ESA title

Privacy Notice for the ESA InCubed website

Introduction

The European Space Agency (herein the “Agency” or “ESA”) is an intergovernmental organisation established by its Convention opened for signature in Paris on 30 May 1975 having its headquarters located at 24 rue du Général Bertrand, CS 30798, 75345 Paris Cedex 07, France.

Protection of Personal Data is of great importance for ESA, which strives to ensure a high level of protection as required by the ESA Framework on Personal Data Protection (herein “the ESA PDP Framework”) which applies in this field, available at: http://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations

The ESA PDP Framework is composed of the following elements:

  • the Principles of Personal Data Protection, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017;
  • the Rules of Procedure for the Data Protection Supervisory Authority, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017; and
  • the Policy on Personal Data Protection adopted by Director General of ESA on 5 February 2018 and effective on 1 March 2018.

This notice informs you about the collection and further processing of your Personal Data, under the ESA PDP Framework.

(1) Who is the Data Controller?

Your Personal Data are collected and further processed for the purposes set out below following a decision taken by ESA. For this reason, ESA is the Data Controller for the purposes of the ESA PDP Framework.

(2) What are the contact details of ESA’s Data Protection Officer?

Your first point of contact concerning Personal Data matters is the ESA Data Protection Officer (“DPO”), who may be contacted at DPO@esa.int

(3) What kind of Personal Data about you are collected and further processed?

The Personal Data which will be collected and further processed for the purposes mentioned below are in particular:

• Name
• Surname
• Company
• Field of Activity
• Country
• Empty space to write a message
• Email Address

You are required not to send to the Agency any sensitive information (including information that indicates, directly or indirectly, your race and ethnic origin, political opinions, adhesion to unions, parties etc., religious or philosophical beliefs, health information, genetic or biometric data, sexual orientation or preferences, criminal convictions or children’s data (if applicable).

(4) How are your Personal Data collected or further processed?

You will be asked to provide your Personal Data if you wish to make use of any of the following functions on the website:

• the contact form
• the ‘Become a Partner’ form
• Newsletter subscription
• Active Directory Federation Services or ADFS authentication (ESA, location XXXX)

Your Personal Data will be collected and stored by ESA, the servers of which are located in The Netherlands. The Agency shall take any appropriate measures against the risks of loss of Personal Data as well as against unauthorised access, destruction, use, modification or Disclosure of Personal Data.

(5) Why are your Personal Data collected and further processed?

Your Personal Data are collected and further processed to:

• enable ESA to respond to your query
• enable ESA to respond to your query; – to process your application to become a partner and manage all subsequent interactions;
• enable ESA to send you the xxx newsletter’;
• enable ESA to authorise your access to and use of the ADFS system to access documents

In addition to these purposes, the Agency may use your Personal Data for any of the purposes mentioned in Article 5 of the Policy on Personal Data Protection.

(6) What are the legitimate grounds for which ESA will collect your Personal Data?

Your Personal Data will be collected because it is necessary for:

• sending the Newsletter and to promote the InCubed programme when you sign up for it and provide your consent
• To allow access to ADFS documents

(7) To whom might ESA disclose your Personal Data?

ESA will not disclose your Personal Data to any entity other than ESA’s staff members and personnel contracted by ESA to provide technical support services for the ESA InCubed website. The Agency does not consider your Personal Data as an asset for sale and will not sell your Personal Data to any third parties.

(8) How long do we retain your Personal Data for?

The Agency may keep your Personal Data for 5 years or as long as for the fulfilment of the above mentioned legitimate purposes. Your Personal Data shall be deleted thereafter.

(9) How can you access, erase, rectify, complete or amend your Personal Data?

You may request the access, erasure, rectification, completion or amendment of your Personal Data if, and to the extent that it is considered necessary, having regard to the purposes for which they are collected and processed, or if they are processed in violation with the principles referred in the ESA PDP Framework.

This request should be submitted to ESA’s DPO, as the first point of contact, by sending an email to: dpo@esa.int, putting in copy: incubed@esa.int.

If you request the erasure of your Personal Data, you understand and agree that ESA will not be able to provide answers to your requests or send you the InCubed newsletter.

You may also be allowed access to your Personal Data and have the possibility to erase, rectify, complete or amend it, according to the following modalities:

  1. by unsubscribing from the newsletter by clicking on the “Unsubscribe” button or going to https://incubed2.dev.remediagroup.it/unsubscribe-from-our-newsletter/
  2. by sending an email to incubed@esa.int

(10) What could you do in case of a Data Protection Incident?

In case of a Data Protection Incident, you should contact ESA’s DPO, as the first point of contact, by sending an email to: dpo@esa.int, putting in copy: incubed@esa.int

In case you wish to submit a complaint, you are required to comply with the Rules of Procedure of the Supervisory Authority set out in the ESA PDP Framework. You will be required to demonstrate that a Data Protection Incident occurred in relation to your Personal Data, following a decision of the Agency, or at least to justify serious reasons to believe that such an incident occurred.