ESA BSGN PRIVACY NOTICE

Introduction

The European Space Agency (herein the “Agency” or “ESA”) is an intergovernmental organisation established by its Convention opened for signature in Paris on 30 May 1975 having its headquarters located at 24 rue du Général Bertrand, CS 30798, 75345 Paris Cedex 07, France.

Protection of Personal Data is of great importance for ESA, which strives to ensure a high level of protection as required by the ESA Framework on Personal Data Protection (herein the “ESA PDP Framework”) which applies in this field. ESA implements appropriate measures to preserve the rights of data subjects, to ensure the processing of personal data for specified and legitimate purposes, in a not excessive manner, as necessary for the purposes for which the personal data were collected or for which they are further processed, in conditions protecting confidentiality, integrity and safety of personal data and generally to implement the principles set forth in the PDP Framework, available at: http://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations

ESA PDP Framework is composed of the following elements:

the Principles of Personal Data Protection, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017;
the Rules of Procedure for the Data Protection Supervisory Authority, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017; and
the Policy on Personal Data Protection adopted by Director General of ESA on 5 February 2018 and effective on 1 March 2018.

This notice is intended to inform you, as data subject, about:

the identity of the data controller and contact details of ESA Data Protection Officer (“DPO”);
the type of personal data which is collected and processed;
the modalities of collection of personal data;
the purpose of the collection and processing;
the recipients (if any) to whom the personal data of the data subject shall be disclosed;
the time-limits for storing the personal data;
the practical modalities of exercising the rights of the data subject under the ESA PDP Framework.

This notice is also enables ESA to obtain your consent relating to the collection and further processing of your personal data, under ESA PDP Framework.

This privacy notice was last updated on: 23 May 2022.

1. Who is the Data Controller?

Your personal data are collected and further processed as shown below upon the decision taken alone by ESA.
Thus the Data Controller is ESA.

2. What are the contact details of ESA Data Protection Officer?

According to ESA PDP Framework, your first point of contact concerning personal data matters is the ESA Data Protection Officer (“DPO”), who may be contacted at DPO@esa.int.

3. What kind of personal data about you are collected and further processed?

The personal data which may be collected and further processed for the purposes mentioned below are in particular:

First Name, Last Name
E-mail address
Company and role in the company
Nationality and country of residence
Pictures, video recordings during events, interview recordings if consent was provided
Information in connection with your use of the website bsgn.esa.int, such as information in server logs, including information on how the website was used by you, your search queries,
Participation details and attendance logging for events
IP (internet protocol) address and data about your [system activity, hardware settings, browser settings, date and time of your request…]
Cookies, i.e.
Online user data through social media posts
Other information that you provide and which may directly or indirectly identify you;

You are required not to send to the Agency any sensitive information (including information that indicate, directly or indirectly, an individual’s racial or ethnic origin, political opinions, adhesion to unions, religious or philosophical beliefs, health life, sexual orientation, genetic or biometric data, criminal convictions).

4. How are your personal data collected or further processed?

Your personal data may be collected by various means, including via

registration to the newsletter,
registration to events,
sending a contact request to BSGN and/or BSGN Members,
registering on the website to create a user profile and associated pages.

5. Why are your personal data collected and further processed?

Your personal data are collected and further processed

to send you information in relation to the BSGN and related within the European Exploration Envelope Programme (E3P);
to conduct marketing activities and promotional activities such as newsletters and mailing lists;
to provide you access to, and enable the use of the website bsgn.esa.int;
to manage your relationship with the Agency as well as your requests and applications in relation to the ESA Programmes;
to produce internal and external publications for example on social media or the ESA Website;
to enable your participation in events, workshops or conferences;
to send you notifications in connection with relevant events (co-)organised by ESA, including conferences, seminars, webinars and training courses;
to conduct surveys and gather feedback;
to record videos or take pictures during events; in this case it will be made explicit to attendees again in advance;
to manage documentation and folders;
to conduct analytics with the aim to improve our services;

We gather information in aggregated form to analyse the demographics of our subscribers (e.g. how many we have in each country). The data may be used to support us in determining user preferences and usage trends on an aggregated basis (e.g. how long users spend on average on the website or in reading particular articles). This analysis may be undertaken via Matomo.

