This page is intended to provide educational resources and process guides to GitLab Marketing for recurring Legal requests.
A trademark is a word, symbol, device, or any combination used to identify and distinguish one's goods or services from others. It is a form of Intellectual Property and it has value; so much value that using someone else’s trademarks improperly or failing to protect your own can cost companies large amounts of money.
There are important things to consider when settling on a name and ensuring we get the most value from our mark as possible.
Strength: The ideal trademarks are "fanciful" or "arbitrary." Fanciful is just a nice way of saying “made up”. This category includes marks like Kodak, Xerox, iPod, Lego, etc.; you know, those words that had absolutely no meaning before they were trademarked. Arbitrary just means that the name and the product are not generally found together or otherwise related. For instance, computers and apples generally don’t go together; therefore, Apple has a very strong mark.
Use: Unlike patents, in order to protect a trademark – you must use it. You can’t register it and then let it sit on the shelf until you decide what to do with it. It must be used AND it must be used in the manner with which you said you would use it. Misusing even a great trademark can make it so common that it can get difficult and expensive to protect.
Market: A trademark does not prevent everyone else from using that same word. For example, there is Delta Airline, Delta Dental and Delta faucets. The key distinction here is likelihood of confusion. If you see “Delta” on a plane – you know that it is the airline company. If you see “Delta” on a sink faucet, is there a real likelihood that you would expect frequent flier miles from it? Probably not. So two very different companies can use the same name because most people are smart enough to realize that these are very different companies.
While you can have the same word for different markets, you can’t have different words for similar markets if those different words are similar to a trademarked word (back to that likelihood of confusion standard).
Registration: Another thing to consider is if I should register the mark. In some common law countries (such as US, UK, South Africa, Australia, et al), those who use the mark first get protection. (These trademarks are denoted by a “TM”.) Admittedly, it can get difficult to determine when that first use occurred; so registration in common law countries helps to clear that date issue up. In any non-common law country, the first to file owns the mark. To set a date certain and own the mark, marks get registered. If a mark is registered, it gets an “®”. Whenever you use an R for a mark, you should also state where the mark is registered.
Cultural Significance: Last but not least, cultural sensitivity is critical. Any attempt to market globally and/or translate trademarks must be met with heightened attention.
Like with any conversation, it is critical to be aware of how your words are received in different cultures.
Note: Trademarks aren’t just words. As mentioned above, trademarks can be symbols, as well, and this catetgory is very broad. Take the following examples -
Marketing owns GitLab's Brand Guidelines.
Any use of third-party trademarks should be covered by a Trademark Use Agreement. Various Marketing teams manage these agreements, requesting help from Legal team contract managers only when terms need to be negotiated. If you would like to use a 3rd party logo, please work with the appropriate Marketing team to ensure there is a trademark use agreement in place or to request such an agreement.
From time to time, GitLab runs contests and sweepstakes. While these seem simple enough and may be an effective marketing tactic, there are quite a few factors to consider when planning such an event. If you are planning such an event, you will need legal approval for the proposed event. Please use the Sweepstakes Legal Template housed in the Marketing Ops repo.
The following explanations will help you fill out the form completely. This is essential, as all of the questions were developed based on legal requirements. Issues that do not answer all the questions will not be approved.
Hosting Country. Because laws vary based on locale, it is necessary for Legal to know as much as possible about where the event will take place. (In the case of remote events, please tell us the intended audience. For example, it may be targeted to EMEA users/prospects. Legal will then review our internal guidelines to determine which country we will designate as the host country.)
Event Description. Various countries have certain requirements regarding what information must be communicated in the event descriptions. While you may make small edits to your description throughout the process of developing your event, it is important for Legal to know what communication to entrants will look like so we can ensure that it complies with local law.
Use of Information. You must articulate what you will do with information you obtain through the event so Legal can help you ensure that communication and/or consent is handled properly.
Questions. The questions you intend to use for a survey or quiz must be submitted for review. This is mainly for informational purposes so that Legal can understand more about the event and what rules may apply. It is unlikely that we will "disallow" the questions, but we may have input for wording. The questions will also help us know what language to include in customized Terms and Conditions.
