This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, please contact us if you wish us to provide any additional information or explanation.
Click here to download a text version of this page
Expand all sections / Collapse all sections
We try to meet the highest standards when collecting and using personal information.
Under the EU General Data Protection Regulation (“GDPR”), and the Data Protection Act 2018 of England and Wales (“DPA”), Hutchinson IP Ltd is the “Controller” of your personal data.
About the General Data Protection Regulation and Data Protection Act
- Visitors to our website;
- Our clients, potential clients, and other people who use our services;
- Our suppliers and other external organisations agencies we deal with;
- People who have a complaint; and
- Job applicants and our current and former employees.
Visitors to our web site
In addition, cookies are used to differentiate between the number of visits to our site, and the number of visitors to our site. The standard internet log information our web site collects includes: the time and date of visits; the number of pages viewed per visit and how long visitors stay on our site; the number of visitors entering and leaving the site on specific pages; visitors’ IP addresses; the search terms used in certain search engines (where those search terms are not encrypted – so Google search terms, for example, are not visible to us), that direct visitors to our site. None of this information is collected in a way that enables us to track individual visitor’s activity on our site, but merely to analyse trends and patterns of visitor behaviours. We use this information to improve our site’s accessibility and navigability, and to decide on new and updated content to add to it.
The IP address information we collect can be traced to the geographic location of individual visitor’s ISPs or proxy servers. If the IP address is static, we may also able to determine the name of the organisation to which that static IP address is assigned on the DNS.
That said, we do not make any attempt to find out the actual identities of individual people visiting our web site. Moreover, we will not associate any data gathered from our web site with any personally identifying information from any other source. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
The search engine on our website is implemented using a WordPress script. Our search engine may be capable of monitoring search terms entered on our own web site, but we do not monitor or otherwise view or use this information.
Clients and potential clients
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do not compile or publish statistics showing information like the number of complaints we receive.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for four years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
In cases where a complaint cannot be resolved internally, complainants may seek redress via the Intellectual Property Regulation Board (IPReg). In such a situation, we are obliged to disclose information about the complaint and the complainant to IPReg.
Job applicants, employees and former employees
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted.
Once a person has taken up employment with us, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with us has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
What information do we collect?
- Routine data, which is names, addresses, phone numbers, fax numbers, web site addresses and e-mail addresses;
- Nationality and residence data; and
- Sensitive data, which may be medical records, financial data, work-related data or data relating to a person’s personal circumstances (e.g. in their family life).
Who is collecting it?
How is it collected?
However, from 25 May 2018 onward, we will only collect personal data that is submitted by data subjects themselves via a dedicated portal on our web site (https://hutchinsonip.com/gdpr/).
The use of a dedicated web portal ensures that personal data only comes into our possession via a single entry point, which makes auditing and safeguarding that data easier and safer.
Why is it being collected?
We do not use or transfer personal data for marketing purposes, except where this is made very clear and where we have consent to do so.
How will it be used?
In carrying out professional services
However, the rights in the invention actually belong to the inventor, unless those rights are subsequently transferred (e.g. by way of assignment), or automatically transferred (e.g. under the provisions relating to an employer’s right to its employees’ inventions). As such, the inventor (a natural person) needs to be identified in addition to the relationship between the inventor and the applicant, i.e. the route by which the applicant came to be entitled to the patent. If the applicant and the inventor are the same person, then we need to provide this information to the relevant patent office.
Obviously, in completing this procedure, we need to identify and disclose the personal data of the applicant and the inventor, otherwise the application cannot proceed.
Similar provisions apply in most other countries around the world.
The amount of data that needs to be disclosed varies from country to country, but it is usually restricted to “routine data” and “nationality and residence data” (see above). The purpose of us supplying this information to patent offices and our suppliers (e.g. overseas attorneys), as stated above, it to enable us to meet our clients’ legal obligations under the various IP laws around the world.
In certain circumstances, we may need to make applications to restore our clients’ rights. Our clients’ rights are usually only “lost” where an error or omission has occurred as a result of exceptional circumstances, which can be personal, medical or financial circumstances. In these cases, it may be necessary for us to use “sensitive data” (see above) in evidence or other documents that we use in the course of these procedures. We cannot always guarantee that such data will be kept off the public record, so where we undertake this type of work, we have a separate procedure in place to inform people of the risks and to obtain specific consent to use this data.
Regulatory and Compliance Requirements
How will your data not be used?
Our website contains links to other websites, such as the European Patent Office (epo.org), The UK Patent Office (ipo.gov.uk), the World Intellectual Property Organisation (wipo.org) and the European Intellectual property office (euipo.europa.eu). Such links from our web site are set to open in a new window, and we do not accept any responsibility for the way those web sites or organisations collect or use your personal data.
Who will your data be shared with?
- Intellectual Property Offices (such as the UKIPO, the EPO and the EUIPO), where we process your data directly as the data controller and the data processor.
- In other cases, we will need to pass your personal details to our overseas agent(s), who will, in turn, forward your personal data on to the Patent Office (e.g. the USPTO, or the JPO) or other agents in the relevant country. In this case, we will be the data controller, whereas the overseas agent will be the data processor. We have taken appropriate measures to ensure your personal data is kept secure and not used for any purpose other than those purposes specified above.
Retention of personal data
We retain personal data within secure servers in the UK. These servers may be on-premises, or hosted servers (e.g. workanyware.co.uk / office365.com). In circumstances when it is necessary for our service providers to use the data outside the EEA, it is solely on the basis of acting on our instructions. Overseas processors of your personal data are obliged to confirm with us that they apply equal or better standards than us for the protection of your personal data.
We try to be as open as we can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information contacting us. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If you have a complaint about how we obtain, process or retain your personal data, please contact us. We will investigate your complaint and reply in writing. If you remain dissatisfied you can refer your complaint to:
Information Commissioner’s Office
Collapse all sections