2. Data protection officer
Legal Services is responsible for ensuring compliance with the applicable provisions on data protection. If you have concerns regarding data protection, you may send them to us at the following address:
3. Collection and processing of personal data
We process the personal data that we receive within the scope of implementing intellectual property laws, in particular the administration of industrial property rights (patents, trade marks, designs and topographies), the administration of the Patent Attorney Register, and the supervision of the collective rights management organisations for copyright. In addition, we process personal data within the scope of our information services (patent and technology searches, and trade mark searches) and our range of training courses.
To the extent permitted, we gather certain data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, the press, the internet) or receive such data from authorities and other third parties for the specific purpose of being able to conclude or process contracts with you or correctly register your IP rights in the register.
4. Purposes of data processing and legal basis
We use the personal data that we collect for examining, granting and administering industrial property rights (patents, trade marks, designs and topographies) and for maintaining the Patent Attorney Register. In addition, we use the data for the purpose of processing and concluding contracts with our customers and business partners, particularly within the scope of search services for our customers and the purchase of products and services from our suppliers and subcontractors, as well as to fulfil our legal responsibilities domestically and abroad. Your personal data can of course also be involved if you work with such customers or business partners in this capacity. In addition, we also process personal data from you and other persons, to the extent permitted and deemed appropriate by us, in which we (and sometimes third parties) have a relevant legitimate interest for the following purposes:
· Providing information about offers, services, websites and other platforms where we have an online presence
· Communicating with third parties and processing their queries (e.g. applications, media queries)
· Examining and optimising needs analysis procedures for the purpose of directly addressing customers, as well as collecting personal data from publicly accessible sources for the purpose of customer acquisition
· Advertising and providing information about our services and offers (including conducting events and sending the annual report) if you have not refused permission for the use of your data (if we send you advertising as a current customer, you may refuse permission at any time and we will place you on a list to block the sending of further advertising)
· Market surveys, opinion research, media monitoring
· Asserting and defending legal claims in the context of legal disputes and official procedures
· Preventing and investigating crimes and other misconduct (e.g. conducting internal investigations, data analyses to combat fraud)
· Safeguarding our operations, in particular our IT, our websites and other platforms
· IT, building and system security measures to protect our employees and other persons, as well as assets that belong to us or have been entrusted to us (e.g. access controls, visitor lists, network and mail scanners, telephone records)
· Conducting online meetings
If you have given us consent to process your personal data for specific purposes (e.g. when you register to receive newsletters or submit other requests via online forms on our website), we process your personal data within the scope of and based on this consent, unless another legal basis or other legitimate grounds exist. Consent that has been given can be revoked at any time but has no effect on any data processing that has already been carried out.
If the processing of your personal data is within the scope of the administration of industrial property rights, the relevant federal act and ordinance stipulate what data we may process and in what form. We are legally obliged to inform the general public about IP rights valid in Switzerland and the personal data associated with them.
5. Cookies/tracking and other technologies in connection with the use of our website
5.1. Cookies und figurative elements
5.2. Newsletters and marketing emails
By using our websites and giving your consent to receive newsletters and other marketing emails, you agree to the use of these techniques. If you do not want this, you must adjust the settings of your browser and email program accordingly.
5.3. Google Analytics
We sometimes use Google Analytics on our websites, which is a service by third parties that could be located anywhere in the world (in the case of Google Analytics, it is Google LLC in the USA, www.google.com).
Google Analytics allows us to measure and evaluate the use (non-personal) of the website. For this purpose, permanent cookies are also used, which are set by the service provider. The service provider does not receive any personal data (and does not store any IP addresses) but can track your use of the website, combine this information with data from other websites you have visited and are also tracked by the service provider, and use these insights for its own purposes (e.g. to tailor advertising). If you have registered yourself with the service provider, then this service provider also can identify you. The processing of your personal data by the service provider is therefore the responsibility of the service provider in accordance with its own data protection provisions. The service provider merely informs us as to how our respective website is used (no personal information about you).
We have activated IP anonymisation on this website, which means that the IP addresses of visitors to the IPI website that must be sent to the Google Analytics server are automatically shortened by removing the final digits within a very short time.
For more information, see Google Marketing Platform.
