Data protection & privacy
The European Patent Organisation is committed to protecting privacy and the personal data users provide when using our website.
All personal data managed by the EPO is processed in accordance with the EPO Data Protection Guidelines, which aim to ensure the highest standards when handling user information. Please read this information carefully.
A Data Protection Officer monitors the observance of the guidelines with respect to all processing operations performed by the EPO. He/she is independent in his/her function.
- Download EPO Data Protection Guidelines (PDF, 178 KB) (extract from the EPO Service Regulations)
EU General Data Protection Regulation (GDPR)
The EPO is an international organisation established by the European Patent Convention (EPC) and, as such, is not directly bound under the GDPR. The EPO strives to keeping its data protection framework in line with the current best practices and a recent audit report has confirmed a close alignment with the GDPR legal framework.
This Policy only applies to www.epo.org. Users are encouraged to review the respective privacy policies of those other websites in order to obtain more information about the processing and use of personal data collected by those websites.
The controller of personal data collected via the Website is
Purposes and legal basis for the processing of the users’ personal data
When visiting and browsing the Website, the EPO collects and stores personal data assigned to the users' device in order to provide users with access to the Website, the requested content as well as optimising the Website.
The following datasets are generated on our web servers and stored in our log files:
- IP address assigned to the user's access device - date and time of the user's request for a Web resource (URI)
- Web resource (URI) requested by the user
- Web resource (URI) the user previously requested (if the referrer field is available)
- Browser and platform information of the user's device (if the user agent field is available)
- Size of server response in bytes
- Time taken to server the request
The above datasets are stored in our logfiles and subject to analysis by software that helps us to better understand the usage of information provided on our websites. The purpose of such analysis is to enhance the quality of our services for the broad public. Attribution of information in the logfiles to individuals is neither done nor intended.
Storage and maintenance of the above datasets is a basic requirement for the provision of our websites and the security of our IT systems and as such not negotiable.
Social network features
The Website uses social plug-ins of Facebook, Twitter, LinkedIn, Xing and YouTube (hereinafter the "Social Media Providers"). In case users are logged into their respective social network accounts (Facebook, Twitter, LinkedIn, Xing, YouTube) when visiting the Website, the Social Media Providers might assign user's visit to their network account. If users are using the functions of the social plug-ins, this information will also be transmitted directly from the users' browser to the respective Social Media Providers and may be stored there.
For more information on the purposes, the scope and the use of the data by those Social Media Providers, users are encouraged to review the relevant privacy policies of the respective Social Media Providers.
Recipients of personal data
The EPO uses service providers or other third parties to help provide the EPO products or services accessible via the Website. Such service providers may have access to the users' personal data. Regardless of where these service providers or other third parties are located, the EPO requires that they also comply with the applicable laws, including the EPO Data Protection Guidelines. The EPO uses the following categories of service providers or other third parties: third party developers, social media providers.
Data storage and retention period
Personal data collected via the Website will be deleted or anonymized as soon as it is no longer required for the purposes for which it has been collected, unless further processing or storage of the users' personal data is necessary in order to comply with a respective legal obligation.
Changes to this Policy
Users’ rights and how to contact the EPO
Users have the following rights:
- Right of access: Users have the right to request confirmation as to whether or not their personal data is being processed, and, where that is the case, to request access to the personal data and information such as the purposes of the processing or the categories of personal data concerned.
- Right to rectification: Users have the right to request the correction of inaccurate personal data.
- Right to blocking the data: Users have the right to request the EPO to restrict the processing of their personal data under certain circumstances, e.g. if they think that the personal data the EPO processes about the user is incorrect or unlawful.
- Right to erasure: Users have the right to request erasure of personal data without undue delay under certain circumstances, e.g. if their personal data is no longer necessary for the purposes for which it was collected or if their personal data has been unlawfully processed.
- Right to object: Users have the right to object to the processing of their personal data under certain circumstances.
Users can assert their abovementioned rights by contacting the EPO at firstname.lastname@example.org
You may consult the EPO's Data Protection Officer at DPO@epo.org
- EPO data protection guidance when using Zoom for oral proceedings by VICO
- Privacy statement on the processing of personal data in relation to the EPO podcast
- Data protection statement on the processing of personal data in Okta's Customer Identity and Access Management (CIAM) system