OER-CRAFT

NEW REQUERIMENTS OF PRIVACITY POLICY + INTELLECTUAL PROPERTY AND TRADE MARK

AST_COU_3_EN  

 Title:
NEW REQUERIMENTS OF PRIVACITY POLICY + INTELLECTUAL PROPERTY AND TRADE MARK
 Keywords
Data protection, Rights, Obligations, Registration, Brand
 Author:
AE
 Languages:
English
 Objectives/goals:
To make known, the fundamentals and general concepts of the regulations on personal data protection, intellectual property and the Brand Registry, through a study of the most relevant aspects of them, thus facilitating an overview of the Rights and Obligations and offering a practical vision of existing obligations.

 Description:
The new European Data Protection Regulation entered into force on May 25, 2018 in all countries of the European Union. This new regulation affects all companies as soon as they have personal data of clients, workers and third parties, enhancing an active commitment in the safeguarding of fundamental rights, in particular those related to privacy in all areas, but especially on the internet

Acquire knowledge and skills to know the personal data protection system, in the most relevant aspects. The treatment and procedures that should be given to such data; the rights and obligations of the holder and the person responsible for them and the penalty system in case of non-compliance.

In the same way, matters as relevant to companies as Intellectual Property and Brand Registration are treated



 Course contents:

 APPLICATION OF THE GENERAL DATA PROTECTION REGULATION

WHO DOES THE DATA PROTECTION LAW APPLY TO?

Clic to read  WHO DOES THE DATA PROTECTION LAW APPLY TO?



The GDPR applies to:

A company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
A company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.

If your company is a small and medium-sized enterprise (SME) that processes personal data as described above you have to comply with the GDPR. However, if processing personal data is not a core part of your business and your activity does not create risks for individuals, then some obligations of the GDPR will not apply to you (for example the appointment of a Data Protection Officer (DPO)). Note that "core activities" should include activities where the processing of data forms an inextricable part of the controllers or processors activities.

When the regulation applies, when does not apply

YES. Your company is a small, tertiary education company operating online with an establishment based outside the EU. It targets mainly Spanish and Portuguese language universities in the EU. It offers free advice on a number of university courses and students require a username and a password to access your online material. Your company provides the said username and password once the students fill out an enrolment form.

NO. Your company is service provider based outside the EU. It provides services to customers outside the EU.  Its clients can use its services when they travel to other countries, including within the EU. Provided your company does not specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.

The application of the data protection regulation depends not on the size of your company/organisation but on the nature of your activities. Activities that present high risks for the individuals rights and freedoms, whether they are carried out by an SME or by a large corporation, trigger the application of more stringent rules. However, some of the obligations of the GDPR may not apply to all SMEs.

For instance, companies with fewer than 250 employees do not need to keep records of their processing activities unless processing of personal data is a regular activity, poses a threat to individuals rights and freedoms, or concerns sensitive data or criminal records.

Similarly, SMEs will only have to appoint a Data Protection Officer if processing is their main business and it poses specific threats to the individuals rights and freedoms (such as monitoring of individuals or processing of sensitive data or criminal records) in particular because it is done on a large scale.

The rules only apply to personal data about individuals, they do not govern data about companies or any other legal entities. However, information in relation to one-person companies may constitute personal data where it allows the identification of a natural person. The rules also apply to all personal data relating to natural persons in the course of a professional activity, such as the employees of a company/organisation, business email addresses like "forename.surname@company.eu" or employees business telephone numbers.


 OBLIGATIONS

OBLIGATIONS

Clic to read  OBLIGATIONS



What data can we process and under which conditions?

