Privacy Notice for the: ESA earth explorer 11 user consultation meeting

Introduction

The European Space Agency (herein the “Agency” or “ESA”) is an intergovernmental organisation established by its Convention opened for signature in Paris on 30 May 1975. The Protection of Personal Data is of great importance for ESA, which strives to ensure a high level of protection as required by the ESA Framework on Personal Data Protection (herein the “ESA PDP Framework” or “PDP”) which applies for processing of Personal Data at ESA, available at:

http://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations

The ESA PDP Framework applicable for the processing of Personal Data within ESA is composed of the following elements:

  • the Principles of Personal Data Protection, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017;
  • the Rules of Procedure for the Data Protection Supervisory Authority, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017; and
  • the Policy on Personal Data Protection adopted by Director General of ESA on 5 February 2018 and effective on 1 March 2022

Scope of this Privacy Statement

This notice is intended to inform you about the processing of your personal in the Earth Explorer 11 User Consultation Meeting and more specifically about:

  • the identity of the Data Controller and contact details of the ESA Data Protection Officer (“DPO”);
  • the type of personal data collected and processed;
  • the modalities of collection of personal data;
  • the purpose and legal basis of the collection and processing;
  • the recipients to whom the personal data of the Data Subject is disclosed;
  • the time-limits for storing the personal data;
  • your rights and the modalities by which you can exercise them and the practical modalities of exercising your rights and those rights of other persons, when processed in this Processing Activity under the ESA PDP Framework.

Please be aware that all references to “Data” in this document if not otherwise stated relate to data by which an individual could be identified/ having an identifying character, broadly defined as Personal Data.

Description and the Purpose for this Processing of your Personal Data: What is this processing about?

Your personal data will be processed to facilitate the registration for the event and images taken at the event for ESA internal use (no external publication is planned).

The general Purpose of this processing is the use of the personal data you provide for the organisation of the event and related recording (Images) activities by ESA.

Legal Basis: What is the legal basis for processing the personal data?

Specific Legal Basis for this processing:

  • 5.2.1 i. (e) PDP; The performance of a contract concluded by the Agency within its purpose in relation with an activity carried out by the Agency in the framework of, and in conformity with, the ESA Convention and the applicable rules and procedures.

Explanation: This relates to certain participants where the processing is based on a prior contract with them concerning the processing of their data

  • 5.2.1 i. (g) PDP; A purpose covered by the Consent of the Data Subject.

Explanation: This relates to everyone else where no prior contract exists and participants consent to indicate their agreement to the processing as described in the Notice

Consent is collected via the signup page for the event at atpi.eventsair.com

Data Controllers, Data Processors, other Recipients of Personal Data and their Contact Details: Who Processes what data in which capacity?

 

The following table lists all the involved companies, agencies or otherwise, where your personal data may be processed and all relevant information concerning their involvement in this activity.

 

Processing Entity and Responsibility

Personal Data Categories

Type of Personal Data in detail

Description of Processing Responsibilities and specific Purpose of the Processing

European Space Agency (ESA) as

Controller

Contact details

Name, Surname, Email,

Your personal data are collected and further processed as described in this Privacy Notice upon the decision taken by: ESA through and limited to staff directly involved in the ESA Earth Explorer 11 User Consultation Meeting.

ESA processes your contact details to enable your participation in the event through its Contractor ATP Specials B.V.

At the event images may be taken by ESA. You can choose at the registration desk upon entering the event premises if you prefer your picture to be taken or not, by selecting distinctive coloured bands provided by ESA to indicate your preference to the photographer. 

You may at any time approach the photographer(s) and let them know if you don’t want to be photographed.

The Stage area with the speakers panel will be recorded.

Please avoid this area if you don’t want to be in the recording. The recording will not be published and is for ESA internal use only.

ESA DPO

All Personal Information required to accomplish the DPO’s duties as defined in the ESA PDP

All Personal Information required to accomplish the DPO’s duties as defined in the ESA PDP

According to ESA PDP Framework, your first and unique point of contact concerning personal data matters is the ESA Data Protection Officer (“DPO”). In this regard your personal information may be processed by ESA’s DPO to reply to your requests and to exercise your rights under the ESA PDP.

ATP Specials B.V. as

Processor

Contact Details

Name, Surname, E-Mail

 

ATP Specials provide registration and other support to ESA for the event. Only Your personal data necessary for your participation in this event will be processed by ATPI, in the Netherlands.