Prize Values. Local law often hinges on the value of the prizes, so it is necessary to know what prizes and how many prizes will be awarded prior to creating Terms and Conditions. Legal may request a change in prizes if the value amount is over a certain threshhold and adds significant Legal requirements to event. This will vary from country to country and sometimes from state to state.
Awarding Prizes. The method and criteria for winning a prize must be detailed, as this will affect what the Terms and Conditions will include.
Once your issue description is completely filled out, Legal will review all the details in light of the applicable laws and make recommendations to tailor the event. Legal will also provide Terms and Conditions. Depending on the locale, you may be required to obtain a translation of the Terms and Conditions to locale languages. Legal does not provide this, so you will need to ensure that you have the ability to procure this through Marketing vendors. Some Terms and Conditions can be translated through automated services, but others may require human translation depending on the prize amounts and jurisdiction.
The ability to communicate and market to customers and prospects is an essential activity for GitLab. To do this, we must ensure the collection of personal information and the ability to contact is done in a manner compliant with applicable laws. It is also beneficial for GitLab to use consistent language across our sites and forms when obtaining consent to communicate with our customers. The Marketing Rule Book is intended to be a reference guide to (a) help understand the email and phones rules for a few select countries; and (b) provide the standard consent language to be used, depending on the scenario.
Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) came into effect in the United States in 2003 and impacts all mass electronic marketing communications. Other countries have similar e-mail spam laws.
CAN-SPAM sets forth certain requirements that must be honored when sending out mass emails and other marketing materials.
Keep the header honest. The reader needs to be able to identify who is sending them messages. The email address of the sender should properly denote GitLab as the sender of the company material.
Keep the subject line honest. Don’t mislead the reader or otherwise use deceitful or inaccurate subject lines to compel someone to open the email. Be honest, impactful and short. You can create urgency but, most importantly, create value. In fact, the more authentic and clear the email, the less likely it is to be marked as spam or junk mail.
Acknowledge that it is an ad. This doesn’t mean that you have to go over the top and begin each Subject Line with “Hello, I am an advertisement.” It just means that the sender has to know it is marketing material sent by GitLab. Put it in the subject line or put it in the body - just put it somewhere.
Include location There needs to be a valid business address listed in the emails. This helps ensure that the recipient has a clear and legal point of reference to double check the authenticity of the sender.
Opt-out options are not oppressive. When people receive mail that they don’t want, there must be an easy way to unsubscribe from the lists. And “easy” means my grandmother should be able to figure it out as quickly as my 15-year old nephew. In some jurisdictions, every email sent after an opt-out is selected may be subject to a fine.
Opt-outs need to be quick. Ideally, an opt-out will occur automatically or within a business day or two. If you take more than ten (10) business days to remove an email from a mailing list, things will get messy quickly.
Stay Diligent. If you use a third party to manage business emails, be aware that GitLab could still be on the hook for any wrongdoing. Make sure that any mass communications are reviewed by someone knowledgeable in the spam laws.
We care about our customers and their protection is our focus. For an additional incentive, be aware that failing to comply can cost a lot of money on a per email basis - up to $41,000 per violation.
Privacy and Electronic Communications Regulations (PECR) give people specific privacy rights in relation to electronic communications. PECR sets specific rules around marketing, secure communication services and customer privacy (as regards traffic and location data, itemised billing, line identification, directory listings) and cookies (which is broadly defined).
PECR expands the definition of cookies to include “similar technologies” like fingerprinting techniques. Therefore, unless an exemption applies, any use of device fingerprinting requires the provision of clear and comprehensive information as well as the consent of the user or subscriber.
Consent is not required if the cookie is used: “(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or (b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.”
Please note that cookies for analytics purposes are not “strictly necessary.”
PECR applies to any technology that stores or accesses information on the user’s device. This could include, for example, HTML5 local storage, Local Shared Objects and fingerprinting techniques.
Device fingerprinting is a technique that involves combining a set of information elements in order to uniquely identify a particular device. Examples of the information elements that device fingerprinting can single out, link, or infer include (but are not limited to):
It is also possible to combine these elements with other information, such as IP addresses or unique identifiers, etc.
PECR also applies to technologies like scripts, tracking pixels and plugins, wherever these are used.