CopPhil Privacy Policy
Released by:
European Space Agency, as Data Controller
Addressed to:
individuals whose personal data is collected and processed
The European Space Agency (herein the “Agency” or “ESA” or “We”) is committed to protect Personal Data in line with the ESA Framework on Personal Data Protection (herein the “ESA PDP Framework”) available at:
http://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations
composed by:
- The Principles of Personal Data Protection adopted by ESA Council on 13 June 2017.
- The Rules of Procedure for the Data Protection Supervisory Authority adopted by ESA Council on 13 June 2017.
- The Policy on Personal Data Protection (including its Annex “Governance Scheme of the Agency’s Personal Data Protection”) adopted by Director General of ESA on 1 March 2022 (“ESA PDP Policy”).
This notice is intended to describe why and how Your personal data are collected and processed by, or on behalf of, ESA, as Data Controller, upon initiative of ESA EOP-S Department, as well as what rights You have in relation to Your personal data. It also informs You about the contact details of the Data Protection Officer. This privacy notice was last updated on 31-01-2024. It must be read in conjunction with the ESA PDP Framework and other privacy notices referred to herein.
The main objective of the CopPhil initiative is to facilitate the uptake of Copernicus data in the Philippines with an initial thematic focus on disaster risk reduction and recovery. The CopPhil initiative is an integral part of the EU Global Gateway strategy and will rely on close cooperation between the European Commission (DG-INTPA) and ESA, with the Philippine Space Agency (PhilSA) and the Philippine Department of Science and Technology (DOST) as partners. This international cooperation expressly encourages collaboration and joint consortia across the European and Philippine regions.
ESA process your personal data to organise and manage the events (Workshops, Trainings, Conferences, Symposia…) held on ESA premises, online or in the Philippines, and to register you as user of the CopPhil Centre, commissioning CLS Group as Processor. ESA is Controller for personal data related to selection of attendants, keynote speakers and users of CopPhil, when ESA processes such data. For these purposes only as well as for the purposes mentioned in Article 5 of ESA Policy on Personal Data Protection, ESA is Data Controller. ESA does not instruct any third party to conduct any web analytics, profiling, or any other processing on ESA’s behalf, other than the purposes mentioned.
Members of selection committees or bodies that select attendants, keynote speakers or users of CopPhil may act as separate Controllers and may be in territories not having an Adequate Level of Protection. Please refer to the privacy notices of the separate controllers for information on their practices.
In the case of CopPhil, Software (SW) for registration of users will be used in the Philippines. ESA as Controller commissions CLS Group as processor to develop the software. ESA requests your consent to transfer the personal data in the software to the national institutions that will run the SW in the Philippines, or other institutions involved. Those institutions shall become the sole controller for the personal data processed outside of the EU and for the use of the SW after the transfer has taken place. You have the right to decline the transfer of your personal data by informing Bruno Coulon (bcoulon@groupcls.com).
ESA is separate Controller to the European Commission for the processing ESA performs. ESA acts as Controller for the procurement activities and commissions Processors to process personal data for providing training, registration and networking activities. ESA instructs the Processors to process personal data in territories having an Adequate Level of Protection also for sub-processing.
Should ESA transfer personal data to territories not having an Adequate Level of Protection, e.g. for networking, user registration or other purposes, then for those specific transfers, ESA requests the Data Subject for consent for the specific transfer of their full name and email, to third parties in the Philippines for the purpose of networking, user registration or other purposes based on your legitimate interest in relation to a contract entered into in the interest of the Data Subject between ESA and a third party.
Social media, LinkedIn, Twitter, external websites, etc., may be used to publish photographs, video recordings or interviews or information related to the events. These act as separate Controllers, each responsible for their personal data processing activities, please consult their privacy notices and websites for further information. You have the right to decline your participation in such processing.
1. What are the relevant contact details for this notice?
The ESA Data Protection Officer (“DPO”) may be contacted in line with the ESA PDP Framework at DPO@esa.int or: ESA Headquarters; Data Protection Officer; 8-10 RUE MARIO NIKIS; CS 45741; 75738 PARIS CEDEX 15; FRANCE.
