Marketing Guide: Collaborating with GitLab Legal

This page provides educational resources and process guides to GitLab Marketing for recurring Legal requests

This page is intended to provide educational resources and process guides to GitLab Marketing for recurring Legal requests.

Brand and Trademark

A trademark is a word, symbol, device, or any combination used to identify and distinguish one’s goods or services from others. It is a form of Intellectual Property and it has value; so much value that using someone else’s trademarks improperly or failing to protect your own can cost companies large amounts of money.

There are important things to consider when settling on a name and ensuring we get the most value from our mark as possible.

Strength: The ideal trademarks are “fanciful” or “arbitrary.” Fanciful is just a nice way of saying “made up”. This category includes marks like Kodak, Xerox, iPod, Lego, etc.; you know, those words that had absolutely no meaning before they were trademarked. Arbitrary just means that the name and the product are not generally found together or otherwise related. For instance, computers and apples generally don’t go together; therefore, Apple has a very strong mark.

Use: Unlike patents, in order to protect a trademark – you must use it. You can’t register it and then let it sit on the shelf until you decide what to do with it. It must be used AND it must be used in the manner with which you said you would use it. Misusing even a great trademark can make it so common that it can get difficult and expensive to protect.

Market: A trademark does not prevent everyone else from using that same word. For example, there is Delta Airline, Delta Dental and Delta faucets. The key distinction here is likelihood of confusion. If you see “Delta” on a plane – you know that it is the airline company. If you see “Delta” on a sink faucet, is there a real likelihood that you would expect frequent flier miles from it? Probably not. So two very different companies can use the same name because most people are smart enough to realize that these are very different companies.

While you can have the same word for different markets, you can’t have different words for similar markets if those different words are similar to a trademarked word (back to that likelihood of confusion standard).

Registration: Another thing to consider is if I should register the mark. In some common law countries (such as US, UK, South Africa, Australia, et al), those who use the mark first get protection. (These trademarks are denoted by a “TM”.) Admittedly, it can get difficult to determine when that first use occurred; so registration in common law countries helps to clear that date issue up. In any non-common law country, the first to file owns the mark. To set a date certain and own the mark, marks get registered. If a mark is registered, it gets an “®”. Whenever you use an R for a mark, you should also state where the mark is registered.

Cultural Significance: Last but not least, cultural sensitivity is critical. Any attempt to market globally and/or translate trademarks must be met with heightened attention.

  • Coors put its slogan, “Turn it loose,” into Spanish, where it was read as “Suffer from diarrhea”.
  • Clairol introduced the “Mist Stick”, a curling iron, into Germany only to find out that “mist” is slang for manure. Not too many people found a use for the “manure stick”.
  • In Chinese, the Kentucky Fried Chicken slogan “finger-lickin’ good” came out as “eat your fingers off”.
  • An American T-shirt maker in Miami printed shirts for the Spanish market which promoted the Pope’s visit. Instead of “I saw the Pope” (el Papa), the shirts read “I saw the potato” (la papa).
  • In Italy, a campaign for Schweppes Tonic Water translated the name into “Schweppes Toilet Water”.
  • Pepsi’s “Come alive with the Pepsi Generation” translated into “Pepsi brings your ancestors back from the grave”, in Chinese.
  • When Parker Pen marketed a ball-point pen in Mexico, its ads were supposed to have read, “it won’t leak in your pocket and embarrass you”. Instead, the company thought that the word “embarazar” (to impregnate) meant to embarrass, so the ad read: “It won’t leak in your pocket and make you pregnant”.
  • The Coca-Cola name in China was first read as “Ke-kou-ke- la”, meaning “Bite the wax tadpole” or “female horse stuffed with wax”, depending on the dialect. Coke then researched 40,000 characters to find a phonetic equivalent “ko-kou-ko- le”, translating into “happiness in the mouth”.

Like with any conversation, it is critical to be aware of how your words are received in different cultures.