The type and amount of personal data a company/organisation may process depends on the reason for processing it (legal reason used) and the intended use. The company/organisation must respect several key rules, including:

•    personal data must be processed in a lawful and transparent manner, ensuring fairness towards the individuals whose personal data is being processed (lawfulness, fairness and transparency);
•    there must be specific purposes for processing the data and the company/organisation must indicate those purposes to individuals when collecting their personal data. A company/organisation can not simply collect personal data for undefined purposes (purpose limitation);
•    the company/organisation must collect and process only the personal data that is necessary to fulfil that purpose (data minimisation);
•    the company/organisation must ensure the personal data is accurate and up-to-date, having regard to the purposes for which it is processed, and correct it if not (accuracy);
•    the company /organisation can not further use the personal data for other purposes that are not compatible with the original purpose;
•    the company/organisation must ensure that personal data is stored for no longer than necessary for the purposes for which it was collected (storage limitation);
•    the company/organisation must install appropriate technical and organisational safeguards that ensure the security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technology (integrity and confidentiality).

Can data be processed for any purpose?
No. The purpose for processing of personal data must be known and  the individuals whose data you are processing must be informed. It is not possible to simply indicate that personal data will be collected and processed. This is known as the "purpose limitation" principle.

Can we use data for another purpose?
Yes, but only in some cases. If your company/organisation has collected data on the basis of legitimate interest, a contract or vital interests it can be used for another purpose but only after checking that the new purpose is compatible with the original purpose.

The following points should be considered:
•    the link between the original purpose and the new/upcoming purpose;
•    the context in which the data was collected (what is the relationship between your company/organisation and the individual?);
•    the type and nature of the data (is it sensitive?);
•    the possible consequences of the intended further processing (how will it impact the individual?);
•    the existence of appropriate safeguards (such as encryption or pseudonymisation).
If your company/organisation wants to use the data for statistics or for scientific research it is not necessary to run the compatibility test.

If your company/organisation has collected the data on the basis of consent or following a legal requirement, no further processing beyond what is covered by the original consent or the provisions of the law is possible.  Further processing would require obtaining new consent or a new legal basis.

How much data can be collected?
Personal data should only be processed where it is not reasonably feasible to carry out the processing in another manner. Where possible, it is preferable to use anonymous data. Where personal data is needed, it should be adequate, relevant, and limited to what is necessary for the purpose (data minimisation). It is your company/organisations responsibility as controller to assess how much data is needed and ensure that irrelevant data is not collected.

For how long can data be kept and is it necessary to update it?
Data must be stored for the shortest time possible. That period should take into account the reasons why your company/organisation needs to process the data, as well as any legal obligations to keep the data for a fixed period of time (for example national labour, tax or anti-fraud laws requiring you to keep personal data about your employees for a defined period, product warranty duration, etc.).
Your company/organisation should establish time limits to erase or review the data stored.

By way of an exception, personal data may be kept for a longer period for archiving purposes in the public interest or for reasons of scientific or historical research, provided that appropriate technical and organisational measures are put in place (such as anonymisation, encryption, etc.).

Your company/organisation must also ensure that the data held is accurate and kept up-to-date.

What information must be given to individuals whose data is collected?
At the time of collecting their data, people must be informed clearly about at least:
•    who your company/organisation is (your contact details, and those of your DPO if any);
•    why your company/organisation will be using their personal data (purposes);
•    the categories of personal data concerned;
•    the legal justification for processing their data;
•    for how long the data will be kept;
•    who else might receive it;
•    whether their personal data will be transferred to a recipient outside the EU;
•    that they have a right to a copy of the data (right to access personal data) and other basic rights in the field of data protection (see complete list of rights);
•    their right to lodge a complaint with a Data Protection Authority (DPA);
•    their right to withdraw consent at any time;
•    where applicable, the existence of automated decision-making and the logic involved, including the consequences thereof.

The information may be provided in writing, orally at the request of the individual when identity of that person is proven by other means, or by electronic means where appropriate. Your company/organisation must do that in a concise, transparent, intelligible and easily accessible way, in clear and plain language and free of charge.
When data is obtained from another company/organisation, your company/organisation should provide the  information listed above to the person concerned at the latest within 1 month after your company obtained the personal data; or, in case your company/organisation communicate with the individual, when the data is used to communicate with them; or, if a disclosure to another company is envisaged, when the personal data was first disclosed.