As the collection and processing concerned by this notice is performed upon initiative of the ESA EOP-S Department, questions may also be addressed to: Bruno Coulon (bcoulon@groupcls.com).
2. What kind of personal data are collected and further processed?
ESA collects and processes a variety of Your personal data and may require You to provide personal data for the purposes mentioned further below. Depending on the purpose for which they are collected and further processed, the personal data may include:
- Identity Data: including names, nationality, passport number or other official identity number, country of residence;
- Contact information: including address, email address and telephone number;
- Professional information: including job title and address;
- Technical data, including online identifiers: for example, internet protocol (IP) address or domain names of the devices utilised, login data, browser type and version, uniform resource identifier (URI) address, time zone setting and location, browser plug-in types and versions, ESA or other operating system and platform and other technology on the devices you are using – collected when you access our Website, our electronic portals and platforms which we offer or which we have agreed with you to use or made available to you where you have agreed to their use;
- Photo: including photographs, likeness, image, where you have consented;
- Audio-video recording, statements, interviews, where you have consented;
- CCTV (“close circuit television”) and physical security data: CCTV footage and other information relating to access of our facilities obtained through electronic means;
- Financial data: bank account number, payment card details;
- Social media data: when you are an user of social media and depending on the circumstances or the social media in question, the personal data that we may collect are derived from:
- Your user profile, e.g. Your profile picture published on social media, your nickname or avatar);
- Your interactions (e.g. engagement, reach and sentiment, comments, shares of users on a specific topic, networks and connections) on the social media or other information related to your habits, hobbies, interests, professional and educational background etc.;
- Your online identifiers, including Technical Data related to your social media use;
- Personal data processed via third-party platform, app or a website (connected to social media platform) that may be obtained when a user visits or uses their services;
- The audiovisual content that might be published on the social media platforms; this may include information in or about the content provided by a user (e.g., metadata), such as the location / date of a photo, voice recordings, video recordings, or an image of a data subject;
- Other personal information You may disclose via the social media or in the use thereof.
- Other personal information You may provide, in particular content of exchanges with the Agency, as for instance dietary preferences, assistance requests, requests for helpdesk services;
- Sensitive personal data subject to ESA PDP Framework. ESA does not require you to provide special categories of personal data, e.g., sensitive personal data about health, religion, philosophical beliefs, or disabilities. If you do provide such data, it is only processed for providing disability support or essential dietary requirements upon your explicit request.
3. How are Your personal data collected or further processed?
ESA commissions the Processors, CLS, to organise events (Workshops, Trainings, Conferences, Symposia…) and user registrations on the CopPhil Centre.
ESA Processor: CLS processes personal data under ESA contract in Europe.
4. Why are Your personal data collected and further processed?
ESA processes the personal data of participants for the following purposes: managing invitations, registrations, participation requests, facilitating remote participation and distribution of the list of participants, managing on premises presence, badges and identity verification for security, promoting the event in social media, networking, managing the CopPhil Centre user’s registry. ESA also processes personal data of participants for reporting on the event, to distribute presentations to participants and potentially for satisfaction surveys. Where you have consented, ESA may keep your contact details in order to invite you to future similar events or future meetings within the scope of the activity. Your personal data may be accessed by the ESA event organisation team and service providers under ESA contract, ESA workforce members of the EOP-S team.
We collect and process Your personal data because it is necessary for the activities conducted to fulfil Our purpose, which is “to provide for and to promote, for exclusively peaceful purposes, cooperation among European States in space research and technology and their space applications, with a view to their being used for scientific purposes and for operational space applications systems” (as per ESA Convention). We serve the public interest, and we seek to foster the public interest in space activities and programmes. All the processing carried out by, or on behalf of, ESA upon initiative of the EOP-S Department falls in this general purpose and, in particular, into one of the reasons permitted under ESA PDP Framework, in particular under ESA PDP Policy. ESA initiates webinars, conferences, symposia, events and workshops for the purpose of promoting the space industry and enhancing collaboration. Video recordings are created to enable those not present at the event or the interested public to view it for educational purposes via ESA social media or websites, etc. In any case, we do not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or legally permitted.