Note: Trademarks aren’t just words. As mentioned above, trademarks can be symbols, as well, and this category is very broad. Take the following examples -

  • Colors Owens Corning trademarked the color pink for insulation. No other company can make insulation that color. If you ever see insulation that is pink, you know who made it. John Deere trademarked a specific color of green for farm equipment. McDonald’s has the Golden Arches.
  • Sounds NBC trademarked the chimes that you hear during intermissions. Intel has a trademarked sound.
  • Shapes One of the most famous non-word trademarks is the shape of a Coke bottle. Once you start getting into how something looks, it is called trade dress. Trade dress is a fancy term for trademarked product presentation.

Marketing owns GitLab’s Brand Guidelines.

Third-party use of GitLab trademarks on marketing materials

  • An Authorization to use GitLab Materials must be signed by any third party wanting to include GitLab’s name or logo on their website or other marketing materials.
  • Follow these steps to get the Authorization signed:
    1. Locate and download the template in GitLab’s G-Drive here (Note this is only available to GitLab employees).
    2. Send the template to the third party via DocuSign, ensuring that the DocuSign envelope you create requests the following details, which will appear in the signature block of the Authorization:
      • Company Name
      • Company Address
      • Email Address for Notices
      • Legal Contact
    3. Contact GitLab Legal to obtain approval for any modifications the third party requests to the Authorization.
    4. Assign the Authorization for countersignature via DocuSign to an appropriate GitLab team member identified in the Signature Authorization Matrix.

Third party infringement of GitLab trademarks

For GitLab Team Members Only:

If we suspect that a third party is making unauthorized use of the term GitLab, or any other GitLab trademark, the process below should be followed:

  1. Open a confidential legal issue, providing details of the infringement, and including a link to the infringing material.
  2. The Legal and Corporate Affairs team will review the request, and assess if the use constitutes infringement, or is covered by a fair use exemption. If no infringement is identified, the issue should be updated with the outcome of the review, and closed.
  3. If infringement is identified, the Legal and Corporate Affairs team will contact the relevant party (e.g. website/platform operator or content manager) to request that the infringement be stopped.
  4. The Legal and Corporate Affairs will then record the complaint information on the internal tracker here, and update the legal issue with the outcome of the complaint.

Some examples of unauthorized use may be found in:

  • Third party marketing materials or product names: Unauthorized use in a way that infers that GitLab endorses or sponsors the publisher of the marketing material.
  • Browser ads (title or copy): These uses can be reported by the Legal and Corporate Affairs team to the relevant browser operator (e.g. Google, Bing)

If you’re not a GitLab team member, please share any reports of suspected infringement with us at intellectualproperty@gitlab.com.

Using Third-party Trademarks

Any use of third-party trademarks should be covered by a Trademark Use Agreement. Various Marketing teams manage these agreements, requesting help from Legal team contract managers only when terms need to be negotiated. If you would like to use a 3rd party logo, please work with the appropriate Marketing team to ensure there is a trademark use agreement in place or to request such an agreement.

Promotional Games

From time to time, GitLab sponsors promotional games. While these seem simple enough and may be an effective marketing tactic, there are quite a few factors for Legal to consider when planning such an event. Because of this, requests for Official Rules should be submitted at least 2 weeks prior to the date you need a decision.

If you are planning a promotional game, you will need legal approval for the proposed promotional game. Please use the Promotional Games Legal Template housed in the Marketing Ops repo.

The following explanations will help you fill out the template completely. This is essential, as all of the questions were developed based on legal requirements. Issues that do not answer all the questions will not be approved and the due date may be impacted.

  • Type of Promotional Game. Please check the type of event you are hosting or add an additional type if the options do not fit your promotional game. This is an important step as the type of promotional game is often the starting point for knowing what laws to review. If it’s a type of game not included in the list, please provide a detailed description of how the game will work.

    • Giveaway: This is where every participant that completes the prescribed action gets the prize or complimentary gift. Official rules may not be required for giveaways, provided the giveaway description includes clear conditions of participation (what you must do) and any restrictions (such as max of 100 prizes/complimentary gifts, first come first serve, while supplies last).
    • Game of Chance: (Example: Prize Draw/Sweepstakes): This is a promotional game where there is an element of chance in the determination of a winner. These promotional games may include objective qualifying requirements but the winner(s) are selected at random from a pool of qualified entries.
    • Game of Skill: This is a contest or competition - where the winner is selected as the result of the best entry and would include objective standards/criteria upon which the entry is judged.
  • Social Media Platforms: Social media platforms such as Twitter, Facebook, Instagram and LinkedIn have their own rules covering promotions on their platforms.

