PRIVACY NOTICE
The European Space Agency (herein the “Agency” or “ESA”) is an intergovernmental organisation established by its Convention opened for signature in Paris on 30 May 1975 having its headquarters located at 24 rue du Général Bertrand, CS 30798, 75345 Paris Cedex 07, France.
Protection of Personal Data is of great importance for ESA, which strives to ensure a high level of protection as required by the ESA Framework on Personal Data Protection (herein the “ESA PDP Framework”) which applies in this field. ESA implements appropriate measures to preserve the rights of data subjects, to ensure the processing of personal data for specified and legitimate purposes, in a not excessive manner, as necessary for the purposes for which the personal data were collected or for which they are further processed, in conditions protecting confidentiality, integrity and safety of personal data and generally to implement the principles set forth in the PDP Framework, available at:
http://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations
ESA PDP Framework is composed of the following elements:
- the Principles of Personal Data Protection, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017;
- the Rules of Procedure for the Data Protection Supervisory Authority, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017; and
- the Policy on Personal Data Protection adopted by Director General of ESA on 5 February 2018 and effective on 1 March 2018.
- the identity of the data controller and contact details of ESA Data Protection Officer (“DPO”);
- the type of personal data which is collected and processed;
- the modalities of collection of personal data;
- the purpose of the collection and processing;
- the recipients (if any) to whom the personal data of the data subject shall be disclosed;
- the time-limits for storing the personal data;
- the practical modalities of exercising the rights of the data subject under the ESA PDP Framework.
This notice is also enabling ESA to obtain your consent relating to the collection and further processing of your personal data, under ESA PDP Framework. This privacy notice was last updated on: 27 December 2023
1.1. Who is the Data Controller?
Your personal data is collected and further processed as shown below upon the decision taken alone by ESA.
Thus, the Data Controller is ESA.
1.2. What are the contact details of ESA Data Protection Officer?
According to ESA PDP Framework, your first point of contact concerning personal data matters is the ESA Data Protection Officer (“DPO”), who may be contacted at DPO@esa.int.
1.3. What kind of personal data about you is collected and further processed?
The personal data which may be collected and further processed for the purposes mentioned below are in particular:
- Name:
- Phone number:
- E-mail:
- Company address details:
- Billing address details:
- Other information that you provide, which may directly or indirectly identify you:
You are required not to send to the Agency any sensitive information (including information that indicate, directly or indirectly, an individual’s racial or ethnic origin, political opinions, adhesion to unions, religious or philosophical beliefs, health life, sexual orientation, genetic or biometric data, criminal convictions).
1.4. How is your personal data collected or processed?
Your personal data may be collected by various means, including via:
- Creating an account for the European Data Handling & Processing Conference
- Registration to the European Data Handling & Processing Conference
- Booking a Sponsor or Exhibition package to the European Data Handling & Processing Conference
1.5. Why is your personal data collected and processed?
Your personal data are collected and further processed so that:
- to provide you access to, and enable the use of the registration page, exhibition booking portal and sponsor booking portal
- to manage your relationship with the Agency as well as your requests and applications in relation to the European Data Handling & Data Processing Conference
- to enable your participation in the European Data Handling & Data Processing Conference
- to send you notifications in connection with the European Data Handling & Data Processing Conference
- to highlight and promote the European Data Handling & Data Processing Conference as well as to promote similar events, in the future on any media
- to send you newsletters and new features in relation with the European Data Handling & Data Processing Conference and other ESA events
- to conduct surveys
- to communicate your personal data to third-party collaborators, contractors and/or partners involved in the organisation of the European Data Handling & Data Processing Conference or in the fulfilment of any of the other purposes
- other purposes that will be disclosed to the personnel when such information is requested
- In addition to these purposes, the Agency may use your personal information for any of the purposes mentioned in Article 5 of the Policy on Personal Data Protection.
1.6. To whom might we disclose your personal data?
The Agency may disclose your personal data to any of the following third-party recipients for the fulfilment of all or part of the purposes of the collection and processing of personal data, which are mentioned above:
| Recipient acting as…
| Servers and sub-processors of the recipient are located in:
|
| ATP Specials BV | The Netherlands |
2. Third party IT tools, including Social Media
The Agency does not consider your personal data as an asset for sale and, thus, does not sell your personal data to any third parties.
3.1. How long do we retain your personal data for?
The Agency may keep your personal data for as long as necessary for the fulfilment of the above-mentioned purposes. Your Personal Data shall be deleted thereafter.
3.2. How can you erase, rectify, complete or amend your personal data?
The Agency is keen to collect and process accurate personal data and to keep it updated. You may request the erasure, rectification, completion, or amendment of your personal data if they are inaccurate or incomplete, in relation to the purposes for which they are collected and processed, or if they are processed in violation with the principles referred in the ESA PDP Framework.
If you choose to make a request for the erasure of personal data, you understand and agree that we will not be able to welcome you to the European Data Handling & Data Processing Conference.
The above-mentioned request should be submitted to the ESA DPO, as first point of contact, by sending an email to: dpo@esa.int
- Copy to: esaconferencebureau@atpi.com
4. in case of a data protection incident
In case of a data protection incident, you should contact ESA DPO, as first point of contact, by sending an email to: dpo@esa.int
In case you wish to submit a complaint, you are required to comply with the Rules of Procedure of the Supervisory Authority set forth by ESA PDP Framework. You will be required to demonstrate that a data protection incident occurred in relation to your personal data, following a decision of the Agency or at least to justify serious reasons to believe that such incident occurred.
Your consent is required
By creating an account to the European Data Handling & Data Processing Conference you agree to ESA framework on Personal Data Protection and to the processing of your personal data by, or on behalf of, the Agency, as mentioned in the ESA Privacy Notice and Consent form as follows:
How and when can you withdraw your consent?
You will be able to withdraw your consent depending on the modality used to collect your personal data, in particular:
· by sending an email to Business-area: esaconferencebureau@atpi.com or: DPO@ESA.int
ESA Conference Bureau / ATPI Corporate Events
ESA-ESTEC, Keplerlaan 1
2201 AZ Noordwijk, The Netherlands