5. On what legal grounds do We collect and process Your data?
We process Your personal data pursuant to the ESA PDP Framework, in particular pursuant to Article 5 of the ESA PDP Policy, for fair, specified and legitimate purposes or for purposes compatible therewith. The processing of your personal data by ESA for this event is lawful as it is necessary for the performance of a task carried out in the public interest.
Generally, the processing referred to in this notice falls under Article 5.2.1.i. of the ESA PDP Policy, i.e.:
- for the performance of an activity carried out by the Agency within its purpose and in the framework of, and in conformity with, the ESA Convention, the Policy on Personal Data Protection adopted by Director General of ESA on 1 March 2022 “Agreement between the States Parties to the Convention for the establishment of a European Space Agency and the European Space Agency for the protection and the exchange of classified information” done in Paris on 19 August 2002, and the applicable rules and procedures, including ESA Security Regulations and Directives; this includes Processing necessary for the Agency’s management and functioning, Dispute Resolution Procedure, and or Investigation Procedures; or
- compliance with a legal obligation to which the Agency is subject; or
- a task in the frame of the Agency’s cooperation with the competent authority of Member States, in order to facilitate the proper administration of justice; or
- for security; or
- for the performance of a contract concluded by the Agency within its purpose in relation with an activity carried out by the Agency in the framework of, and in conformity with, the ESA Convention and the applicable rules and procedures; or
- for Your legitimate interest; or
- for purposes covered by Your Consent, where applicable, as it may be obtained from You under a separate document (e.g., Consent form).
In addition, We may process Your data under Article 5.2.2 of the ESA PDP Policy concerning Sensitive Personal Data, i.e. when the processing:
- is covered by the Consent of the Data Subject; or
- relates to Sensitive Personal Data which are manifestly made public by any means (for instance, social media) by the Data Subject; or
- is necessary for:
- the protection of the vital interests of the Data Subject or of another natural person where the Data Subject is physically or legally incapable of giving Consent; or
- Dispute Resolution and Investigation Procedures; or
- the protection against serious threats to security or individual or public health.
Other ESA Rules and Regulations may serve as legal basis, as they may be indicated to You in additional notices, as appropriate.
Depending on the situation, we may consider that your consent is given by various modalities and may result from affirmative motions (e.g., swiping on a screen), browser settings, written statements, filling an electronic online form, sending an email, uploading a scanned document with their signature, using an electronic signature and other modalities that may appear in the future.
6. In which circumstances may We transfer or provide access to Your personal data?
Where relevant, We may disclose Your personal data to recipients (e.g. ESA staff members, advisors, contractors), under a “need to know” principle, for carrying out the processing operations referred to in this notice. They are generally located in the European Union, the European Economic Area or in countries that offer an adequate level of protection equivalent to that offered within the European Union and the European Economic Area (e.g. Argentina, Canada, Japan, Switzerland, United-Kingdom).
When the third-party data recipients are located in a country or international organisation not offering an adequate level of protection (e.g. Australia, United States, etc.), We will not proceed to the transfer of Your data unless You consented to it or unless the conditions set forth in ESA PDP framework (see Article 5.3 of ESA PDP Policy) are fulfilled. As appropriate, We take adequate safeguards (e.g. via appropriate contractual clauses) in order to obtain from third-party recipients a level of protection equivalent to that offered within the European Union and the European Economic Area.
In case of transfer of personal data to the United States or other countries not offering an adequate level of protection, transfer may expose You to certain risks, in particular the risk of profiling, the risk that the applicable legal framework may allow further processing of the personal data and that any given consent may not always be withdrawn. You may be provided with information regarding the privacy notices of separate controllers of personal data either herein or elsewhere in Our communications to you. In exceptional cases, for instance in case of a criminal offence evidenced by the collection or processing of data, we may share the said data with the appropriate authorities or bodies, including the ones having an investigative role or the ones involved in the concerned legal proceedings.
Your contact details (Name, E-Mail Address) may be shared with other participants at the event if you have indicated your interest in sharing these when registering for the conference or adding your name to a list for the purpose of sharing contact details.
Indra, as ESA Processor, processes personal data in EEA. Your personal data may be transferred to territories not having an Adequate level of Protection for networking purposes, Workshops, Trainings, Conferences, Symposia and within the context of the transfer of software and user data.
