earth online
terms & conditionscookie noticeprivacy notice

The European Space Agency (hereafter “the Agency” or “ESA” or “We”) is committed to protecting Personal Data in line with the ESA Framework on Personal Data Protection (herein the “ESA PDP Framework”) available at: http://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations composed of:

  • the Principles of Personal Data Protection adopted by ESA Council on 13 June 2017
  • the Rules of Procedure for the Data Protection Supervisory Authority adopted by ESA Council on 13 June 2017
  • the Policy on Personal Data Protection (including its Annex entitled “Governance Scheme of the ESA’s Personal Data Protection”) adopted by the Director General of ESA on 1 March 2022 (“ESA PDP Policy”).

This notice is intended to describe why and how Your personal data are collected and processed by or on behalf of ESA as Data Controller, on the initiative of the ESA above-mentioned Department, as well as what rights You have in relation to Your personal data. It also informs You about the contact details of the Data Protection Officer. This privacy notice was last updated on 18/08/2025. It must be read in conjunction with the ESA PDP Framework and other privacy notices referred to herein.

 

(1) How can you contact ESA regarding this notice?

The ESA Data Protection Officer (“DPO”) may be contacted in line with the ESA PDP Framework at DPO@esa.int. Specific information is available upon request from the DPO.

SEPARATE CONTROLLERS:

To know the point of contact for personal data protection matters concerning separate Controllers (which are independently responsible for the collection and processing of personal data they decide upon), please refer to the privacy notices of these separate Controllers. Your queries regarding these matters will not be dealt with by ESA or its DPO.

 

(2) What kinds of personal data are collected and further processed?

We collect and process various kinds of personal data and may require You to provide personal data for the purposes mentioned later in this notice. Depending on the purpose for which they are collected and further processed, the personal data may include the following:

  • Identity Data: including Your names for the publication of interviews
  • Contact information: including email address for the publication and preparation of articles and subscribing to the Earth Online Newsletter
  • Professional information: including job title, email address for the publication and preparation of articles
  • Professional career data: including your previous positions and professional experience for the publication and preparation of articles
  • Technical data, including online identifiers: for example, internet protocol (IP) address or domain names of the devices utilised, geolocation server logs data, log data; which is mandatory for security purposes
  • Photo: including photographs, Your likeness, Your image; for the publication and preparation of articles
  • Other personal data that You have to the extent you made them public; for the publication and preparation of articles

 

(3) How are Your personal data collected or further processed?

ESA processes Your personal data by:

  • Collecting your email address if you subscribe to the newsletter
  • Collecting your names, appearance, voice, professional information and professional career information, and email address if you will be featured in an article or video
  • Collecting technical information from server logs for security purposes

In addition to the personal data, We collect directly from You (e.g. if you complete and submit a form to, or for, ESA, if You use an platform, tool or website operated by ESA or on behalf of ESA, etc.), We may, depending on Your situation, collect certain personal data about You indirectly including collection of personal data from third-parties. For instance, depending on the purpose of processing, third parties may be analytics providers or social media platforms and Your data may result from the content You post on social media You consult, from cookies deposited on Your device under the relevant terms and conditions etc.; third parties (service providers of ESA, investors concerned by ESA programmes, activities or initiatives, etc.) involved in an area relevant to the purpose of processing etc.
 

(4) Why are Your personal data collected and further processed?

We collect and process Your personal data necessary for the activities conducted to fulfil Our purpose, which is “to provide for and to promote, for exclusively peaceful purposes, cooperation among European States in space research and technology and their space applications, with a view to their being used for scientific purposes and for operational space applications systems” (as per ESA Convention). We serve the public interest, and we wish to foster the public interest in space activities and programmes.

All the processing carried out by, or on behalf of, ESA upon initiative of the above-mentioned Department falls in this general purpose and, in particular, into one of the reasons permitted under ESA PDP Framework, in particular under ESA PDP Policy.

In any case, we do not process your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or legally permitted.

Further information on the purpose of processing is provided by clicking on links associated with each section below, which correspond to various situations that may be relevant to You.

What is the purpose of processing Your personal data?

