1.1 The Millioner Intellectual Property Compliance Division ("we", "us", "our") is committed to protecting the privacy and personal data of all individuals who interact with the Millioner Brand Protection & Asset Integrity Portal (the "Portal"). This Privacy Policy explains how we collect, use, store, share, and protect personal data in connection with the operation of the Portal and the exercise of our intellectual property enforcement functions.
1.2 This Privacy Policy applies to all personal data submitted through the Portal, including data provided in violation reports, contact enquiries, and any other communications directed to the Operator. It also applies to technical data collected automatically when you access the Portal, such as IP addresses and browser information.
1.3 We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) as retained in UK law by the European Union (Withdrawal) Act 2018, the EU General Data Protection Regulation (EU GDPR) (Regulation (EU) 2016/679), the UK Data Protection Act 2018, and all other applicable data protection legislation. Where we process personal data of individuals located in the European Economic Area (EEA), we comply with the requirements of the EU GDPR as a matter of policy, regardless of whether it is strictly applicable as a matter of law.
1.4 This Privacy Policy should be read in conjunction with our Terms of Use, which govern your access to and use of the Portal.
2.1 Data You Provide Directly. When you submit a violation report, contact us by email, or otherwise interact with the Portal, we may collect the following categories of personal data:
- Identity Data: First name, last name, title, and organisation name.
- Contact Data: Email address, postal address (if provided), and telephone number (if provided).
- Professional Data: Legal representative name, law firm, bar reference number, and professional credentials (if provided).
- Report Data: Information about the alleged intellectual property violation, including URLs, domain names, descriptions of infringing conduct, evidence hashes, and any other information you choose to include in your report.
- Correspondence Data: The content of any emails, messages, or other communications you send to us.
2.2 Data Collected Automatically. When you access the Portal, we may automatically collect certain technical data, including:
- Technical Data: Internet Protocol (IP) address, browser type and version, operating system, device type, and screen resolution.
- Usage Data: Pages visited, time spent on pages, referring URLs, and navigation paths within the Portal.
- Log Data: Server access logs recording requests made to the Portal's web server, including timestamps, request methods, and response codes.
2.3 We do not intentionally collect sensitive personal data (also known as special category data under the GDPR) through this Portal. If you choose to include sensitive personal data in a violation report or correspondence, we will process it only to the extent necessary for the purposes described in this Policy.
3.1 We process personal data collected through the Portal for the following purposes and on the following legal bases:
| Purpose | Legal Basis (UK/EU GDPR) |
|---|---|
| Processing and investigating violation reports | Legitimate interests (IP enforcement) / Legal obligation |
| Responding to legal and compliance enquiries | Legitimate interests / Legal obligation |
| Conducting intellectual property enforcement actions | Legitimate interests / Legal obligation |
| Maintaining records of enforcement activities | Legal obligation / Legitimate interests |
| Communicating with complainants regarding their reports | Contract / Legitimate interests |
| Improving the Portal and its security | Legitimate interests |
| Complying with legal and regulatory requirements | Legal obligation |
| Preventing and detecting fraud and abuse of the Portal | Legitimate interests / Legal obligation |
3.2 Where we rely on legitimate interests as the legal basis for processing, we have assessed that our legitimate interests in protecting intellectual property rights and preventing consumer harm are not overridden by your interests or fundamental rights and freedoms, taking into account the nature of the data processed and the reasonable expectations of individuals who submit information to an intellectual property compliance portal.
4.1 We are committed to maintaining the integrity, accuracy, and security of all personal data processed through the Portal. Data integrity — the assurance that data is accurate, complete, and has not been improperly altered — is a foundational principle of our data management practices and is directly aligned with our broader mission of maintaining the integrity of the Millioner brand and its intellectual property estate.
4.2 We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include, without limitation: encryption of data in transit using TLS 1.2 or higher; access controls restricting access to personal data to authorised personnel only; regular security assessments and penetration testing of the Portal's infrastructure; and staff training on data protection obligations and information security best practices.
