top of page

SaaS Privacy Policy

(PatentPlus Platform)

(Transfer Hub, Company Search & related modules)
Last updated: 2025

This Privacy Policy explains how PatentPlus IO UG (haftungsbeschränkt) (“PatentPlus”, “we”, “us”) processes personal data when you use the PatentPlus Platform, including the Transfer Hub, the Industry Search, and any associated services (collectively, the “Platform”).

This policy applies to:

  • registered users of the Platform

  • institutions and their authorized representatives

  • internal and external users accessing Transfer Hub content

This Privacy Policy does not apply to visits to our website. The Website Privacy Policy is is provided here.

 

1. Company

PatentPlus IO UG (haftungsbeschränkt)
Rosenthaler Str. 72A
10119 Berlin, Germany
Email: info@patentplus.io

 

2. Categories of Personal Data

We only process personal data necessary for providing and improving the Platform.

2.1 User Account Data

  • Name

  • Email address

  • Organizational affiliation

  • Authentication data (hashed password)

  • User roles, access rights, and permissions

2.2 Usage & Technical Data

  • IP address

  • Session identifiers

  • Login timestamps

  • Device/browser information

  • System logs and error reports

2.3 Content & Transfer Data (institution-provided)

  • Contact persons for technologies, projects, or spin-offs

  • Descriptions, documents, or metadata supplied by institutions

  • Publicly available or institution-approved information displayed on the Transfer Hub

No special categories of personal data (Art. 9 GDPR) are processed.

3. Purposes and Legal Bases

3.1 Provision and operation of the Platform

  • Creating and managing user accounts

  • Displaying institution-defined transfer content

  • Access control and role-based permissions

Legal basis: Art. 6(1)(b) GDPR (contract / pre-contract measures)

3.2 Security, stability, monitoring

  • System logs

  • Prevention of abuse and misuse

  • Incident analysis and troubleshooting

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

3.3 Communication & support

  • Responding to support requests

  • Providing updates about system availability or maintenance

Legal basis: Art. 6(1)(b) or (f) GDPR

3.4 Product improvement (non-personal analytics)

  • Aggregated usage statistics

  • Performance metrics

  • Feature optimization

Legal basis: Art. 6(1)(f) GDPR (We do not use personal data for profiling or marketing.)

4. Artificial Intelligence (AI) Processing

Some Platform features use AI models to improve the quality of results. These features are optional and can be deactivated on the Platform.

Important safeguards:

  • No personal data is sent to AI models

  • Only company profiles, technology descriptions, or non-personal search parameters are processed.

  • Data is not used to train or improve third-party AI models

Legal basis: Art. 6(1)(b) GDPR (core platform functionality)

5. Hosting & Data Transfers

The Platform is hosted using external cloud infrastructure providers acting as PatentPlus data processors under Art. 28 GDPR.

  • Personal data is processed exclusively within the European Union

  • Non-personal data is processed exclusively within the European Union whenever technically possible.

  • If processing occurs in jurisdictions:

    • covered by an EU adequacy decision, or

    • protected by EU Standard Contractual Clauses,

PatentPlus ensures appropriate safeguards in accordance with Art. 44–49 GDPR.

A list of subprocessors is available upon request.

6. Recipients of Personal Data

Personal data may be shared with:

6.1 Data processors (acting on our behalf)

Examples include:

  • hosting and cloud infrastructure

  • security and monitoring services

  • email and support tools

All processors are bound by GDPR compliant data processing agreements (DPAs) and process data only according to our instructions.

6.2 Institutions (for Transfer Hub content)

If institutions publish their own contact persons or content, this becomes visible to the public or internally based on the visibility settings defined by the institution.

6.3 Legal disclosures

Only where legally required (Art. 6(1)(c) GDPR).

PatentPlus never sells personal data or shares it with third parties for advertising purposes

7. Data Retention

  • User accounts: retained for the duration of the contract

  • System logs: 7-90 days

  • Transfer content: retained until removed by the institution

  • Backups: retained for system integrity (typically 30–90 days)

  • Support communication: retained as necessary for documentation and audit

After termination or deletion requests, we delete or anonymize data in accordance with Art. 17 GDPR.

8. Security Measures

PatentPlus implements state-of-the-art technical and organizational measures including:

  • TLS/HTTPS encryption

  • Encryption of data at rest

  • Role-based access control

  • Row-Level Security for sensitive records

  • Monitoring, logging, and alerting

  • Strict internal access limitations (“need-to-know basis”)

  • Regular security updates and vulnerability management

9. Your Rights Under GDPR

You have the following rights:

  • Access (Art. 15)

  • Rectification (Art. 16)

  • Erasure (Art. 17)

  • Restriction (Art. 18)

  • Data portability (Art. 20)

  • Objection (Art. 21)

Requests may be submitted to info@patentplus.io. We may require verification of your identity.

10. Requirement to Provide Data

Creating a Platform account requires minimal personal data (name, email). Without this information, account creation and access to the Platform are not possible.

11. Data Sources

If user accounts are created by an institution on behalf of its staff, PatentPlus receives data from that institution (e.g., name, email). Otherwise, personal data is provided directly by users.

12. Updates to this Policy

We may update this Privacy Policy to reflect technical or legal changes. The latest version is always available here.

bottom of page