Privacy Statement and Security Policy
Website Privacy and Data Protection
Personal data supplied to the Intellectual Property Office of Ireland pursuant to the Patents Act 1992 and 2009, the Trade Marks Act, 1996, the Industrial Designs Act, 2001, the Copyright and Related Rights Act, 2000 and any other Acts, Rules or Regulations for which the Controller of Intellectual Property has statutory responsibility (e.g. name and address of applicants, their legal representatives and address for service in respect of an application for, or registration of, intellectual property rights or the maintenance of those rights), falls outside the scope of the Data Protection Acts 1988-2018, if the data are "personal data consisting of information that the person keeping the data is required by law to make available to the public". The Intellectual Property Office of Ireland makes data available to the public via the Intellectual Property Office of Ireland Registers and search systems and publications in the Office’s Official Journal. These data fall outside the terms of this Privacy Statement.
The General Data Protection Regulation (GDPR)
Under the General Data Protection Regulation and Data Protection Acts 1988-2018, the Intellectual Property Office of Ireland, as a Data Controller, has a legal responsibility to:
- Obtain and process personal data lawfully, fairly and in a transparent manner;
- Keep it only for one or more specified and explicit lawful purposes;
- Process it only in ways compatible with the purpose of which it was given initially;
- Keep data accurate, relevant and not excessive;
- Retain it no longer than is necessary for the specified purpose or purposes;
- Keep personal data safe and secure.
GDPR significantly changes data protection law in Europe by strengthening the rights of individuals and increasing the obligations on organisations. The Intellectual Property Office of Ireland has updated its Privacy Statement to provide you with detailed information on how we deal with the “personal data” we receive and, in particular, in relation to the following matters:
- The type of personal data the Intellectual Property Office of Ireland collects as a result of its relationship with its applicants and customers through their communications with the Office and through their use of the Office’s website, mobile applications and online services
- How we obtain and process personal data
- How we use personal data
- Disclosure or transfer of personal data
- Data Retention/Storage
- Our legal basis for collecting, processing and using personal data
- Your rights under the GDPR
- How we comply with Data Protection rules.
The data we collect about you
The Intellectual Property Office of Ireland has a legal basis for collecting your personal data. All personal data collected and processed by the Intellectual Property Office of Ireland is required to meet statutory obligations set out in the various Acts and Rules under which the Office operates and in accordance with Irish and EU data protection laws.
The personal data the Intellectual Property Office of Ireland collects and holds includes information required to identify you, your contact details and information in relation to any communications you may have with the Office in relation to intellectual property matters for which the Controller has functions and statutory responsibility under the various Acts and Rules.
We may also collect personal data from you when you use our website or when you participate in a survey operated by the Office, or when you contact us. Specifically, we may collect the following categories of information which can contain personal data:
- Name, home address, e-mail address, telephone number, and credit/debit card or other payment details;
- Intellectual Property (IP) information relating to applications, grants and registrations of IP rights which is recorded, published and stored on our registers and databases;
- Information about your use of the Intellectual Property Office of Ireland's website and online services;
- The communications you exchange with the Intellectual Property Office of Ireland or direct to us via letters, emails, fee payment services, calls, and social media.
Any personal information which is provided to the Intellectual Property Office of Ireland by way of completing an application form or provided in another format for any of the services the Office provides and administers will only be used by the Office for the purpose(s) for which it is provided.
How the Intellectual Property Office of Ireland obtains and processes personal data
The Intellectual Property Office of Ireland will obtain personal data from you directly through your use of the Office’s services and through your communications with us. From time to time, the Office also obtains personal data from other intellectual property offices. The Intellectual Property Office of Ireland processes personal data in order to allow it to manage the provision of services involving applications for IP rights as well as the grant, registration and maintenance of those rights and the publication of particulars of those rights in our public databases, registers and Official Journal.
- How the Intellectual Property Office of Ireland uses personal data
- Personal data may be used for the following purposes:
- Providing services in relation to the application, grant and registration of IP Rights.
- Contacting individuals by way of issuing reminders in relation to the maintenance of IP Rights.
- Communications in relation to our services and any changes to these services.
Credit or other payment card verification/screening. We do not retain credit or debit card numbers. The Intellectual Property Office of Ireland uses payment information such as names and addresses of payers for maintaining fee histories, accounting and audit purposes and to detect and/or prevent any errors or fraudulent activities.
Administrative or legal purposes, e.g. for statistical analysis, systems testing, maintenance and development, customer/user surveys or to deal with responses to notices and notifications, disputes and claims.
