Privacy policy

Privacy policy related to the use of the website of the National Board Against Counterfeiting

Introductory remarks

The National Board Against Counterfeiting (hereinafter ‘NBAC’) and the Hungarian Intellectual Property Office (hereinafter ‘HIPO’) pay particular attention to proceeding in compliance with the General Data Protection Regulation of the European Union [1] (hereinafter ‘GDPR’), with the Hungarian Data Protection Act [2] (hereinafter ‘Act CXII of 2011’), with other laws, with the guidelines of the European Data Protection Board [3] and the still applicable guidelines of the Article 29 Working Party [4], as well as with the established data protection practice of the Hungarian National Authority for Data Protection and Freedom of Information [5] (hereinafter ‘the Authority’).

The Secretariat of NBAC operated by HIPO hereby informs the visitors of the NBAC website (http://hamisitasellen.hu/home/) on the personal data it processes in connection with the website, on its practice in the processing of personal data, as well as on the modalities and possibilities for data subjects to exercise their rights.

The NBAC Secretariat reserves the right to make changes to this privacy policy unilaterally and at any time. Should there be a change to the policy, data subjects will be informed thereof in the news and a notice published on this website.

I. The controllers and their contact details

The controller of personal data is the Hungarian Intellectual Property Office and the National Board Against Counterfeiting, as independent or joint controllers:

Hungarian Intellectual Property Office National Board Against Counterfeiting (can be contacted via its Secretariat at)
Headquarters: 1081, Budapest, II. János Pál pápa tér 7. 1081, Budapest, II. János Pál pápa tér 7.
Central phone number: +36-1/312-4400 +36-1/312-4400
Address: 1438 Budapest, pf. 415. 1438 Budapest, pf. 415.
Central email address: sztnh@hipo.gov.hu hent@hipo.gov.hu

II. The data protection officer of HIPO and her contact details

Name of HIPO’s data protection officer: Krisztina Hegedüs

E-mail address of HIPO’s data protection officer: adatvedelem@hipo.gov.hu

III. Personal data processing in connection with the website, its purpose, legal basis and duration

III.1. Data processing in connection with visits to the website

During visits to the website of NBAC, the technical data (log data) considered as personal data automatically generated in connection with the type of browser used, the IP-address, port number, the domain name (URL), the date of visit and the list of pages visited are processed by HIPO, as an independent controller, with regard to the establishment and maintenance of the internet connection.

The purpose of data processing is to prevent any potential abuses and to enable their detection (information security purpose).

Legal basis of data processing: the processing is necessary for the performance of a task carried out in the public interest [GDPR Article 6(1)(e) and 6(2) to (3)], with special regard to

  • Sections 115/D to 115/L, and in particular Section 115/K(c) to (e) of Chapter XIV/C of Act XXXIII of 1995 on the protection of inventions by patents laying down detailed rules relating to the legal status, financial management, tasks and competences of HIPO,
  • the provisions of Act L of 2013 on the electronic information security of state and local government organs,
  • the provisions of Decree 41/2015 (15 July) of the Ministry of the Interior on the requirements relating to technological security, secure information devices, products, as well as classification into security class and security level specified in Act L of 2013 on the electronic information security of state and local government organs,
  • the provisions of Government decree 287/2010 (15 December) on the National Board Against Counterfeiting.

HIPO processes log data of visits to the website for a period of three months.

III.2. Data processing in connection with information provided and tenders invited on the website

NBAC and HIPO, as joint controllers, make available on the NBAC website information on the news and events pertaining to its activities, including information on the winners of the tenders invited and the prizes awarded by NBAC, in respect of which they process the data subjects’ certain, where applicable, publicly available personal data (e.g. name, CV data, photo).

The purpose of data processing is dissemination of information concerning intellectual property and its protection, as well as the development of industrial property and copyright culture.

Legal basis of data processing: the processing is necessary for the performance of a task carried out in the public interest [GDPR Article 6(1)(e) and 6(2) to (3)], with special regard to

  • Sections 115/D to 115/L, and in particular Section 115/K(c) to (e) of Chapter XIV/C of Act XXXIII of 1995 on the protection of inventions by patents laying down detailed rules relating to the legal status, financial management, tasks and competences of HIPO,
  • the provisions of Act CXXV of 2018 on Government administration,
  • the provisions of Government decree 287/2010 (15 December) on the National Board Against Counterfeiting.