In addition to these purposes, the Agency may use your personal information for any of the purposes mentioned in Article 5 of the Policy on Personal Data Protection.

6. To whom might we disclose your personal data?

The Agency may disclose your personal data to any of the following third party recipients for the fulfilment of all or part of the purposes of the collection and processing of personal data, which are mentioned above:

Recipient acting as:	Servers and sub-processors of the recipient are located in:
ESA as Data Controller for Contractors involved in the operation, maintenance and hosting of the website bsgn.esa.int.	Italy and Ireland

Social media LinkedIn https://www.linkedin.com/company/business-in-space-growth-network Twitter https://twitter.com/esabsgn	The privacy policies of LinkedIn and Twitter apply. LinkedIn Privacy Policy Twitter Privacy Policy

Third party IT tools, including Social Media
Third party IT tools or social media may be used to inform you and to promote an activity (meeting, event). ESA websites may provide links to social media and videos may be available on ESA social media pages. If you view a video or interact with the social media or other websites, social media or third party cookies are likely to be installed on your device, covered by third party Terms and Conditions and cookie policies. ESA has no influence over these. Carefully assess the privacy policies and Terms and Conditions prior to use with regard to your data subject rights, further processing and to protection of your personal data.

The Agency does not consider your personal data as an asset for sale and, thus, does not does not sell your personal data to any third parties.

7. How long do we retain your personal data for?

The Agency may keep your personal data for as long as necessary for the fulfilment of the above mentioned purposes. Your Personal Data shall be deleted thereafter.

In the case of the user profile on the BSGN Website, your account will be deleted after two years of inactivity.

8. How can you erase, rectify, complete or amend your personal data?

The Agency is keen to collect and process accurate personal data and to keep it updated.

You may request the erasure, rectification, completion or amendment of your personal data if, and to the extent that it is inaccurate or incomplete, having regard to the purposes for which they are collected and processed, or if they are processed in violation with the principles referred in ESA PDP Framework.

If you choose to make a request for the erasure of personal data, you understand and agree that you will not receive newsletters, updates, event invitations and notifications from BSGN and related Commercialisation and Innovation activities carried out by ESA.

The above-mentioned request should be submitted to the ESA DPO, as first point of contact, by sending an email to: dpo@esa.int

Copy to: bsgn@esa.int

You may also be allowed access to your personal data and have the possibility to erase, rectify, complete or amend it by

clicking “unsubscribe” in the e-mails you receive,
deleting your profile on the website,
by sending an e-mail with your request to bsgn@esa.int.

9. What could you do in case of a data protection incident?

In case of a data protection incident, you should contact ESA DPO, as first point of contact, by sending an email to: dpo@esa.int

In case you wish to submit a complaint, you are required to comply with the Rules of Procedure of the Supervisory Authority set forth by ESA PDP Framework. You will be required to demonstrate that a data protection incident occurred in relation to your personal data, following a decision of the Agency or at least to justify serious reasons to believe that such incident occurred.

10. Your consent

For those cases where your consent was not already obtained by ESA (including by other modalities) and is required under the ESA Framework on Personal Data Protection, you agree with the collection and further processing of your personal data by clicking on “Accept Privacy Policy”, entering and submitting your e-mail address on bsgn.esa.int.

You will be able to withdraw your consent depending on the modality used to collect your personal data, in particular by unsubscribing to the mailing list via the “unsubscribe” link in the e-mails you receive, or via sending an e-mail with your request to bsgn@esa.int.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	12 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	12 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Statistics".
cookielawinfo-checkbox-necessary	12 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Necessary".
CookieLawInfoConsent	12 months	The cookie is used to record the acceptance to part of or to all the cookie purpose categories.
viewed_cookie_policy	12 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_pk_id.	13 months	This cookie is set and used by Matomo to keep track of returning visitors.
_pk_ref.	6 months	This cookie is set and used by Matomo to keep track of the visit source.
_pk_ses.	30 minutes	This cookie is set and used by Matomo to keep track of the current session.
mtm_consent	30 years	The cookie is set by Matomo to record the user consent for the cookies in the category "Statistics".