Security, health, administrative, crime prevention/detection. We may share your personal data with other government authorities or enforcement bodies in order to comply with legal requirements.
Who the Intellectual Property Office of Ireland may transfer or disclose personal data to
The Intellectual Property Office of Ireland will only share personal data with third parties where this is required for legitimate business purposes, legal and regulatory purposes and for compliance purposes (e.g. to meet mandatory reporting requirements of international agreements and treaties).
Examples of these third parties include:
- Other national or international intellectual property offices.
- Statutory, regulatory and law enforcement authorities as required by law.
- Trusted third parties who perform services for the Office, including ICT service providers, payment service providers and security providers.
- Credit and debit card companies which facilitate payments to the Intellectual Property Office of Ireland, and anti-fraud screening, which may need information about methods of payment to process payment or ensure the security of payment transaction.
Where such third parties operate internationally, the Intellectual Property Office of Ireland will endeavor to ensure that any transfer of personal data within or outside of the European Economic Area (EEA) is managed in accordance with any applicable international agreements and treaties and applicable data protection law.
Statutory provisions also allow the Intellectual Property Office of Ireland to make available under license, copies of its trade mark database which can contain personal data which has been submitted to the Intellectual Property Office of Ireland by applicants for trade mark registrations and registered trademarks. The licensed database only contains data which we are legally obliged to publish.
The Intellectual Property Office of Ireland may also make available information which includes personal data under the Re-use of Public Sector Information Regulations 2005 (SI 279 of 2005).
How long does the Intellectual Property Office of Ireland keep personal data
The Intellectual Property Office of Ireland will retain personal data for no longer than is necessary for the purpose for which it was obtained or submitted, and as and if required for statutory, legal, regulatory and legitimate business and operational purposes.
The legal basis under which the Intellectual Property Office of Ireland collects, processes and uses personal data
The Intellectual Property Office of Ireland collects and processes personal data in performance of the Controller’s statutory functions and in the exercise of and in compliance with the statutory obligations set out in the various Acts and Rules under which the Intellectual Property Office of Ireland operates.
The Office also processes personal data in order to allow it to operate as the national Intellectual Property Office of the State and to conduct business in a responsible and legal manner in accordance with the above Acts and Rules and the various International Treaties to which the State is a party.
Activities carried out on this basis include:
- Processing personal data in order to be able to provide our various services involving applications for IP rights as well as recording and publishing the granting, registration and maintenance of those rights.
- Processing fee payments in relation to those rights.
- Processing applications for KDB certificates.
- Processing applications for the registration of licenses, assignments, mergers and other security interests.
- The regulation of patent and trade mark agents and the maintaining of registers of patent and trade mark agents.
- The regulation of copyright licensing bodies.
- Holding of hearings and adjudication of disputes in accordance with the relevant provisions set out in the Acts and Rules.
The Intellectual Property Office of Ireland does not disclose, share or publish personal data which it is required by statute to keep secret.
Data protection rights under the GDPR
The rights individuals (or “data subjects”) enjoy under the General Data Protection Regulation (GDPR) are the similar to those rights established under the previous data protection regime, but with some changes.
As a “data subject” you have the following rights:
- The right to obtain access to your personal data.
Data subjects have the right to be provided with copies of their personal data along with certain details in relation to the processing of their personal data.
- The right to information.
Data subjects have the right to be provided with certain information, generally at the time at which their personal data is obtained. We comply with this obligation through our Privacy Statement.
- The right to rectification.
Data subjects have the right to have inaccurate personal data that a Controller holds in relation to them rectified.
- The right to object and restrict processing.
Data subjects have the right to require that a Controller restricts its processing of their data in some circumstances, and have the right to object to the processing of their personal data in certain circumstances.
- Rights in relation to automated decision making.
Data subjects have the right not to be subjected to processing which is wholly automated and which produces legal effects or otherwise which significantly affects them, and which is intended to evaluate certain personal matters, such as creditworthiness or performance at work, unless one of a number of limited exceptions applies.
- The right to request erasure of personal data.
Under certain circumstances, a data subject has the right to request the erasure of their personal data*.
*The intellectual property laws of the State provide for the publication of data, including personal data, of applicants for and proprietors of intellectual property rights. These data include the data submitted by legal persons and will also include personal data such as the names and addresses of individuals. Where the Intellectual Property Office of Ireland is obliged by law to publish such data (or make available for public inspection) in its databases, registers and Official Journal, the right of erasure or the right to restrict processing may not apply. If the Intellectual Property Office of Ireland receives requests from data subjects looking to exercise their right of erasure or right of restriction, we will carry out an assessment of whether the data can be erased or restricted having regard to the Acts and Rules and without affecting the ability of the Intellectual Property Office of Ireland to carry out its statutory functions.
