My bookmarks

My events

  • Start
About us

Data Protection Statement on the processing of personal data for the EPO’s Patent Knowledge News

Protecting your privacy is of the utmost importance to the European Patent Office (EPO). We are committed to respecting and protecting your personal data and ensuring your rights as a data subject. All data of a personal nature that identifies you directly or indirectly will be processed lawfully, fairly and with due care.

This processing operation is subject to the EPO Data Protection Rules (DPR).

The information in this communication is provided pursuant to Articles 16 and 17 of the DPR.

This data protection statement explains the way in which we process personal data associated with the functional email account of the EPO's Patent Knowledge News which is used for receiving questions, comments, suggestions, enquiries and feedback as well as for user engagement activities.

1. What is the nature and purpose of the processing operation?

Personal data are processed for the following purposes:

  • Facilitate communication between the EPO staff in charge of Patent Knowledge News and the users/readers/contributors.
  • Facilitate information exchange (receiving questions, comments, suggestions, enquiries and providing feedback) and other user engagement activities.

The processing is not intended to be used for any automated decision making. Your personal data may be transferred to recipients outside the European Patent Office, which are not included in Article 8 (1), (2) and (5) of the DPR for maintenance, support and security purposes only.

2. What personal data do we process?

We collect contact information directly from data subjects.

The following categories of personal data are processed (not all categories are processed for every data subject):

  • first and last name
  • business and/or private email address
  • business phone number
  • other personal information provided voluntarily by data subjects when sending an email.

3. Who is responsible for processing the data?

The processing of personal data is carried out under the responsibility of the EPO Principal Directorate Patent Knowledge acting as the EPO's delegated data controller.

Personal data are processed by the EPO staff involved in the management and publication of Patent Knowledge News within the Principal Directorate Patent Knowledge.

External contractors involved in managing the technical platform may also process, including access the personal data.

4. Who has access to your personal data and to whom is it disclosed?

The personal data are disclosed on a need-to-know basis to the EPO staff  involved in the management and publication of Patent Knowledge News.

Personal data might be disclosed to third-party service providers for maintenance, support and security purposes.

Personal data will only be shared with authorised persons responsible for the corresponding processing operations and are not used for any other purposes or disclosed to any other recipients.

5. How do we protect and safeguard your personal data?

We take appropriate technical and organisational measures to safeguard and protect your personal data from accidental or unlawful destruction, loss, alteration and unauthorised disclosure or access.

All personal data are stored in secure IT applications according to the EPO's security standards. Appropriate levels of access are granted individually only to the above mentioned recipients.

For systems hosted at EPO premises, the following base security measures generally apply:

  • User authentication and access control (e.g., role-based access control to the systems and network, principles of need-to-know and least privilege)
  • Logical security hardening of systems, equipment and network
  • Physical protection: EPO access controls, additional access controls to datacentre, policies to lock offices
  • Transmission and input controls (e.g., audit logging, systems and network monitoring)
  • Security incidence response: 24/7 monitoring for incidents, on-call security expert.

For personal data processed on systems not hosted at EPO premises, the provider(s) processing the personal data has committed in a binding agreement to comply with its data protection obligations stemming from the applicable data protection legal framework(s). Furthermore, a privacy and security risk assessment has been carried out by the EPO. These systems are required to have implemented appropriate technical and organisational measures such as: physical security measures, access and storage control measures, securing data at rest (e.g. by encryption); user, transmission and input control measures (e.g. network firewalls, network intrusion detection system (IDS), network intrusion protection system (IPS), audit logging); conveyance control measures (e.g. securing data in transit by encryption).

6. How can you access, rectify and receive your data, request that your data be erased, or restrict/object to processing? Can your rights be restricted?

You have the right to access, rectify, and receive your personal data, to have your data erased and to restrict and object to the processing of your data, as outlined in Articles 18 to 24 of the EPO Data Protection Rules.

If you would like to exercise any of these rights, please write with details of your request to the delegated data controller at

We will reply to your request without undue delay, and in any event within one month of receipt of the request. However, according to Article 15(2) of the DPR, that period may be extended by two further months if necessary, taking into account the complexity and number of requests received. We will inform you of any such delay.

7. What is the legal basis for processing your data?

Personal data is processed in accordance with:

  • Article 5(a) of the DPR which states that ‘processing is necessary for the performance of a task carried out in the exercise of the official activities of the European Patent Organisation or in the legitimate exercise of the official authority vested in the controller, which includes the processing necessary for the Office's management and functioning'

8. How long can data be kept?

Personal data will be kept only for the time needed to achieve the purposes for which it is processed.

Personal data will be stored for no longer than 10 years.

In the event of a formal appeal/litigation, all data held at the time of the formal appeal/litigation shall be retained until the completion of its process.

9. Contact information

If you have any questions about the processing of your personal data, please write to the delegated data controller at

You can also contact our Data Protection Officer at

Review and legal redress

If you consider that the processing infringes your rights as data subject, you have the right to request review by the controller under Article 49 DPR and the right to seek legal redress under Article 50 DPR.