Data Protection

Data

 

Protecting your privacy is of great importance to the European Union Intellectual Property Office (‘EUIPO’, ‘us’, ‘the controller’ or the ‘Office’).

We feel responsible for the personal data that we collect and process.

Therefore, we are committed to respecting and protecting your personal data and ensuring your data subject rights are sufficiently exercised.

This processing operation is subject to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) 45/2001 and Decision 1247/2002/EC.

The information in this communication is given pursuant to Articles 15 and 16 of Regulation (EU) 2018/1725 to inform you about how your personal data is collected and processed within this website (https://business.ideaspowered.eu/).

The Ideas Powered for business website is a website for SMEs that aims to provide online guidance for start-ups and entrepreneurs to develop their business while considering the fields of intellectual property and innovation. It is born out of the need to help European SMEs to access centralised, clear, reliable and relevant information to support their business journey, and promote the importance of intellectual property rights (IPRs) in gaining a competitive advantage.

The website was launched and is run by the EUIPO. It includes the following sections, among others:

  • Discover: contains the information that SMEs need to kick-start their business with step-by-step guides;
  • Connect: contains a visualisation map where SMEs can find support at local, national and European levels searchable by country, city or type of service or service provider;
  • Grow: contains information on relevant courses and tools covering SMEs’ development needs in the fields of finance and funding, protecting your idea, business/trade support and legal regulatory support.

Please note that other privacy statements will apply for collecting and processing personal data in other EUIPO websites.

RECORDS REGISTER

Central Register: The EUIPO has the legal obligation to keep a central register of records of personal data processing activities (Article 31 of Regulation 2018/1725). You can learn more about EUIPO records of activities processing your personal data at the EUIPO Central Register.

1. What is the legal framework for data protection applicable to the EUIPO?

The Office collects and processes all personal data in accordance with the provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) 45/2001 and Decision 1247/2002/EC (the ‘EU Data Protection Regulation’). Supplementing this text, Decision ADM-18-65 implementing Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 in the EUIPO also governs the processing of personal data by the EUIPO.

The EU Data Protection Regulation, together with European Union trade mark regulation (EU) 2017/1001 (EUTMR), Community Design regulation (EC) 6/2002 (CDR) and their implementing acts, set out the data protection requirements applicable to the Office as an EU agency.

Please consult the EU trade mark legal texts and the Community design legal texts for further information.

2. What types of personal data do we collect?

The personal data the Office collects and processes on this website is processed on the basis of consent. Examples: your name, your email, what type of organisation you have or the field your activity belongs to.

For more information on the categories of personal data processed, please see the specific Privacy Statements linked below.

3. What do we use your personal data for?

The Office collects and processes your personal data for several purposes:

  • To raise awareness and promote the importance of intellectual property rights.
  • To provide reliable information on legal and economic subjects to support SMEs’ business journey in the fields of intellectual property and innovation.
  • To empower SMEs by helping to protect their assets.
  • To promote the IP rights ecosystem. Your personal data will be used for contacting and informing you of IP rights news, invitations to seminars, workshops and any other communications related to IP rights and EUIPO products and services.
  • To improve our products and services. The Office will use your personal data to produce surveys, reports and statistics that enable us to optimise operations and improve the system’s performance. This includes collecting and analysing your feedback to improve your experience and level of satisfaction with the Office and the website.
  • To organise events, training and meetings. The Office regularly organises events, such as training and meetings, that are open to the public. Organising these events requires managing participants’ personal data. If you are participating in a public event organised by the Office, your personal data is managed as described in the specific Privacy Statements that can be found below.

4. On what legal bases do we process your personal data?

On this website, personal data is processed on the basis of Article 5(1)(d) of Regulation (EU) 2018/1725: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

The personal data is collected and processed in accordance with the following legal instruments:

  •  Article 2 of Decision ADM-21-15 on the Internal Structure of the Office;
  • EUIPO Strategic Plan 2025, adopted in accordance with Article 153(1)(b) of Regulation (EU) 2017/1001 of the European Parliament and of the Council of 14 June 2017 on the European Union trade mark.