NBAC and HIPO process documents containing data as documents of lasting value, in accordance with the provisions of Act LXVI of 1995 on public records, public archives and the protection of private archive materials.

III.3. Getting in contact, keeping in contact, giving information

NBAC and HIPO, as joint controllers, ensure the possibility to contact with them via the contact details provided in the contact menu item of the NBAC website, as well as to inquire about the services provided by NBAC in the exercise of its activities. In the course of such contacts they process the first name, surname and contact details (e-mail address or even phone number), and other personal data given when asking for information.

The purpose of processing is to enable to get in contact, keep in contact, and provide information.

Legal basis of data processing: the processing is necessary for the performance of a task carried out in the public interest [GDPR Article 6(1)(e) and 6(2) to (3)], with special regard to

  • Sections 115/D to 115/L, and in particular Section 115/K(c) to (e) of Chapter XIV/C of Act XXXIII of 1995 on the protection of inventions by patents laying down detailed rules relating to the legal status, financial management, tasks and competences of HIPO,
  • the provisions of Act CXXV of 2018 on Government administration,
  • the provisions of Government decree 287/2010 (15 December) on the National Board Against Counterfeiting.

HIPO processes the data relating to contacts for five years.

III.4. Data processing for statistical purposes

In connection with visits to the website HIPO collects – with the software named ‘Matomo’ – data for statistical purposes on the number of visits to the different webpages; these data cannot be connected to the data subjects and the data processing does not involve personal data.

III.5. Information on cookies

The NBAC website does not use cookies for its operation or for making statistics.

When visitors view videos embedded in NBAC’s website, the following two cookies will be stored in the LocalStorage, unless the user previously prohibited it through the settings of his IT device.:

Cookies
Designation Provider Purpose
yt-remote-connected-devices YouTube storage of the settings of user’s video player by means of the embedded YouTube videos
yt-remote-device-id

Further information on the data processing of the YouTube channel are available at: https://policies.google.com/privacy?hl=en.

IV. Persons having access to the personal data, recipients

The data are processed exclusively by the employees of HIPO authorized to do so and by the members of NBAC.

HIPO uses the services of the following companies:

  • Bohl Software Consulting Informatics Limited Liability Company (H-1131, Madarász Viktor u. 13., building 4, VI/97., company registration number: 01-09-949932) for the operation of the website infrastructure,
  • Agox IT Services Provider Commercial Limited Partnership (1061 Budapest, Király utca 30-32. B. ép. 5. em. 509., company registration number: 01-06-772208) for the operation of the website application, and
  • Invitech Solutions Private Company Limited by Shares (2040 Budaörs, Edison utca 4., company registration number: 13-10-041599) for hosting,
    which enterprises are processors in the course of these activities pursuant to the GDPR. The data processors perform tasks of a technical nature according to the instructions of HIPO.

HIPO transfers personal data to third persons only if this is prescribed by an Act or if the data subject has credibly consented thereto. If proceedings are started before a court or other authority and in the framework of such proceedings it becomes necessary to transfer personal data to the competent court or other authority, the given court or authority may also access the personal data.

V. Data security

HIPO, its data processors and their employees are authorised to get to know and process personal data exclusively to the extent that it is necessary in order to perform their task of data processing. HIPO and its data processors take all security, technical and organisational measures that are necessary for ensuring data security.

V.1. Organisational measures

HIPO allows access to its IT systems on condition of personal authorisation. When deciding on access, the “principle of necessary and sufficient rights” is applied, i.e. each user may use the system only to the extent necessary for the performance of their duties at work, with the authorisations corresponding to such duties and for the necessary duration. Only those persons may get access to the system who are not excluded on security or other (e.g. conflict of interest) grounds, and have the necessary knowledge in the technical, business, data protection and information security fields.

The employees of HIPO, as well as the data processors and their employees, are subject to a strict obligation of confidentiality, and in the course of the performance of their duties they are required to act in accordance with these rules of confidentiality.

V.2. Technical measures

In order to ensure their confidentiality, integrity and availability, HIPO stores its data, except for data stored by its data processors, in its own servers in a protected data centre. The IT devices storing the data are kept by HIPO in a separate and locked server room protected by an access control system that verifies authorisation.
HIPO protects its internal network by a multi-level firewall defence. At the entry points of its public networks there is in each case a hardware device for border control. Data are stored redundantly by HIPO to protect them from accidental destruction, loss, injury owing to a failure of the IT devices, or from unlawful destruction.