4.3 IF YOU SUBSCRIBE TO ESA NEWSLETTER(S) OR OTHERWISE EXPRESS YOUR INTEREST IN RECEIVING INFORMATION RELATED TO ESA ACTIVITIES AND PROGRAMMES

Your personal data are collected and further processed for the following purposes:

  1. to provide you with information about ESA activities and programmes and about ESA events, via newsletters and updates;
4.2 IF YOU VISIT AN ESA WEBSITE (operated by ESA or on behalf of ESA)
Your personal data are collected and further processed for the performance of public service tasks related to ESA’s mission under the ESA Convention, including for ESA for the purposes of communication activities, such as sending e-mails and invitations (this entails the management of contact lists for correspondence), for statistical and analytical purposes and, generally, for the promotion of ESA’s activities, programmes and initiatives. In particular, Your personal data are collected and further processed:
  1. to inform and raise awareness among the general public in particular in ESA Member States;
  2. to analyse and monitor Your interactions with the website, including monitoring and analysis of website use, traffic and interactions;
  3. to better understand the needs and the browsing experience of ESA website visitors;
  4. to identify and track unauthorised access or any attempts to access our servers without permission;
When using ESA websites You may find information (such as links to third-party websites) governed by separate terms and conditions. In You voluntarily registration for and use such third-party websites, their applicable terms and conditions and privacy policies apply, and ESA has no control thereof. The use of third-party websites accessible via information present on ESA websites does not entail endorsement by ESA of the related terms and conditions or privacy policies.

4.7 IF YOU GIVE AN INTERVIEW TO ESA IN THE CONTEXT OF ESA PROGRAMMES, ACTIVITIES OR INITIATIVES
When solicited to give an interview, You have most likely received information from ESA on the purpose of processing Your personal data, including as captured in content, e.g. photos, audio or video recordings. In particular, ESA may process Your personal data for the following purposes:

  1. to enable You to deliver the interview and to take photos and audio-video recordings;
  2.  to raise awareness on topics related to space activities, programmes, initiatives and to ESA mission, programmes and activities;
  3. possibly to disseminate the interview and the content created using it, including on websites or media belonging to, or used by, ESA, in particular in our newsletters and/or in social media channels;
  4. to analyse and monitor the impact of the interview and, generally, to ensure audience measurement;

4.10 IF YOU USE ESA INFORMATION AND COMMUNICATION TECHNOLOGY (IT) INFRASTRUCTURE, TOOLS, AND SERVICES (OPERATED BY ESA OR ON BEHALF OF ESA)
Your personal data may be collected and further processed for the purposes of enabling the Agency to comply with its obligations under the ESA Personal Data Protection Framework, in particular:

  1.  to provide optimised data flow between target environments in an automated manner;
  2. to provide and as applicable to discontinue Your access to the IT infrastructure, tools and services operated by or on behalf of ESA;
  3. to provide access and proper performance of the service to end-users;
  4. to provide support services and to ensure the management and maintenance of the service;
  5. to enable ESA to perform actions in connection with identity and access management, incident prevention, management or reporting;
  6. to ensure data subject rights management;
  7. to ensure personal data quality and accuracy.

4.11 IF YOU SUBMIT ANY OF OUR ONLINE FORMS
ESA has online forms to allow external entities to request for specific permissions or licenses. When you submit one of these forms to ESA, Your personal data might be processed for the following purposes:

  1. to communicate with You about any topic connected to the request.

NOTA BENE: If Your personal data processing is subject to one of the situations above, other sections may be relevant to You. You are thus invited to take knowledge of information provided under all the sections that are relevant to your case. In the description of the purpose, we made the choice to avoid duplication.
 

(5) On what legal grounds do We collect and process Your data?

What are the legal basis for processing Your personal data?

5.1 General basis for processing under ESA PDP Policy
Generally, the processing referred to in this notice falls under Article 5.2.1 of the ESA PDP Policy, i.e.:

  1. for security; or
  2. for the performance of a contract concluded by ESA within its purpose in relation with an activity carried out by ESA in the framework of, and in conformity with, the ESA Convention and the applicable rules and procedures;
  3. for Your legitimate interest; or
  4. for purposes covered by Your Consent, as it may be obtained from You as mentioned herein or under a separate document (e.g. Consent form).
5.3. Consent
When consent is the most appropriate lawful basis for processing, it will be requested from You and you can refuse to consent. Depending on the situation, Your consent may be given by various modalities (e.g. written form, verbally) and may in particular result from:
  1. filling in paper consent forms, responding to questionnaires,
  2. oral statements or gestures (e.g. a nod of the head) that signifies agreement (e.g. for instance, expressed in a video or voice recording),
  3. use of electronic means, such as mouse-click, swipe, keystroke,
  4. use of a service-specific user interface (for example, via a website, an app, a log-on account, the interface of an IoT device or by e-mail), choosing certain settings in connection thereof,
  5. filling in electronic consent forms, using digital signatures, sending email(s), sending SMS, filling in web forms for newsletter subscriptions, filling in event registration forms, responding to surveys, filling in and submitting applications,
  6. positive behaviour or action, based on the knowledge of the fact that such behaviour or action involves agreement, such as:
    • you enter into an area covered by a privacy notice on video recording;
    • you drop your business card in an area dedicated to collecting information for the purposes indicated in that area;
    • you publicly express opinions, make statements, create posts, share declarations, aware of the fact that each of them may trigger responses in connection with the subject matter covered by such opinions, statements, posts, declarations;
    • you send your name and address to us to obtain information from us.
       

