Gameloft S.E. v Carolina Rodrigues, Fundacion Comercio Electronico

Case

WIPO Case No. D2022-4172

02-01-2023

No judgment structure available for this case.

ARBITRATION

AND

MEDIATION CENTER

ADMINISTRATIVE PANEL DECISION

Gameloft S.E. v. Carolina Rodrigues, Fundacion Comercio Electronico

Case No. D2022-4172

1. The Parties

Complainant is Gameloft S.E., France, represented internally.

Respondent is Carolina Rodrigues, Fundacion Comercio Electronico, Panama.

2. The Domain Name and Registrar

The disputed domain name <dataprotectionsupportgameloft.com> (the “Domain Name”) is registered with

GoDaddy.com, LLC (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on November 3, 2022. On November 4, 2022, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Domain Name. On November 7, 2022, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the Domain Name, which differed from the named Respondent (Registration Private, Domains By Proxy, LLC) and contact information in the Complaint. The Center sent an email communication to Complainant on November 7, 2022, providing the registrant and contact information disclosed by the Registrar, and inviting Complainant to submit an amendment to the Complaint. Complainant filed an amended Complaint on November 9, 2022.

The Center verified that the Complaint together with the amended Complaint satisfied the formal
requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for
Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for
Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified Respondent of the Complaint, and the proceedings commenced on November 11, 2022. In accordance with the Rules, paragraph 5, the due date for Response was December 1, 2022. Respondent did not submit any response. Accordingly, the Center notified Respondent’s default on December 2, 2022.

The Center appointed Christopher S. Gibson as the sole panelist in this matter on December 12, 2022. The
Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and
Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the
Rules, paragraph 7.

page 2

4. Factual Background

Complainant is a leader in the gaming industry and owns intellectual property titles for GAMELOFT, including the following trademarks:

- United States of America (“US”) trademark GAMELOFT, no. 2474984 registered on August 7, 2001, in

class 38, 41, and 42

- US trademark GAMELOFT, no. 2635895 registered on October 15, 2002, in class 9 - US trademark GAMELOFT, no. 2609489 registered on August 20, 2002, in class 35 - European Union Trade Mark GAMELOFT, no. 2473767 registered on March 13, 2006, in the classes 9,

16, 28, 35, 38, 41, and 42

- International trademark GAMELOFT, no. 907208 registered on October 31, 2006, in classes 9, 28, 38,

and 41

- US trademark GAMELOFT, no. 3364698 registered on January 8, 2008, in class 38

- US trademark GAMELOFT, no. 4564254 registered on July 8, 2014, in class 9

Complainant also owns the following domain names:

- <gameloft.net>, registered on February 4, 1999
- <gameloft.com>, registered on April 8, 1999
- <gameloft.mobi>, registered on June 20, 2006
- <gameloft.asia>, registered on March 7, 2008
- <gameloft.info>, registered on April 4, 2008
- <gameloft.biz>, registered on January 8, 2011
- <gameloft.pro>, registered on March 19, 2012
- <gameloft.tel>, registered on March 19, 2012

The Domain Name was registered on October 11, 2022, and resolves to a website that contains links related to Complainant’s business activities. Further, Complainant has provided evidence that the website linked to the Domain Name poses security risks.

5. Parties’ Contentions

A. Complainant

(i) Identical or confusingly similar

Complainant states the Domain Name contains the GAMELOFT trademark, which has been registered as a mark by Complainant for many years. The registration by Respondent of the Domain Name is confusingly similar to Complainant’s GAMELOFT mark, and also to Complainant’s domain names listed above.

Complainant indicates the Domain Name contains the descriptive terms “data protection”, which is an indirect reference to the European General Data Protection Regulation (“GDPR”). Article 38 of the GDPR describes the position of the Data Protection Officer and in this regard provides that “data subjects may contact the data protection officer with regard to all issues related to processing of their personal data and to the exercise of their rights under this Regulation”. Complainant contends that the Domain Name can therefore create confusion and be perceived as an official support center officiated by Complainant’s Data Protection Officer.

