Privacy Notice on the processing of personal data on the Patent Group website www.patentgate.eu

Members of the Patent Group:

Patent Védelem Security Kft. 9024 Győr, Mécs L. u. 7. Asz.: 26540575-2-08
S.P. Vagyonkezelő Kft. 9024 Győr, Mécs L. u. 7. Asz.: 11698799-2-08
Patent Őr Zrt. 9024 Győr, Mécs L. u. 7. Asz.: 26173247-2-08
Patent Biztonságtechnika Kft. 9024 Győr, Mécs L. u. 7. Asz.: 23500941-2-08
Patent Távfelügyelet Kft. 9024 Győr, Mécs L. u. 7. Asz.: 14996474-2-08

(Hereinafter referred to as the "Company"), as joint controllers, carry out their data processing activities in accordance with Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information (Info tv.) and Regulation 2016/679 of the European Parliament and of the Council ("GDPR"). The purpose of this notice is to provide visitors who contact the www.patentgate.eu website with information about the data processed by the Group and other activities related to data processing. The terms used in this notice have the same meaning as defined in the EU Regulation 2016/679 ("GDPR").

„personal data” means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

„processing” means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

„restriction of processing” means the marking of stored personal data for the purpose of restricting their future processing.

„profiling” means any form of automated processing of personal data whereby personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with the performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person.

„pseudonymisation” means the processing of personal data in such a way that it is no longer possible to identify the natural person to whom the personal data relate without further information, provided that such further information is kept separately and technical and organisational measures are taken to ensure that no natural person who is identified or identifiable can be linked to that personal data.

„filing system” means a set of personal data, structured in any way, whether centralised, decentralised or structured according to functional or geographical criteria, which is accessible on the basis of specified criteria.

„controller” means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law.

„processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of a controller.

„recipient” means a natural or legal person, public authority, agency or any other body to whom or with which personal data is disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing.

„third party” means a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.

„data subject's consent” means a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act unambiguously expressing his or her consent, that he or she signifies his or her agreement to the processing of personal data relating to him or her.

„data breach” means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

„genetic data” means any personal data relating to the inherited or acquired genetic characteristics of a natural person which contains specific information about the physiology or state of health of that person and which results primarily from the analysis of a biological sample taken from that natural person.

„biometric data” means any personal data relating to the physical, physiological or behavioural characteristics of a natural person obtained by means of specific technical procedures which allow or confirm the unique identification of a natural person, such as facial image or dactyloscopic data.

„health data” means personal data relating to the physical or mental health of a natural person, including data relating to the provision of health services to a natural person which contain information about the health of the natural person.

„activity centre”: (a) in the case of a controller having establishments in more than one Member State, the place of its central administration within the Union, but where decisions concerning the purposes and means of the processing of personal data are taken at another place of activity of the controller within the Union and the latter place of activity has competence to implement those decisions, the place of activity which takes those decisions shall be considered the centre of activity; (b) in the case of a processor having its place of business in more than one Member State, the place of its central administration within the Union or, where the processor does not have a central administration in the Union, the place of business of the processor within the Union where the main processing activities in relation to the activities carried out at the place of business of the processor take place, where the processor is subject to obligations under this Regulation.

„representative” means a natural or legal person established or resident in the Union and designated in writing by the controller or processor pursuant to Article 27 to represent the controller or processor in relation to the obligations incumbent on the controller or processor under this Regulation.

„enterprise” means any natural or legal person carrying on an economic activity, regardless of its legal form, including partnerships or associations carrying on a regular economic activity.

„group of undertakings” means the controlling undertaking and the undertakings controlled by it.

„binding corporate rules” means the rules on the protection of personal data followed by a controller or processor established in the territory of a Member State of the Union in one or more third countries in respect of the transfer or series of transfers of personal data by a controller or processor within the same group of undertakings or the same group of undertakings engaged in joint economic activities.

„supervisory authority” means an independent public authority established by a Member State in accordance with Article 51.

„supervisory authority concerned” means a supervisory authority which is concerned by the processing of personal data for one of the following reasons: (a) the controller or processor has an establishment, in the territory of the Member State of that supervisory authority; (b) the processing significantly affects or is likely to significantly affect data subjects residing in the Member State of the supervisory authority; (c) a complaint has been lodged with that supervisory authority.

