Privacy
The protection of your data and its secure handling are important to us. In our privacy policies, you can learn how we process your personal data.
Do you have questions about data protection? We’re happy to answer them – just email us at pkanzlei(at)patentamt.at.
Alternatively, you can also directly contact the Patent Office’s Data Protection Officer, Ms. Denise Mitteregger from the Federal Ministry of Innovation, Mobility, and Infrastructure: datenschutz(at)bmimi.gv.at.
As in force from 23.10.2025
Preamble
This Privacy Policy applies to the processing of personal data by APO in its role as a government authority in official procedures.
1. Controller and Data Protection Officer
1.1 Controller pursuant to the General Data Protection Regulation (GDPR):
Austrian Patent Office
Contact information:
Dresdner Straße 87
1200 Wien
E-mail: pkanzlei@patentamt.at
1.2 Data Protection Officer for APO:
Denise Miteregger
Federal Ministry of Innovation, Mobility and Infrastructure (BMIMI)
Contact information:
Radetzkystraße 2
1030 Wien
E-mail: datenschutz@bmimi.gv.at
2. Information on processing purposes and legal bases
2.1 The processing of the personal data of our applicants and other parties to APO’s proceedings (i.e. ‘data subjects’ according to the GDPR are natural persons) is first and foremost carried out to facilitate the exercise of public authority delegated to APO. This exercise of public authority comprises proceedings such as those for application, opposition, cancellation, nullification and all other proceedings regulated by law.
2.1.1 The legal basis for the proceedings described in 2.1. is Art. 6(1)(e) GDPR in conjunction with the relevant statutes on industrial property, i.e. the Austrian Patent Act (Patentgesetz), Utility Model Act (Gebrauchsmustergesetz), Trademark Protection Act (Markenschutzgesetz), Design Protection Act (Musterschutzgesetz), Semiconductor Protection Act (Halbleiterschutzgesetz), Supplementary Protection Certificate Act (Schutzzertifikatsgesetz).
2.2 Furthermore, the processing of the personal data of our applicants and other parties to APO’s proceedings serves the purposes of IT security and continuous IT security monitoring. To this end, IP addresses are collected.
2.2.1 The legal bases for the processing described in 2.2 are Art. 6(1) lit. (c) and (e) GDPR.
2.3 The personal data of data subjects processed in the exercise of public authority delegated to APO may subsequently be processed for archival and/or statistical purposes and/or scientific research, provided the outcome of such processing is not aimed at generating personalized findings.
2.3.1. Legal bases of the processing described in 2.2 are Art. 6(2) GDPR and § 7 Austrian Data Protection Act (Datenschutzgesetz).
2.4 The processing of personal data of data subjects may also serve the purpose of enabling the APO to meet its legal obligations, e.g. with regard to internal audits or audits carried out by the Austrian Court of Audit (Rechnungshof). Such processing may also involve the transfer of documents by APO in accordance with its duties provided by the Federal Act on the ReUse of Public Sector Information (Informationsweiterverwendungsgesetz – IWG).
2.4.1. Legal basis of the processing described in 2.3. is Art. 6(1)(c) GDPR.
2.5. To the extent that data subjects provide their express approval, their personal data will also be processed in order to send them APO’s Newsletter per e-mail. Furthermore, with the data subject’s consent, a date of birth or gender may be processed for statistical purposes as well as a telephone or fax number and an e-mail address for the purpose of improved communication.
2.5.1. Legal basis for the data processing described in 2.4. is Art. 6(1)(a) GDPR. The approval may be retracted at any point in time. This, however, does not in any way affect the legitimacy of the data processing up to said point in time.
3. Information regarding possible recipients of personal data
3.1. Personal data of data subjects is processed by APO’s staff solely for the purposes described in 2.
3.2. The public registers administered by APO (i.e. the patent register, trademark register, design register, etc.) as well as APO’s public and electronic information services, such as the Patent Gazette (Patentblatt), patent specifications (Patentschriften) and Trademark Gazette (Markenanzeiger), are accessible to everyone, which means that all its users can receive the personal data processed within the framework of said registers and services.