Complainant asserts that pursuant to a number of prior UDRP decisions, the addition of descriptive or commons terms to a trademark is not a distinguishing feature. In particular, it has been established that a domain name including a well-known trademark is confusingly similar to the trademark itself, as the mark is included in the domain name and the particular addition of the descriptive terms “data protection” does not affect this similarity between the Domain Name and Complainant’s trademark. By associating these terms to

page 3

the mark GAMELOFT, Respondent leads users to think that Complainant is the registrant of the Domain

Name.

(ii) Rights or legitimate interests

Complainant states that Respondent is not sponsored or related in any way with Complainant. Thus,
Respondent has never been allowed by Complainant to use the names “data protection support gameloft”,
“support gameloft” or “gameloft” to register the Domain Name.

Complainant claims that when searched on the Internet, the Domain Name resolves to a phishing website and contains three links organized as menus, each labelled “Création Vidéo Corporate” (i.e., “Corporate video creation”), “Société Application Mobile” (i.e., “Mobile Apps Company” in French), “Application Telechargement G…” (i.e., “Download Application G…”). However, it is impossible to give an exhaustive list of the names of the links as they seem to be labelled differently at each connection on the website. At the bottom of the page, a fourth link labelled “Privacy Policy” is accessible. Complainant tested the links of this page in a secured way, and concluded that each link connects to IP addresses referenced with a bad reputation according to the Virus Total public registry: See “ address/104.79.89.142/community” and “ address/199.59.243.222/community”.

Complainant states Respondent never brought its website to Complainant’s attention, despite the use of Complainant’s trademarks. Notwithstanding the fact that the use of Complainant’s trademarks is itself an infringement, Respondent is also disrupting Complainant’s activities. Indeed, pursuant to the GDPR,

Complainant has a duty to ensure the security of the data of its customers. As a data processor, Complainant has an official contact address for any data protection concerns, ensuring that customers’ GDPR rights are preserved. The Domain Name resolving to a phishing website prevents Complainant from correctly exercising its obligations as a data processor, leading to precarity in the exercise of customers’ rights. Complainant has a strong incentive to be a first-rate actor in the protection its users’ data, and the fraudulent conduct by Respondent creates a risk of non-compliance before the national and European data protection regulators. Moreover, Respondent’s website tied to the Domain Name constitutes a potential threat to the cybersecurity of users, lured into believing that each of the provided links are related to an official Complainant service when they most probably point to malicious content.

Complainant contends Respondent’s phishing website is deceptive and Respondent masquerades as a
trustworthy entity, pretending to act in Complainant’s name. As a result, this could result in a loss of trust
from Complainant’s customers. Furthermore, such situation can damage Complainant’s image, due to the
confusion created between the Domain Name, its corresponding website, and the genuine and safe
Complainant services. The Domain Name uses the same terms as the contact address for all data
protection matters of Complainant. Customers will be lured into thinking that the email addresses of
Complainant and the Domain Name for data protection purposes have the same origin. Consequently,
Respondent infringes on Complainant’s rights, and has no legitimate interests in respect of the Domain

Name.

(iii) Registered and used in bad faith

Complainant contends that various elements evidence that Respondent registered the Domain Name in bad faith. Respondent could not ignore the existence of Complainant when registering the Domain Name due to the prior existence of Complainant’s GAMELOFT trademarks, the prior registration of Complainant’s domain names, and the renown of Complainant and its games. Consequently, by using the Domain Name without

Complainant’s prior authorization, Respondent demonstrates intent to take undue advantage of the GAMELOFT name and mark. In addition, the fact that GAMELOFT is a distinctive name prevents the possibility of a coincidental registration of the Domain Name by Respondent in good faith. On the contrary, it denotes an intentional and unauthorized use of Complainant’s intellectual property.

page 4

The registration of the Domain Name in furtherance of phishing scams supports a finding of bad faith registration and use. Complainant’s activities are disrupted due to the fraudulent registration of the Domain Name, which resolves to a phishing website and could lead to a loss of confidence in the quality of Complainant’s services and business conduct. As such, the Domain Name and its related website are a threat to the security of Complainant’s customers, tarnish Complainant’s image, and are a clear infringement to Complainant’s intellectual property rights.