Your company/organisation is also required to inform the individual of the categories of data and the source from which it was obtained including if it was obtained from publicly accessible sources. Under specific circumstances listed in Articles 13(4) and 14(5) of the GDPR your company/organisation may be exempted from the obligation to inform the individual. Please check whether that exemption applies to your company/organisation.

What data can we process and under which conditions?
The type and amount of personal data a company/organisation may process depends on the reason for processing it (legal reason used) and the intended use. The company/organisation must respect several key rules, including:
•    personal data must be processed in a lawful and transparent manner, ensuring fairness towards the individuals whose personal data is being processed (lawfulness, fairness and transparency);
•    there must be specific purposes for processing the data and the company/organisation must indicate those purposes to individuals when collecting their personal data. A company/organisation can not simply collect personal data for undefined purposes (purpose limitation);
•    the company/organisation must collect and process only the personal data that is necessary to fulfil that purpose (data minimisation);
•    the company/organisation must ensure the personal data is accurate and up-to-date, having regard to the purposes for which it is processed, and correct it if not (accuracy);
•    the company /organisation can not further use the personal data for other purposes that are not compatible with the original purpose;
•    the company/organisation must ensure that personal data is stored for no longer than necessary for the purposes for which it was collected (storage limitation);
•    the company/organisation must install appropriate technical and organisational safeguards that ensure the security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technology (integrity and confidentiality).
What rules apply if my organisation transfers data outside the EU?
In todays globalised world, there are large amounts of cross-border transfers of personal data, which are sometimes stored on servers in different countries. The protection offered by the General Data Protection Regulation (GDPR) travels with the data, meaning that the rules protecting personal data continue to apply regardless of where the data lands. This also applies when data is transferred to a country which is not a member of the EU (hereinafter referred to as "third country").

The GDPR provides different tools to frame data transfers from the EU to a  third country:
•    sometimes, a third country may be declared as offering an adequate level of protection through a European Commission decision (Adequacy Decision), meaning that data can be transferred with another company in that third country without the data exporter being required to provide further safeguards or being subject to additional conditions. In other words, the transfers to an "adequate" third country will be comparable to a transmission of data within the EU.
•    in the absence of an Adequacy Decision, a transfer can take place through the provision of appropriate safeguards and on condition that enforceable rights and effective legal remedies are available for individuals. Such appropriate safeguards include:
•    in the case of a group of undertakings, or groups of companies engaged in a joint economic activity, companies can transfer personal data based on so-called binding corporate rules;
•    contractual arrangements with the recipient of the personal data, using, for example, the standard contractual clauses approved by the European Commission;
•    adherence to a code of conduct or certification mechanism together with obtaining binding and enforceable commitments from the recipient to apply the appropriate safeguards to protect the transferred data.
•    finally, if a transfer of personal data is envisaged to a third country that is not the subject of an Adequacy Decision and if appropriate safeguards are absent, a transfer can be made based on a number of derogations for specific situations for example, where an individual has explicitly consented to the proposed transfer after having been provided with all necessary information about the risks associated with the transfer.



 INTELLECTUAL PROPERTY RIGHTS

RIGHTS

Clic to read  RIGHTS



Intellectual property is the set of rights that correspond to the authors and other owners (artists, producers, broadcasters ...) regarding the works and benefits resulting from their creation.

A work is fully protected by law at the same time of its creation and without the need for any formal requirements.

IS IT NECESSARY TO REGISTER A WORK TO PROTECT IT?
NO, however, it is convenient to indicate the reservation of rights and the symbol NO, however, it is convenient to indicate the reservation of rights and the symbol ©, in the case of a work.

Registration is a protection of intellectual property rights, as it constitutes a qualified proof of the existence of registered rights.

