Privacy Notice

Last updated: November 1, 2020

Foreword

This Privacy Notice applies across all websites and services provided by TrademarkNow Oy (the “Services”), which is now part of the Corsearch Intermediate, Inc. group of companies (“Corsearch Group”). It describes what personal data we collect and receive, how we use personal data and with whom we may share personal data. This Privacy Notice also contains specific information, where applicable, about how we treat your personal data where it is subject to the General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 (“DPA”) or the California Consumer Privacy Act (“CCPA”), including your rights in relation to those laws.

By using the term “personal data”, we mean identifiable information about you, like your name, email, address, telephone number, your organization, contact queries, website visits, blog subscriptions and so on. If the information does not contain identifiable information, then this notice shall not apply. For example, this Notice does not generally apply to the information pertaining to business entities.

This Privacy Notice also does not apply to the privacy practices of third parties whose links may appear on or through the Services. We are not responsible for the content or privacy practices of third parties or other users. We recommend that you exercise caution before you voluntarily disclose personal data to other users, on publicly accessible or displayable parts of the Services, or through third-party links on third-party websites or platforms.

We may update this Privacy Notice from time to time. Where a change is noteworthy, we will let you know of these changes by sending an email.

Who we are?

We are TrademarkNow Oy. Our headquarters are in Helsinki, Finland, but we operate all over the world. Address details for our offices are available on our Contact us page.

We provide an intelligent web-based trademark management platform that is used by enterprise companies, law firms and branding agencies for instant trademark search and watch results.

Our principles of data protection

Our approach to data protection is built around three principles.

Transparency:  we want to disclose to you how your personal data is processed.

Having a clear data life cycle: having transparent and clear flow as to when the data is collected, when the data is updated and when it is deleted. We aim to have a simple flow that it is transparent for all data subjects.  

Security: we take appropriate steps to protect personal data against loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Our employees who handle personal data are subject to policies and procedures to protect your personal data, are required to treat it confidentially and may not disclose it to unauthorized third parties. You should keep in mind that no Internet transmission is ever 100% secure or error-free. In particular, emails sent to or from this website or to TrademarkNow may not be secure, and you should therefore take special care in deciding what information you send to us. Moreover, we have reasonable technical safeguards and security measures in place functionally with our websites, but where you use passwords, ID numbers, or other special access features on this site, it is your responsibility to safeguard them.

How do we collect the data?

When you visit our websites or use our services, we collect personal data. The ways we collect it can be generally categorized into the following:

Information that you provide to us actively: When you visit or use some parts of our websites and/or the Services we might ask you to provide personal data to us. For example, we ask for your contact information (such as your name and email address) when you subscribe to our blog, create a trial account or a free account, and you may also provide us personal data voluntarily, for example when you take part in webinars, polls and surveys through the Services, contact us with questions or request support, or submit feedback or complaints. Similarly, if you register or create a paid account, we need to collect your name, contact details and payment information.

Information we collect automatically based on your actions on our websites: When you visit our websites or use the Services, we automatically collect certain information based on your actions on the website, including through the use of cookies and other tracking technologies. Automatically collected information includes your IP address, your device type, your browser information, browser extension or other information that is necessary for us to know in order to provide you with the best visiting experience. To provide you with timely marketing, we may also collect information about how you navigate through our websites and the Services, including what pages you looked at and what links you clicked. This information helps us to better understand how our visitors are using our websites, or the Services, so that we can continuously improve our user experience by providing you and other visitors with the information you need more easily.

Information we get from public sources and third parties: Although most of the personal data we collect comes directly from you, we may occasionally receive personal data about you from other sources. For example, as part the Services, we may lawfully collect or license (including from national and international trade mark registries and authorized licensors) information about individual registered trade mark owners and applicants – this information may contain limited (and publically available) personal data, including names, mailing addresses and other contact information published as part of trade mark applications and registrations. In addition, if your employer is our client they may have provided us with your personal data in order for us to contact you about the Services we perform for your employer, to register as a user of our Services or to manage the contract between us, including through sources, including through third party vendors, such as our marketing management vendor (Hubspot) and research partners. Where relevant, this information is used as supplemental information to your personal data.

How do we use your data?