Complainant submits that previous UDRP panels have found that the use of a disputed domain name for the purpose of defrauding Internet users by operating a “phishing” website is evidence of registration and use of a domain name in bad faith. There is no doubt that Respondent has intentionally, knowingly and with bad

bona fide services. The links displayed on Respondent’s website lead to malicious content and pose a threat to the security of users.
faith registered the Domain Name to defraud users by creating a likelihood of confusion with Complainant as consumers by labelling links after specific services and information a user could research in order to defraud consumers into believing that Respondent was associated with Complainant’s
to the source, affiliation, or endorsement of Respondent’s website. Indeed, it is clearly with a fraudulent

state of mind that Respondent named its website with the same name as the data protection support email of

Moreover, Complainant alleges that Respondent registered the Domain Name with a proxy service, of Complainant’s commercial, marketing and public relations activities.

“Domains by Proxy, LLC”, and that previous UDRP panels have found that Respondent has been involved in
numerous other cases in which bad faith has been found against the Respondent. In the light of the above,

B. Respondent

Respondent did not reply to Complainant’s contentions.

6. Discussion and Findings

In order to succeed on its Complaint, Complainant must demonstrate that the three elements set forth in paragraph 4(a) of the Policy have been satisfied. Those elements are as follows:

(i)           the Domain Name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights;

(ii)          Respondent has no rights or legitimate interests in respect of the Domain Name; and

(iii)         Respondent has registered and is using the Domain Name in bad faith.

A. Identical or Confusingly Similar

The Panel determines that Complainant has demonstrated well-established rights in its distinctive
GAMELOFT trademark, through both extensive registration and widespread use in its global commercial
operations. See e.g., Asurion, LLC v. Colours Ltd., WIPO Case No. D2013-0388 (finding that

“Complainant’s trademarks and activities are well-known throughout the world”).

The Panel further finds that the Domain Name is confusingly similar to Complainant’s GAMELOFT
trademark. The Domain Name incorporates the GAMELOFT mark in its entirety. The addition of the words
“data protection support” does not prevent a finding of confusing similarity in this case. Numerous decisions
make UDRP jurisprudence clear on this point – that the addition of other terms does not prevent a finding of
confusing similarity. See WIPO Overview of Panel Views on Selected UDRP Questions, Third Edition
(“WIPO Overview 3.0”), section 1.7 (“where at least a dominant feature of the relevant mark is recognizable
in the domain name, the domain name will normally be considered confusingly similar to that mark for
purposes of UDRP standing.”).

page 5

In conclusion, the Panel finds that the Domain Name is confusingly similar to a trademark in which satisfied the first element of the Policy.

B. Rights or Legitimate Interests

Pursuant to paragraph 4(a)(ii) of the Policy, Complainant must prove that Respondent has no rights or legitimate interests in respect of the Domain Name. A complainant is normally required to make out a prima facie case that the respondent lacks rights or legitimate interests. Once such prima facie case is made, the respondent carries the burden of demonstrating rights or legitimate interests in the domain name. If the respondent fails to do so, a complainant is deemed to have satisfied paragraph 4(a)(ii) of the Policy.

prima facie e.g., Asurion, LLC v. Colours Ltd., WIPO Case No. D2013-0388 (“It is well established that no rights or legitimate interests derive from this type of use of another’s trademark.”); see also Swiss Re Ltd v. Domain Administrator, Fundacion Privacy Services LTD, WIPO Case No. D2021-1549 (finding no rights or legitimate interests where active MX records indicated that the domain at issue could still be used for sending fraudulent emails).

