☰ Menu
Institute of Professional Representatives before the European Patent Office

Privacy Policy

Welcome to our website.
Below we inform you about the handling of your data acc. to Art. 13 General Data Protection Regulation (GDPR).


A. Controller

The European Patent Institute (epi), Bayerstrasse 83, 80335 Munich, Germany, is responsible for data collection and processing.


B. Data Processing

1. Communication by Email / Phone / Post / Contact Form

1.1. Purpose of the Data Processing / Legal Basis: 

All personal data that we receive from you via email, phone, post or our contact form will of course be treated as confidential, and your data will be used solely to process your request. The legal basis for this processing is Article 6(1) point (f) GDPR, and the legitimate interest of the Institute is to answer requests from our members, students, clients and stakeholders in order to maintain and promote their satisfaction. 

1.2. Recipients / Categories of Recipient 

In principle we will not transfer your data to any third parties outside epi. An exception to this is when data are processed on our behalf by external processors. These processors have been carefully selected and audited by us, and are subject to the contractual obligations of Article 28 GDPR. 

1.3. Storage Duration / Criteria for Determining Storage Duration 

All personal data you disclose to us in connection with your inquiries shall be deleted or securely anonymized no later than 90 days after you have received our final reply. 


2. Data Processing in Performance of a Contract 

2.1. Purpose for the Data Processing / Legal Basis: 

When performing a contract, we shall process first names and surnames, email addresses, phone numbers, billing addresses and payment details on the basis of Article 6(1) point (b) GDPR. 

2.2. Recipients / Categories of Recipient

Personal data shall be forwarded as necessary to companies engaged in performing the contract, such as hotels (for hotel bookings), names of participants at events, etc. Occasionally, data will be processed on our behalf by external processors. These processors have been carefully selected and audited by us, and are subject to the contractual obligations of Article 28 GDPR.

2.3. Storage Duration / Criteria for Determining Storage Duration 

Data necessary for performance of a contract shall only be kept long enough to deal with any questions that may arise, and shall be deleted no later than three years after the contract has ended. Data shall not be deleted if unsatisfied claims exist and cannot yet be settled. Should a legal retention requirement apply, the applicable data shall be stored for the duration of the legally defined period.  


3. Data Processing of Contact Partners 

3.1. Purpose for the Data Processing / Legal Basis: 

Our Institute processes the data of contact persons of members, students, clients, stakeholders, suppliers and other business partners for communication via email, telephone, fax and post under the legal basis of Article 6(1) point (f) GDPR. Our legitimate interest arises from our interest in conducting or commencing business relations with our clients, stakeholders, suppliers and other business partners, for which we need to maintain personal contact with the contact persons.

3.2. Recipients / Categories of Recipient 

Data will not be forwarded to third parties by epi unless explicit consent has been granted, or such forwarding corresponds to standard commercial practice in the instance in question. An exception is when data are processed on our behalf by external processors. These processors have been carefully selected and audited by us, and are subject to the contractual obligations of Article 28 GDPR. 

3.3. Storage Duration / Criteria for Determining Storage Duration 

Personal data for the purposes of conducting business relations shall be stored for as long as we have a legitimate interest.


4. Data Processing on the Basis of Consent  

4.1. Purpose of the Data Processing / Legal Basis: 

If you have granted special consent to be informed of upcoming events, your data will be processed correspondingly in accordance with Article 6(1) point (a) GDPR. 

4.2. Recipients / Categories of Recipient 

Data will not be transferred by epi to any third parties. An exception to this is when data are processed on our behalf by external processors. These processors have been carefully selected and audited by us, and are subject to the contractual obligations of Article 28 GDPR.

4.3. Storage Duration / Criteria for Determining Storage Duration 

Personal data are stored for the purpose of passing on information for as long as we have a legitimate interest.

You may withdraw consent at any time by sending an email to info@patentepi.com, without this affecting the legitimacy of any processing carried out until then. If you withdraw your consent, we shall cease data processing accordingly.


