Released by: European Space Agency, as Data Controller
Addressed to: individuals whose personal data is collected and processed
The European Space Agency (herein the “Agency” or “ESA” or “We”) is committed to protect Personal Data in line with the ESA Framework on Personal Data Protection (herein the “ESA PDP Framework”) available at: http://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations composed by:
This notice is intended to describe why and how Your personal data are collected and processed by, or on behalf of, ESA, as Data Controller, upon initiative of ESA NAV F Department, as well as what rights You have in relation to Your personal data. It also informs You about the contact details of the Data Protection Officer. This privacy notice was last updated on 25/09/2023. It must be read in conjunction with the ESA PDP Framework and other privacy notices referred to herein.
ESA process your personal data to organise and manage the Workshops, Conferences, Symposia held on ESA premises or online, commissioning ATPI (the Netherlands) Services as Processor. ESA is Controller for personal data related to selection of panellists, or selection of abstracts, when ESA processes such data. For these purposes only as well as for the purposes mentioned in Article 5 of ESA Policy on Personal Data Protection, ESA is Data Controller. ESA does not instruct any third party to conduct any web analytics, profiling, or any other processing on ESA’s behalf, other than the purposes mentioned.
Members of selection committees or bodies that select abstracts may act as separate Controllers and may be in territories not having an Adequate Level of Protection such that ESA implements appropriate protection for Disclosures of personal data.
Social media, LinkedIn, Twitter, external websites, etc., may be used to publish photographs, video recordings or interviews or information related to the events. These act as separate Controllers, each responsible for their personal data processing activities, please consult their privacy notices and websites for further information. You have the right to decline your participation in such processing.
(1) What are the relevant contact details for this notice?
The ESA Data Protection Officer (“DPO”) may be contacted in line with the ESA PDP Framework at DPO@esa.int or: ESA Headquarters; Data Protection Officer; 8-10 RUE MARIO NIKIS; CS 45741; 75738 PARIS CEDEX 15; FRANCE.
As the collection and processing concerned by this notice is performed upon initiative of the ESA HIF-E Department, questions may also be addressed to: the ESA Conference Bureau (ATPI Corporate Events) ESAConferenceBureau@atpi.com
(2) What kind of personal data are collected and further processed?
ESA collects and processes a variety of Your personal data and may requires You to provide personal data for the purposes mentioned further below. Depending on the purpose for which they are collected and further processed, the personal data may include:
(3) How are Your personal data collected or further processed?
ESA commissions the Processors, ATPI Services to deliver ESA Conference Bureau services.
Dropbox: may be used by ESA to exchange data / personal data.
ESA Cisco Webex Videoconferencing Service may be used to enable participation during the event. For this purpose, some personal data (including Audio and Video Data) may be processed by Cisco Systems, strictly limited to the European Union as per contractual obligations implemented between ESA and Cisco Systems Inc. Personal Data collected is limited to the necessary. The Webex privacy notice is made available to you when you use the tool.
ESA Processor: ATPI / Letsgetdigital processes personal data under ESA contract in Europe.
(4) Why are Your personal data collected and further processed?
ESA processes the personal data of participants for the following purposes: managing invitations, registrations, participation requests, facilitating remote participation and distribution of the list of participants, managing on premises presence, badges and identity verification for security, promoting the event in social media. ESA also processes personal data of participants for reporting on the event, to distribute presentations to participants and potentially for satisfaction surveys. Where you have consented, ESA may keep your contact details in order to invite you to future similar events or future meetings within the scope of the activity. Your personal data may be accessed by the ESA event organisation team and service providers (ESA Conference Bureau, ATPI Services) under ESA contract, ESA workforce members of the HIF-E team and ESA IT support teams.
We collect and process Your personal data because it is necessary for the activities conducted to fulfil Our purpose, which is “to provide for and to promote, for exclusively peaceful purposes, cooperation among European States in space research and technology and their space applications, with a view to their being used for scientific purposes and for operational space applications systems” (as per ESA Convention). We serve the public interest, and we seek to foster the public interest in space activities and programmes. All the processing carried out by, or on behalf of, ESA upon initiative of the HIF-E Department falls in this general purpose and, in particular, into one of the reasons permitted under ESA PDP Framework, in particular under ESA PDP Policy. ESA initiates webinars, conferences, symposia, events and workshops for the purpose of promoting the space industry and enhancing collaboration. Video recordings are created to enable those not present at the event or the interested public to view it for educational purposes via ESA social media or websites, etc. In any case, we do not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or legally permitted.
(5) On what legal grounds do We collect and process Your data?
