Privacy policy
Data protection
Controller of personal data
|
Controller’s |
|
|
name: |
Hungarian Intellectual Property Office |
|
seat: |
1081 Budapest II. János Pál pápa tér 7. |
|
postal address: |
1438 Budapest, pf. 415. |
|
phone number: |
+36 (1) 312 4400 |
|
e-mail address: |
Data Protection Officer
|
Data Protection Officer’s |
|
|
e-mail address: |
|
|
phone number: |
+36 (1) 474 5941 |
|
postal address: |
1438 Budapest, pf. 415. |
Various data processings
General aspects of processing your data
If official proceedings are initiated before a court or other authority and the transfer of personal data becomes necessary
in the course of such proceedings, the court or authority, as the recipient, shall be entitled to access the personal data.
Under the provisions of the law and agreements concluded with the Office, including in particular data utilization agreements,
personal data may be transferred to other recipients, such as private individuals or private organizations, for specific purposes.
In addition to the above, HIPO does not transfer personal data to other data controllers, data processors, recipients established
in third countries, or international organizations.
If you would like further information about data transfers or wish to exercise your rights as a data subject, please contact
our data protection officer directly.
HIPO engages contributors to assist with its organizational operations, the continuation of its activities, and the processing
of personal data generated in the course of these activities. Contributors may be data controllers (e.g., platform providers)
or data processors (e.g., IT service providers performing specific tasks or enabling data storage).
Data processors may not make decisions regarding data management related to the activities of the Office; they are only authorized
to process personal data in accordance with the contract concluded with the HIPO and the instructions received from it. The
HIPO only uses data processors that guarantee a level of data security commensurate with the level of risk through appropriate
technical and organizational measures. The specific tasks and responsibilities incumbent upon the data processor are set out
in the contract between HIPO and the data processor.
In the event of an error or other problem occurring in the IT systems of the HIPO, data processors responsible for performing
certain operational tasks within the office's IT infrastructure may access systems containing personal data.
The activities of HIPO are supported by the following data processors
The Office and its processors shall have the right to access the data subject's personal data to the extent necessary for the performance of their tasks or duties. The Office shall take all security, technical and organisational measures necessary to ensure the security of personal data.
The Office allows access to its IT systems with access rights that can be linked to an individual. The principle of "necessary
and sufficient rights" applies to the allocation of access, i.e. all users may use the IT systems and services of the Office
only to the extent necessary for the performance of their tasks, with the corresponding rights and for the necessary duration.
Only a person who is not restricted for security or other (e.g. conflict of interest) reasons and who has the professional,
business and information security skills necessary to use the IT systems and services safely may have the right to access
them.
The Office and its data processors are bound by strict confidentiality rules and are required to act in accordance with these
confidentiality rules in the course of their activities.
The Office stores the data on its own equipment in a data centre. The IT tools that store the data are stored in a separate,
locked server room with an alarm system, protected by a multi-level access control system with authorisation control.
The Office protects its internal network with multiple layers of firewall protection. The access points to the public networks
used are always equipped with hardware border protection devices (firewalls). Data are stored by the Office on multiple servers
to protect them from destruction, loss, damage due to malfunction of IT equipment, or from unlawful destruction.
The Office protects its internal networks from external attacks with multiple layers of active, complex malware protection
(e.g. virus protection). Indispensable external access to the IT systems and databases operated by the Office is provided
via an encrypted data connection (VPN).
The Office does its utmost to ensure that its IT tools and software are always in line with the technological solutions generally
accepted in the market.
The Office is developing systems to control and monitor operations and detect incidents (such as unauthorised access) through
logging.
If the data subject submits a request concerning the processing of personal data by the Office, the latter shall inform the
data subject of the measures taken or the reasons for non-taking of such measures within one month at the latest from the
day following the receipt of the request, and in the case of not taking measures shall inform the data subject of his or her
right to lodge a complaint and to seek judicial remedy. If the complexity or number of requests received by the Office so
justifies, the Office may extend the time limit by up to two additional months. The Office will inform the person concerned
of the extension and the reasons for it within one month of receipt of the request.