„cross-border processing of personal data” means (a) the processing of personal data within the Union in the context of activities carried out by a controller or processor established in more than one Member State at sites located in more than one Member State; or (b) the processing of personal data within the Union in the context of activities carried out by a controller or processor at a single site, where the processing significantly affects or is likely to significantly affect data subjects in more than one Member State.

„relevant and reasoned objection” means an objection to a draft decision, raised with regard to whether this Regulation has been infringed or whether the envisaged measure concerning the controller or processor is in compliance with this Regulation; the objection must clearly demonstrate the significance of the risks posed by the draft decision to the fundamental rights and freedoms of data subjects and, where applicable, to the free flow of personal data within the Union.

„information society service” means a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council (1).

„international organisation” means an organisation governed by public international law, or its subsidiary organs, or any other body which is established by or under an agreement between two or more States.

The Company shall process personal data in a lawful and fair manner, for a specific purpose, in a data sparing, accurate, limited storage, confidential and accountable and transparent to the data subject.

Personal data:

• collected only for specified, explicit and legitimate purposes
• may be handled only in a manner compatible with those purposes
• must be appropriate and relevant
• be limited to the minimum necessary
• be accurate and, where necessary, up to date
• be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
• ensure adequate security of the data during processing, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage

Purpose of data processing: the Company operates a contact point on its website www.patentgate.eu, the purpose of which is to contact prospective partners. To activate the contact point, it is necessary to accept the privacy statement on the website.

Categories of data processed: first name, surname, e-mail address, other personal data provided by the sender in the message

Legal basis for processing: the data subject's voluntary consent pursuant to Article 6(1)(a) of the EU General Data Protection Regulation 2016/679

Processing period: until the withdrawal of the data subject's consent. The data subject may withdraw his or her consent to the processing at any time by contacting the contact details provided in the privacy notice.

The transfer of data to the data processor.

Data controllers entitled to access personal data and recipients of personal data: persons authorised to represent the Company, staff of the Marketing Department, staff of the Data Processor and the Data Protection Officer

In operating the website, the data controller uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", text files that are stored on your computer to help the website analyze the use of the website visited by the User.

The information generated by the cookie about your use of this website will be transmitted to and stored by Google on servers in the United States. By activating the IP anonymisation on the website, Google will previously shorten the User's IP address within the Member States of the European Union or in other states party to the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage.

The IP address transmitted by the User's browser within the framework of Google Analytics will not be merged with other data held by Google. The storage of cookies can be prevented by the User by setting the appropriate settings on his browser. The User may prevent the collection and processing of data (including the IP address) about the User's use of the website by Google through cookies by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu.

Right of access

The data subject has the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data collected by the controller.

The right to rectification

The data subject shall have the right to obtain from the controller, at his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her. Having regard to the purposes of the processing, the data subject shall have the right to obtain the rectification of incomplete personal data, including by means of a supplementary declaration.

Right to erasure

The data subject shall have the right to obtain, upon his or her request, the erasure of personal data concerning him or her without undue delay by the controller, and the controller shall be obliged to erase personal data without undue delay in the circumstances set out in Article 17(1) of Regulation EU 2016/679.

The right to be forgotten

Where the controller has disclosed personal data and is under an obligation to erase it, the controller shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that process the data that the data subject has requested the erasure of the links to or copies of the personal data in question.

Right to restriction of processing

The data subject shall have the right to obtain, at his or her request, the restriction of processing by the controller where one of the following conditions is met:

• the data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the controller to verify the accuracy of the personal data
• the processing is unlawful and the data subject opposes the erasure of the data and requests instead that its use be restricted
• the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims
• the data subject has objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller prevail over the legitimate grounds of the data subject.

The right to data portability

The data subject has the right to receive personal data relating to him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, if the processing is based on consent in accordance with Article 6(1)(a) of Regulation EU 2016/679 and the processing is carried out by automated means.

Automated decision-making on individual cases, including profiling

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

The previous paragraph shall not apply where the decision:

• necessary for the conclusion or performance of a contract between the data subject and the controller
• is permitted by Union or Member State law applicable to the controller, which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject
• is based on the explicit consent of the data subject.