When you consented to specific processing, you may withdraw the consent or exercise your rights in line with Article 9 herein. Unless otherwise advised in a separate notice or by ESA DPO, you can withdraw consent by contacting DPO@esa.int

For example: In case you provided your consent to subscribe to an activity, we may process all the data on your interests to build a profile of the topics you are interested in. If you unsubscribe, we delete retrievable personal data relating to or collected in the context of the activity from our systems and services, including the profile(s) relating to you, where ESA is Controller.

If Your data was processed for several purposes, We will not process personal data for the purposes for which consent has been withdrawn.


(6) How long do We retain Your personal data for?

Your data are stored for the shortest time possible, considering the reasons why we need to process Your data, as well as all legal obligations applicable to ESA. The ESA established time limits to erase or review the data stored. Retention periods applied by the ESA are proportionate to the purposes for which they were collected. Thus, the ESA will keep Your personal data for as long as necessary for the fulfilment of those purposes and shall be deleted afterwards. By way of exception, We may keep Your personal data for a longer period, for archiving purposes in the public interest or for reasons of scientific or historical research, being reminded that appropriate technical and organisational measures are put in place (e.g. anonymisation, encryption, etc.).


(7) How do We protect and safeguard Your personal data?

All processing operations are carried out pursuant to ESA Rules and Regulations, including ESA PDP Framework and ESA Security Regulations. In particular, the ESA collects and processes personal data in conditions protecting confidentiality, integrity and security of personal data.

In order to protect Your personal data, ESA has implemented a number of technical and organisational measures against the risks of loss as well as against unauthorised access, destruction, use, modification or disclosure of personal data, in particular when such risks concern sensitive personal data.

These measures consider the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. They may include, as appropriate, the pseudonymisation and encryption of personal data.


(8) What are Your rights as data subject and how can you exercise them?

Under conditions detailed in the ESA PDP Framework, You have:

  • the right to be informed about the identity of the data controller, the contact details of the data protection officer, the purpose of the data processing, the data recipients to whom the personal data shall be disclosed, the rights of rectification or erasure of his/her data, the storage time-limits (if any), the practical modalities of exercising the rights, etc. ; this is the purpose of this privacy notice and any other notice referred to herein;
  • the right to access the personal data We process about You; unless you have access to such data via an account, you may send us your request by email to dpo@esa.int;
  • the right to have Your personal data erased, rectified, completed; if you want to review and correct the personal information, you can either do it yourself, in case you have access to such data via an account, or you may send us your request by email to dpo@esa.int;
  • the right to lodge a complaint before the Supervisory authority, in accordance with the latter’s rules of procedure. In case You demonstrate, or have serious reasons to believe, that a data protection incident occurred in relation with Your personal data, following a decision of ESA, you may send notify us thereof by email to dpo@esa.int.

    Once a request to erase data is received, we will ensure that the data are deleted unless it can be processed on another legal ground, as mentioned in Article 5.1 above. If Your data was processed for several purposes, We do not process personal data for the part of the processing for which consent has been withdrawn. For instance:

  • Your personal data may continue to be processed for the performance of a legal obligation of ESA or where such data is necessary for the establishment, exercise, or defence of legal claims;
  • If there are multiple processing concerning You, based on consent, You have to expressly indicate which consent you wish to withdraw.

When the processing of Your personal data are based on Your consent and unless a specific case applies (e.g. see Article 6 above), You have also the right to withdraw Your consent.

You may wish to exercise any of the above-mentioned rights, by sending a request explicitly specifying Your query to the ESA DPO via e-mail at dpo@esa.int

You may be asked additional information to confirm your identity and/or to assist ESA to locate the data You are seeking.


(9) ESA Contractors

ESA may enter into contracts with various contractors who, with regard to Your Personal Data and depending on the contract concluded with ESA, may act either as a separate Data Controller or as a Data Processor.

  • To the extent such contractor act as a separate Data Controller, the separate privacy notice of the contractor will apply for the purposes of collection and processing decided by the contractor.
  • To the extent such contractor act as a Data Processor, this privacy notice applies for the purposes of collection and processing decided by ESA.


(10) Specific rules for children

If Your children want to interact or otherwise engage with ESA, they will often need approval from You, as their parent or legal guardian, as the child's personal data will be collected for these purposes.

Your child will no longer need parental consent once they have reached the age of majority according to the applicable jurisdiction. We will by default ask for parental consent for any child that is under 16 years old. We may ask for your contact data (e.g. email address) to be able to verify your identity and ensure that We have your explicit consent to collect and use your child’s data.

Your consent 

The processing of personal data is described in this privacy notice. Where consent is required, You will be contacted separately.

I accept and consent to:

  • The processing of my Personal Data for receiving newsletters
  • The processing of my Personal Data for publishing a success story or intreview