We process Your personal data pursuant to the ESA PDP Framework, in particular pursuant to Article 5 of the ESA PDP Policy, for fair, specified and legitimate purposes or for purposes compatible therewith. The processing of your personal data by ESA for this event is lawful as it is necessary for the performance of a task carried out in the public interest.
Generally, the processing referred to in this notice falls under Article 5.2.1.i. of the ESA PDP Policy, i.e.:
In addition, We may process Your data under Article 5.2.2 of the ESA PDP Policy concerning Sensitive Personal Data, i.e. when the processing:
i. is covered by the Consent of the Data Subject; or
ii. relates to Sensitive Personal Data which are manifestly made public by any means (for instance, social media) by the Data Subject; or
iii. is necessary for:
Depending on the situation, we may consider that your consent is given by various modalities and may result from affirmative motions (e.g., swiping on a screen), browser settings, written statements, filling an electronic online form, sending an email, uploading a scanned document with their signature, using an electronic signature and other modalities that may appear in the future.
(6) In which circumstances may We transfer or provide access to Your personal data?
When the third-party data recipients are located in a country or international organisation not offering an adequate level of protection (e.g. Australia, United States, etc.), We will not proceed to the transfer of Your data unless You consented to it or unless the conditions set forth in ESA PDP framework (see Article 5.3 of ESA PDP Policy) are fulfilled. As appropriate, We take adequate safeguards (e.g. via appropriate contractual clauses) in order to obtain from third-party recipients a level of protection equivalent to that offered within the European Union and the European Economic Area.
In case of transfer of personal data to the United States or other countries not offering an adequate level of protection, transfer may expose You to certain risks, in particular the risk of profiling, the risk that the applicable legal framework may allow further processing of the personal data and that any given consent may not always be withdrawn.
You may be provided with information regarding the privacy notices of separate controllers of personal data either herein or elsewhere in Our communications to you.
In exceptional cases, for instance in case of a criminal offence evidenced by the collection or processing of data, we may share the said data with the appropriate authorities or bodies, including the ones having an investigative role or the ones involved in the concerned legal proceedings.
Your contact details (Name, E-Mail Address) may be shared with other participants at the event if you have indicated your interest in sharing these when registering for the conference or adding your name to a list for the purpose of sharing contact details.
ATPI, as ESA Processor, processes personal data in the Netherlands. ATPI uses the Sub-processor LegtsgetDigital with a tool configuration and a contract ensuring that processing occurs only in the Netherlands.
(7) How long do We retain Your personal data for?
Your data are stored for the shortest time possible, taking into account the reasons why we need to process Your data, as well as all legal obligations applicable to the Agency. The Agency established time limits to erase or review the data stored. Retention periods applied by the Agency are proportionate to the purposes for which they were collected. Thus, the Agency will keep Your personal data for as long as necessary for the fulfilment of those purposes, which will be at least for the duration mentioned in the Table below. Your Personal Data is deleted upon expiry of the applicable retention period. By way of exception, We may keep Your personal data for a longer period, for archiving purposes in the public interest or for reasons of scientific or historical research, being reminded that appropriate technical and organisational measures are put in place (e.g. anonymisation, encryption, etc.).
Personal Data | Retention |
ESA internal systems | Up to 10 years |
ATPI, LetsgetDigital, Conf Tool | 5 years as per contract, after the end of the activity, then deletion |
ESA Webex/Cisco | Audio/Video data is retained only for the duration of the meeting. Some further Data (chat, signup information) may be retained for 6 months after the event and then automatically deleted. |
ESA Teams | For the duration of the meeting, deletion immediately after the meeting ends. For recorded data, up to 5 years, thereafter deleted. |
ESA Records of consent | 5 years after the end of the activity |
Photos, video recordings on websites and social media | Please refer to the privacy notice of the separate Controllers |
Dropbox / ESA OneDrive | For the duration of the legitimate purpose, thereafter deleted |
ESA held scientific/ technical papers
| Permanent retention for historic/ research purposes, ESA Archives |
To the extent your personal data are collected via a web account, You have the possibility to delete the personal data as well as the account in your account's settings.
(8) How do We protect and safeguard Your personal data?
All processing operations are carried out pursuant to ESA Rules and Regulations, including ESA PDP Framework and ESA Security Regulations. In particular, the Agency collects and processes personal data in conditions protecting confidentiality, integrity, and security of personal data.
In order to protect Your personal data, ESA has implemented a number of technical and organisational measures against the risks of loss as well as against unauthorised access, destruction, use, modification or disclosure of personal data, in particular when such risks concern sensitive personal data. These measures take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. They may include, as appropriate, the pseudonymisation and encryption of personal data.