Intellectual property protects original literary, artistic or scientific creations, choreographies, audiovisual works, sculptures, pictorial works, plans, models, maps, photographs, computer programs and databases.

It also protects artistic performances, phonograms, audiovisual recordings and broadcasting broadcasts.

INTELLECTUAL PROPERTY RIGHTS
Moral and economic rights
1. MORAL RIGHTS:
They include two specific aspects: the right to recognition of authorship and the right of an author to preserve the integrity of the work, that is, to refuse to carry out modifications or derivative works.
The recognition of moral rights points to the authors reputation and the inalienable right of the latter to dispose of his work in terms of recognition as well as its integrity. The most common violation of moral rights is plagiarism.

2. HERITAGE OR EXPLOITATION RIGHTS:
We must distinguish between:
a) Rights related to the exploitation of the protected work, which in turn are subdivided into:
Exclusive rights are those that allow the owner to authorize or prohibit acts of exploitation of his work or benefit protected by the user, and to demand compensation in return for it.
The remuneration rights do not entitle the owner to authorize or prohibit the acts of exploitation of the work, although they do require the latter to pay a monetary amount for the acts of exploitation that he performs, an amount that is determined by law by the Rates of management entities.
b) Compensatory rights, such as the right to private copy that compensates for intellectual property rights no longer received due to reproductions of works or benefits protected for exclusively private use.



 REGISTRY/COPYLEFT

REGISTRY

Clic to read  REGISTRY



Register:
Registration is not mandatory, but voluntary.

In Anglo-Saxon law, the notion of copyright is used, which generally includes the patrimonial part of copyright (economic rights).

The exploitation or economic rights last the lifetime of the authors and up to 70 years after the death of the author (European Law).

The Law regulating intellectual property is reflected in the Recast text, approved by Royal Legislative Decree 1/1996, of April 12.

WHAT IS WHAT "NO" IS PROTECTED ...
The ideas.
The procedures.
The legal or regulatory provisions, their corresponding projects, the decisions of the jurisdictional bodies.
The acts of public bodies, as well as translations of these texts.
The titles of the works.

HOW IS A WORK RECORDED?
An application is filed in the register of the intellectual property, together with the fee of a fee. (€ 13.46).
Management Entities
goals
Manage exploitation rights.
Guarantee the exploitation, protection and control of works both in Spain and abroad.
To be constituted they need the authorization of the Ministry of Culture.

- From authors:
SGAE (General Society of Authors and Publishers) CEDRO (Spanish Center for Reprographic Rights) VEGAP (Visual Entity for the Management of Plastic Artists) DAMA (Copyright of audiovisual media)

- From Performers:
AIE (Performers, management company of Spain) AISGE (Performers, management company)




COPYLEFT

Clic to read  COPYLEFT



Is Copyleft really a license?
Copyleft is not a license in itself, but some guidelines on how the license or contract of the work (exploitation, copying, distribution, etc.) should be managed.

When I choose the license that best suits my work, I will have to indicate as clearly as possible under what features it is governed.

Which Copyleft license is best suited to my work?

GNU - http://www.fsf.org/licensing
The GNU, according to the copyleft manual, was created in the mid-1980s and has its origin in the world of free software and is, in turn, the main responsible for the entire movement for free culture and Copyleft.
It is based on the 4 freedoms proposed by Stallman and the FSF:
- of use
- Study and modification
- copy
- for improvement and distribution of content

Which Copyleft license is best suited to my work?
CREATIVE COMMONS - http://creativecommons.org
“Many authors have realized over time that the right to absolute copy does not help them when it comes to getting the wide exposure or distribution that Creative Commons [...] wants tries to help people express this preference for sharing by offering everyone a set of licenses on the web, at no costâ€

