing
In official intellectual property matters it is possible to use the electronic administration service.
Only those personal data must be provided to HIPO on the appropriate form through the e-administration service which are prescribed by the relevant legislation and for the processing of which the HIPO is authorized pursuant to the authorization rules of the legislation; the HIPO processes the data subject’s e-mail address and all further personal data that the data subject provides to it.
After registration of a partner card, the HIPO processes the data subject’s name, user name, address, area of activity, the reasons for their registration or the data concerning their geographical location (PATLIB centre, chamber information point, county), the source of information on the registration opportunity, and it stores the imprint of the data subject’s password encoded.
After identification by the client gateway or identification of a partner card based on identification by the client gateway, the HIPO processes, besides the afore-mentioned, the data subject’s connection code necessary for their re-identification, which is forwarded to the HIPO by the central system.
In the case of mandatorily provided personal data, the legal basis of data processing is formed by the provisions of the relevant legislation [Article 114/G(9) to (12) of Act XXXIII of 1995 on the Protection of Inventions by Patents (Patents Act); Article 28(1) of Act XXXVIII of 1991 on the Protection of Utility Models (Utility Models Act); Article 53/D of the Patents Act with the application of Article 17(6) of Act XXXIX of 1991 on the Legal Protection of Topographies of Microelectronic Semiconductor Products (Topographies Act); Article 32/B of Act XLVIII of 2001 on the Legal Protection of Designs (Designs Act); Article 46/D of Act XI of 1997 on the Protection of Trade Marks and Geographical Indications (Trade Marks Act) with the application of Article 112(6) to (8) and (9) of the Trade Marks Act; Articles 41/E and 41/G of Act LXXVI of 1999 on Copyright (Copyright Act); Articles 83 and 149 of Act XCIII of 2016 on the Collective Management of Copyrights and Neighbouring Rights (Collective Management Act); Article 41 of Act LXXVI of 2014 on Scientific Research, Development and Innovation (RDI Act)], while in the case of voluntarily provided personal data, the legal basis of the data processing is the consent of the data subject, expressed in an implicit manner when filling in the data [on the basis of Article 5(1)(a) of the Information Act; Article 6(7) of the Information Act, as well as, if applicable, Article 6(5) of the Information Act]. The HIPO processes the data in the case of mandatory data processing for a period appropriate to the type of industrial property protection, and in the case of voluntarily provided data until the withdrawal of the consent.
On the e-administration page of the website under the ‘general information’ section you can find information on the types of official procedures which may be managed electronically and on the personal data processed in such proceedings by the HIPO.
In case of filing an electronic request on the basis of identification by the client gateway, the HIPO forwards to the data subjects the electronic documents containing personal data defined in the industrial property laws (Patents Act, Utility Models Act, Topographies Act, Designs Act, Trade Marks Act), in the Copyright Act, the Collective management Act and the RDI Act via the central electronic service system.
The purpose of data processing is the following: deciding on the request filed by electronic means and conducting of the official proceedings; providing information; keeping in contact by electronic means; in case of a two-way communication bound to identification by the client gateway or identification of a partner card, sending of the HIPO’s decision or the extract from the Register to the client’s electronic memory space; as well as enforcing the rights and complying with the obligations in connection with industrial property protection.
The HIPO processes any further personal data in connection with the electronic administration under the governing rules of the title of protection in respect of which the electronic means were used. The personal data provided during the partner card registration will be processed by the HIPO until erasure of the partner card registration.
Persons having access to the data, data processors
The data are processed exclusively by the employees of the HIPO authorized to do so, the HIPO does not use any data processor for processing the data.
The HIPO transfers data to third persons only if this is prescribed by an Act of Parliament or if the data subject expressly and credibly consented thereto.
The HIPO processes personal data with the utmost care, in strictest confidence and only to the extent required for the use of the e-administration, and, in the case of consent, according to the instructions, if any, of the consenting person.
The HIPO endeavours with the utmost care to process personal data safely, therefore it took the appropriate technical and organizational measures and adopted the procedural rules necessary to give effect to the legislation regarding data processing and data protection. The HIPO will revise these measures and rules at regular intervals and amend them, if necessary.
Rights of users in connection with the processing of personal data relating to them and the modalities of exercising such rights
Everybody is entitled to request information on data relating to them and processed by the HIPO, on the sources from where they were obtained, on the purpose, legal basis and duration of processing, on the circumstances and effects of any data protection incident which occurred and the measures taken in order to counteract it, and – if the data of the data subject are transferred to third parties – on the legal basis of the transfer and the recipients of the data.
The HIPO provides the information in writing and within the shortest possible period of time following the submission of the request, however, not later than within 25 days; the provision of information may be denied only in cases defined by the relevant Act of Parliament. Should the request for information be denied, the HIPO notifies the data subject of this in writing by referring to the relevant provision of the Act serving as a ground for the refusal, and also informs the data subject of the means available for legal redress against the decision.
Where any personal data processed by the HIPO are deemed to be inaccurate, the data subject may request that they be corrected. If the correct personal data are at the controller’s disposal, the HIPO rectifies the personal data in question.
Personal data shall be erased if
- their processing is unlawful;
- they are incomplete or inaccurate and this deficiency cannot be lawfully remedied;
- the purpose of the processing ceased to exist or the time period for storing the data expired;
- so ordered by court or the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter referred to as “the Authority”).
The erasure may be initiated by the data subject with a written request filed with the HIPO.
The HIPO blocks the personal data if the data subject requests this at least in a private document providing conclusive evidence or, based on the information available to the HIPO, erasure of the data requested by the data subject would presumably violate the legitimate interests of the data subject. Blocked personal data may be processed only as long as the purpose which prevented erasure of the personal data remains valid.
If the accuracy of an item of personal data is contested by the data subject and its inaccuracy or incorrectness cannot be ascertained beyond doubt, the HIPO tags the personal data in question.
The person filing the request must be notified by the HIPO in writing ̶ with the consent of the concerned by electronic means – within 25 days from filing the request of any correction, blocking, tagging or erasure, i.e. that the request has been granted or that there is an obstacle to do so. In the latter case the HIPO must also provide factual and legal grounds for the refusal and inform the data subject of the possibilities for seeking legal redress.
The data subject is entitled to object to the processing of personal data related to him if
- personal data have to be processed or transferred exclusively to comply with the legal obligations of the HIPO, or to enforce the legitimate interests of the HIPO, the data recipient or a third party (unless processing is mandatory);
- personal data are used or transferred for the purposes of direct marketing, public opinion surveys or scientific research.
The HIPO examines the objection lodged within 15 days of its receipt and grants the request expressed in the objection if it can establish beyond doubt that the objection is well-founded; it also notifies the decision in writing to the person who filed the objection. If the objection is rejected, the HIPO must notify the data subject in writing, within 15 days, stating the grounds for its decision in a form conforming to the objection (on paper or by electronic means).
In case of the rejection of the objection, if the data subject disagrees with the decision made in the case or if the HIPO fails to observe the deadline, the data subject may turn to court.
Everyone who considers that their rights were infringed in the course of the data processing by the HIPO may turn to court or to the Authority. The court shall hear such cases in priority proceedings. The Budapest-Capital Regional Court (Fővárosi Törvényszék) is competent to hear the case, however, if so requested by the data subject, legal proceedings may also be started before the court competent according to the permanent or temporary residence of the data subject.