Data protection and privacy
The European Patent Organisation (EPO) is committed to protecting the privacy of its users and the personal data they provide when using our websites. The following data protection and privacy policy applies to the five IP offices (IP5) website – www.fiveipoffices.org – operated by the EPO on behalf of the IP5 offices.
Data protection
All personal data collected on the five IP offices website is managed by the EPO and processed in accordance with the Guidelines for the protection of personal data in the European Patent Office, which aim to ensure the highest standards when handling user information. Please read these guidelines carefully.
The EPO’s Data Protection Officer monitors the observance of the guidelines with respect to all processing operations performed by the EPO. The Data Protection Officer is independent in his/her function.
EU General Data Protection Regulation (GDPR)
The EPO is an international organisation established by the European Patent Convention and as such is not directly bound by the EU’s General Data Protection Regulation (GDPR). It strives to keep its data protection framework in line with current best practices. A recent audit report has confirmed that it is in close alignment with the GDPR legal framework.
Privacy policy
This privacy policy explains the processing and use of personal data collected by the EPO on the five IP offices website at www.fiveipoffices.org and the services provided via this website.
It applies to the five IP offices website only. Users are encouraged to review the respective privacy policies of other websites linked from the five IP offices website in order to obtain more information about the processing and use of personal data collected by those websites.
Controller
The controller of personal data collected via the website is
Director International Co-operation
ip5@epo.org
Purpose and legal basis for the processing of users’ personal data
When a user visits the five IP offices website, the EPO collects and stores the personal data assigned to that user's device in the form of data sets in order to provide them with access to the website and the requested content as well as to optimise their user experience.
The following data sets are generated on our web servers and stored in our log files:
- Anonymised IP address assigned to the user's access device - date and time of the user's request for a web resource (URI)
- The user’s geographic location (city, district, country)
- For users from the EPO’s partner offices (national and international patent offices): name and country of the partner office
- Web resource (URI) requested by the user
- Web resource (URI) the user previously requested (if the referrer field is available)
- Browser and platform information of the user's device (if the user agent field is available)
The above data sets are stored in our database and are subject to analysis by software that helps us to better understand the usage of information provided on our websites. The purpose of such analyses is to enhance the quality of our services for the broad public. It is not done for the purpose of attributing information in the logfiles to individual users.
The storage and maintenance of data sets is a basic requirement for the provision of the website and the security of our IT systems and as such is not negotiable.
Use of cookies
Cookies are small text files sent by a website server and stored on your device (e.g. computer, tablet or phone).
When you visit the five IP offices website, cookies are used for web session management, to analyse how visitors use the website and also for web browser security. They are also implemented to ensure the proper technical functioning of the website and for the purpose of tracking usage trends on an aggregated basis. For this reason, we may collect some data on your browsing experience.
This information is used to gather aggregated and anonymous statistics with a view to improving our services and your user experience. None of the cookies require your consent. The collection, aggregation and anonymisation of this data in the form of the aforementioned data sets is performed in the EPO’s data centre with the necessary security measures.
The five IP offices website also complies with the Do Not Track (DNT) option. If you enable the DNT option in your web browser, we will respect your choice, and your browsing experience on our website will not be tracked for our anonymised statistics. Instructions on how to activate this option can be found below:
Firefox
Internet Explorer
Chrome
Safari
Opera
Sharing of personal data outside the EPO
The EPO does not share any information contained in cookies or data sets collected within the scope of the five IP offices website with any third parties.
No personal data is shared with third parties. Aggregated and anonymous information on the five IP offices website usage statistics are shared with the IP5 Offices and may be made publicly available on the five IP offices website or in EPO/IP5 publications.
Data storage and retention period
Personal data collected via the five IP offices website will be deleted or anonymised as soon as it is no longer required for the purposes for which it has been collected, unless further processing or storage of the data is necessary in order to comply with legal obligations according to Article 5(a) of the Guidelines for the protection of personal data in the European Patent Office.
Changes to this policy
The EPO strives to keep its data protection framework in line with current developments and best practices and will update this privacy policy accordingly. The EPO encourages users to visit this privacy policy regularly.
Users’ rights and how to contact the EPO
Users have the following rights:
- Right of access: Users have the right to request confirmation as to whether or not their personal data is being processed and, where that is the case, to request access to their personal data and to information such as the purpose of the processing or the categories of personal data concerned.
- Right to rectification: Users have the right to request the correction of inaccurate personal data.
- Right to block data: Users have the right to ask the EPO to restrict the processing of their personal data under certain circumstances, e.g. if they think that the personal data the EPO processes about them is incorrect or unlawful.
- Right to erasure: Users have the right to request erasure of personal data without undue delay under certain circumstances, e.g. if their personal data is no longer necessary for the purposes for which it was collected or if it has been unlawfully processed.
- Right to object: Users have the right to object to the processing of their personal data under certain circumstances.
Users can assert their above-mentioned rights by contacting the administrator of the five IP offices website at ip5@epo.org.
You can also write to the EPO's Data Protection Officer at dpo@epo.org.