5.4. Google reCAPTCHA
We also use plug-ins on our websites for social networks such as Facebook, Twitter, Xing and LinkedIn, which are clearly indicated (usually with a corresponding icon). We have configured these elements to be disabled by default. If you activate them (by clicking on them), the operator of the corresponding social network registers that you are on our website and where you are, and can use this information for its own purposes. The processing of your personal data by the operator is therefore the responsibility of the operator in accordance with its own data protection provisions. We do not receive any information about you from the operator.
6. Transfer of data to third parties
Your personal data is neither transferred nor sold or otherwise transmitted to third parties in any form, unless this is required for the purpose of processing a contract or to fulfil our statutory tasks, or if you have expressly consented to this (e.g. to ensure the security of the entry forms on our website). In addition, data may be transmitted to third parties if we are under obligation to do so by law or by an enforceable official or court order.
Some recipients of such data are located in Switzerland but can also be anywhere in the world. If we transmit data to a country that does not have appropriate data protection, we ensure an appropriate level of protection by employing contracts accordingly, or we act on the basis of the following statutory/legal exemptions: consent, performance of the contract, the establishment, execution or enforcement of legal claims, overriding public interests, published personal data, or the need to protect the integrity of the persons in question.
At any time, via the office specified under Section 2, you may request information about the contractual guarantees mentioned. However, we reserve the right to censor copies, or to supply them only in part, for data protection reasons or reasons of confidentiality.
Anyone is allowed by law to inspect the registers maintained by us and thus become the recipient of personal data processed therein. The same applies for the inspection of the dossier from the point in time that the IP right is entered in the register or the unexamined patent application is published. Under certain conditions, an inspection of the dossier can be requested prior to this point in time. The conditions are regulated in the respective ordinances.
Register data and other documents such as published unexamined applications, patent applications and search reports can, within the scope of legal provisions, be transmitted to international organisations (EPA, WIPO, EUIPO) and other trade mark and patent offices.
7. Duration of personal data storage
We process and store your personal data to the extent that it is required to fulfil our contractual and legal obligations or for the purposes pursued by the processing, which means, for example, for the entire duration of the business relationship (from the initiation and performance of a contract to its conclusion) and beyond that in accordance with legal obligations for storage and documentation. It is therefore possible that personal data is stored for the period of time when claims can be made against the IPI and to the extent that we are legally obliged or authorised to do so, or legitimate business interests necessitate this (e.g. for evidence or documentation purposes). Within the scope of the administration of industrial property rights, the duration for storing of dossiers is regulated in the respective ordinances and in general is five years after the cancellation, withdrawal or rejection of the IP right (patents, trade marks, designs, topographies).
Please be advised that the data in our intellectual property rights registers also remain visible after their cancellation because the register must also provide information about past legal relationships. This data therefore also remains visible in the electronic organ of publication Swissreg after its cancellation.
8. Data security
We take appropriate technological and organisational security precautions to protect your personal data against unauthorised access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encrypting data carriers and transmissions, pseudonymisation and checks.
9. Duty to provide personal data
Within the scope of our business relationship, you must provide those items of personal information required to be able to commence and carry out a business relationship and fulfil the associated contractual obligations (you usually are not obliged by law to provide us with data). However, without this data we are generally not able to conclude a contract with you (or with the office or person that you are representing), to process it nor to fulfil our legal tasks.
10.Profiling and automated decision-making
Personal data is not subject to any automated decision-making. We do not conduct profiling with personal data.
11.Rights of the person in question
Within the scope of the applicable data protection law and to the extent required by the law (e.g. in the case of the GDPR), you have the right to information, amendment, deletion, the right to restrict the processing of data and otherwise to refuse permission to our processing of the data as well as the publication of certain personal data for the purpose of transfer to another office (known as data portability). Please note, however, that we reserve the right to enforce the restrictions required by law, for example in cases where we are obliged to store or process certain data, have an overriding interest to do so (to the extent that we may call on it) or require it to assert claims. We will inform you in advance if this incurs any costs for you. We have provided information about your option to revoke your consent under Section 4. Please note that exercising your rights can conflict with contractual agreements, which can have consequences, such as the premature termination of a contract or incurred costs. In such cases, we will inform you in advance where this is not already contractually or legally regulated.
The exercise of such rights generally requires that you clearly prove your identity (e.g. with a copy of an ID card, if your identity cannot otherwise be clearly verified). To assert your rights, you can contact us via the address provided under Section 2.
Furthermore, every person affected has the right to legally enforce their claims or to submit a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).