Protecting your privacy is of the utmost importance to the European Patent Office (EPO). We are committed to respecting and protecting your personal data and ensuring your rights as a data subject. All data of a personal nature that identifies you directly or indirectly will be processed lawfully, fairly and with due care.
This processing operation is subject to the EPO Data Protection Rules (DPR).
The information in this communication is provided pursuant to Articles 16 and 17 of the DPR.
This statement refers to the processing of personal data in the context of the PATLIB network and its centres.
Personal data are processed only for the purpose of carrying out the administration, collaboration and communication with the PATLIB centres with regard to all PATLIB related matters.
This privacy statement refers only to the data processed for the purposes stated in this section. The EPO data privacy policy for the processing of personal data in MS 365 can be found at: https://www.epo.org/about-us/office/data-protection-and-privacy/microsoft-365.html.
Personal data processed through the use of MS Forms is subject to the EPO data privacy policy for the processing of personal data in MS Forms available at: https://www.epo.org/about-us/office/data-protection-and-privacy/microsoft-forms.html
Personal data are processed for the following purposes:
The following categories of personal data are processed (not all categories are processed for every data subject):
The processing of personal data is carried out under the responsibility of the Principal Director of the PD Patent Knowledge acting as delegated EPO data controller. Personal data are processed by the EPO staff working in the Directorate Patent Knowledge Promotion (PATLIB) and Stakeholders and EPO staff members in charge of maintaining the underlying technical platform.
Personal data might be processed by external service providers supporting the EPO for certain activities, for instance for sending questionnaires to the PATLIB centres and for collecting the responses on behalf of the EPO.
The EPO takes all the appropriate safeguards in order to guarantee that the service provider will follow the EPO instructions on how to process your personal data in compliance with data protection requirement.
Personal data will only be used for the purpose of the contracted work, and then destroyed.
The personal data are disclosed on a need-to-know basis to the following recipients:
The personal data are not disclosed to any other recipient and is not intended to be transferred to third countries.
Furthermore, the part of personal data disclosed in the online directory is available to the public without restriction.
The PATLIB Centre is responsible for the accuracy of its own data within the PATLIB directory.
The PATLIB Centre is responsible for the accuracy of its own data within the PATLIB directory and a mechanism is in place to facilitate correction of inaccurate data.
Any third-party is directly responsible for misusing the publicly accessible data within the PATLIB directory.
Personal data might be disclosed to third-party service providers for maintenance and support purposes.
Personal data will only be shared with authorised persons responsible for the corresponding processing operations and are not used for any other purposes or disclosed to any other recipients.
We take appropriate technical and organisational measures to safeguard and protect your personal data from accidental or unlawful destruction, loss, alteration and unauthorised disclosure or access.
All personal data are stored in secure IT applications according to the EPO's security standards. Appropriate levels of access are granted individually only to the abovementioned recipients.
For systems hosted at EPO premises, the following base security measures generally apply:
For personal data processed on systems not hosted at EPO premises, the provider(s) processing the personal data has committed in a binding agreement to comply with its data protection obligations stemming from the applicable data protection legal framework(s). Furthermore, a privacy and security risk assessment has been carried out by the EPO. These systems are required to have implemented appropriate technical and organisational measures such as: physical security measures, access and storage control measures, securing data at rest (e.g. by encryption); user, transmission and input control measures (e.g. network firewalls, network intrusion detection system (IDS), network intrusion protection system (IPS), audit logging); conveyance control measures (e.g. securing data in transit by encryption).
You have the right to access, rectify, and receive your personal data, to have your data erased and to restrict and object to the processing of your data, as outlined in Articles 18 to 24 of the EPO Data Protection Rules.
If you would like to exercise any of these rights, please write with details of your request to the delegated data controller at PATLIB_team@epo.org.
Data published in the online directory can be directly accessed via self-administration.
We will reply to your request without undue delay, and in any event within one month of receipt of the request. However, according to Article 15(2) of the DPR, that period may be extended by two further months if necessary, taking into account the complexity and number of requests received. We will inform you of any such delay.
Personal data is processed in accordance with:
Personal data will be kept for as long as the person is a member of the network and three years thereafter.
In the event of a formal appeal/litigation, all data held at the time of the formal appeal/litigation shall be retained until the completion of its process.
If you have any questions about the processing of your personal data, please write to the delegated data controller at PATLIB_team@epo.org.
You can also contact our Data Protection Officer at dpo@epo.org.
If you consider that the processing infringes your rights as data subject, you have the right to request review by the controller under Article 49 DPR and the right to seek legal redress under Article 50 DPR.