The European Patent Organisation is committed to protecting privacy and the personal data users provide when using our website.
Data protection
All personal data managed by the EPO is processed in accordance with the EPO Data Protection Guidelines, which aim to ensure the highest standards when handling user information. Please read this information carefully.
A Data Protection Officer monitors the observance of the guidelines with respect to all processing operations performed by the EPO. He/she is independent in his/her function.
EU General Data Protection Regulation (GDPR)
The EPO is an international organisation established by the European Patent Convention (EPC) and, as such, is not directly bound under the GDPR. The EPO strives to keeping its data protection framework in line with the current best practices and a recent audit report has confirmed a close alignment with the GDPR legal framework.
Privacy policy
This Privacy Policy (hereinafter "Policy") explains the
processing and use of personal data collected by the EPO on its website www.epo.org
and the services provided via this website (hereinafter the "Website").
This Policy only applies to www.epo.org. Users are encouraged to review the respective privacy
policies of those other websites in order to obtain more information about the
processing and use of personal data collected by those websites.
Controller
The controller of
personal data collected via the Website is
Communication
website@epo.org
Purposes and legal basis for the processing of the users’ personal data
When visiting and
browsing the Website, the EPO collects and stores personal data assigned to the
users' device in order to provide users with access to the Website, the
requested content as well as optimising the Website.
The following datasets
are generated on our web servers and stored in our log files:
- IP address assigned
to the user's access device - date and time of the user's request for a Web
resource (URI)
- Web resource (URI)
requested by the user
- Web resource (URI)
the user previously requested (if the referrer field is available)
- Browser and
platform information of the user's device (if the user agent field is
available)
- Size of server
response in bytes
- Time taken to
server the request
The above datasets are
stored in our logfiles and subject to analysis by software that helps us to
better understand the usage of information provided on our websites. The
purpose of such analysis is to enhance the quality of our services for the
broad public. Attribution of information in the logfiles to individuals is
neither done nor intended.
Storage and
maintenance of the above datasets is a basic requirement for the provision of
our websites and the security of our IT systems and as such not negotiable.
Social network features
The Website uses social
plug-ins of Facebook, Twitter, LinkedIn, Xing and YouTube (hereinafter the "Social
Media Providers"). In case users are logged into their respective social
network accounts (Facebook, Twitter, LinkedIn, Xing, YouTube) when visiting the
Website, the Social Media Providers might assign user's visit to their network
account. If users are using the functions of the social plug-ins, this
information will also be transmitted directly from the users' browser to the
respective Social Media Providers and may be stored there.
For more information
on the purposes, the scope and the use of the data by those Social Media
Providers, users are encouraged to review the relevant privacy policies of the
respective Social Media Providers.
Recipients of personal data
The EPO uses service
providers or other third parties to help provide the EPO products or services accessible
via the Website. Such service providers may have access to the users' personal data.
Regardless of where these service providers or other third parties are located,
the EPO requires that they also comply with the applicable laws, including the
EPO Data Protection Guidelines. The EPO uses the following categories of
service providers or other third parties: third party developers, social media
providers.
Data storage and retention period
Personal data
collected via the Website will be deleted or anonymized as soon as it is no
longer required for the purposes for which it has been collected, unless
further processing or storage of the users' personal data is necessary in order
to comply with a respective legal obligation.
Changes to this Policy
The EPO has always
strived to keep its data protection framework in line with the current developments
and best practices and will update the Privacy Policy accordingly. The EPO
encourages every user to visit this Privacy Policy regularly.
Users’ rights and how to contact the EPO
Users have the
following rights:
- Right of access: Users have the right to
request confirmation as to whether or not their personal data is being
processed, and, where that is the case, to request access to the personal data
and information such as the purposes of the processing or the categories of
personal data concerned.
- Right to rectification: Users have the right to
request the correction of inaccurate personal data.
- Right to blocking the data: Users have the
right to request the EPO to restrict the processing of their personal data
under certain circumstances, e.g. if they think that the personal data the EPO
processes about the user is incorrect or unlawful.
- Right to erasure: Users have the right to
request erasure of personal data without undue delay under certain
circumstances, e.g. if their personal data is no longer necessary for the
purposes for which it was collected or if their personal data has been
unlawfully processed.
- Right to object: Users have the right to object
to the processing of their personal data under certain circumstances.
Users can assert their
abovementioned rights by contacting the EPO at website@epo.org
You may consult the
EPO's Data Protection Officer at DPO@epo.org