ISBQPIP means International Standards Board for Qualified Patent Information Professionals. ISBQPIP is the organization responsible for the examination and certification of patent information professionals>
GDPR means the General Data Protection Regulation.
Responsible Person means Data Protection Officer (firstname.lastname@example.org)
Associated persons means individuals registered as Qualified Patent Information Professionals (QPIPs) or individuals who apply for Prior Recognition or exam enrolment.
Processing Record means a register of all systems or contexts in which personal data is processed by the ISBQPIP.
1. General provisions
- This policy applies to all personal data processed by the ISBQPIP.
- The Responsible Person shall be the contact person for any question related to this policy and data protection within the ISBQPIP.<
- This policy may be revised and updated from time to time. The revised version shall become effective from the date of publication on our website, which will always contain the most current version. Should the changes be substantial, and where required by applicable law, a notice will be sent, and our associated persons requested to give their consent.
2. Lawful, fair and transparent processing
- To ensure its processing of data is lawful, fair and transparent, the ISBQPIP might maintain a Processing Record.
- Individuals have the right to access their personal data, request their modification or deletion, and any such requests made to the ISBQPIP shall be dealt with in a timely manner (less than 30 days from the reception of the request). Please contact our Responsible Person at email@example.com for such a request.
3. Lawful purposes and legal basis
The ISBQPIP does not sell your data to third parties. Nor will it provide your data to third parties free-of-charge unless it is compelled to do so by law or you have given consent to the ISBQPIP to display your information on its website. The information that will be displayed by the ISBQPIP to the public includes your first and last name and the year you became registered as a QPIP unless you request in writing that this information not be displayed. Optionally you may elect to display additional information on the ISBQPIP website such as your email address, telephone number, website, company name, address, country, photograph and additional information.
- ISBQPIP processes data to carry out its missions as described hereabove, including the following purposes:
- Associated persons’ administration,
- Communication with associated persons
- Assessment of eligibility for enrolment for examination or for Prior Experience Recognition,
- Organization management (including suppliers’ or partnerships’ management,).
- Navigation on its website and communication through the contact form, and subscription to news
- All data processed by the ISBQPIP must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests. The ISBQPIP shall request your consent every time this appears necessary.
- Where consent is relied upon as a lawful basis for processing data, evidence of consent shall be kept with the personal data.
- Where a newsletter is sent to any member of the public who has subscribed to the newsletter via the ISBQPIP website, the person will be given the option to unsubscribe from the newsletter in the body of the newsletter.
4. Data sources, processing and transfers
- Data are collected directly from the concerned individual (e.g. by applying for Prior Experience Recognition, by applying for enrolment for the examination, by visiting our website, by subscribing via the website to news, by contacting us via the webform or via email). The ISBQPIP does not purchase data from third parties.
- Data are processed in different territories:
- the ISBQPIP website is hosted in the Netherlands,
- data may be processed where individuals who are serving the ISBQPIP in an administrative capacity reside (e.g. Supervisory Council or committee members)
- any country where a partner or a sub-processor is located, provided that such a transfer shall be covered by appropriate measures (including technical and contractual measures).
- Data transfers: the ISBQPIP may need to exchange data with its partners to carry out its missions. For technical purposes, such as hosting and/or outsourcing of administrative tasks, the ISBQPIP may need to request the services of one or more sub-processors. The ISBQPIP is responsible for the acts or omissions of any of its sub-processors or partners, to ensure the security of these exchanges and to ensure the data receivers are processing data to the extent allowed. A list of our sub-processors is available on demand.
5. Data storage
- The IBSQPIP stores data for the duration specified below, in the following scenarios:
- If you are a QPIP, as long as you are registered as such;
- any forms of consent you have given will be kept up to 5 years after your QPIP registration has ceased;
- If you apply for Prior Experience Recognition or for enrolment in the examination, your information will be stored for a period of 2 years after the final decision on acceptance has been communicated to you;
- If you were rejected for Prior Experience Recognition or for enrolment in the examination, or if you failed the examination, or if any measures were taken because of fraudulent behaviour during the examination, your information will be stored for a period of 5 years after the final decision has been communicated to you;
- If you cease to be a QPIP at your own request, your first and last name, your QPIP registration number, the date on which you were registered as a QPIP and the date on which you ceased to be a QPIP, is stored in the ISBQPIP's archives as long as the ISBQPIP exists, provided that these archives are disconnected from the active processing system;
- To carry out the ISBQPIP's purposes and to ensure its rights, 5 years from the end of a contract, provided that these archives are disconnected from the active processing system; and
- In case of a complaint against a QPIP or a disciplinary proceeding concerning a QPIP, information concerning the complaint or the disciplinary proceeding will be kept in the ISBQPIP's archive for 5 years from the date the complaint or disciplinary proceeding is resolved or dismissed.
- In case the ISBQPIP ceases to exist, only data required to comply with the laws of The Netherlands will be kept for the required respective periods.
6. Data minimisation
- The ISBQPIP shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed, including:
- Associated persons’ administration,
First name, surname, email address, salutation, and at the choice of the associated person private address or employer and employer address, country, employment, or when self-employed address of their business and record of Continued Professional Development Activities.
- Associated persons’ applications for PER or examination,
CV, employment letters, work experience statement
- Organization management,
Names, email addresses and as far as legally required for verification of identities, copies of one or more identity documents of the members of the Supervisory Council and Professional Representatives Collegium; names and email addresses of committee members, and of contact persons of our suppliers / partners,
- Navigation on the ISBQPIP’s website,
Session logs including date and time of navigation on the website and IP address of the visitor are stored for a period of seven days.
Cookies without personal data are generated and stored on the website’s server for the time of the navigation.
- Associated persons’ administration,
- The ISBQPIP ensures that personal data is stored securely using systems set up according to the industry practices (including access rights’ management for stored data, use of relational database and website navigation via https encryption).
- Access to personal data is limited to the ISBQPIP Supervisory Council and to committee members as far as required to perform their tasks, and appropriate security is in place to avoid unauthorised sharing of information.
- Appropriate back-up and disaster recovery solutions are in place.
- In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the ISBQPIP shall promptly assess the risk to people’s rights and freedoms, take measures to mitigate the damages and report to the competent authority.
- You may contact our Data Protection Officer at firstname.lastname@example.org to obtain information about what data is stored about you, to request any corrections, to request that your data be deleted, or for any question. You will receive a response as soon as possible and, in any case, not later than 30 days from the date we receive your request.
END OF POLICY
Last updated: 2021-09-24