  • Raffles. Please avoid using the term “raffle”, as raffles are a type of lottery whereby the participants pay money to purchase a ticket for the opportunity to be entered into a drawing. Raffles are normally conducted for charitable purposes and differ from a traditional sweepstakes, where participants can enter without making a purchase and must be able to enter for free.

  • Hosting Country. Because laws vary based on locale, it is necessary for Legal to know as much as possible about where the promotional game will take place. (In the case of remote events, please tell us the intended audience. For example, it may be targeted to EMEA users/prospects. Legal will then review our internal guidelines to determine which country we will designate as the host country.)

  • Promotional Game Description. Various countries have certain requirements regarding what information must be communicated in the promotional game descriptions. While you may make small edits to your description throughout the process of developing your promotional game, it is important for Legal to know what communication to entrants will look like so we can ensure that it complies with local law. The game description should be clear regarding what steps the consumer needs to take and what they need to do in order to participate.

  • Use of Personal Data. You must articulate what you will do with personal data you collect through the promotional game so Legal can help you ensure that communication and/or consent is handled properly.

  • Questions. The questions you intend to use for a survey or quiz as part of a promotional game must be submitted for review. This is mainly for informational purposes so that Legal can understand more about the promotional game and what rules may apply. It is unlikely that we will “disallow” the questions, but we may have input for wording. The questions will also help us know what language to include in customized rules.

  • Prize Descriptions and Depictions. Please provide as much information as possible regarding the prize(s) that will be awarded including, for example, the number of prizes, size(s) available, color(s), technical specifications, etc. The rules must clearly describe the prize(s) so that the prize is not subject to interpretation or create confusion. The brand name of a prize can be used in the description. If an image of the actual prize will be used, it shouldn’t be so prominent that it looks like the prize manufacturer is sponsoring the promotion.

  • Prize Values. Local law often hinges on the value of the prizes, so it is necessary to know what prizes and how many prizes will be awarded prior to creating rules. Legal may request a change in prizes if the value amount is over a certain threshold and adds significant Legal requirements to the event. This will vary from country to country and sometimes from state to state. As a rule, prize values should not exceed US$599.00, to avoid U.S. tax form requirements, and the total value of all prizes in a promotion should not exceed US$4,999.00, to avoid registration and bonding requirements in certain U.S. states.

  • Awarding Prizes. The method and criteria for winning a prize must be detailed, as this will affect what the rules will include. For example, in a game of chance/sweepstakes, winners are selected through a random drawing. In a contest/game of skill, winners are selected through criteria on which they are judged.

  • Winner List. You must make a winner list available (public URL or via email request), as this is a requirement in nearly every jurisdiction. We take privacy seriously, so we will post first initials and last names where allowed by law.

  • Declaration of Eligibility and Release: This declaration, also known as an Affidavit, is a written statement signed by the winner, which is used to confirm the winner’s identity and eligibility including the name, age and address, in order to win a prize as per the Official Rules. The Declaration also includes a publicity release which gives the Sponsor the right to use the winner’s name and likeness for advertising or publicity purposes in perpetuity, where permitted by law (not allowed in Tennessee, USA).

Once your issue description is completely filled out, Legal will review all the details in light of the applicable laws and make recommendations to tailor the promotional game. Legal will also provide the Official Rules and the Abbreviated Rules. Depending on the locale, you may be required to obtain a translation of the rules to local languages. Legal does not provide this, so you will need to ensure that you have the ability to procure this through Marketing vendors. Some rules can be translated through automated services, but others may require human translation depending on the prize amounts and jurisdiction.

Hosting the Promotional Game Rules

Any promotional game sponsored by GitLab must be accompanied by Official Rules. Once legal has drafted and provided these to you, you will need to create a new page under the GitLab Sweepstakes page and add a link to the list of Current promotional games. Once you have added the rules for your promotional game, link to these from the landing page of your entry form or promotion.

Abbreviated Rules, with a link to the full Official Rules, must be present wherever there’s a mention of the promotion or prizes. Abbreviated Rules will be provided by legal.