First and foremost, your personal data is used to provide you with the Services that you have requested, manage and maintain our relationship with you and to ensure the rights and obligations of both us and you. We also use and process your personal data for the following purposes:

Personal data you provide. We collect the following personal data you provide (for example, when you enter the information into form fields when registering or ordering the Services, or when you contact or engage with us directly):

Category of Personal Data Purposes of Processing Legal Bases for Processing
Contact Information, including your name, address, email address, user name and phone number. • To activate and administer your account and the Services requested, authenticate you as a user, and communicate with you, including where you have requested information from us about us o the Services, for Service support and as described below in the “additional uses of personal data and legitimate interests” section. • To provide the Services requested by you and to meet our contractual obligations (Art. 6 para. 1 (b) GDPR).
• Our legitimate interests (Art. 6 para. 1 (f) GDPR).
• Your consent (Art. 6 para. 1 (a) GDPR), where required and obtained.
Contact Information, including your name and email address. • To provide you with our newsletters and updates to our blogs, where you have opted-in to receive such newsletters and updates. • Your consent (Art. 6 para. 1 (a) GDPR), where required and obtained.
Financial Information, including payment or financial account information. • To process payments for the Services requested and to provide purchased Services.
• To meet statutory tax or other applicable legal requirements.
• To process transactions requested by you and meet our contractual obligations (Art. 6 para. 1 (b) GDPR).
• Compliance with legal obligations (Art. 6 para. 1 (c) GDPR).
Purchase or Subscription Information, including details of the Services purchased. • To improve our platform and as described below in the “additional uses of personal data and legitimate interests” section. • Our legitimate interests (Art. 6 para. 1 (f) GDPR).
Information provided in response to voluntary surveys, polls and inquiries, including response and poll information. • To conduct voluntary market research, surveys, polls and similar inquiries to help us understand trends and client needs, and as described below in the “additional uses of personal data and legitimate interests” section.
• Where our websites offer voting functionality, we may use a system to “tag” users after they have voted, so they can vote only once on a particular question. This tag is not correlated with information about individual users.
• To provide the Services requested by you (Art. 6 para. 1 (b) GDPR).
• Our legitimate interests (Art. 6 para. 1 (f) GDPR).

 

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have entered (or are trying to enter) into with you. In such cases, we may be unable to provide the Services you have requested.

Personal data collected automatically. As is true of most digital platforms, we gather certain information automatically when you use the Services. This information may include browser, device and/or similar data that we collect as follows:

Category of Personal Data Purposes of Processing Legal Bases for Processing
Technical Data, including IP addresses, browser type, referring/exit pages, operating system, date/time stamp and/or clickstream data.
We may collect this information from cookies, analytics and related technologies.


• To set up the connection of your device with the Services in order to provide you the Services and to resolve technical issues with the Services.

• To provide the Services requested by you and to meet our contractual obligations (Art. 6 para. 1 (b) GDPR).

• To maintain the security of the Services, for fraud detection, and to protect our rights and a as described below in the “additional uses of personal data and legitimate interests” section.

• Compliance with legal obligations (Art. 6 para. 1 (c) GDPR).
• Our legitimate interests (Art. 6 para. 1 (f) GDPR).

• To collect information about your use of the Services and to improve the Services and as described below in the “additional uses of personal data and legitimate interests” section.

• Our legitimate interests (Art. 6 para. 1 (f) GDPR).
• Your consent (Art. 6 para. 1 (a) GDPR), where required and obtained.

 

Personal data we receive from third-party sources. As described above, as part of the Services we may collect and process certain personal data from publicly available sources and third parties in respect of registered trademark owners and applicants (“IP Owners”). For further information about the types of personal data we process in respect of IP Owners, together with the source(s) and our related purposes and legal bases for processing such data, please see the table below.

In addition, we may obtain certain personal data about you from our corporate clients, partners and the clients of our partners. In particular, if your employer has contracted with us for our Services, we may receive personal data about you directly from your employer. For further information about the types personal data we process about you in such circumstances as well as the related purposes and legal bases for processing such data, please see the table below.

Category of Personal Data Source of Personal Data Purposes of Processing Legal Bases for Processing
IP Owner Information, including your name, mailing address and other contact information published as part of your application or registration (including, where applicable, your email address and fax/phone number). • National and international Trademark Offices/registries.
• Authorized licensors.
To provide the Services requested by our clients, including to assist our clients to register, defend and/or enforce their intellectual property rights, and where applicable, as described below in the “additional uses of personal data and legitimate interests” section. • Our legitimate interests (Art. 6 para. 1 (f) GDPR).
• Our clients’ (and where applicable, their customers’) legitimate interests (Art. 6 para. 1 (f) GDPR), including to register, defend and/or enforce their intellectual property rights.
Client Employee Contact Information, including your name and work contact details, such as your job title, work address, email address and phone number. • You or your employer.