HIPO protects its internal networks from external attacks by multi-level (network, infrastructural, and application level), active, complex antiviral protections, and it constantly monitors the protection measures to detect potential breaches. HIPO ensures indispensable external access to the IT systems and data bases it operates via an encrypted data connection.

HIPO makes every effort to ensure that its IT tools and software continuously comply with the generally recognized technological standards. Its systems have been developed so that by means of logging all performed operations can be controlled and traced, and breaches can be detected.

VI. Rights of users in connection with the processing of their personal data related to the use of the website and the modalities of exercising these rights

For NBAC and HIPO (hereinafter together ‘controllers’) it is important that their data processing should comply with the requirements of fairness, lawfulness and transparency. In order to achieve this, you may request information on the processing of your personal data and may exercise the rights set out in this point. In order for you to be aware of your rights and of the conditions for exercising them, we provide you with the following information. For exercising some of these rights data subjects need a specified legal basis; and the information presented below on the different rights includes these conditions as well.

Should you have any complaint or request concerning data processing, we kindly request you to contact first the NBAC Secretariat or HIPO so that they can deal with the complaint jointly. The contact details of the NBAC Secretariat and of HIPO can be found in point I, and those of the data protection officer of HIPO in point II.

VI.1. Right of access

At your request filed at any of the contact addresses of HIPO you are entitled to obtain information on the personal data processed by the controllers, in particular on

  • whether your personal data are being processed, and if so, on
    • the purpose(s) of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipient to whom the personal data have been or will be disclosed by the controllers (in the case of recipients in third countries or international organisations, including the safeguards relating to such data transfer);
    • the envisaged period for which the personal data will be stored or the criteria used to determine that period;
    • the right to request rectification or erasure of your personal data or restriction of processing of your personal data or to object to such processing;
    • the right to lodge a complaint with the supervisory authority;
    • where the personal data were not collected from you, any available information as to their source.

HIPO, if requested to do so, provides a copy of the personal data or of the documents containing those data to the data subject, provided this does not adversely affect the rights and freedoms of others.

VI.2. Right to rectification

At your request filed at any of the contact addresses of HIPO, you have the right to obtain from the controllers the rectification of your inaccurate personal data, as well as the right to have your incomplete personal data completed, considering also the purposes of the processing.

If information necessary to further specify or supplement incorrect information is not available to the controllers, HIPO may request the submission of such supplementary data and the verification of the accuracy of the data. As long as the further specification or supplementing of data cannot be carried out for lack of supplementary information, HIPO restricts the processing of the personal data concerned and temporarily suspends operations thereon, with the exception of storage and further data processing possibilities specified in the GDPR.

VI.3. Right to erasure

You have the right to request, in a submission filed at any of the contact addresses of HIPO, the erasure of your personal data which are processed by the controllers, if

  • the personal data are no longer necessary for the purposes for which they were processed by the controllers;
  • you withdraw consent on which the processing is based, and there is no other legal ground for the processing;
  • you object to the processing, and there are no overriding legitimate grounds for further processing;
  • you have concerns that your personal data have been unlawfully processed;
  • the personal data have to be erased to comply with a legal obligation to which NBAC is subject;
  • the personal data have been collected in relation to the offer of information society services.

HIPO does not comply with the request for erasure and does not inform the other controllers of the request for erasure provided that processing is necessary

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by law to which both controllers or either one of them is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in HIPO;
  • for reasons of public interest in the area of public health as laid down in the GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.

If pursuant your request HIPO establishes that there is indeed an obligation to erase your personal data processed by the controllers, it discontinues data processing and erases previously processed personal data or invites NBAC to do the same. Moreover, an obligation to erase personal data may also occur if the right to object is exercised or there is an obligation provided for by a law.

VI.4. Right to restriction of processing

You have the right to request, in a written submission filed at any of the contact addresses of HIPO, the restriction of your personal data which are processed by the controllers, in the following cases:

  • you have concerns that the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead;
  • the controllers no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
  • if processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controllers or if processing is necessary for the purposes of the legitimate interests pursued by the controllers or by a third party, and you objected to the processing.

HIPO automatically restricts processing of personal data if you contest their accuracy.

