Privacy Notice for Earth Online
The European Space Agency (herein the "Agency" or "ESA") is an intergovernmental organisation established by its Convention opened for signature in Paris on 30 May 1975 having its headquarters located at 24 rue du Général Bertrand, CS 30798, 75345 Paris Cedex 07, France.
Protection of Personal Data is of great importance for ESA, which strives to ensure a high level of protection as required by the ESA Framework on Personal Data Protection (herein the "ESA PDP Framework") which applies in this field, available at: http://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations
ESA PDP Framework is composed of the following elements:
- the Principles of Personal Data Protection, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017;
- the Rules of Procedure for the Data Protection Supervisory Authority, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017; and
- the Policy on Personal Data Protection adopted by Director General of ESA on 5 February 2018 and effective on 1 March 2018.
This notice also enables ESA to inform you relating to the collection and further processing of your personal data, under ESA PDP Framework.
This privacy notice was last updated on: 22 November 2021
1) Who is the Data Controller?
Your personal data are collected and further processed as shown below upon the decision taken alone by ESA.
Thus the Data Controller is ESA.
2) What are the contact details of ESA's Data Protection Officer?
According to ESA PDP Framework, your first point of contact concerning personal data matters is the ESA Data Protection Officer ("DPO"), who may be contacted at email@example.com.
3) What kind of personal data about you are collected and further processed?
The personal data which may be collected and further processed for the purposes mentioned below are in particular:
- Email (for newsletter purposes only)
- Name (for article/video/image publication only)
- Surname (for article/video/image publication only)
- Institution/company name (for article/video/image publication only)
- Appearance (for article/video/image publication only)
- Voice (for article/video/image publication only)
- Quote (for article/video/image publication only)
You are required not to send to the Agency any sensitive information (including information that indicate, directly or indirectly, the personnel's race and ethnic origin, political opinions, adhesion to unions, parties etc., religious or philosophical beliefs, health information, genetic or biometric data, sexual orientation or preferences, criminal convictions or children's data (if applicable).
4) How are your personal data collected or further processed?
Your personal data may be collected by various means, including via:
- Email collected via registration to newsletter
- Name, surname, appearance, voice, quote and institution/company name collected when preparing a video, image or article after prior consent
5) Why are your personal data collected and further processed?
Your personal data are collected and further processed in order to:
- Send a newsletter with the latest news to registered users
- Publish an article, image or video
In addition to these purposes, the Agency may use your personal information for any of the purposes mentioned in Article 5 of the Policy on Personal Data Protection.
6) What is the legitimate ground to collect your personal data?
Your personal data will be collected because it is necessary for:
- the legitimate interest of the Data Subject
- sending you notifications in connection with the newsletter
- promoting the work of the data subject
Your personal data will be collected for the legitimate interest of the Data Subject, to send you notifications in connection with the newsletter and to promote the work of the data subject.
7) To whom might we disclose your personal data?
The Agency may disclose your personal data to any of the following recipients for the fulfilment of all or part of the purposes of the collection and processing of personal data, which are mentioned above:
|Recipient acting as…||Link to the Privacy Notice of the Recipient||Servers of the recipient are located in:|
|Airbus UK||https://www.airbus.com/privacy-policy.html||United Kingdom|
The Agency does not consider your personal data as an asset for sale and, thus, does not sell your personal data to any third parties.
8) How long do we retain your personal data for?
The Agency may keep your personal data for as long as it is necessary for the performance of the contractual duties for the fulfilment of the above mentioned purposes. Your Personal Data shall be deleted thereafter.
9) How can you access, erase, rectify, complete or amend your personal data?
You may request the access, erasure, rectification, completion or amendment of your personal data if, and to the extent that it is considered necessary, having regard to the purposes for which they are collected and processed, or if they are processed in violation with the principles referred in ESA PDP Framework.
If you choose to make a request for the erasure of personal data, you understand and agree that you will no longer receive a newsletter and/or will no longer feature in the article/image/video which may be completely unpublished from the website.
The above mentioned request should be submitted to the ESA DPO, as first point of contact, by sending an email to: firstname.lastname@example.org
- Copy to: email@example.com
You may also be allowed access to your personal data and have the possibility to erase, rectify, complete or amend it, according to the following modalities:
- by sending an email to firstname.lastname@example.org
10) What could you do in case of a data protection incident?
In case of a data protection incident, you should contact ESA DPO, as first point of contact, by sending an email to: email@example.com
In case you wish to submit a complaint, you are required to comply with the Rules of Procedure of the Supervisory Authority set forth by ESA PDP Framework. You will be required to demonstrate that a data protection incident occurred in relation to your personal data, following a decision of the Agency or at least to justify serious reasons to believe that such incident occurred.