To activate and administer your employer’s or your account and provide the Services requested, authenticate you as a user, and communicate with you, including where you have requested information from us about us or our Services, and as described below in the “additional uses of personal data and legitimate interests” section.

To provide you with updates to our blogs, where you have opted-in to receive such updates.

• To provide Services requested by your employer and to meet our contractual obligations (Art. 6 para. 1 (b) GDPR).
• Our legitimate interests (Art. 6 para. 1 (f) GDPR).
• Your consent (Art. 6 para. 1 (a) GDPR), where required and obtained.

 

Additional uses of personal data and legitimate interests. In addition to the uses described above, where applicable we may use your personal data as necessary to serve our legitimate interests (Art. 6 para. 1 (f) GDPR) in our business operations, as follows:

  • operating our business, administering the Services and managing client accounts;
  • contacting you to respond to your requests, inquiries or complaints;
  • processing and completing transactions you have requested, including, as applicable, order confirmation, processing payments and delivering the Services;
  • operating, managing and securing certain site functionality;
  • enabling you to register for the Services;
  • improving and optimizing the Services and other products, including for the benefit of TrademarkNow and the Corsearch Group and its and their users and clients;
  • conducting industry and market research, surveys, polls and similar inquiries to help us understand trends and client needs in order to better provide content to our clients and others;
  • ensuring the security of the Services and the protection of our systems and networks;
  • preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of personal data, our sites or data systems;
  • enforcing our terms and conditions and other agreements relating to the Services; and
  • providing you with newsletters, articles, Service alerts or announcements and other information about the Services or our other products that we believe may be of interest to you where your consent is not required under applicable law. In such circumstances, you may remove yourself from our mailing lists by following the link provided in every newsletter or marketing email we send to you.

In certain circumstances, we may ask for your consent to process your personal data. In such circumstances, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing undertaken by us prior to the withdrawal of your consent.

How de we share your data?

We may share your Personal Data as set forth below for the business purposes set out in the section “How do we use your data” (above). Because the Services are operated by and through Corsearch Intermediate, Inc. (“Corsearch”), your personal data may be shared with and processed by Corsearch and transferred through Corsearch Europe, S.A. (“Corsearch Europe”) for the standard provision of services and for customer service. There may also be times when we may need to share your personal data within the Corsearch Group for invoicing purposes. The legal basis for sharing of your personal data with other Corsearch Group companies is that this is necessary for our legitimate interests under Art. 6 para. 1 (f) GDPR. We have a legitimate interest in sharing your information for internal administrative purposes, in particular to offer and provide the Services and to deal with any inquiries in an efficient and high-quality manner. The Corsearch Privacy Policy provides more information about how Corsearch uses your personal data.

We do not share, or disclose, your personal data with any party unless that party is:

  • one of our group companies or affiliates, including Corsearch, Corsearch Luxembourg S.a.r.l., Corsearch Europe, S.A., Corsearch Germany GmbH, Corsearch UK Limited, Corsearch France S.A.S., Corsearch US Holdings, Inc., Corsearch Intermediate, Inc., CitizenHawk, Inc., Avantiq Oceania Pty Ltd., Yellow Brand Protection, Inc., Corsearch AB, Corsearch Shanghai Co., Ltd., Corsearch B.V. and Pointer USA B.V.;
  • a service provider or processor who provides IT, system administration and other support services to us and who act as our data processors;
  • one of our professional advisers, including, lawyers, auditors, insurers and accountants;
  • a third party helping us develop or operate the Services and related sales and marketing;
  • actual or potential buyers (and their counsels and other service providers) to whom we may choose to sell, transfer, or merge parts of our business or our assets, including in connection with any bankruptcy or similar proceedings.; or
  • some other party where you have given your consent to transfer the data.

We will also share or disclose your personal data if required by applicable laws or regulations and to government authorities and/or law enforcement officials if mandated by law or if required for the legal protection of our legitimate interests in complying with applicable laws or regulations, as well as when we believe in good faith that disclosure is necessary to protect our rights, to protect your safety or the safety of others, or to investigate fraud, wrongdoing or other illegal activity.

In addition, personal data regarding registered trademark owners and applicants may be shared with our clients to the extent necessary for the provision of the Services.

In compliance with applicable data protection requirements, we require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our authorization and instructions. Where applicable, our contracts with our processors also include certain additional obligations required under the GDPR.


Credit card payment data

We process credit card and payment information solely as necessary in order to manage payments for our services. Credit card payments in our services are processed by Stripe (stripe.com). It means that your necessary credit card data is also stored in Stripe. Your credit card is saved as a payment method in Stripe for further purchases. You can remove the credit card any time under My Account.

Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting or tax requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

For example, subscription data is deleted when a blog subscriber unsubscribes from our blog notifications, or when the contact has not engaged with our content for 12 months. We can provide more information regarding retention times upon request, in line with our data retention periods.

International Data Transfers

When we share data, including within the Corsearch Group, it may be transferred to, and processed in, countries outside the European Economic Area (“EEA”). These countries (including the United States) may not have data protection laws as comprehensive or protective as those in your country of residence. However, our collection, storage and use of your personal data will at all times be governed by this privacy notice and applicable law.

Where applicable (for example, to protect your personal data under the GDPR or the DPA), we ensure your personal data is adequately protected and that such data transfers are carried out in accordance with applicable law by ensuring at least one of the following safeguards is implemented:

  • the country to which a transfer is made has been deemed to provide an adequate level of protection by the European Commission or other applicable supervisory authorities;
  • there are specific contracts in place with the recipient of your personal data which have been approved by the European Commission or other applicable supervisory authorities as providing your personal data with an adequate level of protection; or
  • in certain circumstances, where you have given us your explicit consent to the transfer of your personal data outside your country or residence.

Please contact us at by using the Privacy Webform at the bottom of our website if you would like further information on the specific mechanism used by us when transferring your personal data outside the EEA.

Additional information for users in California

The CCPA requires us to provide additional information about the personal data we collect with reference to specific categories of information. For additional information about our sources of personal data, how we use personal data, and how we disclose personal data, refer to the sections of this privacy notice titled “How do we collect your data?”, “How do we use your data?” and “How do we share your data?”. Within the last twelve months, we have collected the following categories of personal data from California residents:

Category of Personal Data Examples
Identifiers Name, address, email address, telephone number, fax number, IP address, username and password, or other similar identifiers.
Personal data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Name, address, telephone number, financial information.
Commercial information. Products or Services purchased, obtained or considered.
Internet or other similar network activity. Information on your interactions with the Services.

 

Your rights

If your personal data is protected under the GDPR, the DPA, the CCPA or other similar data protection laws, under certain circumstances, you may have the right to:

  • request access to your personal data (commonly known as a “data subject access request”). This enables you to request a copy of the personal data we hold about you and to check that we are processing it lawfully;
  • request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
  • request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it;
  • object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and, other than for the purposes of direct marketing, there is something about your particular situation that makes you want to object to processing on this ground. You have the right to object to our use of your personal data for direct marketing at any time;

opt out of the sale of your personal data. Since we do not sell your personal data, you are already opted-out of such sales;

  • request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it; and
  • request the transfer of your personal data to another party. This right will only apply in limited circumstances, where we process your personal data based on your consent or where the processing of personal data is necessary for the performance of a contract between us.

You also have the right to lodge a complaint with your competent data protection supervisory authority. However, we would appreciate the opportunity to address your concerns before you approach a supervisory authority, so please contact us in the first instance.

The rights described above are not absolute and we reserve all of our rights available to us under applicable law in this regard. We do not discriminate against you, for example, by charging you a different price or offering a different level of service, for exercising any of these rights.

How to exercise your rights

You can exercise these rights at any time by sending an email to privacy@corsearch.com and by utilizing the Privacy Webform at the bottom of our website. You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights above, where applicable). However, in accordance with the GDPR, the DPA, the CCPA and other similar data protection laws, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights), and in some instances, provide a signed declaration under penalty of perjury that you are the individual whose personal data is the subject of the request. If it is necessary to collect additional information from you, we will use the information only for verification purposes and will delete it as soon as practicable after complying with the request. For requests related to particularly sensitive information, we may require additional proof of identification. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it. If you make a request through an authorized agent, we will require written proof that the agent is authorized to act on your behalf.

Time to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

California Residents – “Shine the Light”. We do not provide your personal data to third parties for such third parties’ direct marketing purposes. Please note that California Civil Code Section 1798.83 permits California residents to request certain information regarding disclosure of such individuals’ personal data to third parties for such third parties’ direct marketing purposes. As noted above, your personal data may be subject to certain third parties’ privacy policies.

Cookies

We may place small text files called “cookies” in the browser files of your computer or device when you use the Services. We use cookies to help ensure our websites work, or work more efficiently, as well as to provide us with certain information, as set out above.

Cookies may collect certain limited personal data, such as your IP address. However, generally most of the information we collect through cookies is not personal data.

We use the following cookies:

  • Strictly necessary Cookies. These are cookies that are required for the operation of our sites and may be set automatically. They include, for example, cookies that enable you to log into secure areas of our sites and complete purchases for Services. The legal basis for using such cookies is the provision of the service you have requested (Art. 6 para. 1 (b) GDPR).