7. How long do We retain Your personal data for?
Your data are stored for the shortest time possible, taking into account the reasons why we need to process Your data, as well as all legal obligations applicable to the Agency. The Agency established time limits to erase or review the data stored. Retention periods applied by the Agency are proportionate to the purposes for which they were collected. Thus, the Agency will keep Your personal data for as long as necessary for the fulfilment of those purposes, which will be at least for the duration mentioned in the Table below. Your Personal Data is deleted upon expiry of the applicable retention period. By way of exception, We may keep Your personal data for a longer period, for archiving purposes in the public interest or for reasons of scientific or historical research, being reminded that appropriate technical and organisational measures are put in place (e.g. anonymisation, encryption, etc.).
Personal Data |
Retention |
ESA internal systems |
Up to 10 years. |
Name, email transferred by ESA to separate Controllers in Territories not having an Adequate Level of Protection based on your consent |
ESA: 5 years, after the end of the activity, then deletion. Separate Controllers: please refer to the privacy notice of the Controller. |
ESA Records of consent |
5 years after the end of the activity. |
Photos, video recordings on websites and social media |
Please refer to the privacy notice of the separate Controllers. |
Dropbox / ESA OneDrive |
For the duration of the legitimate purpose, thereafter deleted. |
ESA held scientific/technical papers, photos, recordings |
Permanent retention for historic/ research purposes, ESA Archives. |
Transferred software: name, email, system logs |
For the duration of the activity as defined by the data recipient as separate Controller. Please refer to their separate privacy notice. |
To the extent your personal data are collected via a web account, You have the possibility to delete the personal data as well as the account in your account’s settings.
8. How do We protect and safeguard Your personal data?
All processing operations are carried out pursuant to ESA Rules and Regulations, including ESA PDP Framework and ESA Security Regulations. In particular, the Agency collects and processes personal data in conditions protecting confidentiality, integrity, and security of personal data.
In order to protect Your personal data, ESA has implemented a number of technical and organisational measures against the risks of loss as well as against unauthorised access, destruction, use, modification or disclosure of personal data, in particular when such risks concern sensitive personal data. These measures take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. They may include, as appropriate, the pseudonymisation and encryption of personal data.
9. What are Your rights as data subject and how can you exercise them?
Under conditions detailed in the ESA PDP Framework, You have:
- the right to be informed about the identity of the data controller, the contact details of the data protection officer, the purpose of the data processing, the data recipients to whom the personal data shall be disclosed, the rights of rectification or erasure of his/her data, the storage time-limits (if any), the practical modalities of exercising the rights, etc. ; this is the purpose of this privacy notice and any other notice referred to herein;
- the right to access the personal data We process about You,
- the right to have Your personal data erased, rectified, completed;
- the right to lodge a complaint before the Supervisory authority, in accordance with the latter’s rules of procedure, in case You demonstrate or have serious reasons to believe that a data protection incident occurred in relation with Your personal data, following a decision of the Agency.
Note however that We may not erase Your personal data in case the processing is based on the performance of a legal obligation of ESA or where such data is necessary for the establishment, exercise, or defence of legal claims.
When the processing of Your personal data is based on Your consent and unless a specific case applies (e.g. see Article 6 above), You have also the right to withdraw Your consent.
You may wish to withdraw Your consent or to exercise any of the above-mentioned rights, by sending a request explicitly specifying Your query to the ESA DPO via e-mail at DPO@esa.int or addressed to the: ESA Headquarters, Data Protection Officer, 8-10 RUE MARIO NIKIS, CS 45741 75738 PARIS CEDEX 15, FRANCE via postal service. You may be requested to provide additional information to confirm your identity and/or to assist ESA to locate the data You are seeking. Please note that withdrawing consent does not affect the lawfulness of any processing based on the consent given before this consent is withdrawn. In cases where a participants’ request to the ESA relates to the processing of personal data by a separate Controller, it will be forwarded to the separate Controller and vice versa.
10. ESA Contractors
ESA may enter into contracts with various contractors who, with regard to Your Personal Data and depending on the contract concluded with ESA, may act either as a separate Data Controller or as a Data Processor.
