Protecting your privacy is of the utmost importance to the European Patent Office (‘EPO'). The Office is committed to respecting and protecting your personal data and ensuring your rights as a data subject. All data of a personal nature that identifies you directly or indirectly will be handled fairly, lawfully and with due care.
This processing operation is subject to the Guidelines for the Protection of Personal Data in the European Patent Office.
The information in this communication is given pursuant to Articles 13 and 14 of the Guidelines.
Zoom Video Communications ("Zoom") is a cloud-based videoconferencing (VICO) platform enabling the successful organisation of events in a virtual environment such that effective interaction between participants is as close as possible to a face-to-face experience.
With a view to the needs of the Office and its stakeholders to continue enjoying access to all services the EPO has extended the use of videoconference in order to organise virtual events. Within this framework, Zoom will be used for conducting such virtual events.
Personal data is processed in the Zoom platform only for the purpose of carrying out the virtual event and ensuring the effective collaboration and communication between the Office and its stakeholders thus guaranteeing EPO business operations and compliance with applicable legal obligations.
All the possible measures have been taken by the EPO to ensure the protection of personal data and to safeguard the confidentiality, integrity and availability of the information and moreover Zoom has committed in a binding agreement to comply with its data protection obligations stemming from the GDPR and the EPO Data Protection Guidelines.
The data processed in the Zoom platform for the purpose of virtual events by VICO is as follows:
Additional data could be collected depending on whether the user joins the virtual event through an Android or an iOS device. As part of the nature of a collaborative tool, additional personal data may be included in the information that is exchanged between the Office and stakeholders, such as instant messages, images, files, whiteboards, recordings (if previously agreed), contacts, metadata used for the maintenance of the service provided.
The processing of personal data is carried out under the responsibility of the CIO (PD46) on behalf of the EPO, acting as delegated data controller.
Personal data is processed by the staff of the department 4615 New Productivity Apps, Collaboration & Events managing the technical means to conduct virtual events.
The personal data is disclosed, on a need to know basis, to the following recipients:
Zoom has publicly announced that it stores all data on third-party secured servers where the following security measures are implemented:
Zoom has SOC 2 type II certification for compliance with security, availability, processing, integrity and confidentiality standards and its cloud services provider is ISO 27001 certified.
For more information on the processing of personal data by Zoom or its subcontractors, please consult their privacy policy. Zoom signs agreements with all its service providers that prevent them from processing of data for their own purposes or for the purposes of another third party.
When the EPO organizes a virtual event on the Zoom platform and invites the parties to dial-in, we will do so according to the most secure options available; the EPO nevertheless strongly recommends its users to only share any highly confidential data when exchanging information using Zoom's end to end encryption functionality.
For more information, please refer to the User Technical Guidelines.
You have the right to access, rectify, erase and receive your personal data, as well as restrict its processing or object to the same, as provided in Articles 14 of the Guidelines.
If you would like to exercise any of these rights, please send a written query explicitly stating your request to the data controller.
The right to rectification only applies to inaccurate or incomplete factual data processed within the Zoom platform.
Your request will be answered within 3 months of receipt of the request. However, according to Article 14(7) of the Guidelines, this period may be extended, taking into account the complexity and number of requests. The Office will inform you of any such extension.
Personal data is processed in accordance with Article 5(a) of the Guidelines, which states that ‘processing is necessary for the performance of a task carried out in the legitimate interest of the official authority vested in the European Patent Office'.
Personal data is collected and processed in accordance with the following legal instrument:
Guidelines for the Protection of Personal Data in the European Patent Office.
Personal data processed by the data controller or the service providers under its supervision are generally stored for the period of time necessary to achieve the purpose for which they have been processed. Zoom shall retain the personal data of the attendees strictly necessary for the organisation and management of a particular event/meeting for the maximum of one month.
This guidance may be further developed on the basis of the experience gained during virtual events and attendee feedback.
Should you have any queries on the processing of your personal data, please address it using our contact form and it will be routed to the EPO Data Controller.
You may consult the EPO Data Protection Officer at: dpo@epo.org