With your consent (under Art. 6 para. 1 (a) GDPR) where required by law, we also use the following cookies for the purposes described below:

  • Analytical/performance Cookies. These cookies allow us to recognize and count the number of visitors to our websites and to see how visitors move around our websites. This helps us to improve the ways our websites work, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality Cookies. These cookies are used to recognize you when you return to our sites. This enables us to personalize our content for you and remember your preferences (for example, your choice of language or region).
  • Targeting Cookies. These cookies provide us with information about your visit to our sites, including the pages you have visited and the links you have followed. We use this information to make our sites and any advertising displayed on them more relevant to you.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Cookie Name Purpose
Corsearch Global Platform Remember User ZCBX
BHGD
CCIZ
RMAT
These cookies are used for “Remember Me” functionality on our platform
Corsearch Global Platform User preferences languageCode
IsMobile
cultureCode
CGPM_CustomKeyboard
These cookies are used to store user preferences on our platform and to ensure our content works on your device
Corsearch Global Platform Session cookie ASP.NET_SessionId
.ASPXROLES
These cookies are used for storing user session information. These cookies expire when your browsing session ends
Corsearch Global Platform forms authentication .CORSEARCHAUTHENTICATION This cookie is used by our platform to support single sign on functionality
HubSpot __hssc*
__hssrc*
__hstc*
hubspotutk*
wp4234*
__cfduid*
_ga*
_gid*
ak_bmsc*
bm_sv*
hs-ard*
messagesUtk*
These cookies are used to collect information about how visitors use our site, including to keep track of visitor sessions and to recognize when visitors return to the site.
__hssc* expires after 30 minutes
__hssrc* expires at the end of the browser session
__hstc* expires after 2 years
hubspotutk* expires after 10 years
wp4234* expires after 1 year
__cfduid* expires after 1 year
_ga* expires after 2 years
_gid* expires after 1 day
ak_bmsc* expires after 1 day
bm_sv* expires after 1 hour
hs-ard* expires after 3 months
messagesUtk* expires after 2 years
Universal Analytics (Google) __utma*
__utmb*
__utmc*
__utmd*
__utmt*
__utmz*
_ga*
These cookies are used to collect information about how visitors use our site. We use the information to help us improve the site.
__utma* expires after 2 years
__utmb* expires after 30 minutes
__utmc* expires at the end of the browser session
__utmd* expires after 10 seconds
__utmt* expires after 10 minutes
__utmz* expires after 6 months
_ga* expires after 2 years
Kentico CMS CMSCsrfCookie*
CMSCurrentTheme*
CMSPreferredCulture*
cookiesDirective*
These cookies are used for to keep our site secure and to recognize visitors when they return to the site.
CMSCsrfCookie* expires at the end of your session
CMSCurrentTheme* expires after 24 hours
CMSPreferredCulture*expires after 1 year
cookiesDirective* expires after 1 year
YouTube Cookies PREF*
YSC*
VISITOR_INFO1_LIVE*
remote_sid*
We embed videos on our site using YouTube. This may set cookies on your computer once you click on the YouTube video player.
PREF* expires after 8 months
YSC* expires at the end of your session
VISITOR_INFO1_LIVE*expires after 6 months
remote_sid* expires at the end of your session
doubleclick.net IDE*
x_axis_main*
These cookies are used to improve any advertising on our site, for example, to avoid showing an ad that a user has already seen. There is no personally identifiable information in these cookies.
IDE* expires after 2 years
x_axis_main* expires after 1 year

 

Your web browser can be set to allow you to control whether you will accept cookies, reject cookies, or to notify you each time a cookie is sent to you. If you’ve set your browser to warn you before accepting cookies, you will receive the warning message with each cookie. Generally, you do not need to have cookies turned on to use this website. However, you may need cookies to enable you to log into secure areas of our websites, to complete purchases for Services and to participate actively in message boards, forums, polling and surveys.

For more information about cookies, including how to see what cookies have been set and how to manage or delete them, visit www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

Contact us

If you have any questions, comments, requests or concerns about this privacy notice or other privacy-related matters, or if you would like to exercise any of your rights in relation to your personal data, you may contact us in the following ways:

  • Through our dedicated email address: privacy@corsearch.com
  • By our toll-free phone number: 1-800-732-7241
  • By completing the Privacy Webform on our website.
  • By contacting our General Counsel and Privacy Officer, Diane Fiddle, directly at: Diane.Fiddle@corsearch.com

 

See also