Privacy Policy

The European Space Agency (herein the “Agency” or “ESA”) is an intergovernmental organisation established by its Convention opened for signature in Paris on 30 May 1975 having its headquarters located at 24 rue du Général Bertrand, CS 30798, 75345 Paris Cedex 07, France.

Introduction

Protection of Personal Data is of great importance for ESA, which strives to ensure a high level of protection as required by the ESA Framework on Personal Data Protection (herein the “ESA PDP Framework”) which applies in this field. ESA implements appropriate measures to preserve the rights of data subjects, to ensure the processing of personal data for specified and legitimate purposes, in a not excessive manner, as necessary for the purposes for which the personal data were collected or for which they are further processed, in conditions protecting confidentiality, integrity and safety of personal data and generally to implement the principles set forth in the PDP Framework, available at:

http://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations

ESA PDP Framework is composed of the following elements:

the Principles of Personal Data Protection, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017;
the Rules of Procedure for the Data Protection Supervisory Authority, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017; and
the Policy on Personal Data Protection adopted by Director General of ESA on 5 February 2018 and effective on 1 March 2018.

This notice is intended to inform you, as data subject, about:

the identity of the data controller and contact details of ESA Data Protection Officer (“DPO”);
the type of personal data which is collected and processed;
the modalities of collection of personal data;
the purpose of the collection and processing;
the recipients (if any) to whom the personal data of the data subject shall be disclosed;
the time-limits for storing the personal data;
the practical modalities of exercising the rights of the data subject under the ESA PDP Framework.

This notice is also enabling ESA to obtain your consent relating to the collection and further processing of your personal data, under ESA PDP Framework. This privacy notice was last updated on: 20 June 2022.

1. General Information

1.1. Whom is the Data Controller?

Your personal data is collected and further processed as shown below upon the decision taken by ESA as Data Controller.

1.2. What are the contact details of ESA Data Protection Officer?ata Controller?

According to ESA PDP Framework, your first point of contact concerning personal data matters is the ESA Data Protection Officer (“DPO”), who may be contacted at DPO@esa.int.

1.3. What type of personal data about you is collected and further processed?

The personal data which may be collected and further processed for the purposes mentioned below are in particular:

Name
E-mail
Citizenship
Title
Organisation
Social media links

You are required not to send to the Agency any sensitive information (including information that indicate, directly or indirectly, an individual’s racial or ethnic origin, political opinions, adhesion to unions, religious or philosophical beliefs, health life, sexual orientation, genetic or biometric data, criminal convictions).

1.4. How is your personal data collected or processed?

Your personal data may be collected by various means, including via registration on the website (www.ecseco.org) and by editing your profile in the members restricted area of the website.

1.5. Why is your personal data collected and processed?

Your personal data are collected and further processed :

to manage your ECSECO membership
to provide you access to the members’ restricted area of the ECSECO website
to send you ECSECO newsletters and news on the ECSECO events
to enable your participation in the ECSECO general assembly and other ECSECO events
to conduct surveys

In addition to these purposes, the Agency may use your personal information for any of the purposes mentioned in Article 5 of the Policy on Personal Data Protection.

1.6. To whom might we disclose your personal data?

The Agency may disclose your personal data to any of the following third-party recipients for the fulfilment of all or part of the purposes of the collection and processing of personal data, which are mentioned above:

Recipient acting as…	Servers and sub-processors of the recipient are located in:
ESPI (as data processor on behalf of ESA)	Austria
Rainfall (as data processor on behalf of ESPI)	Romania
Hetzner Online GmbH (as data processor on behalf of Rainfall)	Germany

2. Third Party IT Tools, Including Social Media

Third party IT tools or social media may be used to inform you and to promote an activity (meeting, event). ESA websites may provide links to social media and videos may be available on ESA social media pages. If you view a video or interact with the social media or other websites, social media or third-party cookies are likely to be installed on your device, covered by third party Terms and Conditions and cookie policies. ESA has no influence over these. Carefully assess the privacy policies and Terms and Conditions prior to use regarding your data subject rights, further processing and to protection of your personal data.