4.3 We maintain a formal data breach response procedure in accordance with our obligations under the UK GDPR and EU GDPR. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
4.4 We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. Personal data submitted in violation reports is retained for a minimum of five (5) years from the date of submission to support ongoing and future enforcement actions. Technical and usage data is retained for a maximum of twelve (12) months.
5.1 We do not sell, rent, or trade personal data to third parties for commercial purposes. We may share personal data in the following circumstances:
Legal Advisers and Enforcement Partners: We may share personal data with our external legal advisers, intellectual property attorneys, and enforcement partners where necessary to conduct enforcement actions, including UDRP proceedings, civil litigation, and law enforcement referrals. All such parties are subject to appropriate confidentiality obligations.
Regulatory and Law Enforcement Authorities: We may disclose personal data to regulatory authorities, law enforcement agencies, and courts where required by applicable law, court order, or regulatory requirement, or where we have a good-faith belief that disclosure is necessary to protect the rights, property, or safety of Millioner, its users, or the public.
Domain Registrars and Hosting Providers: In the course of enforcement actions, we may share information about infringing domains or websites with domain registrars, hosting providers, and internet infrastructure operators for the purpose of obtaining takedowns or domain transfers. Such disclosures are limited to the information necessary for the specific enforcement action.
Service Providers: We may share personal data with third-party service providers who assist us in operating the Portal and conducting our enforcement activities, including IT service providers, email service providers, and data analytics providers. All such providers are subject to data processing agreements that require them to process personal data only on our instructions and in accordance with applicable data protection law.
5.2 Where personal data is transferred outside the United Kingdom or the European Economic Area, we ensure that appropriate safeguards are in place, including standard contractual clauses approved by the relevant supervisory authority, or reliance on an adequacy decision.
6.1 Subject to applicable law and certain conditions, you have the following rights in relation to your personal data:
- Right of Access: You have the right to request a copy of the personal data we hold about you and information about how we process it.
- Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
- Right to Erasure: You have the right to request that we delete your personal data in certain circumstances, including where it is no longer necessary for the purposes for which it was collected.
- Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
- Right to Data Portability: Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to Object: You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is necessary for the establishment, exercise, or defence of legal claims.
- Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
6.2 To exercise any of these rights, please contact our compliance team at compliance@millioner-support.site. We will respond to your request within one calendar month of receipt. We may request verification of your identity before processing your request.
6.3 You have the right to lodge a complaint with the relevant supervisory authority if you believe that our processing of your personal data infringes applicable data protection law. In the United Kingdom, the supervisory authority is the Information Commissioner's Office (ICO), accessible at ico.org.uk. In the European Union, you may lodge a complaint with the supervisory authority in your country of residence.
7.1 This Portal uses only strictly necessary cookies and does not employ tracking cookies, advertising cookies, or third-party analytics services that process personal data for commercial purposes. Strictly necessary cookies are essential for the operation of the Portal and cannot be disabled without affecting its functionality.
7.2 The Portal does not use Google Analytics, Facebook Pixel, or any other third-party tracking or analytics service that would result in the transfer of your personal data to third parties for advertising or profiling purposes.
7.3 Server-side access logs are maintained for security and operational purposes and are processed in accordance with Section 2.2 of this Policy. These logs are not used for profiling or behavioural tracking.
8.1 We reserve the right to update this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or the operation of the Portal. The date of the most recent revision is indicated at the top of this document.
8.2 Material changes to this Privacy Policy will be communicated to users who have provided their email addresses in the context of an active enforcement matter. For all other users, the updated Policy will be published on the Portal and will take effect from the date of publication.
8.3 We encourage you to review this Privacy Policy periodically to remain informed of how we protect your personal data. Your continued use of the Portal following the publication of a revised Policy constitutes your acceptance of the revised terms.
8.4 For any questions or concerns regarding this Privacy Policy or our data processing practices, please contact our compliance team at compliance@millioner-support.site.