Unified Patent Court Privacy Policy

Personal Data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Data Subject is the natural person whose Personal Data is processed by a Data Processor.

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Pseudonymization is any processing of Personal Data such that it can no longer be attributed to a single Data Subject without the use of additional data.

For more details and/or for additional definitions in the context of Data Protection, please refer to Art. 4 EU GDPR.

Global Data Protection Regulation is the new European standard in relation to data protection. The regulation aims to protect better your Personally Identifiable Information. The EU Regulation 2016/679 has entered into force in May 25, 2018 and is applicable to all commercial or public entities that hold or process individuals’ data within the EU, no matter of the geographical location of the entity.

With this document, the Data Controller wants to inform you about the principles according to which your Personal Data will be processed, considering that this processing will be characterized by appropriacy, licitness, transparency and protection of your privacy and your rights. This policy explains:

  • What personal data we receive from you through this website, other UPC software or other means of contact (including phone, SMS, email, post and other correspondence, or in person);
  • What we do with your personal data;
  • What your options are to control what we do with your personal data.

Please note that:

  • We process this data on the basis of your explicit consent;
  • By using our website, you agree to be bound by this Policy;
  • We may change this Policy sometimes (see “Policy Updates”) so please check this page occasionally to ensure that you are happy with any changes.

Any questions concerning this policy should be addressed to the UPC Data Protection Officer at:

Post Data Protection Officer
Centre des technologies de l’information de l’État
1, rue Mercier
L-2144 Luxembourg
Telephone +352 247 81800
Email dataprotection@ctie.etat.lu

We obtain information about you when you browse our website, register on one of our applications, or contact us using the contact form.

We collect data using two means: when browsing this website, by filling the contact form (https://www.unified-patent-court.org/contact). 

Corporate website browsing

We collect data using cookies. A cookie is a small data file, which typically includes a unique identifier sent to a web browser from a visited website and stored on the user’s device. The pages and images, along with a cookie, are downloaded to the device. 

This is a standard and common procedure as cookies enable website publishers to collect useful data in order to improve the efficiency and usability of the web site. 

How to control and delete cookies

We will not use cookies to collect personally identifiable information about you. However, you may restrict or block the cookies used by this website through your browser settings. 

Please be aware that restricting cookies may affect the functionality of this website.

The cookies used by the UPC website

Name Source Expires Purpose
cookie-agreed UPC website 100 days To record that user has agreed to the use of cookies
__cfduid CloudFlare Content Delivery Network 1 year To identify individual users and exempt them from security restrictions
_dc_gtm_
[followed by code]
Google Analytics With browser session To restrict the volume of data sent to Google
_ga Google Analytics 2 years To distinguish users
_gid Google Analytics 1 day To distinguish users
has_js UPC website With browser session To record whether the browser has JavaScript enabled, which allows additional functionality

Google Analytics is a service we use to monitor traffic levels on the site and its pages. Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

Further information is available on how to reject or delete Google’s cookies.

The contact form

The form at www.unified-patent-court.org/contact collects the user’s name and email address, along with any other information included in the subject or message body.

Corporate website browsing

We use cookies to collect information on your session. We take precautions to protect your personal data, including:

  • Data minimization – we don’t request unnecessary data or hold it for longer than needed;
  • Data anonymization – where necessary, we alter data so that it does not identify individuals;
  • Transparency – documents such as this privacy policy should make it clear and unambiguous as to what we do with your data;
  • Creating and improving security features on an ongoing basis.

The contact form

Submissions via the online form are emailed to contact@unifiedpatentcourt.org for evaluation by the secretariat and processing.

Once processed, the data included in the submission form might be retained no more than 10 years in our archives.

Data processors

Your Personal Data will be shared with third parties who act as Data Processors listed hereunder:

  • T-Systems Limited as a hardware infrastructure supplier — Futura House, Bradbourne Drive, Tilbrook, Milton Keynes MK7 8AZ, England, tel.: +44 800 036 46 56;
  • Omnis Systems Ltd as mail supplier — The Sussex Innovation Centre, University of Sussex, Science Park Square, Falmer,  Brighton, BN1 9SB, tel.: +44 845 5218299;
  • Blue-Bag Ltd as developers and designers for UPC website — The Garage, Manor Farm Chilcompton, Radstock, Somerset, BA3 4HP, United Kingdom, tel.: +44 01761 411542;
  • ReachMee as recruitment platform — Rosenlundsgatan 52 118 63 Stockholm Sweden, tel.: +46 08 410 366 00.
Name Description Data retention time
T-Systems Limited UK Hardware infrastructure supplier 10 years
Omnis Systems Ltd UK Mail supplier 10 years
Blue-Bag Ltd UK Developers and designers for UPC website 10 years
ReachMee Sweden Recruitment platform 10 years

The Data Processors and all the staff explicitly authorized by the Data Controller (Software Developers, Analysts and staff of the Court) are committed to an appropriate processing, ensuring that the rights of the Data Subject are safeguarded.

In compliance with the EU Regulation 2016/679, your Personal Data might be communicated out of the European Union. In particular:

Name Description Data retention time
Alphabet Inc.
Mountain View, USA
Google Analytics and Google Tag Manager functionality for the UPC website 14 months
Amazon Web Services Inc.
Seattle, USA
Cloud storage for UPC website backups 1 month
The Rocket Science Group
Atlanta, USA
Email newsletter functionality, using MailChimp service 10 years

The General Data Protection Regulation grants the following rights to natural persons (for more details and for the relevant preconditions, see Art. 13 to 22 EU GDPR):

  • The right to be informed
    You must be informed on what we do with your data in a concise, transparent, intelligible and easily accessible form, using clear and plain language. This is the purpose of this policy.
  • The right of access
    You have the right to access the data we store on your behalf, to know where they are stored and how they are treated.
  • The right to rectification
    You can ask us to correct any personal data we hold on you.
  • The right to erasure
    In some circumstances, you can ask us to delete any personal data we hold about you, under the “right to be forgotten”.
  • The right to restrict processing
    In some circumstances, you can object to our processing of your personal data, or restrict certain types of processing.
  • The right to data portability
    In some circumstances, you can ask us for a copy of your personal data for re-use elsewhere. We will provide the personal data in a structured, commonly used and machine-readable form, such as CSV files.
  • The right to object and the right not to be subject to automated decision-making including profiling
    In some circumstances, you can object to your personal data to be used. This includes any usage for marketing outcomes and scientific and historic research.

Your rights

You can exercise your rights by sending an email to contact@unifiedpatentcourt.org. Your request will be processed within one month (may be extended by two further months where necessary, taking into account the complexity and number of the requests) if accepted or rejected should it be considered unfounded as per article 12(5) of the EU GDPR regulation (EU) 2016/679. In both cases, a notification will be sent to the requester.

The Data Controller reserves the right to modify, update, add or remove parts of this document at its own discretion and at any moment.

The Data Subjects are held to periodically check any possible modifications.

This Policy was last updated on 23 August 2018.

Should you have any inquiry about this policy, please contact our Data Protection Officer (DPO) at:

Data Protection Officer
Centre des technologies de l’information de l’État

Post: 1, rue Mercier. L-2144 Luxembourg

Tel: +352 247 81800

Email: dataprotection@ctie.etat.lu