3.3. Personal data may be transferred to international organizations (such as EPO and WIPO) and other patent offices in third countries on the basis of an adequacy decision of the European Commission (Article 45 GDPR, for the United States e.g. "Data Privacy Framework", provided appropriate safeguards are in place), from APO’s public registers (Art. 49(1)(g) GDPR) or if the transfer is necessary for important reasons of public interest (Art. 49(1)(d) GDPR).
3.4. If necessary, personal data may be transferred to third parties (superior department, Court of Auditors, contractual partners as defined by the above-mentioned IWG, request for information under the Information Freedom Act) in order to fulfil legal obligations.
3.5. There are cases where personal data may have to be transmitted to processors within the meaning of Art. 28 GDPR.
4. Information on the duration of storage of personal data
4.1. Personal data is stored at least until official proceedings are finalized.
4.2. Furthermore, the storage periods for personal data result from provisions on file management as well as data retention periods required by statutory law. With regard to 2.2, the data storage period is max. one year.
4.3. Please note that there are no legal requirements on deletion or maximum storage period of data processed within the frameworks of the APO’s registers and information services such as the Patent Gazette (Patentblatt), patent specifications (Patentschriften) and Trademark Gazette (Markenanzeiger).
4.4. If a data subject revokes the initial approval as provided for in 2.5., all personal data processed up to the date of revocation for these purposes on basis of the said approval shall be deleted.
5. Information on the rights of data subjects
5.1. All data subjects are legally entitled to:
5.1.1. Right of access pursuant to Art. 15 GDPR,
5.1.1.1. (The right to receive information pursuant to Art. 15(1)(c) GDPR does not exist to the extent that personal data is processed in the registers or in other publicly accessible electronic information services of the Austrian Patent Office),
5.1.2. Right to rectification pursuant to Art. 16 GDPR,
5.1.3. Right to erasure (the ‘right to be forgotten’) pursuant to Art. 17 GDPR,
5.1.4. Right to restriction of processing pursuant to Art. 18 GDPR,
5.1.4.1. (The right to restriction of processing pursuant to Art. 18 GDPR does not cover personal data that is processed in the registers or in other publicly accessible electronic information services of the Patent Office),
5.1.5. The right to object pursuant to Art. 21 GDPR,
5.1.5.1. (This right to object according to Art. 21 GDPR does not cover personal data that is processed in the registers or in other publicly accessible electronic information services of the Austrian Patent Office),
5.1.6. Right to data portability pursuant to Art. 20 GDPR,
5.1.6.1. (According to Art. 20(3) GDPR, the right to receive and transmit data, however, does not cover instances of processing for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Austrian Patent Office).
5.2. The suspension of the rights of data subjects described in 5.1.1.1., 5.1.4.1. and 5.1.5.1. is regulated in §§ 81(8) Austrian Patent Act (as relevant, in conjunction with § 7 Supplementary Protection Certificate Act), § 38(7) Utility Model Act, § 50(6) Trade Mark Protection Act, § 18(4) Semiconductor Protection Act and § 31(7) Design Protection Act.
5.3. Every data subject is entitled to lodge a complaint with the competent supervisory authority, i.e. the Datenschutzbehörde (Austrian Data Protection Authority).
6. Information whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data
6.1. In order to conduct an official procedure in a legal and proper manner, it is necessary for the Austrian Patent Office to process personal data.
6.2. Official procedures of APO do not impose a legal obligation to provide personal data.
6.3. Not providing such data may, however, result in an inability to exercise certain rights that the relevant laws governing industrial property would otherwise allow for.
7. Information on the existence of automated decision-making including profiling
7.1. APO does not use the personal data of data subjects as a basis for automated decisionmaking.
7.2. APO does not use the personal data of data subjects in profiling.
8. Information relevant to website users regarding cookies and web analysis
8.1. In order to make our range of services as user-friendly as possible, our website uses socalled cookies. Cookies are small text files which the browser drops on your electronic device and will not cause any damage.
8.2. Some cookies remain saved on your device until you delete them. These enable us to recognize your browser the next time you visit our website. In case you want to avoid this, you can change your browser settings to inform you of the dropping of cookies and to let you decide whether you allow this. Please note, however, that such a procedure may possibly prevent your ability to fully use all functions of our website.