(9) What are Your rights as data subject and how can you exercise them?
Under conditions detailed in the ESA PDP Framework, You have:
Note however that We may not erase Your personal data in case the processing is based on the performance of a legal obligation of ESA or where such data is necessary for the establishment, exercise, or defence of legal claims.
When the processing of Your personal data is based on Your consent and unless a specific case applies (e.g. see Article 6 above), You have also the right to withdraw Your consent.
You may wish to withdraw Your consent or to exercise any of the above-mentioned rights, by sending a request explicitly specifying Your query to the ESA DPO via e-mail at dpo@esa.int or addressed to the: ESA Headquarters, Data Protection Officer, 8-10 RUE MARIO NIKIS, CS 45741 75738 PARIS CEDEX 15, FRANCE via postal service. You may be requested to provide additional information to confirm your identity and/or to assist ESA to locate the data You are seeking.
Please note that withdrawing consent does not affect the lawfulness of any processing based on the consent given before this consent is withdrawn.
In cases where a participants’ request to the ESA relates to the processing of personal data by a separate Controller, it will be forwarded to the separate Controller and vice versa.
ESA may enter into contracts with various contractors who, with regard to Your Personal Data and depending on the contract concluded with ESA, may act either as a separate Data Controller or as a Data Processor.
(11)Third Party Providers and Social Media
ESA may use third party IT Providers or social media for information purposes or to promote an activity (meeting, event, recruitment campaign, etc.). ESA websites may provide links to social media and videos may be made available on ESA social media pages. It is up to You to decide whether You wish, or not, to have access and use those IT tools and social media, in consideration of the fact that they are governed by terms and conditions, including privacy notices, that are not under ESA control and that they may disclose data to territories that do not provide an equivalent protection. If You do not want Your data to be processed by such IT tools or social media, You may decide not to register as user or otherwise accept the applicable third party terms and conditions. Non-essential cookies may be used to process your Personal Data. You may decline such cookies and/or configure your browser privacy and security settings to manage cookies.
Where you have consented to the processing of images/ video recordings taken during the event, upon registering to the event, ESA may process these for archiving purposes and to share them on their social media accounts (e.g., ESA Twitter, ESA LinkedIn, ESA public websites, YouTube, etc.). Please note nevertheless that, if personal data or information is disclosed online, it may be used by third parties for their own purposes, within their platforms and or shared, and at times without informing ESA and it may not be possible for us, apart from any implemented safeguards, to ensure removal of your data from the Internet.
Disclaimer regarding exterior Links, cookies, third parties and Endorsement: websites in the ESA.int domain and ESA associated websites may hold links to external websites in domains not having an Adequate Level of Protection, which may not be maintained by ESA or be under ESA control and for which ESA, is not responsible. If you decide to click on a link to an external website, you leave the ESA domain and become subject to privacy, cookies and legal policies of the external website as separate Controllers, outside the control and responsibility of ESA.
Endorsement disclaimer: ESA websites may offer linked references to external resources or websites or online services, to provide further information, however, linked references, services, information and their providers/organisations are not endorsed by ESA. ESA websites may provide links to third-party sites. To use third party content on ESA websites, may require acceptance of their specific terms and conditions, involving their cookie policies for which ESA has no control.
ESA webpages may provide content from external providers, e.g., YouTube, Facebook, Twitter, etc. Viewing such third-party content means that you must agree to their terms and conditions and their cookies. ESA has no control over these. If you do not want third-party cookies to be installed on your device, you do not have to view this content.
Please note that if information also comprising personal data, is uploaded online (for example, published on social media), it can be used by third parties for their own purposes, on their platforms, and every so often without ESA having been informed. In such cases, ESA, despite any implemented safeguards may not be able to ensure removal from the internet.
The processing of personal data is described in this privacy notice. Where consent is required, You may provide your consent by accepting this privacy notice (selecting the ‘I accept’ checkbox) prior to submitting the registration form.
ESA invites you to register for this event, which takes place on ESA premises and online. By submitting your personal information/ by participating in this event, you agree to ESA Framework on Personal Data Protection and to the processing of your Personal Data by, or on behalf of ESA. We encourage you to read the privacy notice which informs you about the processing of your personal data, before providing your consent. For any questions, please email: dpo@esa.int
By registering, I accept and consent to:
ESA Conference Bureau / ATPI Corporate Events
ESA-ESTEC, Keplerlaan 1
2201 AZ Noordwijk, The Netherlands
Privacy Notice