Cisco Systems, Inc. as

Processor

Audio/Video/ Chat/other Information

provided by you

Information you provide within the Service directly

 

WebEx will be available for participation at the event. You may choose to not share audio/video or provide personal information via other functionalities of the service. If you do so, please be aware that some of your information may be unintentionally stored by ESA within the Service. A deletion of relevant data will be conducted in regular intervals within 3 months of the creation date.

.

ESA has contracts in place to limit the processing of the relevant Communication Data to Europe. Do not disclose sensitive personal data in Webex.

Contact Details per involved entity:

Entity

Contact Details

European Space Agency (ESA)

Headquarters: 8-10 Rue Mario Nikis, CS 45741, 75738 Paris Cedex 15, France.

Your first point of contact is ESA’s DPO at DPO@esa.int at all times. You may also contact relevant staff in charge for this Activity directly via esaconferencebureau@atpi.com

ESA DPO

Data Protection Officer: DPO@esa.int

ATP Specials B.V.

Processor of ESA based in the Netherlands, please contact ESA as described above as the Controller

Cisco Systems Inc.

Processor of ESA based in the US, Please contact ESA as described above as the Controller

Personal Data Disclosure, Transfer and Safeguards:

ESA contractually assures the processing of personal data in the European Union,.

Personal Data Retention and Deletion: How long are your personal data retained by ESA?

Personal data may only be retained by ESA for the time period necessary to fulfil the legitimate purpose of the processing. 

Your Personal Data is stored and processed based on the following timeframes:

Personal Data Categories and Place of Processing

Retention

ESA

Registration data for the event

 

Images/Video recordings

 

Contact Data:

Deletion 1 month after the event

Images/Videos:

Deletion 1 year after the event

ATP Specials B.V.

 

Registration data (Name, Surname, E-Mail)

Contact Data:

Deletion 2 years after the event

Cisco Systems Inc.

Data provided by you in WebEx:

Deletion directly after the event/videoconference,

Some data may remain for 3 months after the event

 

Other Considerations

  • The Agency does not consider your personal data as an asset for sale and, thus, does not sell your personal data to any third parties.
  • ESA does not instruct any third party – including ATP Special B.V. – to conduct any web analytics, profiling or any other processing on ESA’s behalf, other than the purposes mentioned above.


Your rights (Data Subject Rights) How can you access, erase, rectify, complete or amend your personal data?

You have the right to be informed in a transparent manner about: the processing of your personal data (the Controller, purpose, recipients, etc.); your rights and the modalities of exercising these, (e.g. erasure, rectification, completion, or amendment as per the conditions under PDP 5.1. i.; right for every interested Data Subject to lodge a complaint before the Supervisory Authority in case the former demonstrates or has serious reasons to believe that a Data Protection Incident occurred in relation with his/her Personal Data, following a decision of the Agency (e.g. Data Protection Officer). The right of information under PDP 5.4.1 i. and the right of access under Section 5.4.1 ii. shall not apply: (a) where and insofar as the Data Subject is already in possession of the information; (b) for the right of information, when processing of Personal Data is necessary for any Investigation or Dispute Resolution Procedure; (c) for the right of access, where and insofar such access would conflict with an Investigation Procedure concerning the Data Subject. 

If you would like to exercise any of those rights, please send a request explicitly specifying your query to the ESA DPO via e-mail at dpo@esa.int or addressed to the:

ESA Headquarters
Data Protection Officer

8-10 RUE MARIO NIKIS
CS 45741
75738 PARIS CEDEX 15
FRANCE
via postal service.

Please keep in mind that the more specific information you can provide to us about the Activities, Events, Systems, ESA Departments and/or Processes where your personal data is to your knowledge stored, the sooner we can respond to your enquiry, request or complaint.

 

  • We seek to respond without undue delay, and in any event within one month of receipt of the request. However, that period may be extended by two further months where necessary, taking into account the complexity and number of the requests. You will be informed of any such extension, together with the reasons for the delay.

 

If you wish to submit a complaint to the ESA Data Protection Supervisory Authority, you are required to comply with the Rules of Procedure of the Supervisory Authority set forth in the ESA PDP Framework:

(https://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations).

You will be required to demonstrate that a Data Protection Incident occurred in relation to your personal data, following a decision of the Agency or at least be able to provide serious reasons and indicators to establish that such an incident occurred.

 

PERSONAL DATA BREACH: What should you do in case of a data protection incident?

If you have any concerns about your personal data or became the victim of a data breach of ESA processed personal data, you should contact ESA’s DPO, as first point of contact, by sending an email to: dpo@esa.int and provide all information available to you regarding the potential breach.




      ESA Conference Bureau / ATPI Corporate Events

      ESA-ESTEC, Keplerlaan 1
      2201 AZ Noordwijk, The Netherlands

      Privacy Notice