Online webinars may be held using a third-party videoconference IT service such as Microsoft Teams, which process personal data according to their own cookies and privacy policies (available at: https://docs.microsoft.com/en-us/microsoftteams/teams-privacy) over which ESA has limited influence and does not necessarily advocate. By participating in the activity and using the IT tool, you consent to the processing of your personal data according to the third-party tool’s conditions and its privacy policy.

The Agency does not consider your personal data as an asset for sale and, thus, does not sell your personal data to any third parties.

3. Your Personal Data

3.1 How long do we retain your personal data for?

The Agency will keep your personal data for 13 months for the fulfilment of the above-mentioned purposes. Your Personal Data shall be deleted thereafter, as membership will be renewed every calendar year.

3.2 How can you erase, rectify, complete or amend your personal data?

The Agency is keen to collect and process accurate personal data and to keep it updated. You may request the erasure, rectification, completion, or amendment of your personal data if they are inaccurate or incomplete, in relation to the purposes for which they are collected and processed, or if they are processed in violation with the principles referred in the ESA PDP Framework.

If you choose to make a request for the erasure of personal data, you understand and agree that you will no longer access the above-mentioned services.

The above-mentioned request should be submitted to the ESA DPO, as first point of contact, by sending an email to: dpo@esa.int, copy to: ecseco@esa.int.

You may also be allowed access to your personal data and have the possibility to erase, rectify, complete or amend it, according to the following modalities:

by accessing your account
by entering your account User Id and password
by clicking on “Log In”
by actually erasing, rectifying, completing or amending your personal data
If you do not remember your password, you can reset your password by sending your request on the website through the button “ Lost your password?”
If you are unable to access your account, please contact ecseco@esa.int.

4. In Case of a Data Protection Incident

In case of a data protection incident, you should contact ESA DPO, as first point of contact, by sending an email to: dpo@esa.int

In case you wish to submit a complaint, you are required to comply with the Rules of Procedure of the Supervisory Authority set forth by ESA PDP Framework. You will be required to demonstrate that a data protection incident occurred in relation to your personal data, following a decision of the Agency or at least to justify serious reasons to believe that such incident occurred.

5. Your Consent

The processing of personal data described in this privacy notice is based on your consent. You may provide your consent by accepting this privacy notice (selecting the ‘I accept’ checkbox) prior to submitting the registration form. You can withdraw such consent by requesting ESA to stop the processing. This will not affect the legitimacy of the personal data processing that took place prior to the withdrawal of user consent. You can withdraw your consent at any time by sending an email to ESA DPO at: dpo@esa.int; copy: ecseco@esa.int.

If users choose to withdraw their consent, they understand and agree that they will no longer be able to access the above-mentioned services.

For those cases where your consent was not already obtained by ESA (including other modalities) and it is required under the ESA Framework on Personal Data Protection, you agree with the collection and further processing of your personal data:

I accept.
I disagree.

You will be able to withdraw your consent depending on the modality used to collect your personal data, in particular by sending an email to ESA DPO at: DPO@ESA.int with copy: contact@ecseco.org.

Cookie	Duration	Description
_GRECAPTCHA	6 months	reCAPTCHA sets a necessary cookie when executed for the purpose of providing its risk analysis.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Necessary".
CookieLawInfoConsent	11 months	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
newsletter-hide	1 year	Used to control the newsletter popup visibility. It does not store any personal information.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wordpres_test_cookie	session	Test if cookie can be set. WordPress also sets wordpress_test_cookie cookie to check if the cookies are enabled on the browser to provide appropriate user experience to the users. This cookie is used on the front-end, even if you are not logged in.
wordpress_{hash}	session	WordPress uses the login wordpress_{hash} cookie to store authentication details.
wordpress_logged_in_{hash}	session	Remember User session. WordPress sets the after login wordpress_logged_in_{hash} cookie, which indicates when you’re logged in, and who you are, for most interface use.

Cookie	Duration	Description
_ga	2 years	Used to distinguish users.
_ga_{container-id}	2 years	Used to persist session state.
_gac_gb_{container-id}	90 days
_gid	24 hours	Used to distinguish users.

Get in touch