Here, the Panel finds that Complainant has made out a case. Complainant has indicated that Complainant’s distinctive and well-established GAMELOFT trademark; that this is particularly true given that GAMELOFT is a well-known mark; that Complainant has not authorized, licensed, or otherwise permitted Respondent to use the GAMELOFT trademark; that Complainant does not have any type of business relationship with Respondent; and that Respondent has used the Domain Name to link it to a website used for fraudulent activity. See

Accordingly, for all of the above reasons, the Panel finds that Complainant has made a prima facie showing of Respondent’s lack of rights or legitimate interests in respect of the Domain Name, which has not been rebutted by Respondent. The Panel therefore finds that Complainant has established the second element of the Policy in accordance with paragraph 4(a)(ii).

C. Registered and Used in Bad Faith

The third element of paragraph 4(a) of the Policy requires that Complainant demonstrate that Respondent registered and is using the Domain Names in bad faith. WIPO Overview 3.0, section 3.1, states “bad faith under the UDRP is broadly understood to occur where a respondent takes unfair advantage of or otherwise

abuses a complainant’s mark”.

For the reasons discussed under this and the preceding heading, the Panel considers that Respondent’s conduct in this case constitutes bad faith registration and use of the Domain Name within the meaning of paragraph 4(a)(iii) of the Policy. It is evident that Respondent was aware of Complainant and its

GAMELOFT trademark, and targeted that mark when registering the Domain Name. See e.g., Asurion, LLC v. Colours Ltd., WIPO Case No. D2013-0388 (“[T]he Panel finds that the Complainant’s trademarks and activities are well-known throughout the world . . . [, thus] Respondent must have been aware of the Complainant’s existence and rights when it registered the Domain Name.”).

WIPO Overview 3.0, section 3.1.4, use of a domain name for per se illegitimate activity such as phishing “is manifestly considered evidence of bad faith”. See e.g., Dm-Drogerie Markt GmbH & Co. KG v. WhoisGuard Protected, WhoisGuard, Inc. / Charlotte Meilleur, WIPO Case No. D2018-1248 (finding bad faith where respondent’s “only goal [was] to rely on the deception of consumers to obtain their private details for commercial advantage of some sort”).

Moreover, Respondent’s use of the Domain Name constitutes bad faith use. The Domain Name has been Name. As stated in
used in an apparent fraudulent scheme, raising security risks for Complainant’s customers. The use of a
“disputed domain name for the purpose of defrauding Internet users by the operation of a ‘phishing’ website
is perhaps the clearest evidence of registration and use of a domain name in bad faith” (Instagram, LLC v.
Alexander Montaz, WIPO Case No. DME2018-0004). In the face of this evidence presented by

page 6

Moreover, as indicated by Complainant, there appears to be a pattern of bad faith registrations on the part of
Respondent. See e.g., Sodexo v. Domains By Proxy, LLC, DomainsByProxy.com / Carolina Rodrigues,
Fundacion Comercio Electronico, WIPO Case No. D2021-1393; Government Employees Insurance
Company v. Domains By Proxy, LLC / Carolina Rodrigues, Fundacion Comercio Electronico, WIPO Case
No. D2020-1723; Sanofi v. Registration Private, Domains By Proxy, LLC / Carolina Rodrigues, Fundacion
Comercio Electronico, WIPO Case No. D2018-2654.

In conclusion, the Panel determines that, for all of the above reasons, the Domain Name was registered and is being used in bad faith. Accordingly, Complainant has satisfied the third element of the Policy.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Domain Name, <dataprotectionsupportgameloft.com>, be transferred to Complainant.

/Christopher S. Gibson/
Christopher S. Gibson
Sole Panelist
Date: January 2, 2023

Actions
Download as PDF Download as Word Document


Cases Citing This Decision

0

Cases Cited

0

Statutory Material Cited

0