Privacy Policy
How Intellektus handles information submitted through this website.
Last updated: 1 May 2026
1. Who we are (Data Controller)
The data controller is Intellektus [TODO: full legal entity name], registered at [TODO: registered office address], registered under [TODO: company / VAT number]. You can reach us at contact@intellektus.com for any privacy-related question.
If we appoint a Data Protection Officer (DPO), their contact details will be added here. In the meantime, all privacy queries are handled by the contact address above.
2. What we collect
- Contact details — name, company, email, phone, postal address, VAT number — supplied through our order or contact forms.
- Trademark matter information — proposed marks, applicant or owner details, goods and services, Nice classes, priority information, registration numbers, deadlines and any free-text notes you provide.
- Uploaded documents — logos, certificates, renewal notices and similar files you attach to an order.
- Payment information — when you pay online, the payment is processed entirely by Stripe or PayPal on their hosted checkout. We never see your full card number; we receive a transaction reference, the amount and the payment status.
- Technical data — IP address, user agent, request timestamps and minimal log data needed to operate the site, defend against abuse and complete payment reconciliation.
- Cookies — see the Cookie Notice for details. Essential cookies are used for session management and CSRF protection; analytics cookies load only after explicit consent.
3. Why we process your data (lawful bases)
| Purpose | Lawful basis (GDPR Art. 6) |
|---|---|
| Performing the trademark service you ordered (search, registration, renewal, watching) and corresponding with you about it | Performance of a contract (Art. 6(1)(b)) |
| Issuing invoices and meeting tax/accounting obligations | Legal obligation (Art. 6(1)(c)) |
| Replying to enquiries before any contract is concluded | Legitimate interests in responding to prospects (Art. 6(1)(f)) |
| Site security, abuse prevention, fraud detection | Legitimate interests in protecting the service (Art. 6(1)(f)) |
| Analytics cookies, where used | Consent (Art. 6(1)(a)) — withdrawn at any time via the cookie banner |
4. Who we share data with (processors)
We use a limited number of processors to operate the service. Each is bound by a data processing agreement and uses appropriate transfer safeguards where applicable.
- Hosting infrastructure — [TODO: hosting provider, country].
- Email / SMTP — [TODO: SMTP provider name, country].
- Payment — Stripe Payments Europe (Ireland) and PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg) handle hosted checkout when online payment is enabled.
- Analytics — Google Analytics (Google Ireland Limited), only when analytics cookies are accepted.
- Anti-spam — Google reCAPTCHA (Google Ireland Limited), where enabled.
- Trademark offices and external counsel — when fulfilling an order, we share only the data needed to file or maintain the relevant mark with the official office and, where required, with our local correspondents.
Where any provider transfers personal data outside the European Economic Area (EEA), we rely on adequacy decisions or Standard Contractual Clauses with supplementary measures.
5. How long we keep data
- Order and matter files — for the duration of the engagement plus 10 years, to defend against professional liability claims and to meet tax/accounting obligations.
- Contact form enquiries that do not lead to an order — 12 months.
- Web server and security logs — 90 days, then deleted or anonymised.
- Admin login records and audit logs — 12 months.
- Marketing preferences — kept until you withdraw consent.
6. Your rights under the GDPR
You can exercise the following rights at any time by writing to contact@intellektus.com:
- Right of access (Art. 15) — get a copy of the data we hold about you.
- Right to rectification (Art. 16) — correct inaccurate or incomplete data.
- Right to erasure (Art. 17) — subject to retention obligations above.
- Right to restriction of processing (Art. 18).
- Right to data portability (Art. 20).
- Right to object to processing based on legitimate interests (Art. 21).
- Right to withdraw consent at any time, without affecting the lawfulness of prior processing.
You also have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the [TODO: lead supervisory authority — e.g. Autoriteit Persoonsgegevens (NL), CNIL (FR), …]. You can also complain to the supervisory authority of your habitual residence or place of work.
7. Security
We apply technical and organisational measures appropriate to the risk: TLS in transit, access controls, hashed authentication credentials, file uploads validated and stored outside the public web root, signed payment webhooks, and audit logging on the back office. No method of transmission or storage is 100% secure; we keep our controls under review.
8. Children
This service is intended for businesses and adult professionals. We do not knowingly collect personal data from children under 16.
9. Changes to this policy
If we make material changes, we will update this page and adjust the "Last updated" date above. For ongoing engagements, we will notify you of any change that materially affects your rights.