PRIVACY NOTICE AND CONSENT FORM FOR PERSONAL DATA COLLECTED ON BEHALF OF ESA IN CONNECTION WITH THE COPERNICUS4REGIONS FOLLOW-ON

This Privacy Notice was last updated on: 13.07.2023 

Introduction:

The European Space Agency (herein the “Agency” or “ESA”) is an intergovernmental organisation established by its Convention opened for signature in Paris on 30 May 1975. The Protection of Personal Data is of great importance for ESA, which strives to ensure a high level of protection as required by the ESA Framework on Personal Data Protection (herein the “ESA PDP Framework”) which applies for processing of Personal Data at ESA, available at:

http://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations

The ESA PDP Framework applicable for the processing of Personal Data within ESA is composed of the following elements:

  • the Principles of Personal Data Protection, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017;

  • the Rules of Procedure for the Data Protection Supervisory Authority, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017; and

  • the Policy on Personal Data Protection adopted by Director General of ESA on 5 February 2018 and effective on 1 March 2022

    Scope of this Privacy Statement:

    This notice is intended to inform you about the processing of your personal IN CONNECTION WITH THE COPERNICUS4REGIONS FOLLOW-ON and more specifically about:

  • the identity of the Data Controller and contact details of the ESA Data Protection Officer (“DPO”);

  • the type of personal data collected and processed;

  • the modalities of collection of personal data;

  • the purpose and legal basis of the collection and processing;

  • the recipients to whom the personal data of the Data Subject is disclosed;

  • the time-limits for storing the personal data;

  • your rights and the modalities by which you can exercise them and the practical modalities of

    exercising your rights and those rights of other persons, when processed in this Processing Activity under the ESA PDP Framework.

    Please be aware that all references to “Data” in this document if not otherwise stated relate to data by which an individual could be identified/ having an identifying character, broadly defined as Personal Data.

    Description and the Purpose for this Processing of your Personal Data:

Personal Data are collected to enable your participation in activities and events organised by NEREUS as part of their contract with the European Space Agency in particular the Copernicus for regionsinitiative.

Legal Basis:

  • 5.2.1 i. (a) ESA PDP Framework; The performance of an activity carried out by the Agency within its purpose and in the framework of, and in conformity with, the ESA Convention, the “Agreement between the States Parties to the Convention for the establishment of a European Space Agency and the European Space Agency for the protection and the exchange of classified information” done in Paris on 19 August 2002, and the applicable rules and procedures, including ESA Security Regulations and Directives; this includes Processing necessary for the Agency’s management and functioning, Dispute Resolution Procedure, and or Investigation Procedures;.

  • 5.2.1 i. (f) ESA PDP Framework; The legitimate interest of the Data Subject
    Data Controllers, Data Processors, other Recipients of Personal Data and their Contact

    Details:

    The following table lists all the involved companies, agencies or otherwise, where your personal data may be processed and all relevant information concerning their involvement in this activity.

Processing Entity

Type of Personal Data in detail

Description of Processing Resposibilities and specific Purpose of the Processing

European Space Agency as Data Controller

Not applicable

Not applicable

NEREUS
as Data Processor

Name, surname, email address, organisation including address of the organisaiton

Collection of Copernicus4Regions User Stories

Contact Details per involved entity:

Entity Contact Details
European Space Agency Headquarters: 8-10 Rue Mario Nikis, CS 45741, 75738 Paris Cedex 15, France. Your first point of contact is ESA's DPO at DPO@esa.int

NEREUS

NEREUS Secretariat, 21, Rue Montoyer | B-1000 (BE) email:

mchrysaki.nereus@euregions4space.com

Personal Data Retention and Deletion:

Personal data is retained by ESA for the time period necessary to fulfil the legitimate purpose of the processing. Your Personal Data is stored and processed based on the following timeframes:

Personal Data Categories and Place of Processing

Retention Period

Personal Contact Data; Duration of the

European Economic Area (EEA)

Other Considerations:

COPERNICUS4REGIONS FOLLOW-ON contract (end of 2027)

The Agency does not consider your personal data as an asset for sale and, thus, does not sell your personal data to any third parties.

Third party tools, including Social Media:

Third party IT tools or social media may be used to promote and inform you about an activity (meeting, event). ESA websites may provide links to social media and videos may be available on ESA social media pages. If you view an embedded video hosted on an external provider (such as YouTube) or interact with links to social media, third-party cookies are likely to be installed on your device, covered by third party Terms and Conditions and cookie policies. ESA has no influence over these. Carefully assess the privacy policies and Terms and Conditions regarding your data subject rights, the further processing and the protection of your personal data prior to playing the relevant video or clicking on a link to external providers. ESA seeks to protect your personal data when embedding videos and to make you aware when a link refers you to an external social media or other websites where ESA cannot control the processing of your personal data.

Your rights (Data Subject Rights):

You have the right to be informed in a transparent manner about: the processing of your personal data (the Controller, purpose, recipients, etc.); your rights and the modalities of exercising these, (e.g. erasure, rectification, completion, or amendment as per the conditions under PDP 5.1. i.; right for every interested Data Subject to lodge a complaint before the Supervisory Authority in case the former demonstrates or has serious reasons to believe that a Data Protection Incident occurred in relation with his/her Personal Data, following a decision of the Agency (e.g. Data Protection Officer). The right of information under PDP 5.4.1 i. and the right of access under Section 5.4.1 ii. shall not apply: (a) where and insofar as the Data Subject is already in possession of the information; (b) for the right of information, when processing of Personal Data is necessary for any Investigation or Dispute Resolution Procedure; (c) for the right of access, where and insofar such access would conflict with an Investigation Procedure concerning the Data Subject.

If you would like to exercise any of those rights, please send a request explicitly specifying your query to the ESA DPO via e-mail at dpo@esa.int or addressed to the:

ESA Headquarters Data Protection Officer

8-10 RUE MARIO NIKIS CS 45741 75738 PARIS CEDEX 15 FRANCE via postal service.

Please keep in mind that the more specific information you can provide to us about the Activities, Events, Systems, ESA Departments and/or Processes where your personal data is to your knowledge stored, the sooner we can respond to your enquiry, request or complaint.

We seek to respond without undue delay, and in any event within one month of receipt of the request. However, that period may be extended by two further months where necessary, taking into account the complexity and number of the requests. You will be informed of any such extension, together with the reasons for the delay.

If you wish to submit a complaint to the ESA Data Protection Supervisory Authority, you are required to comply with the Rules of Procedure of the Supervisory Authority set forth in the ESA PDP Framework: (https://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations).

You will be required to demonstrate that a Data Protection Incident occurred in relation to your personal data, following a decision of the Agency or at least be able to provide serious reasons and indicators to establish that such an incident occurred.

Personal Data Breach:

If you have any concerns about your personal data or became the victim of a data breach of ESA processed personal data, you should contact ESA’s DPO, as first point of contact, by sending an email to: dpo@esa.int and provide all information available to you regarding the potential breach.

Your Consent

The processing of your personal data as described in this privacy notice is based on consent, to be indicated by selecting the consent box in this form below.

I am aware of my right to revoke my consent at any time by contacting either mchrysaki.nereus@euregions4space.com or the ESA DPO directly under DPO@esa.int and my other rights as stated in the Privacy Notice provided to me in connection with this Consent Declaration.