| Members |
General
2. Definitions
2.1 For the purposes of this privacy policy, the following terms shall have the meanings set out below:
“AI Tools” means artificial intelligence-powered software applications and services used by ECTA in the course of its activities, including, but not limited to, Perplexity AI.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. ECTA acts as the Controller in relation to the processing of Personal Data described in this privacy policy.
“Data Subject” means an identified or identifiable natural person whose Personal Data is processed.
“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
“Personal Data” means any information relating to an identified or identifiable natural person.
“Privacy Legislation” has the meaning ascribed to it in Article 3.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
“Services” means the products, services, events, activities and tools provided by ECTA to its members, participants and other Data Subjects, including access to AI Tools.
3. Legal Framework
3.1 ECTA will process Personal Data with the highest possible care, only in accordance with this privacy policy and the applicable privacy legislation, consisting, among others, of:
3.2 Where ECTA deploys AI-powered tools in the course of its activities, it does so in compliance with the applicable provisions of the Privacy Legislation, including the GDPR and, where relevant, the EU AI Act.
4. Purpose of Processing
4.1 ECTA processes Personal Data in order to do one or more of the following:
(i) execute its activities, as described in Article 1.2 and to provide (potential) products and/or services in this respect;
(ii) manage a (potential) business relationship (including the performance of an agreement entered into) with you and/or the persons of whom the Personal Data is processed;
(iii) create a member and non-member file, a participant file, a speaker file, (potential) employee file or partner file and to obtain more information thereof;
(iv) grant awards to legal scholars or students in the field of intellectual property rights and compile a database of such candidates and winners;
(v) perform market research, to better understand the needs and preferences in the fields of trade marks, designs, copyright and other intellectual property rights;
(vi) help improve its products and services;
(vii) display the resumes and/or photos on its website or marketing material, for information on ECTA’s activities and the involvement of the persons of whom the Personal Data are processed to this extent (e.g. display speakers at ECTA’s conferences or other participation, students that have been granted an award);
(viii) provide direct marketing regarding its activities such as updates, bulletins, newsletters, information brochures, emails, marketing materials, invitations to events and other information that may be useful to you or the persons of whom the Personal Data is processed or the members, board members, subcontractors and contract parties of ECTA;
(ix) comply with applicable legislation;
(x) transfer Personal Data to its members, board members, subcontractors and contract parties of ECTA: (a) for the execution of the aforementioned points on ECTA’s behalf; (b) to provide you direct marketing with invitations and updates of its members and/or participants of ECTA events; (c) to inform these on your activities (or those of the persons of whom the Personal Data is processed) and your (potential) business relationship with ECTA (e.g. speaker engagement);
(xi) use AI-powered tools to assist with research, analysis and information retrieval in the fields of intellectual property;
(xii) generate, summarise or analyse content related to ECTA’s activities using AI-powered tools;
(xiii) enhance the quality and efficiency of the services provided to ECTA’s members through the use of AI-powered tools;
(xiv) support internal operations and knowledge management using AI-powered tools;
(together or separately the “Purpose”).
4.2 ECTA may use the Personal Data for the Purpose in any way whatsoever, including: (a) its internal use (e.g. the communication through its internal communication systems and to its internal bodies and/or staff, such as mailings to members, directors etc.) and to store these on a server accessible to ECTA (either from ECTA or from its ICT provider); and (b) the use of AI-powered tools as described in Article 7 of this privacy policy.
5. Legal Basis for Processing
5.1 ECTA has the following legal bases for the processing of Personal Data:
(i) the contract you have entered into with ECTA;
(ii) the free, specific, informed and unambiguous consent from you or provided through you on behalf of the person concerned to ECTA, to process Personal Data. Such consent can be given by any means, such as, but not limited to, mail, email, an online or offline consent form, a membership form or orally;
(iii) a legal obligation; and/or
(iv) a legitimate interest of ECTA.
5.2 For the processing of Personal Data through AI-powered tools (including Perplexity AI), ECTA relies primarily on its legitimate interest, namely the efficient delivery of association services, improving the quality of research and analysis in the field of intellectual property, and enhancing operational efficiency. Where required, ECTA may also rely on the consent of the Data Subject.
5.3 ECTA has carried out a legitimate interest assessment in relation to its use of AI-powered tools and has concluded that the processing is necessary for the purposes of its legitimate interests, which are not overridden by the interests, rights or freedoms of the Data Subjects concerned.
