The European Space Agency (herein the “Agency” or “ESA”) is an intergovernmental organisation established by its Convention opened for signature in Paris on 30 May 1975 having its headquarters located in Paris, France.
Protection of Personal Data is of great importance for ESA, which strives to ensure a high level of protection as required by the ESA Framework on Personal Data Protection (“the ESA PDP Framework”) which applies in this field. ESA implements appropriate measures to preserve the rights of Data Subjects, to ensure the processing of Personal Data for specified and legitimate purposes, in a not excessive manner, as necessary for the purposes for which the Personal Data were collected or for which they are further processed, in conditions protecting confidentiality, integrity and safety of Personal Data and generally to implement the principles set forth in the PDP Framework, available at: http://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations.
The ESA PDP Framework is composed of the following elements:
This notice is intended to inform you, as a Data Subject, about:
This notice also enables ESA to obtain your consent relating to the collection and further processing of your Personal Data, under the ESA PDP Framework.
Your Personal Data are collected and further processed as shown below upon the decision taken by ESA. For this reason, ESA is the Data Controller under the ESA PDP Framework.
Your first point of contact concerning Personal Data matters is ESA's Data Protection Officer (“DPO”), who may be contacted at:
The Personal Data, which are collected and further processed for the purposes mentioned below, are in particular:
You are required not to send to the Agency any sensitive information (including information that indicate, directly or indirectly, the personnel's ethnic origin, political opinions, adhesion to unions, parties etc., health situation, sexual orientation).
Your Personal Data are collected when you register for an EO Sign In account and when you use the services accessed with this account.
EO Sign In collects your Personal Data by:
ESA manages the EO Sign In and data access related services through Contracts. The companies responsible for the contracted services act on ESA's behalf to ensure your Personal Data is protected in accordance with ESA's Personal Data Protection Policy and European Union Personal Data protection standards.
Under ESA's contract with Serco, your Personal Data will be processed by the ESA EO Helpdesk, on behalf of ESA, to provide access to ESA EO Data by associating the proper access rights to your account.
ESA and its contractors will not use your Personal Data for any purpose other than supporting the services connected to the EO Sign In and will not disclose your Personal Data to any other entity that is not listed under (7). They do not consider your Personal Data as an asset for sale and will not sell your Personal Data to any third parties.
The servers of ESA are located in data centres hosted by ESA in ESRIN, Frascati, Italy and operated by GTT Communications, Inc (GTT) and accessed by Serco Italia S.p.A. (Serco).
Your Personal Data are collected and further processed for the following purposes:
In addition to these purposes, the Agency may use your Personal Data for any of the purposes mentioned in Article 5 of the Policy on Personal Data Protection.
The Agency may disclose your Personal Data to any of the following third-party recipients for the fulfilment of all or part of the purposes of the collection and processing of Personal Data which are mentioned above:
ESA draws your attention to the fact that if you make a request for Third-Party data listed above, your Personal Data (e.g. last name, first name, email address, institution, country of residence) may be processed in a country which is not a member state of ESA and/or the European Union and which is not recognised by the European Commission as offering an adequate level of protection under the European Union's legal framework.
The Agency and its contractors may keep your Personal Data for as long as necessary for the fulfilment of the above-mentioned purposes. Your Personal Data shall be deleted thereafter.
If you do not confirm your registration to the EO Sign In when you are sent the confirmation link by email, your Personal Data will be automatically deleted from all servers within 60 days of the initial account creation request.
If you do confirm your registration to the EO Sign In, your Personal Data will be stored on the ESA and third parties servers for as long as you are an active user of the EO Sign In service.
Your Personal Data will be deleted after two years of inactivity, prior notification by email of account being locked, unless you confirm you wish the account to remain open.
The Agency is keen to collect and process only accurate Personal Data and to keep it up-to-date.
Under ESA's Personal Data Protection Framework, you have the rights, which you may exercise at any time, to have your Personal Data erased, rectified, completed or amended. You are able to access your Personal Data and rectify, complete or amend the information contained in your account profile autonomously after log in into EO Sign In using your personal dashboard. For the deletion of your account, please contact the ESA EO Front-End Services Helpdesk.
If you choose to erase your Personal Data or do not accept the terms of this Privacy Notice, you understand and agree that ESA will have to delete your ESA EO Sign In account and you will lose all of your rights for accessing ESA's EO data and services through your ESA single sign-on account.
If you are unable to access your account for any reason or need support, please contact the ESA EO Front-End Services Helpdesk for assistance.
In the event of a Data Protection Incident, please contact ESA's DPO, as the first point of contact, by sending an email to dpo@esa.int.
If you wish to submit a complaint, you will need to comply with the Rules of Procedure of the Supervisory Authority set out in the ESA PDP Framework. You will be required to demonstrate that a Data Protection Incident occurred in relation to your Personal Data, following a decision of the Agency, or at least to justify serious reasons to believe that such an incident occurred.