Data protection and privacy
All personal data collected on the CPC website is managed by the EPO and processed in accordance with the Guidelines for the protection of personal data in the European Patent Office, which aim to ensure the highest standards when handling user information. Please read these guidelines carefully.
The EPO’s Data Protection Officer monitors the observance of the guidelines with respect to all processing operations performed by the EPO. The Data Protection Officer is independent in his/her function.
EU General Data Protection Regulation (GDPR)
The EPO is an international organisation established by the European Patent Convention and as such is not directly bound by the EU’s General Data Protection Regulation (GDPR). It strives to keep its data protection framework in line with current best practices. A recent audit report has confirmed that it is in close alignment with the GDPR legal framework.
It applies to the CPC website only. Users are encouraged to review the respective privacy policies of other websites linked from the CPC website in order to obtain more information about the processing and use of personal data collected by those websites.
The controller of personal data collected via the website is
Director Prior Art and Classification
Purposes and legal basis for the processing of the users’ personal data
When a user visits the CPC website, the EPO collects and stores the personal data assigned to that user's device in the form of data sets in order to provide them with access to the website and the requested content as well as to optimise their user experience.
The following data sets are generated on our web servers and stored in our log files:
- Anonymised IP address assigned to the user's access device - date and time of the user's request for a web resource (URI)
- The user’s geographic location (city, district, country)
- For users from the EPO’s partner offices (national and international patent offices): name and country of the partner office
- Web resource (URI) requested by the user
- Web resource (URI) the user previously requested (if the referrer field is available)
- Browser and platform information of the user's device (if the user agent field is available)
The above data sets are stored in our database and are subject to analysis by software that helps us to better understand the usage of information provided on our websites. The purpose of such analyses is to enhance the quality of our services for the broad public. It is not done for the purpose of attributing information in the logfiles to individual users.
The storage and maintenance of data sets is a basic requirement for the provision of the website and the security of our IT systems and as such is not negotiable.
Cookies are small text files sent by a website server and stored on your device (e.g. computer, tablet or phone).
When you visit the CPC website, cookies are used for web session management, to analyse how visitors use the website and also for web browser security. They are also implemented to ensure the proper technical functioning of the website and for the purpose of tracking usage trends on an aggregated basis. For this reason, we may collect some data on your browsing experience.
This information is used to gather aggregated and anonymous statistics with a view to improving our services and your user experience. None of the cookies require your consent. The collection, aggregation and anonymisation of this data in the form of the aforementioned data sets is performed in the EPO’s data centre with the necessary security measures.
The CPC website also complies with the Do Not Track (DNT) option. If you enable the DNT option in your web browser, we will respect your choice, and your browsing experience on our website will not be tracked for our anonymised statistics. Instructions on how to activate this option can be found below:
Sharing of personal data outside the EPO
The EPO does not share any information contained in cookies or data sets collected within the scope of the CPC website with any third parties.
No personal data is shared with third parties. Aggregated and anonymous information on the CPC website usage statistics are shared with the USPTO and may be made publicly available on the CPC website or in EPO publications.
Data storage and retention period
Personal data collected via the CPC website will be deleted or anonymised as soon as it is no longer required for the purposes for which it has been collected, unless further processing or storage of the data is necessary in order to comply with legal obligations according to Article 5(a) of the Guidelines for the protection of personal data in the European Patent Office.
Changes to this policy
Users’ rights and how to contact the EPO
Users have the following rights:
- Right of access: Users have the right to request confirmation as to whether or not their personal data is being processed and, where that is the case, to request access to their personal data and to information such as the purpose of the processing or the categories of personal data concerned.
- Right to rectification: Users have the right to request the correction of inaccurate personal data.
- Right to block data: Users have the right to ask the EPO to restrict the processing of their personal data under certain circumstances, e.g. if they think that the personal data the EPO processes about them is incorrect or unlawful.
- Right to erasure: Users have the right to request erasure of personal data without undue delay under certain circumstances, e.g. if their personal data is no longer necessary for the purposes for which it was collected or if it has been unlawfully processed.
- Right to object: Users have the right to object to the processing of their personal data under certain circumstances.
Users can assert their above-mentioned rights by contacting the administrator of the CPC website at email@example.com
You can also write to the EPO's Data Protection Officer at firstname.lastname@example.org.