Skip to main content

Privacy Policy

page banner image

Personal Data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Data Subject is the natural person whose Personal Data is processed by a Data Processor.

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Pseudonymization is any processing of Personal Data such that it can no longer be attributed to a single Data Subject without the use of additional data.

For more details and/or for additional definitions in the context of Data Protection, please refer to Art. 4 EU GDPR

General Data Protection Regulation is the European standard in relation to data protection. The regulation aims to protect better your Personally Identifiable Information. The EU Regulation 2016/679 has entered into force in May 25, 2018 and is applicable to all commercial or public entities that hold or process individuals’ data within the EU, no matter of the geographical location of the entity.

As Data Controller, the Registrar of the Unified Patent Court, will control the processing of your information which will be stored in the Unified Patent Court IT systems.

With this document, the Data Controller wants to inform you about the principles according to which your Personal Data will be processed, considering that this processing will be characterized by appropriacy, licitness, transparency and protection of your privacy and your rights. This policy explains:

  • What personal data we receive from you through this website, other UPC software or other means of contact (including phone, SMS, email, post and other correspondence, or in person);
  • What we do with your personal data;
  • What your options are to control what we do with your personal data.

Please note that:

  • We process this data on the basis of your explicit consent;
  • By using our website, you agree to be bound by this Policy;
  • We may change this Policy sometimes (see “Policy Updates”) so please check this page occasionally to ensure that you are happy with any changes.

Any questions concerning this policy should be addressed to the e UPC’s Data Protection Officer at:

Unified Patent Court

1, Rue du Fort Thüngen

L-1499 - Luxemburg


We obtain information about you when you browse our website, register on one of our applications, or contact us using the contact form.

We collect data using two means: when browsing this website, by filling the contact form ( 

Corporate website browsing

We collect data using cookies. A cookie is a small data file, which typically includes a unique identifier sent to a web browser from a visited website and stored on the user’s device. The pages and images, along with a cookie, are downloaded to the device. 

This is a standard and common procedure as cookies enable website publishers to collect useful data in order to improve the efficiency and usability of the web site. 

How to control and delete cookies

We will not use cookies to collect personally identifiable information about you. However, you may restrict or block the cookies used by this website through your browser settings. 

Please be aware that restricting cookies may affect the functionality of this website.

The cookies used by the UPC website


cookie-agreedUPC website100 daysTo record that user has agreed to the use of cookies

__cfduidCloudFlare Content Delivery Network1 yearTo identify individual users and exempt them from security restrictions

has_jsUPC websiteWith browser sessionTo record whether the browser has JavaScript enabled, which allows additional functionality

The contact form

The form at collects the user’s name and email address, along with any other information included in the subject or message body.

Spam Protection

The contact form is protected against automated submission by using a challenge mechanism.This type of service analyzes the traffic of this Application, potentially containing Users' Personal Data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.
The service we use for this is Google reCAPTCHA (Google Inc.)
Google reCAPTCHA is a SPAM protection service provided by Google Inc.
The use of reCAPTCHA is subject to the Google privacy policy (  and terms of use (
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy (

Corporate website browsing

We use cookies to collect information on your session. We take precautions to protect your personal data, including:

  • Data minimization – we don’t request unnecessary data or hold it for longer than needed;
  • Data anonymization – where necessary, we alter data so that it does not identify individuals;
  • Transparency – documents such as this privacy policy should make it clear and unambiguous as to what we do with your data;
  • Creating and improving security features on an ongoing basis.

The contact form

Submissions via the online form are emailed to for evaluation by the secretariat and processing.

Once processed, the data included in the submission form might be retained no more than 10 years in our archives.

Data processors

Your Personal Data will be shared with third parties who act as Data Processors listed hereunder:

  • Proximus Luxembourg S.A. as a hardware infrastructure supplier — 18, rue du Puits Romain Z.A. Bourmicht 8070 Bertrange, tel.: +352 27 777 00;
  • Blue-Bag Ltd as developers and designers for UPC website — The Garage, Manor Farm Chilcompton, Radstock, Somerset, BA3 4HP, United Kingdom, tel.: +44 01761 411542;
  • ReachMee as recruitment platform — Rosenlundsgatan 52 118 63 Stockholm Sweden, tel.: +46 08 410 366 00;
  • Net Service as a software supplier — Galleria Marconi 2, 40122 Bologna (BO), Italy, tel.: +39 0516241989.
NameDescriptionData retention time
Proximus Luxembourg S.A.Hardware infrastructure supplier10 years
Blue-Bag Ltd UKDevelopers and designers for UPC website10 years
ReachMee SwedenRecruitment platform10 years
Net ServiceSoftware supplier10 years

The Data Processors and all the staff explicitly authorized by the Data Controller (Software Developers, Analysts and staff of the Court) are committed to an appropriate processing, ensuring that the rights of the Data Subject are safeguarded.

In compliance with the EU Regulation 2016/679, your Personal Data might be communicated out of the European Union. In particular:

NameDescriptionData retention time
Amazon Web Services Inc.
Seattle, USA
Cloud storage for UPC website backups1 month
Google Inc.Service Provider (reCaptcha , Apigee )18 months

The General Data Protection Regulation grants the following rights to natural persons (for more details and for the relevant preconditions, see Art. 13 to 22 EU GDPR):

  • The right to be informed
    You must be informed on what we do with your data in a concise, transparent, intelligible and easily accessible form, using clear and plain language. This is the purpose of this policy.
  • The right of access
    You have the right to access the data we store on your behalf, to know where they are stored and how they are treated.
  • The right to rectification
    You can ask us to correct any personal data we hold on you.
  • The right to erasure
    In some circumstances, you can ask us to delete any personal data we hold about you, under the “right to be forgotten”.
  • The right to restrict processing
    In some circumstances, you can object to our processing of your personal data, or restrict certain types of processing.
  • The right to data portability
    In some circumstances, you can ask us for a copy of your personal data for re-use elsewhere. We will provide the personal data in a structured, commonly used and machine-readable form, such as CSV files.
  • The right to object and the right not to be subject to automated decision-making including profiling
    In some circumstances, you can object to your personal data to be used. This includes any usage for marketing outcomes and scientific and historic research.

Your rights

You can exercise your rights by sending an email to Your request will be processed within one month (may be extended by two further months where necessary, taking into account the complexity and number of the requests) if accepted or rejected should it be considered unfounded as per article 12(5) of the EU GDPR regulation (EU) 2016/679. In both cases, a notification will be sent to the requester.

The Data Controller reserves the right to modify, update, add or remove parts of this document at its own discretion and at any moment.

The Data Subjects are held to periodically check any possible modifications.

This Policy was last updated on July 28, 2023.

In accordance with Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and the free movement of such data, the Supervisory Authority is the Commission Nationale pour la Protection des Données ( which can be contacted at 1 Avenue du Rock'n'Roll, L-4361 Esch-sur-Alzette.

Should you have any inquiry about this policy, please contact our Data Protection Officer (DPO) at:

Unified Patent Court

1, Rue du Fort Thüngen

L-1499 - Luxemburg