In order to protect the rights of the data subject and to meet the requirements of data security, the Office will verify the
identity of the data subject and the person to whom the rights relate, and will request additional information where necessary.
The data subject has the right to be informed by the Office whether or not his or her personal data are being processed and, if so, to be informed in particular of
- the purposes of the processing
- the categories of personal data processed;
- the recipients or categories of recipients to whom or to which the Office has communicated or will communicate the personal data (including, where applicable, the safeguards for the transfer);
- the envisaged duration of the storage of personal data or the criteria for determining that duration;
- the right to request the rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data;
- the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information;
- if the data is not from him, the source of the data.
Upon request, the Office will provide the data subject with a copy of the personal data it processes or of a document containing such data, provided that this does not adversely affect the rights and freedoms of others. It will comply with the first copy request free of charge, after which it will charge a reasonable fee based on administrative costs or refuse to provide a copy.
The data subject shall have the right to obtain from the Office the rectification of inaccurate personal data concerning him or her and, taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed.
The data subject has the right to request the deletion of his or her personal data, which the Office will comply with, unless one of the following grounds applies: the data to be erased are necessary for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law; for the performance of a task carried out by the Office in the public interest or in the exercise of official authority vested in the Office; in the public interest in the field of public health; for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes; or for the establishment, exercise or defence of legal claims.
The data subject has the right to have the processing of his or her personal data restricted by the Office at his or her request, where
- the accuracy of the personal data is contested by the data subject;
- the processing is unlawful but the data subject opposes the erasure of the data and requests the restriction of their use;
- the Office no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims;
- the processing is based on the performance of a task carried out in the public interest or in the exercise of official authority vested in the Office, and the data subject objected to the processing.
Personal data subject to restriction will be processed by the Office, except for storage, only with the consent of the data
subject and for the establishment, exercise or defence of legal claims, the protection of the rights of another natural or
legal person or an important public interest of the European Union or of a Member State.
The Office will inform in advance the person at whose request the processing has been restricted of the lifting of the restriction.
The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data where the processing is based on Article 6 (1)(e) of the GDPR, if the data subject considers that the Office is not processing his or her personal data fairly in relation to the purposes stated in this notice. The Office is entitled to continue to process the data despite the objection, if the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the data subject or are related to the establishment, exercise or defence of legal claims.
The data subject shall have the right to receive personal data concerning him or her which he or she has provided to the Office
in a structured, commonly used, typewriter-readable format, or to request that the Office transfer the aforementioned data
to another controller, where the processing is based on Article 6 (1)(b) GDPR and is carried out by automated means.
The exercise of this right must be without prejudice to the right to erasure and the right to be forgotten.
This right may not be exercised if the processing is necessary for the performance of a task carried out in the public interest
or in the exercise of official authority vested in the Office.
The exercise of this right must not adversely affect the rights and freedoms of others.
If you believe that your rights have been infringed as a result of the processing of your data by the Office, you may
- submit a complaint to the Office using one of the following contact details: 1081 Budapest, II. János Pál pápa tér 7., postal address: 1438 Budapest, Pf. 415., central phone number: +36 (1) 312 4400, central fax number: +36 (1) 474 5534, central e-mail address: HIPO@hipo.gov.hu, e-mail address of the Data Protection Officer: adatvedelem@hipo.gov.hu;
- to protect your data, you can have recourse to the courts, which will act out of turn. The action may be brought before the Budapest-Capital Regional Court (Fővárosi Törvényszék) competent for the seat of the Office (1055 Budapest, Markó utca 27, phone number: +36 (1) 354 6000, website: https://fovarositorvenyszek.birosag.hu/ ), or the competent court in the place of residence or domicile of the person concerned, which can be found at the following website: https://birosag.hu/torvenyszekek;