5.4 Your personal data may be processed by third parties in their own name, as a “data controller”. ECTA may refer you to such third-party websites, applications, portals or services. ECTA is not responsible and cannot be liable for the use of data by such third parties, even if you have accessed the third party’s website, application, portal or service through links provided through ECTA’s services. ECTA recommends that you check the policy of each third party and contact the relevant third party if you have any concerns, questions or complaints about the processing of your personal data.
6. Personal Data Processed
6.1 ECTA will collect and process all Personal Data that:
(i) are necessary for the Purpose, such as (first, middle, last) name, date of birth, gender, address, email address, phone number, language preference, company number, bank account number, professional interests and preferences, photo, video, sound recording, bio, marketing material and/or other information provided to ECTA;
(ii) are gathered during or in the light of one of ECTA’s activities as set out in Article 1.2.
6.2 You guarantee that the Personal Data you have provided ECTA with are complete and correct.
6.3 Data processed through AI Tools
In addition to the categories of Personal Data described above, the following categories of data may be processed when ECTA’s AI-powered tools (including Perplexity AI) are used:
(a) queries, prompts and content submitted by users to Perplexity AI;
(b) content generated by the AI tool in response to user queries;
(c) account information of users, including name and email address;
(d) usage metadata, including timestamps and session data.
6.4 Important: Users should NOT input special categories of personal data (as defined in Article 9 GDPR) into AI-powered tools. Special categories include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person’s sex life or sexual orientation.
7. Use of AI-Powered Tools (Perplexity AI)
7.1 ECTA provides access to Perplexity AI, an AI-powered research and information tool, to its members and staff for use in connection with ECTA’s activities in the field of intellectual property rights.
7.2 Perplexity AI, Inc. (a company incorporated in the United States) acts as a data processor on behalf of ECTA when providing its services. ECTA has entered into a Data Processing Addendum (“DPA”) with Perplexity AI, Inc. in accordance with Article 28 GDPR.
7.3 Data submitted to Perplexity AI
When using Perplexity AI, the following data may be processed:
(a) account information (name, email address);
(b) queries, prompts and any content submitted by users;
(c) output generated by the AI tool;
(d) usage metadata (timestamps, session data, device information).
Users are instructed NOT to submit the following into the AI tool:
(a) special categories of personal data (Article 9 GDPR);
(b) personal data of third parties without a lawful basis;
(c) confidential client information or legally privileged communications.
7.4 Perplexity AI’s commitments under the DPA
Under the DPA entered into between ECTA and Perplexity AI, Inc., Perplexity AI has committed to the following:
(a) processing Personal Data only on ECTA’s documented instructions;
(b) not using Personal Data to train or fine-tune its AI models;
(c) not selling or sharing Personal Data;
(d) maintaining appropriate technical and organisational security measures (Perplexity AI holds SOC 2 Type II certification);
(e) deleting Personal Data within 30 days after the end of services;
(f) automatically deleting files attached to threads after 7 days;
(g) permitting audits by ECTA once every 12 months, with 30 days’ prior notice.
7.5 Sub-processors
Perplexity AI uses authorised sub-processors, including cloud infrastructure providers such as Amazon Web Services and Microsoft Azure, as well as third-party AI model providers (such as OpenAI and Anthropic). Agreements with these sub-processors ensure that Personal Data is not used for model training purposes. ECTA will be notified of any changes to the list of sub-processors and may object to such changes in accordance with the DPA.
7.6 AI-generated output
Content generated by AI-powered tools may be inaccurate, incomplete or require verification. ECTA does not guarantee the accuracy of AI-generated content. Users should independently verify AI output before relying upon it, particularly for legal or professional advice. AI-generated output should not be treated as a substitute for professional judgment.
8. International Data Transfers
8.1 Third parties to whom ECTA may, or is obliged to, transfer Personal Data on the basis of this privacy policy, may be located within or outside the European Union (e.g. for conference registrations and for the mailing system). ECTA will safeguard that a sufficient level of data protection is ensured by the third parties to whom the Personal Data may be transferred.
8.2 Transfers to Perplexity AI (United States)
Perplexity AI, Inc. is based in the United States. When Personal Data is transferred to Perplexity AI, such transfers are safeguarded by the following mechanisms:
(a) EU Standard Contractual Clauses (Module 2 — Controller to Processor), as adopted by Commission Implementing Decision (EU) 2021/914 of 4 June 2021;
(b) the EU-U.S. Data Privacy Framework, under which Perplexity AI, Inc. is certified, as recognised by the European Commission’s adequacy decision;
(c) the UK International Data Transfer Addendum (version B.1.0) for transfers of personal data originating from the United Kingdom.
8.3 ECTA has assessed the adequacy of these safeguards in accordance with Article 46 GDPR and is satisfied that they provide an adequate level of protection for the Personal Data transferred.
8.4 Perplexity AI’s sub-processors may also be located outside the European Economic Area. Perplexity AI has entered into appropriate data transfer mechanisms with its sub-processors to ensure compliance with the Privacy Legislation.
9. Image and Sound
9.1 ECTA can make use of Personal Data in picture and sound material (such as photographs, videos, sound recordings etc.) (“Image and Sound”) of persons involved in the context of its activities as set out in Article 1.2.
9.2 You are aware that Image and Sound of you or of the persons from whom you have provided the Personal Data of, can be taken at any event organised by ECTA (e.g. workshops, events, seminars or on-site or online events).
9.3 ECTA may use the Image and Sound for the Purpose, including: (a) the use for internal purposes (internal communication systems, such as mailings to members, directors etc.) and to store these on a server accessible to ECTA (either from ECTA or from its ICT provider); (b) the use for external purposes such as sharing (e.g. via email or on social media, for promotional, informative or direct marketing purposes).
10. Transfer of Personal Data to Third Parties
10.1 ECTA may transfer the Personal Data to members, board members, subcontractors, contracting parties (including non-members) of ECTA and/or other third parties:
(i) for the execution of the Purpose on ECTA’s behalf (e.g. hosting the ECTA website, other ICT purposes, provision of AI-powered tools etc.);
(ii) to provide you with direct marketing (e.g. invitations and updates of its members and/or participants of ECTA events);
(iii) to inform them of your activities (or those of the persons of whom the Personal Data is processed) and your (potential) business relationship with ECTA (e.g. speaker engagement, attendance of events).
10.2 ECTA enters into data processing agreements with its subcontractors and processors processing Personal Data on its behalf, including with Perplexity AI, Inc. as described in Article 7.
10.3 For information specifically about the transfer of Personal Data to Perplexity AI and its sub-processors, please refer to Articles 7 and 8 of this privacy policy.
11. Representations and Guarantees
11.1 By providing Personal Data to ECTA, you guarantee that:
(i) the Personal Data you have provided to ECTA are complete and correct; and/or
(ii) you are entitled (on behalf of the person concerned) to pass on the Personal Data to ECTA, e.g. from you, your employees, directors, partners. You hereby warrant, as far as necessary, to have obtained all necessary consents for the aforementioned transfer and you shall indemnify and hold ECTA harmless for any claim in this respect.
11.2 Where you use AI-powered tools provided by ECTA, you represent and warrant that you will comply with ECTA’s AI usage guidelines as set out in Article 15 of this privacy policy, including the restrictions on the types of data that may be submitted to AI tools.
11.3 You are aware that a violation of the provisions in this Article will be considered a serious fault.
12. Data Retention
12.1 ECTA stores and uses Personal Data for as long as it is necessary to achieve the Purpose (and at a minimum during the term as provided for in the applicable legislation, or for 5 years after the agreement that you had in place with ECTA has come to an end, whichever is the longest).
12.2 When the Purpose is accomplished, ECTA will erase the Personal Data.
12.3 Retention of data processed through AI Tools
The following specific retention periods apply to data processed through Perplexity AI:
(a) files attached to AI threads are automatically deleted after 7 days;
(b) thread data is retained in accordance with ECTA’s data retention settings as configured within the Perplexity AI platform;
(c) personal data contained in AI inputs is stored until deleted by ECTA or 30 days after the end of services with Perplexity AI, whichever is later;
(d) account information is retained for the duration of the service relationship with Perplexity AI.
13. Your Rights
13.1 The Privacy Legislation provides you with a number of rights regarding Personal Data. Every Data Subject has the right, free of charge:
(a) to have access to and receive a copy of his/her Personal Data;
(b) to have his/her Personal Data corrected in case of errors;
(c) to have his/her Personal Data erased where: (i) the Personal Data are no longer necessary to achieve the Purpose; (ii) he/she withdraws his/her consent and there is no other legal ground for the processing; (iii) he/she objects to the processing and there is no overriding legal ground for the processing; (iv) the Personal Data have been unlawfully processed; or (v) there is a legal obligation to erase the Personal Data;
(d) to have the processing of his/her Personal Data restricted;
(e) to request that his/her Personal Data are transferred to a third party (data portability);
(f) to object against the processing of his/her Personal Data, in particular in relation to direct marketing. This means, amongst others, that you can unsubscribe from newsletters, bulletins, commercial or promotional mailings or personalised ads and that ECTA can no longer send these to you/the persons of whom the Personal Data are provided to ECTA;
(g) to opt out of having his/her Personal Data processed through AI-powered tools. If you exercise this right, ECTA will ensure that your Personal Data is no longer submitted to or processed by such tools.
