Privacy policy.

1. Introduction

This Privacy Policy describes how Global Trademark Company LLC, a Wyoming limited liability company located at 30 N. Gould St. Ste R, Sheridan, WY 82801, United States, collects and processes your personal data. For the purposes of applicable data protection legislation, GTC is the data controller responsible for your personal data.

This policy applies to all information collected through our website (globaltrademarkcompany.com), our client portal, our trademark registration and management services, email and other electronic communications, and any other interactions you may have with us.

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Information We Collect

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To prepare, file, and manage trademark applications; to communicate with trademark offices; to provide portfolio management and monitoring services; and to deliver all other services you have requested.
• Account Management: To create and manage your account, authenticate your identity, and provide customer support.
• Communication: To send you important updates about your trademark applications, deadline reminders, service notifications, and responses to your inquiries.
• Billing and Payments: To process payments, issue invoices, manage refunds, and maintain financial records as required by law.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes, including tax reporting obligations and responses to lawful requests from public authorities.
• Service Improvement: To analyze usage patterns, identify areas for improvement, develop new features, and enhance the overall user experience of our Platform.
• Marketing (with Consent): To send you information about our services, promotions, and industry news. You can opt out of marketing communications at any time by using the unsubscribe link in our emails or contacting us directly.
• Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, and other potentially harmful activities.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), the United Kingdom, and Switzerland, we process your personal data on the following legal bases:

• Performance of a Contract (Art. 6(1)(b) GDPR): Processing necessary to fulfill our obligations under our Terms of Service, including filing and managing trademark applications, processing payments, and providing customer support.
• Legitimate Interests (Art. 6(1)(f) GDPR): Processing necessary for our legitimate business interests, such as improving our services, preventing fraud, ensuring network security, and marketing our services to existing clients. We balance our interests against your rights and freedoms.
• Consent (Art. 6(1)(a) GDPR): Where you have given us explicit consent, such as for marketing communications, non-essential cookies, or processing of special category data. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Legal Obligation (Art. 6(1)(c) GDPR): Processing necessary to comply with legal obligations, such as tax reporting, record-keeping requirements, and responding to lawful government requests.

5. Information Sharing and Disclosure

We may share your personal information with the following categories of recipients:

• Trademark Offices and Government Authorities: We share applicant information, trademark details, and supporting documentation with national, regional, and international trademark offices as required to file and prosecute your applications.
• Local Attorneys and Agents: In jurisdictions requiring local representation, we share relevant application details with qualified local attorneys or agents engaged to act on your behalf.
• Service Providers: We engage trusted third-party service providers who process data on our behalf, including cloud hosting providers, payment processors, email service providers, analytics platforms, and customer support tools. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Legal Requirements: We may disclose your information when required by law, regulation, legal process, or enforceable government request, or to protect the rights, property, or safety of GTC, our users, or others.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your data.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

6. International Data Transfers

As a global trademark services provider, we necessarily transfer personal data across international borders. Your personal data may be transferred to and processed in countries other than the country in which you reside, including the United States and other jurisdictions where we operate or where trademark offices are located.

When we transfer personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with our service providers and partners;
• Adequacy Decisions: Where applicable, we rely on adequacy decisions issued by the European Commission;
• Supplementary Measures: We implement additional technical and organizational measures (such as encryption and access controls) where necessary to ensure an essentially equivalent level of protection.

For trademark filings specifically, the transfer of applicant information to foreign trademark offices is inherent to the service and necessary for the performance of our contract with you.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods vary by data type:

• Active Account Data: Retained for the duration of your account and for up to two (2) years after account closure to facilitate reactivation and resolve post-closure inquiries.
• Trademark Application Records: Retained for the life of the trademark registration plus ten (10) years after expiration or abandonment, as these records may be needed for renewal, enforcement, or historical reference purposes.
• Financial and Transaction Records: Retained for seven (7) years in accordance with tax and accounting regulations.
• Communication Records: Retained for five (5) years from the date of communication, or longer if related to active trademark matters.
• Analytics and Usage Data: Retained in aggregated, anonymized form indefinitely for service improvement purposes. Identifiable usage data is retained for up to twenty-four (24) months.
• Marketing Preferences: Records of consent and opt-out preferences are retained for as long as necessary to honor your choices and demonstrate compliance.