Where processing has been restricted, such personal data are, with the exception of storage, only processed by HIPO with your consent, or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

You will be previously informed by HIPO before the restriction of processing is lifted.

VI.6. Right to object

You have the right to object, in a written submission filed at any of the contact addresses of HIPO, to the processing of your personal data by the controllers if processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controllers or if processing is necessary for the purposes of the legitimate interests pursued by the controllers or by a third party. In this case HIPO examines whether at the time the objection is made there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or which relate to the establishment, exercise or defence of legal claims. If HIPO is unable to prove the existence of any of these grounds, it erases your personal data.

VII. The procedure of HIPO where the data subject exercises his or her rights

HIPO assists everybody in the exercise of his or her rights if it can identify the person filing the request. In order to fulfil the request HIPO must confirm that it is indeed the data subject concerned who wishes to exercise their rights. If HIPO cannot identify the person filing the request, it asks for further information necessary for identification.

HIPO should reply to you within the shortest possible period of time, which should not exceed one month, and inform you of the measure, if any, taken pursuant to the request. However, taking into account the complexity of the request and additional requests filed by any other third parties thereto, the time limit for providing information of the measures taken may be extended to a maximum of three months. If the time limit is extended, HIPO notifies the person concerned within one month and indicates the reasons therefor.

HIPO provides the information of the measure taken in the manner (primarily by post or electronically) as you request it, provided HIPO can comply with that request. If you file the request electronically, you will receive the information electronically, unless you request it otherwise.

HIPO provides the requested information free of charge, unless the request is clearly unfounded or excessive.

HIPO communicates any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. HIPO informs you about those recipients if you request it.

VIII. Exercise of rights after the death of the data subject [6]

Within five years of the death of the data subject, the right of access, the right to rectification, the right to erasure, the right to restriction of processing, and the right to object may be exercised by the person who was authorised in a declaration before the controllers by the data subject in a mandate or a public or certified private instrument.

In the absence of a declaration, the right to rectification and the right to object and – if the data processing was already unlawful during the life of the data subject, or the purpose of data processing ceased by the death of the data subject – the right to erasure and the right to restriction of processing may be exercised by that close relative (spouse, next of kin, adopted child, stepchild, foster child, adoptive parent, stepparents, foster parent, and sibling) of the deceased who acts first.

The person exercising those rights has to prove the death of the data subject and the date thereof by a death certificate or a court decision together with their own identity and, where appropriate, their quality of close relative by an authentic instrument.

Thereafter the person exercising the rights is entitled to the same rights which belonged to the data subject and is also subject to the same obligations.

At the request of a close relative HIPO informs them of the measures taken in accordance with this point, except if the data subject prohibited it in any of the documents referred to in paragraph (1).

IX. Remedies

If you consider that the controllers process your personal data improperly or even contrary to laws, or if the controllers do not, or not adequately, comply with your request, you may avail yourself of several types of legal remedies.

IX.1. Filing a complaint with HIPO

Please, first of all, address your complaint to the NBAC Secretariat or to HIPO, so that it should be dealt with jointly. The contact details of the NBAC Secretariat and of HIPO can be found in point I, and those of the data protection officer of HIPO in point II.

IX.2. Instituting court proceedings

You have the option to seek judicial remedy if you think that your rights have been infringed by the personal data processing activities of the controllers. The relevant provisions of the GDPR, Act CXII of 2011, the Civil Code and Code of Civil Procedure apply to the lawsuit. The court is competent to adjudicate the lawsuit. The lawsuit may also be instituted, at your choice, at the court according to the seat of the controllers or at the court according to your domicile (the list of courts and their contact details can be found at: http://birosag.hu/torvenyszekek). Before instituting court proceedings, it may be expedient to consult an attorney-at-law about the questions related thereto.

IX.3. Making a complaint with the National Authority for Data Protection and Freedom of Information

If you consider that your rights as a data subject have been infringed as a result of the processing of personal data by the controllers, you also have the following possibility of remedy: you may lodge a complaint with the National Authority for Data Protection and Freedom of Information at any of the following contact details (seat: 1055 Budapest, Falk Miksa utca 9-11., postal address: 1363 Budapest, Pf. 9., phone: +36-1-391-1400, fax: +36-1-391-1410, e-mail: ugyfelszolgalat@naih.hu, website: https://www.naih.hu/).