13.2 These rights extend to all Personal Data processed by ECTA, including data processed through AI-powered tools such as Perplexity AI.
13.3 You have the right to file a complaint with the competent data protection authority if you are of the opinion that the processing of your Personal Data is contrary to the Privacy Legislation. You can contact the Belgian Data Protection Authority at:
Belgian Data Protection Authority (Gegevensbeschermingsautoriteit)
Tel: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
E-mail: contact@apd-gba.be
13.4 In case you want to exercise the above rights, you can send a written, dated and signed request, with proof of identity (front of identity card), by ordinary mail to ECTA Secretariat at Rue des Colonies 18/24, 8th Floor, 1000 Brussels, Belgium, or by email to ecta@ecta.org. Please note that the Privacy Legislation may impose conditions on exercising any of the above rights.
14.1 The Personal Data are stored by ECTA and/or its subcontractors located in or outside the EU, such as its ICT provider or its subcontractor carrying out the registrations for ECTA events.
14.2 ECTA commits to take (or have) all reasonable measures (taken) to its best ability to safeguard the protection of the Personal Data through technical safety measures and an appropriate safety policy from destruction, loss, modification or unauthorised processing.
14.3 You acknowledge and accept that the transfer and storage of Personal Data is never without risk and consequently, ECTA cannot be held liable for the damages that you may suffer as a result of the unlawful use of your Personal Data by third parties, other than ECTA’s subcontractors.
14.4 If you are aware of any data leakage, you must immediately and no later than 2 hours inform ECTA thereof via phone +32/2 513 52 85 or email: ecta@ecta.org.
14.5 AI-specific security measures
In relation to the use of AI-powered tools, the following security measures are in place:
(a) access controls are applied to AI tool accounts, ensuring that only authorised ECTA members and staff can access Perplexity AI;
(b) Perplexity AI, Inc. maintains SOC 2 Type II certification, demonstrating compliance with industry-standard security controls;
(c) data is encrypted in transit and at rest;
(d) ECTA’s internal AI usage guidelines (Article 15) restrict the types of data that may be submitted to AI tools, minimising the risk of inappropriate data processing.
15. Guidelines for AI Tool Usage
15.1 When using AI-powered tools provided by ECTA, including Perplexity AI, all users must adhere to the following guidelines:
(a) do not input personal data of third parties into AI tools unless there is a lawful basis for doing so;
(b) do not input special categories of personal data (Article 9 GDPR), including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person’s sex life or sexual orientation;
(c) do not input confidential client information or legally privileged communications;
(d) verify all AI-generated output before relying on it, particularly when the output relates to legal or professional advice;
(e) report any concerns about AI data processing, any potential data breach or any suspected misuse of AI tools immediately to ecta@ecta.org.
15.2 ECTA reserves the right to monitor compliance with these guidelines and to restrict or revoke access to AI tools in the event of non-compliance.
16. Third-Party Services
16.1 ECTA may refer you to third-party websites, applications or services. The privacy policies of such third parties may apply. ECTA is not responsible for the privacy practices of third-party services, even if you have accessed them through links provided by ECTA.
16.2 Perplexity AI itself may retrieve, access and display information from third-party sources in the course of generating responses to user queries. ECTA has no control over the content of such third-party sources and does not guarantee its accuracy or completeness.
16.3 We recommend that you check the privacy policy of each third-party service and contact the relevant third party if you have any concerns, questions or complaints about the processing of your personal data.
17. Severability
17.1 If any provision in this privacy policy is deemed to be unlawful or unenforceable, such provision shall be amended insofar as necessary in order to make it lawful or enforceable, while retaining the original meaning of that provision as much as possible.
18. Applicable Law and Competent Court
18.1 You agree that all disputes between you and ECTA regarding Personal Data and privacy issues are exclusively subject to Belgian law, excluding any conflict-of-law principles.
18.2 Every dispute regarding Personal Data and privacy issues shall be submitted to the exclusive jurisdiction of the Dutch-speaking courts of Brussels, Belgium, excluding any other court.