8.3. Our website uses Matomo (formerly Piwik), which enables statistical analysis of website use by means of cookies. This statistical analysis involves the transmission of user information, but the IP addresses are rendered anonymous in the process. Personal data is therefore not saved for the purposes of statistical analysis.
9. Information regarding the use of Google reCAPTCHA
9.1. Google reCAPTCHA can be used for electronic registration forms of APO in order to prevent misuse, for example by bots or spammers. The processing is carried out in accordance with Art. 6(1)(e) GDPR.
9.2. The reCAPTCHA service processes data to determine whether a user is a human or a bot. The data subject's reCAPTCHA input is transmitted to Google and processed there. In addition, the IP address of the data subject and any other data required for the execution of reCAPTCHA are transmitted to Google.
9.3. The data is processed by Google within the European Union and, if necessary, also in the US. The transfer of personal data to the third country US is permitted on the basis of an adequacy decision pursuant to Art. 45 GDPR of the European Commission ("Data Privacy Framework"). Google has undertaken to comply with the "Data Privacy Framework" agreement. Information on data protection and Google's privacy policy can be found using the following link: https://www.google.com/intl/de/policies/privacy/
As in force from 23.10.2025
Preamble
This Privacy Policy applies to the rendering of services and information within the framework of § 57b Austrian Patent Act and § 22 Austrian Trademark Act without a public-law nature on the basis of private law, and the resulting processing of personal data by APO.
1. Controller and Data Protection Officer
1.1 Controller pursuant to the General Data Protection Regulation (GDPR):
Austrian Patent Office
Contact information:
Dresdner Straße 87
1200 Wien
E-Mail: pkanzlei[at]patentamt.at
1.2 Data Protection Officer for APO:
Mag. Denise Mitteregger,
Federal Ministry of Innovation, Mobility and Infrastructure (BMIMI)
Contact information:
Radetzkystraße 2
1030 Wien
E-Mail: datenschutz[at]bmimi.gv.at
2. Information on processing purposes and legal bases
2.1 The processing of the personal data of APO’s customers (i.e. ‘data subjects’ according to the GDPR are natural persons) is first and foremost carried out to facilitate the fulfilment of the respective contractual obligations, or, to the extent that this is necessary, for the fulfilment of pre-contractual obligations resulting from inquiries by data subjects.
2.1.1 The legal basis for the processing described in 2.1. is Art. 6(1)(b) GDPR.
2.2 Furthermore, the processing of the personal data of our costumers serves the purposes of IT security and continuous IT security monitoring. To this end, IP addresses are collected.
2.2.1 The legal bases for the processing described in 2.2 are Art. 6(1) lit. (c) and (e) GDPR.
2.3 The personal data of data subjects processed for the conclusion and fulfilment of contracts may subsequently be processed for archival and/or statistical purposes and/or scientific research, provided the outcome of such processing is not aimed at generating personalized findings.
2.3.1. The legal bases of the processing described in 2.2 are Art. 6(2) GDPR and § 7 Austrian Data Protection Act (Datenschutzgesetz).
2.4 The processing of personal data of data subjects may also serve the purpose of enabling the APO to meet its legal obligations, e.g. with regard to internal audits or audits carried out by the Austrian Court of Audit (Rechnungshof) or the financial authorities, as well as possible processing of personal data for proactive publication or upon a request for information as provided by the Austrian Act on Freedom of Information (Informationsfreiheitsgesetz – IFG).
2.4.1. The legal basis of the processing described in 2.4. is Art. 6(1)(c) GDPR.
2.5. Personal data can also be processed if it is necessary for the purposes of the legitimate interests pursued by APO or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data. Among these are …
2.5.1 … the enforcement of possible claims arising from the contractual or pre-contractual relationship.
2.5.2 … the checking and optimization of procedures for analyzing demand and measures for the steering of business and the development of services.
2.5.3 … the improvement of APO’s advertising.
2.5.4 … safety measures for APO’s staff, other customers, APO’s property, as well as
2.5.5 … market and opinion surveys, direct mail advertising or, if the conditions of § 174 Austrian Telecommunications Act 2021 (Telekommunikationsgesetz 2021) are met, via e-mail for the same or similar services offered by APO, noting that the data subject has the right to object to these types of processing under Art. 21 GDPR at any point in time.
2.5.6 Legal basis for the data processing described in 2.5. is Art. 6(1)(f) GDPR.
2.6. To the extent that data subjects provide their express approval, their personal data will also be processed in order to send them APO’s Newsletter per e-mail. Participants of the National Patent Award (Staatspreis Patent) can also agree to the processing of their data for the purpose of their participation.
2.6.1. The legal basis for the data processing described in 2.6. is Art. 6(1)(a) GDPR. The approval may be retracted at any point in time. This, however, does not in any way affect the legitimacy of the data processing up to said point in time.
3. Information regarding possible recipients of personal data
3.1. Personal data of data subjects is processed by APO’s staff solely for the purposes described in 2.
3.2. Personal data may have to be transferred in order to meet legal obligations (e.g. with regard to the supervisory authority, Court of Audit, financial authorities) or for the legitimate interests pursued by APO or by a third party (Finanzprokuratur, courts) to third parties.
3.3. It may be the case that personal data needs to be transferred to a processor for the fulfilment of a contract pursuant to Art. 28 GDPR.
4. Information on the duration of storage of personal data
4.1. Personal data is stored at least until the end of the contractual relationship. Regarding 2.2., the retention period is one year.
4.2. Furthermore, the storage periods for personal data result from provisions on file management as well as data retention periods required by statutory law. With regard to 2.2, the data storage period is max. one year.
4.3. Please note that statute of limitations provisions can also define the duration of data retention, which can be up to 30 years (cf. § 1489 Austrian Civil Code – ABGB).
4.4. If a data subject revokes the initial approval as provided for in 2.6., all personal data processed up to the date of revocation for these purposes on basis of the said approval shall be deleted.
5. Information on the rights of data subjects
5.1. All data subjects are legally entitled to:
5.1.1. Right of access pursuant to Art. 15 GDPR,
5.1.2. Right to rectification pursuant to Art. 16 GDPR,
5.1.3. Right to erasure (the ‘right to be forgotten’) pursuant to Art. 17 GDPR,
5.1.4. Right to restriction of processing pursuant to Art. 18 GDPR,
5.1.5. The right to object pursuant to Art. 21 GDPR,
5.1.6. Right to data portability pursuant to Art. 20 GDPR,
5.1.6.1. (According to Art. 20(3) GDPR, the right to receive and transmit data, however, does not cover instances of processing for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Austrian Patent Office).
5.2. All data subjects have the right to file a complaint (Beschwerde) with the supervisory authority, i.e. the Austrian Data Protection Authority (Datenschutzbehörde).
6. Information whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data
6.1. In order to fulfil its contracts, it is necessary for the Austrian Patent Office to process personal data.
6.2. There is no legal obligation to provide personal data with regard to APO’s services.
6.3. Not providing such data may, however, result in an inability to exercise certain rights that the relevant laws governing industrial property would otherwise allow for.
7. Information on the existence of automated decision-making including profiling
7.1. APO does not use the personal data of data subjects as a basis for automated decisionmaking.
7.2. APO does not use the personal data of data subjects in profiling.
8. Information relevant to website users regarding cookies and web analysis
8.1. In order to make our range of services as user-friendly as possible, our website uses so-called ‘cookies’. Cookies are small text files which the browser drops on your electronic device and will not cause any damage.
8.2. Some cookies remain saved on your device until you delete them. These enable us to recognize your browser the next time you visit our website. In case you want to avoid this, you can change your browser settings to inform you of the dropping of cookies and to let you decide whether you allow this. Please note, however, that such a procedure may possibly prevent your ability to fully use all functions of our website.
8.3. Our website uses Matomo (formerly Piwik), which enables statistical analysis of website use by means of cookies. This statistical analysis involves the transmission of user information, but the IP addresses are rendered anonymous in the process. Personal data is therefore not saved for the purposes of statistical analysis.
Cookies
You can change and restrict your cookie settings at any time: