DATA PROTECTION STATEMENT ON PROCESSING PERSONAL DATA IN THE CONTEXT OF THE IDEAS POWERED WEBSITE
Protecting your privacy is of great importance to the European Union Intellectual Property Office (‘the EUIPO’, ‘us’, ‘the controller’ or ‘the Office’). We feel responsible for the personal data that we collect and process. Therefore, we are committed to respecting and protecting your personal data and ensuring your data subject rights are sufficiently exercised.
The information in this communication is given pursuant to Articles 15 and 16 of Regulation (EU) 2018/1725 to inform you on how your personal data is collected and processed on this website: https://ideaspowered.eu.
Please note that other data protection statements will apply for processing personal data in other EUIPO websites and activities. For more information, see section 8 below.
This is the Ideas Powered website, an EUIPO initiative aiming to do the following.
- Raise awareness and promote the importance of intellectual property (IP) rights among young Europeans. This means explaining to them how to protect their creativity, innovation and entrepreneurship should be deeply rooted in any education fit for the 21st century. Born out of this belief was the start of the Ideas Powered @ School initiative.
- Provide reliable information on legal and economic subjects to support young people in IP and innovation.
- Promote the IP rights ecosystem by publishing IP rights news, invitations to seminars, workshops and other communications related to IP rights and EUIPO products and services.
- Expand and diversify our network to include young people, in view of future studies, surveys and networking activities.
The website includes information and resources related to the different projects organised in the context of the Ideas Powered initiative.
1. Which legal framework for data protection is applicable to the EUIPO?
The Office collects and processes all personal data in accordance with the provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) 45/2001 and Decision 1247/2002/EC (the ‘EU Data Protection Regulation’). Supplementing this text, Decision ADM-18-65 implementing Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 in the EUIPO also governs the processing of personal data by the EUIPO.
2. What information (including cookies) do we collect, what do we use it for, who has access to it and for how long do we store it?
Cookies
Cookies are small text files sent by a website server and stored on your device (such as a computer, tablet or phone) when visiting our website. These are implemented to ensure the website functions properly and stores user preferences (necessary cookies), while tracking usage trends on an aggregated basis (analytical cookies).
The following cookies are implemented on this website. Please note that they are first-party cookies, meaning the website sets them and only we can read them:
Name
| Purpose
| Duration
|
|---|---|---|
Necessary cookies: these are essential for the website’s functionality (cookies are always on). If you select the ‘Only essential cookies’ option, only these cookies will be activated.
| ||
TS*
| One or more cookies with this format may be deployed. They store information necessary to detect authentication abuse and provide security for your website visit. We use a service based on F5 security solutions.
| Session
|
Cookie-agreed | Stores your cookie preferences (so you are not asked again) | Persistent (180 days) |
Analytical cookies: the Office has implemented a corporate analytics service to monitor and evaluate our website’s effectiveness and efficiency. It uses an open-source analytics platform – Matomo – that is fully controlled by the Office under adequate security measures (cookies are free to refuse).
| ||
_pk_id.* | One or more cookies with this format may be deployed. It recognises website visitors (anonymously – no personal information is collected on the user). | Persistent (13 months) |
_pk_ses.* | One or more cookies with this format may be deployed. It identifies the pages viewed by the same user during the same visit (anonymously – no personal information is collected on the user). | Persistent (30 minutes) |
You may choose not to accept analytical cookies to avoid the website collecting and analysing the aggregated information. For that choice, please click on the privacy settings tab at the bottom of the screen and click on opt-out.
We can only access the aggregated information collected via analytical cookies.
Other information collected
No additional personal data is collected on this website. When using the website functionality ‘Contact us’, the personal data indicated (i.e. first and last names, email address, relevant team to contact, subject and message) will instantly be transferred to MS Outlook and will not be stored on the website itself. For more information on processing your personal data in Outlook, who has access and for how long it is stored, see the EUIPO Central Register (DPR-2018-003 – Office 365).
3. What is the legal basis for processing your personal data?
On this website, personal data is processed on the basis of Article 5(1)(a) of Regulation (EU) 2018/1725: for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body.
The personal data is collected and processed in accordance with the following legal instruments:
- Article 2 of Decision ADM-21-15 on the Internal Structure of the Office;
- the EUIPO Strategic Plan 2025 and 2030, adopted in accordance with Article 153(1)(b) of Regulation (EU) 2017/1001 of the European Parliament and of the Council of 14 June 2017 on the European Union trade mark.
4. How do we protect and safeguard your information?
The Office takes the protection of your personal data very seriously. Therefore, we apply adequate organisational, technical and security measures to protect it. The measures implemented at the EUIPO premises include the following:
- the EUIPO is certified ISO 27001
- an EUIPO username and password are required to access the EUIPO systems and databases
- authentication and authorisation are based on roles
- authentication and authorisation are carried out at server level and no anonymous access is allowed
- the server is physically protected at the data processing centre
- logical security hardening of the servers
- network security is configured to prevent external threats from accessing the mail servers
- the website is protected by anti-bot technology, as described in the Configuring Bot Defense and Detecting and Preventing Web Scrapping knowledge articles (this may involve accessing device sensors locally in your device, but under no circumstances is this information shared with the Office – this will only tell us the likelihood of a visitor being a bot)
- service providers sign confidentiality and data protection clauses
- a limited number of duly authorised people with a specific IT profile have editing rights to the back-office tools in which your personal data is processed.
5. What are your rights related to processing personal data? How can you exercise your rights? Can your rights be restricted?
Rights related to your personal data | What it means |
|---|---|
To be informed
| You have the right to know how the Office handles your personal data (including information on the controller, purpose, legal bases, types of personal data used, who receives your data and the time limits for keeping it, as well as possible personal data transfers to third countries). For further information, please consult this data protection notice, particularly the data protection statements linked in section 8 below. |
To access the data
| You have the right to know whether the Office processes your personal data, including for which purpose, the data type, data recipients, time limits and possible transfers of personal data to third countries. |
To rectify the data
| You can rectify your personal data if incomplete or inaccurate. |
To erase the data (‘right to be forgotten’)
| Under certain circumstances, you can request that your personal data be erased (e.g. when the data is no longer necessary for the purpose for which it was collected). |
To restrict the processing of the data
| You can request that the Office restrict the processing of your personal data under certain circumstances (e.g. when the accuracy of the data is contested). |
To data portability
| You have the right to request that the Office send you your personal data in a structured, commonly used and machine-readable format under certain circumstances (e.g. we have your explicit consent for processing your personal data). |
To object to the processing of your data
| You can object to the Office processing your personal data under certain circumstances: when the data processing is based on Art. 5(1)(a) EUDPR, when performing a task carried out in the public interest or when exercising official authority vested in the Union institution or body (e.g. to use analytical cookies on this website). To do so, see the opt-out functionality in section 2. |
How to exercise your data protection rights
You can send us an email at DPOexternalusers@euipo.europa.eu. Please remember we cannot accept verbal requests (by telephone or face-to-face) as we may not be able to properly identify you or deal with your request immediately:
- your email request should be as detailed as possible – we need an accurate description of the data, the purpose for which it was collected and how it was collected;
- please mention which of the above rights you wish to exercise.
We will deal with your request without delay and help you exercise your rights, provided that the conditions for exercising them are met:
- to identify you and find your data, we may need additional information – this will only be used to verify your identity and help you exercise your rights, and will not be stored for longer than needed for this purpose;
- occasionally, we may not be able to help you exercise your rights if the conditions are not met – in such situations, we will inform you as to why you cannot exercise this right.
Can your rights be restricted?
Data protection is not an absolute right. It must always be balanced against other fundamental rights and there are circumstances where one or several of the abovementioned rights may not be granted.
These rights may also be restricted for a temporary period of time on the legitimate grounds established by Article 25 of Regulation (EU) 2018/1725, by legal acts adopted on the basis of the Treaties, or under the Internal Rules laid down in the Decision of the Management Board of the European Union Intellectual Property Office (EUIPO) of 26 March 2020. The internal rules provide that any such restriction will be limited in time, that it will be proportionate and that it will respect the essence of the abovementioned rights.
You will generally be informed of the main reasons for a restriction. You will also be informed of your right to make a complaint to the European Data Protection Supervisor (EDPS) or to seek judicial remedy. Nevertheless, some circumstances do not require reasoning. The restriction will be lifted as soon as the circumstances justifying the restriction are no longer applicable. You will receive a specific data protection notice when this period has passed.
6. How is social media used on our website?
We use social media to present our work through widely used and contemporary channels. Our use of social media is highlighted on our website. For instance, you can watch Ideas Powered videos on our YouTube channel and follow links from our website to Facebook, LinkedIn, Twitter or other platforms.
We do not set any cookies in our social media buttons that link to those services through our web pages when loaded on your computer (or other devices), or in components from those media services embedded on our website. However, please note that, based on your preferences for these external services, some cookies may be loaded, for example, with your YouTube video preferences.
Each social media platform has their own policy on the way they process your personal data when you access their sites.
More information can be found here:
7. Contact information
You can contact us for any purpose related to your personal data by sending a written request to the Office as the data controller responsible for your information, or to the EUIPO data protection officer (DPO).
You can use our online communication channels or send your query or concern in writing to:
Post or courier:
Ms Gloria Folguera Ventura
Data Protection Officer
European Union Intellectual Property Office (EUIPO)
Avenida de Europa, 4
03008 Alicante
Spain
Email: DPOexternalusers@euipo.europa.eu
If your request has not been responded to adequately by the data controller and/or DPO, you can lodge a complaint with the EDPS: edps@edps.europa.eu.
8. More information
To know more about how we handle your personal data, please check the data protection statements below. They contain relevant information linked with the following specific EUIPO activities.
Additional information is available on the Observatory data protection page.