5. Data Processing to Fulfil Legal Obligations: 

5.1. Purpose of the Data Processing / Legal Basis: 

We process the following mandatory data for the Institute: title, surname, first name, nationality of member, company registered office or workplace address, year of European qualifying examination (EQE), year of registration, deletion or change of EPO email address and payment details for collection of membership fees. We also process the following voluntary details: phone number, fax number, website, email address, date of birth, EPO account number, and alternative billing addresses. This processing is necessary for membership administration and its basis is Article 6(1) point (c) GDPR. The legal obligation can be found in the Regulation on the establishment of an institute of professional representatives before the European Patent Office (Founding Regulation), accepted by the Administrative Council of the European Patent Organisation, having regard to the European Patent Convention 1973. 

5.2. Recipients / Categories of Recipient 

Data shall not be transferred by epi to third parties. An exception to this is when data are processed on our behalf by external processors. These processors have been carefully selected audited by us, and are subject to the contractual obligations of Article 28.

5.3. Storage Duration / Criteria for Determining Storage Duration 

Personal data shall be stored for the purposes of administration of members’ data.


6. Data Processing on the Website 

6.1. General Data Processing 

IP address Storage 

We shall store the IP address passed on by your web browser for a period of seven days, strictly for the purposes of recognising and resolving attempted attacks on our websites. After this period, the IP address will be deleted or anonymized, in accordance with Article 6(1) point (f) GDPR. 

Usage Data 

When you visit our website, "usage data" is stored temporarily on our web server. The data are stored as a record for statistical purposes to improve the quality of our website. This data record consists of 

  • the page from which the data was requested,
  • the file name
  • the date and time of the request, 
  • the data quantity transferred, 
  • the access status (file transferred, file not found), 
  • the description of the type of the browser used, 
  • the IP address of the device from which the request came, abbreviated to prevent any link to a person. 

This log data is only stored in anonymised form.

6.2. Data Transfer to Third Parties 

Under Article 28 GDPR we may transfer your personal data to processors who support us in operating our websites and the associated processes. Our service providers are strictly bound by our instructions and are subject to the associated contractual obligations. We use the following service providers: hosting services and external IT service providers. 

We will only transfer your data to a third party if authorisation to transfer under data protection law exists (e.g. under the legal provisions referred to above).

We shall never sell your personal data to third parties or market it in any other way. 

6.3. Cookies

We use cookies on our websites. "Cookies" are small pieces of data, stored on and readable from a user’s computer. A distinction is made between session cookies that are deleted as soon as you close your browser, and permanent cookies that are stored for longer than an individual session. Cookies may contain data that allow the user’s device to be identified. Cookies may also contain information regarding particular browser settings, but these are not personally identifiable.  

We use session cookies on our web sites. The legal basis for doing so is Article 6(1) point (f) GDPR and is in the interests of an improved user experience and optimized website performance.

You can set up your browser in such a way that you are informed when cookies are being downloaded. This will make the use of cookies more transparent for you. You can also delete existing cookies and prevent cookies from being downloaded to your device via your browser settings. Please note that in this case, our web pages may not be displayed in the best way and that some functions may not be available. 

6.4. Restricted Access Area

6.4.1. Registration for the Restricted Access Area 

If you wish to access to the restricted access area for epi members, you have to register first. We shall check your epi membership under Article 6(1) point (f) GDPR to ensure that you are entitled to have access. We have a legitimate interest in ensuring that only members of epi have access to the restricted access area. We shall collect the following details: membership number, name and surname, and your EPO email address as user name. You may change your profile details within this account at any time. You may request the deletion of your profile at any time by sending a request to info@patentepi.com.

6.4.2. Forum

If you wish to participate in the forum, you must have a user profile and be an epi member. We will process your data in accordance with our legitimate interest under Article 6(1) point (f) GDPR, which in this case is the ability of our members to engage with one another over a platform. The content of the forum is generally not moderated. However, we retain the right to delete entries or block users from accessing the forum, particularly if entries meet relevant criminal law provisions.

6.4.3. Info-Mail

You may also subscribe to our info-mail service, provided on the basis of a legitimate interest under Article 6(1) point (f) GDPR, to receive information about developments on our homepage. This option is not automatic and can be activated or deactivated by you at any time. 