The conditions offered by CC are 6, as a combination of 4 essentials:
    Recognition. You must properly recognize the authorship, provide a link to the license and indicate whether changes have been made. You can do it in any reasonable way, but not in a way that suggests that you have the support of the licensor or receive it for the use you make.
   Without No derivative works. If you remix, transform or create from the material, you cannot spread the modified material.
     No comercial. You may not use the material for a commercial purpose.
    Share the same. Copy and redistribute the material in any medium or format

FREE ART - http://www.artlibre.org
She was one of the pioneers in transferring the idea of free software to the art world. Like many other Copyleft licenses, it promotes free access to culture as opposed to other restrictive models, in the case of Copyright.
The Manualcopyleft.net explains how the artist who uses this license guarantees that the user can:
Make copies for personal or third party use.
Distribute the work freely by any means, for free or not.
Freely modify the work.
Copyleft = Free? NO

The idea that Copyleft means free is widespread. The confusions reside:
On the principles that this license is less restrictive.
The automatic authorization of the work obtained in the license itself.
In some Copyleft licenses, the artist may specify that his work may be copied, distributed, reproduced or modified as long as it is not for commercial uses.
Can my Copyleft work be plagiarized?
A Copyleft work has a license like any other creation.
If the author proves that his work has been plagiarized, legal acts can be undertaken.



 PROCEDURES AND COST

PROCEDURES

Clic to read  PROCEDURES



Spanish Patent and Trademark Office (SPTO)

How to register the corporate image. The logotype.
Once you have chosen your name and created the logo, which includes your unique value proposition, it is time to register the brand to protect it from competition and that it cannot be used by others.

Registration is done at the Spanish Patent and Trademark Office (SPTO) whose website is http://www.oepm.es.

The first thing you have to do is check if the brand you are going to register has not been registered in the following link:
http://sitadex.oepm.es/localizador/buscardenominacion.jsp

Write the name of the brand or part in the first section and click on locate.

What do you need to have prepared before starting the process?
Brand name, image in case of being graphic or both in case of being mixed.
If the brand has an image because it is graphic or mixed, you must have the image prepared in the following format: "Jpg or tif, maximum 8 cm wide x 12 cm high (945 x 1417 pixels), 300 dpi"

Holder of the brand.
Data of the person or company that will be the owner of the brand.
Classes in which you will register it

Trademarks are registered according to the products or services for which they are intended. The SPTO is based on the international classification of brand products and services (Nice classification 10th edition, 2012).

You can register your brand in as many classes as you wish taking into account that you have to pay for each class. Your brand will be protected for the services and products that are included in the classes in which you have registered it.

Remember! You only protect the classes in which you register your brand
In the following link you can see the classes available for you to choose the most suitable one / s

International classification of brand products and services (CLINMAR) (Nice classification 10th edition, 2012)




COST

Clic to read  COST



Brand registration cost
Yes, registering a brand has a cost, now. If you do it on your own as we explain here the savings will see that it is considerable with respect to making it a registrar. The rates for 2018 are as follows:

Face-to-face registration:
First class: € 147.49

Second and following classes: € 95.55

Registration through the electronic headquarters:
First class: € 125.36
Second and following classes: € 81.21

How will I know when I have the trademark registration?
The brand will be published approximately in one day and from this moment it will be public two months in case any third party wants to oppose its registration. If there is no opposition, within two months, you will receive the brand title and ... It will be yours!

You can check the status of the trademark registration in the following link by writing the name of the brand or part in the first section and clicking on "locate"
http://sitadex.oepm.es/localizador/buscardenominacion.jsp

CRAFTS REGISTRATION
Procedure that aims at the voluntary registration of those artisan subjects whose trade or trades are included in the Directory of Crafts Trades of Andalusia.

The result of the first registration in the Registry is the official issuance of the Artisan Letter, in order to publicly identify the artisan subjects



 Indicators


 Related material:
3.1_artcademy_course_privacypolicyintpropertytrademark_level3_ae_english.doc
 Training Fiche PPT:
3.1_artcademyppt_privacypolicyintpropertytrademark_level3_ae_english.pptx