Security of personal data
The Intellectual Property Office of Ireland follows strict security procedures in the storage and disclosure of personal data, and the protection of these data against accidental loss, destruction or damage. The data you provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information and credit card details so that they can be securely transferred over the Internet.
To ensure the security of your credit card information when you use your card to discharge Intellectual Property Office of Ireland fees on our website, we also use Secure Socket Layer (SSL) technology. You will see the padlock in your browser's security display indicating that the transfer of all data between your browser and our site has been encrypted.
Personal Information Relating to Online Payments
It is necessary for the Intellectual Property Office of Ireland to retain a certain amount of personal information supplied for the online payment of fees. We retain the minimum amount of information necessary to be enable us to deal with any follow-up queries you may have in relation to your payment transaction. If you make a payment to us using a laser/credit card, we will only retain details of your name and address. We do not retain any laser/credit card details. These details are retained on our behalf by Global Payments (see Disclosure below) and may be reviewed by the Intellectual Property Office of Ireland through a secure web link.
In order to successfully execute an online payment, the Intellectual Property Office of Ireland must pass certain credit card information to Global Payments, our secure online payments provider. The information transferred is the minimum required in order to complete the transaction. This information is never retained on the website of the Intellectual Property Office of Ireland. It is transferred directly to Realex in encrypted format.
Capture of IP Addresses
An IP address is an address from which you access our website (it is the number automatically assigned to your computer or mobile device when you are surfing the web). We use IP addresses to administer our website, analyse trends, view users' movements on our website (i.e. the pages you visit) and gather statistical information. They are not linked to personally identifiable information. (See section below on the Intellectual Property Office of Ireland’s use of Google Analytics.)
Most browsers will allow you to see what cookies are stored on your computer or mobile device with the option of deleting them on an individual basis, blocking third party cookies, blocking cookies from particular sites, blocking all cookies from being sent and deleting all cookies when you close your browser. To find out how to block cookies, see the ‘Help’ menu on your browser. Please note that if you turn off cookies or change your settings, some features on our website may not work correctly. You should be aware that any preferences you have selected will be lost if you delete cookies.
Usage of Google Analytics
The Intellectual Property Office of Ireland is the data controller of any personal data held or collected by it for the purposes of the Irish Data Protection Acts 1988 to 2018.
The Intellectual Property Office of Ireland is an independent statutory office under the aegis of the Department of Business, Enterprise and Innovation. Our Data Protection Officer (DPO) is responsible for overseeing questions in relation to this Privacy Statement.
If you have any questions regarding this notice or wish to discuss any matters relating to the processing of personal data, please contact us by e-mail at firstname.lastname@example.org or by post to: Data Protection Section, Department of Business, Enterprise and innovation, 23 Kildare Street, Dublin 2, D02 TD30, marked for the attention of Ms. Celyna Coughlan, Data Protection Officer.
Access to personal data
An individual can make a data protection access request by completing a Subject Access Request (SAR) application form and sending it to: Data Protection Section, Department of Business, Enterprise and innovation, 23 Kildare Street, Dublin 2, D02 TD30, marked for the attention of Ms. Celyna Coughlan, Data Protection Officer.
Data Protection Officer
Applications can also be sent electronically to email@example.com
Submitting a Subject Access Request (SAR)
You must complete a Subject Access Request (SAR) in order to request a copy of your personal information from us. This Form must be completed in full and sent to our Data Protection Officer. You will also need to supply us with adequate Proof of Identity as part of this process. You should try to be as specific as possible in identifying the personal information that you are seeking from us. This will assist us in providing you with an effective and efficient service.
If you need assistance with completing the Subject Access Request (SAR) application form, please contact our Data Protection Officer Ms. Celyna Coughlan at: firstname.lastname@example.org or by telephone at: (01) 631 2398.
In general, there is no charge for individuals who seek access to their personal records.
Concerns and Complaints
You have the right to raise a concern, complaint or make a query at any time to the Irish Data Protection Commission (DPC) who is the data protection supervisory authority for the Intellectual Property Office of Ireland as an Irish Data Controller. If you wish to raise a concern or query with the DPC you need to do is write to the Data Protection Commission giving details about the matter, using the relevant form which is available from www.dataprotection.ie
Data Protection Commission contact details:
Data Protection Commission,
Phone +353 (0761) 104 800 | LoCall 1890 25 22 31 | Fax +353 57 868 4757