6.4.4. Messenger

Our website offers a facility for sending and receiving messages to other registered epi members using our messenger service. This function is provided on the basis of a legitimate interest under Article 6(1) point (f) GDPR so that you can contact other epi members. Your ‘chat partner’ must know your full name and enter you as a recipient. Messages are stored until you choose to delete them. 

6.4.5. Membership Fees 

We store and use the personal data that you disclose to us when paying membership fees solely for operating the payment procedure for membership fees in accordance with Article 6(1) point (c) GDPR, and forward the necessary data for payment to the instructing bank. If you choose to pay using PayPal, the data are shared with PayPal. You may also pay using a credit card or by bank transfer. We require your email address to inform you of the status of the process.

If payment services are needed for making payment (PayPal, Wirecard), we will forward your data to the chosen service provider.

PayPal
The privacy policy of PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg can be found at the following link:
https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

Wirecard
The privacy policy of Wirecard Bank AG, Einsteinring 35, 85609 Aschheim can be found at the following link:
https://www.wirecardbank.de/privacy-policy/

6.5. Events 

You can book your participation at events on our website. To fulfil the order, we process the following data: surname, first name, membership status, membership number, email address, phone number, billing address, EQE-Knowledge (optional) on the basis of Article 6(1) point (b) GDPR. We require your email address to inform you of the status of the process. We pass on the necessary data to the instructing bank for the fees to be paid. If you choose to pay using PayPal, the details are shared with PayPal. You may also pay using a credit card or by bank transfer.

If payment services are needed for making payment (PayPal, Wirecard), we will forward your data to the chosen service provider.

PayPal
The privacy policy of PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg can be found at the following link:
https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

Wirecard
The privacy policy of Wirecard Bank AG, Einsteinring 35, 85609 Aschheim can be found at the following link:
https://www.wirecardbank.com/privacy-policy/

6.6. Registration of epi students 

Candidates preparing themselves for the European qualifying examination (EQE) can register as epi students on the website. The data set out below will be processed under Article 6(1) point (b) GDPR as regards performance of this contract and under Article 6(1) point (c) GDPR as regards compliance with legal obligations: surname, first name, name at birth, place of birth, e-mail address, phone number, billing address, copy of personal identity card or passport, copies of degrees or other academic certificates or qualifications, registration certificate from the Examination

Secretariat for the European qualifying examination should you already be registered for the EQE or for the pre-examination and a copy of your internship or certificate of employment. We require your email address for sending you information about student membership of the epi. If you have given consent, you will receive information regarding various events and seminars, as well as our quarterly published magazine “epi Information”. We shall pass on the necessary data to the instructing bank for the fees to be paid. If you choose to pay using PayPal, the details are shared with PayPal. You may also pay using a credit card or by bank transfer.

If payment services are needed for money transfer (PayPal, Wirecard), we will forward your details to the chosen service provider.

PayPal
The privacy policy of PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg can be found at the following link:
https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

Wirecard
The privacy policy of Wirecard Bank AG, Einsteinring 35, 85609 Aschheim can be found at the following link:
https://www.wirecardbank.com/privacy-policy/

6.7. Institute Twitter Page


The Institute operates an official Twitter page under the URL https://www.twitter.com/patentepi, on the basis of Article 6(1) point (f) GDPR. We never collect, store or process the personal data of our users on this page. Furthermore, no other data processing is undertaken or initiated by us. 

Our Data Processing 

The data that you place on our social media pages such as comments, videos, pictures, likes, tweets, etc. are published by the social media platform and are never used or processed by us for any other purpose. We only retain the right to delete content should this be considered necessary. We may also share your content on our page if this is a function of the social media website, and communicate with you over the social media platform. The legal basis for this is Article 6(1) point (f) GDPR. The data processing is in the interests of our public relations and communication. 

If you wish to object to a specific item of data processing, please contact info@patentepi.com or the contact details listed in the imprint. We will then review your objection. 

Should you submit a request to us over the social media platform, depending on the answer required we may indicate other, more secure ways in which you can contact us to guarantee confidentiality. You will always have the opportunity to send requests to us at the address listed in the imprint. 

Data Processing via the Operator of the Social Media Platform 

We cannot guarantee that the operator of the social media platform does not implement web tracking. Web tracking can also occur independently of whether you are registered for the social media platform. Unfortunately, we have no input as to the methods of tracking that the social media platform implements. 