- To the extent such contractor act as a separate Data Controller, the separate privacy notice of the contractor will apply for the purposes of collection and processing decided by the contractor.
- To the extent such contractor act as a Data Processor, this privacy notice applies for the purposes of collection and processing decided by ESA.
11. Third Party Providers and Social Media
ESA may use third party IT Providers or social media for information purposes or to promote an activity (meeting, event, recruitment campaign, etc.). ESA websites may provide links to social media and videos may be made available on ESA social media pages. It is up to You to decide whether You wish, or not, to have access and use those IT tools and social media, in consideration of the fact that they are governed by terms and conditions, including privacy notices, that are not under ESA control and that they may disclose data to territories that do not provide an equivalent protection. If You do not want Your data to be processed by such IT tools or social media, You may decide not to register as user or otherwise accept the applicable third party terms and conditions. Non-essential cookies may be used to process your Personal Data. You may decline such cookies and/or configure your browser privacy and security settings to manage cookies.
Where you have consented to the processing of images/ video recordings taken during the event, upon registering to the event, ESA may process these for archiving purposes and to share them on their social media accounts (e.g., ESA Twitter, ESA LinkedIn, ESA public websites, YouTube, etc.). Please note nevertheless that, if personal data or information is disclosed online, it may be used by third parties for their own purposes, within their platforms and or shared, and at times without informing ESA and it may not be possible for us, apart from any implemented safeguards, to ensure removal of your data from the Internet.
Disclaimer regarding exterior Links, cookies, third parties and Endorsement: websites in the ESA.int domain and ESA associated websites may hold links to external websites in domains not having an Adequate Level of Protection, which may not be maintained by ESA or be under ESA control and for which ESA, is not responsible. If you decide to click on a link to an external website, you leave the ESA domain and become subject to privacy, cookies and legal policies of the external website as separate Controllers, outside the control and responsibility of ESA.
Endorsement disclaimer: ESA websites may offer linked references to external resources or websites or online services, to provide further information, however, linked references, services, information and their providers/organisations are not endorsed by ESA. ESA websites may provide links to third-party sites. To use third party content on ESA websites, may require acceptance of their specific terms and conditions, involving their cookie policies for which ESA has no control.
ESA webpages may provide content from external providers, e.g., YouTube, Facebook, Twitter, etc. Viewing such third-party content means that you must agree to their terms and conditions and their cookies. ESA has no control over these. If you do not want third-party cookies to be installed on your device, you do not have to view this content.
Please note that if information also comprising personal data, is uploaded online (for example, published on social media), it can be used by third parties for their own purposes, on their platforms, and every so often without ESA having been informed. In such cases, ESA, despite any implemented safeguards may not be able to ensure removal from the internet.
12. Your consent
The processing of personal data is described in this privacy notice. Where consent is required, You may provide your consent by accepting this privacy notice (selecting the ‘I accept’ checkbox) prior to submitting the registration form.
ESA invites you to register for this event, which takes place at various premises in Latin America, Europe and/or online. By submitting your personal information/ by participating in this event, you agree to ESA Framework on Personal Data Protection and to the processing of your Personal Data by, or on behalf of ESA. We encourage you to read the privacy notice which informs you about the processing of your personal data, before providing your consent. For any questions, please email: DPO@esa.int By registering, I accept and consent to:
- the processing of my Personal Data for participation in this event;
- the use of my contact details by ESA to invite me to future events (workshops, for conference follow-up activities, trainings, conferences, surveys and newsletters on conference related topics…);
- the disclosure of my contact details by ESA to third parties in territories not having an Adequate Level of Protection for networking and further related purposes within the scope of this training activity as well as for the transfer of software and my related personal data;
- the disclosure of my contact details to the conference participants;
- be photographed / video recorded;
- the public publication in any/specific media of the photographs / video recordings/ presentations with my contact details in which I am included;
- As Speaker, I agree to be photographed / video recorded and to have this published in any/specific media to promote the ESA conference;
- As Speaker, have my name, surname and title of my paper published publicly in the social media, and on public websites;
- the processing and publishing of my personal data on publicly available social media, websites, or for ESA promotional materials.