The European Patent Organisation (EPO) (hereafter “EPO” or “we” or “us”)
All personal data collected on the portal is managed by the EPO and processed in accordance with the Guidelines for the protection of personal data in the European Patent Office, which aim to ensure the highest standards when processing user personal data . Please read these guidelines carefully.
EU General Data Protection Regulation (GDPR)
The EPO is an international organisation established by the European Patent Convention and as such is not directly bound by the EU’s General Data Protection Regulation (GDPR). It strives to keep its data protection framework in line with current best practices. A recent audit report has confirmed that it is in close alignment with the GDPR legal framework.
Data protection and privacy
This data protection and privacy statement explains the processing of personal data collected by the EPO on the Single Access Portal website at https://epn.epo.org/ and for the services provided via this website.
It applies to the Single Access Portal website only. Users are encouraged to read the respective privacy policies of other websites linked from the Single Access Portal website in order to obtain more information about the processing and use of personal data collected by those websites.
The controller of personal data collected via the website is:
Principal Director Chief Technology Officer
Purpose and legal basis for the processing of users’ personal data
When a user visits the Single Access Portal website, the EPO collects and stores the personal data assigned to that user's device in the form of data sets in order to provide the user with access to the website and the requested content as well as to optimise his/her user experience.
The following data sets are generated on our web servers and stored in our log files:
- Anonymised IP address assigned to the user's access device - date and time of the user's request for a web resource (URI)
- The user’s geographic location (city, district, country)
- For users accessing the website from one of the EPO’s partner offices (national and international patent offices): name and country of the partner office
- Web resource (URI) requested by the user
- Web resource (URI) the user previously requested (if the referrer field is available)
- Browser and platform information of the user's device (if the user agent field is available)
The above data sets are stored in our database and are subject to analysis by software that helps us to better understand the usage of information provided on our websites. The purpose of such analyses is to enhance the quality of our services for the broad public. It is not done for the purpose of attributing information in the logfiles to individual users.
The storage and maintenance of data sets is a basic requirement for the provision of the website and the security of our IT systems and as such is not negotiable.
Cookies are small text files sent by a website server and stored on your device (e.g. computer, tablet or phone).
When you visit the Single Access Portal website, cookies are used for web session management, to analyse how visitors use the website and also for web browser security. They are also implemented to ensure the proper technical functioning of the website and for the purpose of tracking usage trends on an aggregated basis. For this reason, we may collect some data on your browsing experience.
This information is used to gather aggregated and anonymous statistics with a view to improving our services and your user experience. None of the cookies require your consent. The collection, aggregation and anonymisation of this data in the form of the aforementioned data sets is performed in the EPO’s data centre with the necessary security measures.
The Single Access Portal website also complies with the Do Not Track (DNT) option. If you enable the DNT option in your web browser, we will respect your choice, and your browsing experience on our website will not be tracked for our anonymised statistics. Instructions on how to activate this option can be found below:
Sharing of personal data outside the EPO
The EPO does not share any information contained in cookies or data sets collected within the scope of the Single Access Portal website with any third parties.
No personal data is shared with third parties.
Data storage and retention period
Personal data collected via the Single Access Portal website will be deleted or anonymised as soon as it is no longer required (with a maximum of 1 year) for the purposes for which it has been collected, unless further processing or storage of the data is necessary in order to comply with legal obligations according to Article 5(a) of the Guidelines for the protection of personal data in the European Patent Office.
Changes to this policy
Users’ rights and how to contact the EPO
Users have the following rights:
- Right of access: Users have the right to request confirmation as to whether or not their personal data is being processed and, where that is the case, to request access to their personal data and to information such as the purpose of the processing or the categories of personal data concerned.
- Right to rectification: Users have the right to request the correction of inaccurate personal data.
- Right to block data: Users have the right to ask the EPO to restrict the processing of their personal data under certain circumstances, e.g. if they think that the personal data the EPO processes about them is incorrect or unlawful.
- Right to erasure: Users have the right to request erasure of personal data without undue delay under certain circumstances, e.g. if their personal data is no longer necessary for the purposes for which it was collected or if it has been unlawfully processed.
- Right to object: Users have the right to object to the processing of their personal data under certain circumstances.
Users can assert their above-mentioned rights by contacting EPO's Data Protection Officer at firstname.lastname@example.org.