When the processing of personal data is based on your consent, you can withdraw it at any time by sending an email to DPOexternalusers@euipo.europa.eu.

In particular, regarding newsletters, you can unsubscribe from receiving specific or all content from the EUIPO at any time by clicking on the ‘Unsubscribe’ link, which appears at the bottom of each email you receive.

5. How do we protect and safeguard your information?

The Office takes the protection of your personal data very seriously, and therefore applies adequate organisational, technical and security measures to protect it. Here are examples of these measures, implemented at the EUIPO premises:

  • the EUIPO is certified ISO 27001;
  • an EUIPO username and password are required in order to access the EUIPO systems and databases;
  • authentication and authorisation are based on roles;
  • authentication and authorisation are carried out at the server level and no anonymous access is allowed;
  • the server is physically protected at the Data Processing Centre;
  • logical security hardening of the servers;
  • network security configured to prevent external threats from accessing the mail servers;
  • confidentiality and data protection clauses are signed by service providers;
  • a limited number of duly authorised people with a specific IT profile have editing rights to the back-office tools in which your personal data is processed.

6. What are your rights related to the processing of personal data? How to exercise your rights? Can your rights be restricted?

Rights related to your personal data

What it means

To be informed

You have the right to know how the Office handles your personal data (including information about the controller, the purpose, the legal bases, the types of personal data used, who receives your data and the time limits for keeping it, as well as possible transfers of personal data to third countries). Please consult this Data Protection Notice and in particular the Privacy Statements that are linked below for further information.

To access the data

You have the right to know whether the Office processes your personal data, including for which purpose, the type.

To rectify the data

You can rectify your personal data if incomplete or inaccurate.

To erase the data ('right to be forgotten')

Under certain circumstances, you can request that your personal data be erased (e.g. when the data is no longer necessary for the purpose for which it was collected).

When you decide to unsubscribe from one or more newsletters, your data will be kept 60 days for the purposes of allowing you to reactivate the subscription. After the 60-day period, your personal data will be encrypted and stored in backup copies for a further 120 days prior to its deletion. After this period, the data is deleted from our databases without any possibility of recovery.

You can find more information in each individual privacy statement that is linked below.

To restrict the processing of the data

You can request that the Office restrict the processing of your personal data under certain circumstances (e.g. when the accuracy of the data is contested). When the processing of your data is based on your consent, you can always request that the Office restrict its processing.

To data portability

You have the right to request that the Office send you your personal data in a structured, commonly used and machine-readable format under certain circumstances (e.g. we have your explicit consent for processing your personal data).

To object to the processing of your data

You can object to the processing of your personal data by the Office under certain circumstances: when the processing of the data is based on Art. 5(1)(a) EUDPR, when performing a task carried out in the public interest or when exercising official authority vested in the Union institution or body.

To withdraw your consent

You can withdraw your consent to process your personal data at any time. More specifically, you can ask to stop receiving newsletters or to stop appearing in the Visualisation map. For the latter, the Office will send you an annual email to confirm the accuracy of the data and information, and to renew your consent by giving you the option to indicate if you wish it to be removed.

 

How to exercise your data protection rights?

1. You can always send us an email at DPOexternalusers@euipo.europa.eu. Please remember we cannot accept verbal requests (telephone or face-to-face) as we may not be able to properly identify you or deal with your request immediately:

     
       a. Your email request should be as detailed as possible. We need an accurate description of the data, the purpose for which it was collected and how it was collected.
       b. Don’t forget to mention which of the above rights you wish to exercise.

 

2. We will deal with your request without delay and help you exercise your rights, provided that the conditions for exercising them are met:

        a. Occasionally, in order to identify you and find your data, we may need additional information. This will only be used to verify your identity and help you exercise your rights. It                   will not be stored for longer than needed for this purpose.
        b. Very occasionally, we may not be able to help you exercise your rights if the conditions are not met. In such situations, we will inform you as to shy you cannot exercise this right.

 

Can your rights be restricted?