Please be aware that there is no guarantee that the operator of the social media platform will not evaluate your profile data and your behaviour, such as your likes/dislikes, relationships, and hobbies. We have no input as to the methods of processing that occurs on the social media platform.

Further information regarding the data processing that occurs can be found in Twitter’s privacy policy: https://twitter.com/uk/privacy.

6.8. Contact Form 

You may contact us via our online contact form, for which we require your name and email address to enable you to use the form. You may give us more information, though you are not required to do so.

The legal basis for this processing is Article 6(1) point (f) GDPR. Your data will only be processed by the controller and will subsequently be deleted. Your data will not be transferred to third parties.  

6.9. Google Maps

In order for you to find our business premises easily, we have inserted a link to the mapping service GoogleMaps in the Contact section of this website. This service is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Through the use of Google Maps, information regarding your use of the service (particularly the IP address of your device) can be sent to a server belonging to Google LLC in the US and stored there. We have no influence over any further processing that takes place there. 

The terms of use for Google Maps can be found here: http://www.google.com/intl/en_en/help/terms_maps.html. If you do not wish your data to be processed by Google LLC, deactivate the Java-Script Function in your browser to view a restricted version of the website. 

Detailed information regarding the data protection regulations of Google can be found at: https://policies.google.com/privacy?hl=en&gl=uk. To adjust your settings regarding the use of your data or raise an objection regarding processing, use https://adssettings.google.com.

6.10. Our Security Measures 

We implement technical and organisational measures to protect your data from unauthorized access, as well as an encryption process on our web pages. The data transferred from your device to our server, and vice versa, are secured using 1.2 TLS encryption. You will recognise this from the symbol of a padlock in the status bar of your browser, and the fact that the address line begins with https://.

6.11. Storage Duration / Criteria for Defining the Storage Duration:

Personal data shall be stored for the purpose of carrying out the data processing for as long as we have a legitimate interest, or for as long as a legal retention period, a legal requirement, consent or a valid contract exists. 


7. Rights of the User 

The GDPR guarantees you certain rights as a user of this website as regards processing of your personal data: 

7.1. Right of Access (Article 15 GDPR) 

You have the right to request confirmation as to whether your personal data is being processed; if this is the case, you have the right to information regarding this personal data and to the information listed in Art 15 GDPR.  

7.2. Right to Rectification and Erasure (Art 16 and 17 GDPR)

You have the right to request the immediate correction of incorrect personal data and, where necessary, the completion of incomplete personal data. 

Furthermore, you also have the right to request that your personal data is immediately deleted provided that one of the reasons listed in Art 17 GDPR applies, e.g. if the data are no longer required for the purposes for which it was collected.

7.3. Right to Restriction of Processing (Article 18 GDPR) 

You have the right to request the restriction of data processing if one of the requirements listed in Art 18 GDPR is met, e.g. if you have submitted your objection to processing, for the duration of any verification. 

7.4. Right to Data Portability (Article 20 GDPR) 

In certain cases, which are listed in Art 20 GDPR, you have the right to receive your personal data in a structured, accessible and machine-readable format, or to request these data to be transferred to a third party. 

7.5. Right to Object (Article 21 GDPR) 

If data are collected on the basis of Article 6(1) point (f) GDPR (data processing for the purposes of legitimate interests), you have the right to object to the processing at any time for reasons that arise from your particular situation, by emailing info@patentepi.com. We will then cease to process the personal data, unless there are compelling legitimate grounds for continued processing which override the interests, rights and freedoms of the data subject, or if the processing serves the enforcement, exercise or defence of legal claims  

7.6. Right to Lodge a Complaint with a Supervisory Authority 

You have the right under Article 77 GDPR to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes data protection laws. The complaint can be lodged with the supervisory authority of the state that you live in, the state that you work in, or the place where the alleged infringement is said to have taken place.


8. Contact Details of the Data Protection Officer 

Our company data protection officer will be pleased to answer any queries and address any concerns you may have on all matters relating to data protection: 

datenschutz süd GmbH

E-Mail: office@datenschutz-sued.de

Phone: +49 931 – 30 49 76 0