Upon expiration of the applicable retention period, personal data is securely deleted or anonymized. You may request earlier deletion subject to the limitations described in Section 10.

8. Data Security

We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher;
• Encryption at Rest: Personal data stored in our databases is encrypted using AES-256 encryption;
• Access Controls: Role-based access controls ensure that only authorized personnel can access personal data, and only to the extent necessary for their role;
• Authentication Security: Multi-factor authentication is available for all accounts, and passwords are stored using industry-standard hashing algorithms;
• Regular Security Audits: We conduct periodic security assessments and penetration testing to identify and address vulnerabilities;
• Incident Response: We maintain a documented incident response plan. In the event of a data breach, we will notify affected individuals and relevant supervisory authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We encourage you to use strong, unique passwords for your account and to keep your login credentials confidential.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Platform. The types of cookies we use include:

• Strictly Necessary Cookies: Essential for the operation of our Platform, including authentication, security, and session management. These cookies cannot be disabled.
• Functional Cookies: Enable enhanced functionality such as remembering your language preferences, region selection, and display settings.
• Analytics Cookies: Help us understand how visitors interact with our Platform by collecting information about pages visited, time spent, and navigation patterns. We use this data in aggregated form to improve our services.
• Marketing Cookies: Used to deliver relevant advertisements and track campaign performance. These cookies may be set by our advertising partners.

Managing Cookies: You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. However, blocking certain cookies may affect the functionality of our Platform. For users in the EEA and UK, we obtain your consent before placing non-essential cookies.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you;
• Right to Rectification: Request correction of inaccurate or incomplete personal data;
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention obligations and the necessity of retaining certain data for ongoing trademark matters;
• Right to Data Portability: Request a copy of your data in a structured, commonly used, machine-readable format;
• Right to Restrict Processing: Request that we limit the processing of your personal data in certain circumstances;
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes;
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

How to Exercise Your Rights: To exercise any of these rights, please contact our Data Protection Officer at privacy@globaltrademarkcompany.com. We will respond to your request within thirty (30) days, or within the timeframe required by applicable law. We may need to verify your identity before processing your request. In certain circumstances, we may not be able to fully comply with your request (for example, if deletion would prevent us from fulfilling ongoing trademark obligations), in which case we will explain the reasons.

11. CCPA/CPRA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes for collecting the information, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions provided by law.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not receive different pricing, quality of service, or treatment as a result of exercising your privacy rights.

To exercise these rights, please contact us at privacy@globaltrademarkcompany.com or call us at the number listed on our website. We will verify your identity before processing your request and respond within 45 days as required by law.

12. Children's Privacy

Our services are intended for use by individuals who are at least 18 years of age or the age of legal majority in their jurisdiction. We do not knowingly collect, use, or disclose personal information from children under the age of 18. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete such information promptly. If you believe that a child has provided us with personal information, please contact us at privacy@globaltrademarkcompany.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the bottom of this page;
• Notify you by email or through a prominent notice on our Platform;
• Where required by law, obtain your consent to material changes in how we process your personal data.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of our services after the posting of changes constitutes your acceptance of the updated Privacy Policy.

14. Contact and Data Protection Officer

If you have any questions, concerns, or complaints about this Privacy Policy or our data protection practices, please contact our Data Protection Officer:

Supervisory Authority: If you are located in the EEA or UK and believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with your local data protection supervisory authority. We would, however, appreciate the opportunity to address your concerns directly before you approach the supervisory authority, so please contact us first.