Note: Remember to move your page from the Current to the Past lists once your promotional game is complete.

The ability to communicate and market to customers and prospects is an essential activity for GitLab. To do this, we must ensure the collection of personal information and the ability to contact is done in a manner compliant with applicable laws. It is also beneficial for GitLab to use consistent language across our sites and forms when obtaining consent to communicate with our customers. The Marketing Rule Book is intended to be a reference guide to (a) help understand the email and phones rules for a few select countries; and (b) provide the standard consent language to be used, depending on the scenario.

Publicity Waiver and Release

For requests related to the use of an individual’s image or voice in print or digital media, for team members and non-team members, refer to the Publicity Waiver and Release Guidelines and Process.

CAN-SPAM

Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) came into effect in the United States in 2003 and impacts all mass electronic marketing communications. Other countries have similar e-mail spam laws.

CAN-SPAM sets forth certain requirements that must be honored when sending out mass emails and other marketing materials.

Keep the header honest. The reader needs to be able to identify who is sending them messages. The email address of the sender should properly denote GitLab as the sender of the company material.

Keep the subject line honest. Don’t mislead the reader or otherwise use deceitful or inaccurate subject lines to compel someone to open the email. Be honest, impactful and short. You can create urgency but, most importantly, create value. In fact, the more authentic and clear the email, the less likely it is to be marked as spam or junk mail.

Acknowledge that it is an ad. This doesn’t mean that you have to go over the top and begin each Subject Line with “Hello, I am an advertisement.” It just means that the sender has to know it is marketing material sent by GitLab. Put it in the subject line or put it in the body - just put it somewhere.

Include location There needs to be a valid business address listed in the emails. This helps ensure that the recipient has a clear and legal point of reference to double check the authenticity of the sender.

Opt-out options are not oppressive. When people receive mail that they don’t want, there must be an easy way to unsubscribe from the lists. And “easy” means my grandmother should be able to figure it out as quickly as my 15-year old nephew. In some jurisdictions, every email sent after an opt-out is selected may be subject to a fine.

Opt-outs need to be quick. Ideally, an opt-out will occur automatically or within a business day or two. If you take more than ten (10) business days to remove an email from a mailing list, things will get messy quickly.

Stay Diligent. If you use a third party to manage business emails, be aware that GitLab could still be on the hook for any wrongdoing. Make sure that any mass communications are reviewed by someone knowledgeable in the spam laws.

We care about our customers and their protection is our focus. For an additional incentive, be aware that failing to comply can cost a lot of money on a per email basis - up to $41,000 per violation.

Privacy and Electronic Communications Regulations (PECR) give people specific privacy rights in relation to electronic communications. PECR sets specific rules around marketing, secure communication services and customer privacy (as regards traffic and location data, itemised billing, line identification, directory listings) and cookies (which is broadly defined).

There are important factors to consider with cookies in general. If you use cookies you must:

  • say what cookies will be sent;
  • explain what the cookies will do; and
  • obtain consent to store cookies on devices.

PECR expands the definition of cookies to include “similar technologies” like fingerprinting techniques. Therefore, unless an exemption applies, any use of device fingerprinting requires the provision of clear and comprehensive information as well as the consent of the user or subscriber.

Consent is not required if the cookie is used: “(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or (b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.”

Please note that cookies for analytics purposes are not “strictly necessary.”

PECR applies to any technology that stores or accesses information on the user’s device. This could include, for example, HTML5 local storage, Local Shared Objects and fingerprinting techniques.

Device fingerprinting is a technique that involves combining a set of information elements in order to uniquely identify a particular device. Examples of the information elements that device fingerprinting can single out, link, or infer include (but are not limited to):

  • data derived from the configuration of a device;
  • data exposed by the use of particular network protocols;
  • CSS information;
  • JavaScript objects;
  • HTTP header information,
  • clock information;
  • TCP stack variation;
  • installed fonts;
  • installed plugins within the browser; and
  • use of any APIs (internal and/or external).

It is also possible to combine these elements with other information, such as IP addresses or unique identifiers, etc.

PECR also applies to technologies like scripts, tracking pixels and plugins, wherever these are used.

Last modified November 14, 2024: Fix broken external links (ac0e3d5e)