Data protection is not an absolute right. It must always be balanced against other fundamental rights and there may be circumstances where one or several of the abovementioned rights may not be granted.

These rights may also be restricted for a temporary period of time on the legitimate grounds established by Article 25 of Regulation (EU) 2018/1725, by legal acts adopted on the basis of the Treaties, or under the Internal Rules laid down in the Decision of the Management Board of the European Union Intellectual Property Office (EUIPO) of 26 March 2020. The Internal Rules provide that any such restriction will be limited in time, that it will be proportionate and that it will respect the essence of the abovementioned rights.

As a general rule, you will be informed of the main reasons for a restriction. You will also be informed of your right to make a complaint to the European Data Protection Supervisor (EDPS), or to seek judicial remedy. Nevertheless, there are some circumstances in which we will not inform you of these reasons. The restriction will be lifted as soon as the circumstances justifying the restriction are no longer applicable. You will receive a specific data protection notice when this period has passed.

7. Which cookies are used on our website?

Cookies are small text files sent by a website server and stored on your device (such as a computer, table or phone).

When you visit our website, we use cookies for web session management and authentication, and also for web browser security. Cookies are also implemented to ensure an adequate technical functioning of the website, and they help us store user preferences and track usage trends on an aggregated basis. For this reason, we may collect some data on your browsing experience, such as your IP address, browser type, language and screen size, the page you visited, the time and date of the visit and the website page you were redirected from.

This information is used to gather aggregated and anonymous statistics with a view to improving our services and your user experience. None of the cookies require your consent. The collection, aggregation and anonymisation of this data are performed in the data centre of the EUIPO under adequate security measures.

Our website also complies with the ‘Do Not Track’ option. If you enable the DNT option in your web browser, we will respect your choice, and your browsing experience on our website will not be tracked for our anonymised statistics. Instructions on how to activate this option can be found below:

8. What use is made of social media on our website?

We use social media to present our work through widely-used and contemporary channels. Our use of social media is highlighted on our website. For instance, you can watch Ideas Powered for business videos, which we upload to our YouTube page, and follow links from our website to Twitter, Facebook LinkedIn or other platforms.

We do not set any cookies in our display of social media buttons that connect to those services when our website pages are loaded on your computer (or other devices), or in components from those media services embedded in our web pages. However, please note that, based on your preferences for these external services, some cookies may be loaded, for example, with your preferences for YouTube videos.

Each social media channel has their own policy on the way they process your personal data when you access their sites.

More information can be found here:

9. How to contact us if you have any questions

You can contact us for any purpose related to your personal data by sending a written request to the EUIPO as the data controller responsible for your information, or to the EUIPO Data Protection Officer (DPO).

You can use the online communication channels or send your query/concern in writing to:

Post/Courier:

Ms. Gloria Folguera Ventura

Data Protection Officer

EUIPO

Avenida de Europa, 4, 03008 Alicante, Spain

Email:

DPOexternalusers@euipo.europa.eu

If your request has not been responded to adequately by the data controller and/or DPO, you can lodge a complaint with the EDPS: https://edps.europa.eu/about-edps/contact_en.

10. Need any additional information?

If you want to know more about how we handle your personal data, please check the EUIPO Central Register (a living document, continuously subject to changes) and the relevant and specific data protection notices (currently only available in English) which are listed below.

The Central Register will contain at least the following information (Article 31(1) of the Regulation (EU) 2018/1725):

  • name and contact details of the controller, the DPO and, where applicable, the processor and the joint controller;
  • the purposes of the processing;
  • a description of the categories of data subjects and of the categories of personal data;
  • the categories of recipients to whom the personal data has been or will be disclosed;
  • where applicable, transfers of personal data to a third country or an international organisation and the documentation of suitable safeguards;
  • where possible, the envisaged time limits for erasing the different categories of data;
  • where possible, a general description of the technical and organisational security measures to protect that personal data.

The privacy statements will contain the information provided in Articles 15 and 16 of Regulation (EU) 2018/1725. The list of relevant and specific data protection notices, with hyperlinks to the relevant privacy statements, is as follows: