Privacy Statement and Cookie Notice for Trademark Clearinghouse
Last revised version: April 2021
Privacy Statement Summary
The Trademark Clearinghouse (Validation Function) has been established by the Internet Corporation for Assigned Names and Numbers ("ICANN organization") to support trademark protection for its gTLD program. The applicable privacy statement for this gTLD program, incl. the related Trademark Clearinghouse Validation Function, is available on the following link [https://newgtlds.icann.org/en/applicants/agb/program-privacy].
Deloitte Consulting & Advisory BV (“Deloitte”, “we”, “us” or “our”), with registered office located at Gateway Building, Luchthaven Nationaal 1 J, 1930 Zaventem, Belgium is data processor of ICANN organization in connection with the Trademark Clearinghouse Validation Function. In such capacity and for the Trademark Clearinghouse Validation Function, we act fully under ICANN Organization’s instructions.
In addition, we can also offer additional services (“Ancillary Services”) to Trademark Holders and Trademark Agents. In such capacity we act as data controller in our own right. We are committed to protecting your privacy and handling your information in an open and transparent manner. This Privacy Statement sets out how we will use and handle personal information (“Personal Data”) provided by or collected from individuals and what choices individuals have regarding the collection and use of Personal Data for the Ancillary Services. This Privacy Statement applies to all collection and use of Personal Data for Ancillary Services, including via any mobile version of the website, electronic mail, and other electronic services that link to this Privacy Statement (collectively, the “Tool”). This Privacy Statement sets out how we will collect, handle, store and protect information about you when providing services through this Tool and performing any other activities that form part of the operation of our business (“Services”).
This Privacy Statement also contains information about when we share your Personal Data with other third parties (for example, our service providers). You and we agree that any Personal Data sent by you and received and processed by us in the context of the Tool will be treated in accordance with applicable privacy laws and regulations and we undertake to take all appropriate organizational and technical measures to ensure such compliance.
The term "User" or "you" refers to (i) individuals that provide their own Personal Data or Personal Data of others on behalf of such other persons to us and (ii) any organization where a person provides Personal Data of others on behalf of such organization. By using the Tool, you (including any entity or person on whose behalf you are acting) agree to the terms of this Privacy Statement, as updated. If you do not agree with the practices described in this Privacy Statement, please do not provide us with Personal Data or interact with the Tool.
If you have any questions about this Privacy Statement or our processing of your Personal Data as the Data Controller in our own right, please feel free to contact us at firstname.lastname@example.org.
What information we collect?
In the course of providing Services, we will collect or obtain Personal Data submitted to us. This may be personal contact, identification, and location information, such as name, work address, personal or business email address, contact details such as facsimile or (mobile) phone number, job title and financial account information. In some rare circumstances, we might also gather other special categories of Personal Data about you because you volunteer that data to us or we are required to gather that data as a result of legal requirements imposed on us.
Where we are provided with Personal Data about you by our client, we take steps to ensure that the client has complied with the privacy laws and regulations relevant to that information; this may include, for example, that the client has assured that it provided you with notice of the collection (and other matters) and, if required, has obtained any necessary consent for us to process that information as described in this Privacy Statement.
We understand the importance of protecting children's privacy. Our Tool is not designed for, or intentionally targeted at, children. It is not our policy to intentionally collect or store information about children.
We want to ensure that our website and services are easy to use and reliable. To achieve this, we use on our website a technology called "cookies", which is a piece of information that our website places on your computer (more specifically your browser) when you access our website.
These pieces of information are used to improve our services for you by, for example:
- enabling our website to recognize your device so you don't have to give the same information several times during one task;
- recognizing that you may already have given a username and password so you don't need to do it for every web page requested; and
- measuring how many and how people are using our website, so the website can be made easier to use and there's enough capacity.
The cookies used on our website do not store your email address or other directly identifying Personal Data. They do however enable us to recognize your visit, remember your preferences and understand how you interact with our website through the technical information provided by the cookies. We do not use targeting or tracking cookies on our website.
We only use strictly necessary cookies on our website. These cookies are necessary to facilitate basic site functionality. Without these cookies, our website cannot provide the service you request. We use the following:
On the website secure.trademark-clearinghouse.com:
Technical Cookie Name
This cookie will be set on your browser upon access to our website.
It is only used to enable our system to associate the request that you send with the information stored on our system for your session ID.
On the website www.trademark-clearinghouse.com:
End of a session
For more information on cookies, please visit www.aboutcookies.org.
How/why we use Personal Data?
We will not use Personal Data for any other purpose other than as set forth in this Privacy Statement.
Use of Personal Data to provide Services
We will use and process your Personal Data to provide you or our client with Services and as such, we might use Personal Data about you in the course of providing such Services. We shall only collect, process and share such Personal Data which is necessary or useful (a) for the purpose of giving you access to the Trademark Clearinghouse and to receive Services, (b) related to a Trademark Record, (c) to allow you to use the Trademark Clearinghouse, (d) to allow you and us to manage your account, (e) to allow Deloitte to perform the Verification Services or Ancillary Services, (f) to allow the Database Provider to provide NORNs, (g) to allow registries and registrars to provide notices to prospective domain name registrants that the domain name that the prospective domain name registrant has requested matches a Trademark Record during a Sunrise Period or Trademark Claims Period, (h) to allow ICANN to maintain the continuation of the Trademark Clearinghouse. As part of this, we may also use your Personal Data in the course of correspondence relating to the Services. Such correspondence may be with you, our client, our service providers, subcontractors or competent authorities. We may also use your Personal Data to conduct due diligence checks relating to the Services.
Use of Personal Data for other activities that form part of the operation of our business
We may also use your Personal Data in connection with the following purposes:
- to comply with applicable laws, rules, regulations, court orders, and law enforcement requests
- requests and communications from competent authorities
- administrative purposes
- financial accounting, invoicing and risk analysis purposes
- client relationship purposes, which may involve: (i) sending you thought leadership or details of our products and services or products or services of third parties that we think might be of interest to you; (ii) contacting you to receive feedback on the Services (iii) to provide updates and other information regarding our service delivery, (iv) contacting you for other market or research purposes or surveys
- services we receive from our professional advisors, such as lawyers, accountants and consultants
- to maintain records of a User's participation for historical and research purposes, subject to retention limits imposed by applicable laws
- to perform relevant contractual obligations with the User and other third parties and to protect our rights and those of our clients
- to manage and improve our Tool
- to manage and respond to any request you submit through our Tool
The legal grounds we use for processing Personal Data
We are required by law to set out in this Privacy Statement the legal grounds on which we rely as a data controller in order to process your Personal Data. As a result, we use your Personal Data for the purposes outlined above because: (a) of our legitimate interests in the effective delivery of our Services to you or our client; (b) of our legitimate interests in the effective and lawful operation of our business so long as such interests are not outweighed by your interests; (c) of the legal and regulatory obligations that we are subject to, such as providing information to a public body or law enforcement agency or (d) the information is required in order to provide our Services to you or our client.
Where we are legally required to obtain your explicit consent to provide you with certain marketing materials, we will only provide you with such marketing materials where we have obtained such consent from you. If you do not want to continue receiving any marketing materials from us, you can click on the unsubscribe function in the communication or e-mail.
Sharing of Personal Data?
In connection with one or more of the purposes outlined above, you and we acknowledge that, in the context of the Services, Personal Data will be exchanged by and between you, us, Deloitte, the Database Provider, ICANN, registries, registrars and domain name registrants, third parties that provide services to us (such as email transmission, customer relationship management (CRM), IT security, cloud service providers, database management, consultants, and financial or legal advisors), contractors for the purpose of processing this information on our behalf, and providing other services to us or to the User on our behalf, competent authorities, credit reference agencies or other organizations that help us make credit decisions and reduce the incidence of fraud and other third parties that reasonably require access to Personal Data relating to you for one or more of the purposes. We may also need to disclose your Personal Data if required to do so by law, a regulator or during legal proceedings.
Please find a list of our material sub-processors appointed at the end of this statement. We will keep this list up to date. We require that these parties agree to handle your Personal Data in compliance with appropriate confidentiality obligations and security measures.
Please note that some of the recipients of your Personal Data referenced above may be based in countries outside of the European Union whose laws may not provide the same level of data protection. In such cases, we will ensure that there are adequate safeguards in place to protect your Personal Data that comply with our legal obligations. The adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission for transfers of Personal Data to third countries.
Should you have any questions about the transfers described above and the adequate safeguards used in respect of such transfers, you may contact us at email@example.com.
How do we protect your Personal Data?
We will use reasonable industry standard safeguards (which may include physical, procedural, managerial and technical measures) to ensure that we keep your Personal Data relevant to its intended use, secure and up to date. These measures include:
- education and training to relevant staff to ensure they are aware of our privacy obligations when handling Personal Data
- administrative and technical controls to restrict access to Personal Data on a ‘need to know’ basis
- technological security measures, including fire walls, encryption and anti-virus software
- physical security measures, such as staff security passes to access our premises.
Although we use appropriate security measures once we have received your Personal Data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavour to protect Personal Data, but we cannot guarantee the security of data transmitted to us or by us. While we will take reasonable and appropriate security measures to protect against unauthorized access, disclosure, alteration or destruction of Personal Data received, we disclaim any and all liability for unauthorized access or use or compromise of your Personal Data to the maximum extent permitted by applicable law.
How long do we keep your Personal Data?
We will hold your Personal Data on our systems for the longest of the following periods: (i) as long as is necessary for the relevant activity or Services; (ii) any retention period that is required by law; or (iii) the end of the period in which litigation or investigations might arise in respect of the services.
You are entitled to obtain access to information on the processing of Personal Data, to object to certain processing of Personal Data, to request copy of your Personal Data, to have your Personal Data rectified, updated, deleted, or otherwise restricted in terms of processing, in each case as permitted under applicable law. Users also may be entitled to withdraw any consent given with prospective effect with respect to the Processing of their Personal Data.
To exercise any of your rights, or if you have any other questions about our use of your Personal Data for Ancillary Services, please contact firstname.lastname@example.org or our data protection officer at email@example.com. You may also use these contact details if you wish to make a complaint relating to your privacy. All privacy-related access requests are taken seriously, and we will respond to request(s) as soon as reasonably practicable, but in any case, within the legally required period of time. Please note that certain Personal Data may be exempt from such access, correction, objection, or deletion rights pursuant to local laws.
Right to complain
If you are unhappy with the way we have handled your Personal Data for Ancillary Services or if you are not satisfied with our response or believe that your Personal Data is not being processed in accordance with the law, you also may contact or lodge a complaint with the competent EU Data Protection Authority (“DPA”) in your jurisdiction or seek other remedies under applicable law.
Changes to this Privacy Statement
We reserve the right to change this Privacy Statement at any time. Any changes we make will be posted on this page. The date this Privacy Statement was last revised is identified at the top of the page. To let you know when we make changes to this Privacy Statement, we will amend the revision date at the top of this page. The new modified or amended Privacy Statement will apply from that revision date. Therefore, we encourage you to periodically review this Privacy Statement to be informed about how we are protecting your Personal Data. Your continued use of our Tool after such amendments will be deemed your acknowledgement of these changes to this Privacy Statement.
ANNEX 1: CURRENT CATEGORIES OF SUB-PROCESSORS
Chip will process Personal Data on your behalf in the course of providing you with the Services. Certain categories of third parties engaged by Chip or its sub processors (“Sub-Processors”) will also process Personal Data on behalf of the Client as part of the provision of the Services.
A list of the current categories of Sub-Processors currently used by CHIP, is set out below:
Current categories of Sub-Processors
Providers of IT support, such as hosting, networks and cloud based services
DELOITTE SERVICES AND INVESTMENTS
Third parties that provide services to Deloitte and that have been screened on providing adequate data and privacy security