Rapid Action for Citizens with Earth Observation

Introduction

The European Space Agency (herein the “Agency” or “ESA”) is an intergovernmental organisation established by its Convention opened for signature in Paris on 30 May 1975 having its headquarters located at 24 rue du Général Bertrand, CS 30798, 75345 Paris Cedex 07, France. Protection of Personal Data is of great importance for ESA, which strives to ensure a high level of protection as required by the ESA Framework on Personal Data Protection (herein the “ESA PDP Framework”) which applies in this field. ESA implements appropriate measures to preserve the rights of data subjects, to ensure the processing of personal data for specified and legitimate purposes, in a not excessive manner, as necessary for the purposes for which the personal data were collected or for which they are further processed, in conditions protecting confidentiality, integrity and safety of personal data and generally to implement the principles set forth in the PDP Framework, available at: http://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations

ESA PDP Framework is composed of the following elements:

  • the Principles of Personal Data Protection, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017;

  • the Rules of Procedure for the Data Protection Supervisory Authority, as adopted by ESA Council Resolution (ESA/C/CCLXVIII/Res.2 (Final)) adopted on 13 June 2017; and

  • the Policy on Personal Data Protection adopted by Director General of ESA on 5 February 2018 and effective on 1 March 2018. This notice is intended to inform you, as data subject, about:

  • the identity of the data controller and contact details of ESA Data Protection Officer (“DPO”);

  • the type of personal data which is collected and processed;

  • the modalities of collection of personal data;

  • the purpose of the collection and processing;

  • the recipients (if any) to whom the personal data of the data subject shall be disclosed;

  • the time-limits for storing the personal data;

  • the practical modalities of exercising the rights of the data subject under the ESA PDP Framework. This notice also enables ESA to obtain your consent relating to the collection and further processing of your personal data, under ESA PDP Framework.

This notice was last updated on 22 July 2021.

(1) Who is the Data Controller?

Your personal data are collected and further processed as shown below upon the decision taken by ESA as Data Controller.

(2) What are the contact details of ESA Data Protection Officer?

According to ESA PDP Framework, your first point of contact concerning personal data matters is the ESA Data Protection Officer (“DPO”), who may be contacted at DPO@esa.int

(3) What kind of personal data about you are collected and further processed?

The personal data which may be collected and further processed for the purposes mentioned below are in particular:

  • Name, Email
  • Domains of Interest

You are required not to send to the Agency any sensitive information (including information that indicate, directly or indirectly, the personnel’s ethnic origin, political opinions, adhesion to unions, parties etc., health situation, sexual orientation).

(4) How are your personal data collected or further processed?

Your personal data is collected via the information you give when filling in the “Save this Dashboard” form on this web site: https://race.esa.int.

(5) Why are your personal data collected and further processed?

Your personal data are collected and further processed to:

  • Provide you with the permanent links to your custom Dashboard configurations
  • Inform you about new features added to the Dashboard
  • Inform you about competitions and events organised by ESA to promote the use of the dashboard and its data.

In addition, the principles set forth in Article 5 of the Policy on Personal Data Protection will be complied with.

(6) What is the legitimate purpose for processing your personal data?

Your personal data will be collected because it is necessary for:

  • the website’s management and functioning
  • for security

Your personal data will be collected only based on your prior consent, i.e. if you use this tool.

(7) To whom might we disclose your personal data?

The Agency may disclose your personal data to any of the following third-party recipients for the fulfilment of all or part of the purposes of the collection and processing of personal data, which are mentioned below:

EOX IT Services GmbH (Austria) https://eox.at/

The Agency does not consider your personal data as an asset for sale and, thus, does not sell your personal data to any third parties.

(8) How long do we retain your personal data for?

The Agency may keep your personal data for as long as necessary for the fulfilment of the above-mentioned purposes, and in no case for longer than one month after your relationship with ESA has finished or you have requested the erasure of your personal data. The same retention applies to the data processor, mentioned below: Process: EOX IT Services GmbH (Austria) https://eox.at/

ESA Matomo First party (ESA)

(9) How can you access, erase, rectify, complete or amend your personal data?

The Agency is keen to collect and process accurate personal data and to keep it to date. You may request the access, erasure, rectification, completion or amendment of your personal data if, and to the extent that it is inaccurate or incomplete, having regard to the purposes for which they are collected and processed, or if they are processed in violation with the principles referred in ESA PDP Framework. If you choose to make a request for the erasure of personal data, you understand and agree that you will not be able to use this web site. The above-mentioned request should be submitted to the ESA DPO, as first point of contact, by sending an email to: dpo@esa.int You may also be allowed access to your personal data and have the possibility to erase, rectify, complete or amend it by sending an email to: dpo@esa.int

(10) What could you do in case of a data protection incident?

In case of a data protection incident, you should contact ESA DPO, as first point of contact, by sending an email to: dpo@esa.int In case you wish to submit a complaint, you are required to comply with the Rules of Procedure of the Supervisory Authority set forth by ESA PDP Framework. You will be required to demonstrate that a data protection incident occurred in relation to your personal data, following a decision of the Agency or at least to justify serious reasons to believe that such incident occurred.

The processing of personal data described in this privacy notice is based on users’ consent. Users can provide their consent by accepting this privacy notice (selecting the ‘I accept’ checkbox) prior to submit the registration form. Users can withdraw such consent by requesting ESA to stop the processing. This will not affect the legitimacy of the personal data processing that took place prior to the withdrawal of user consent.

Users will be able to withdraw their consent at any time:

If users choose to withdraw their consent, they understand and agree that they will no longer be able to use this web site.

ESA Web Analytics Cookies

ESA Webanalytics is an ESA IT corporate service applied to monitor the performance of ESA websites. It draws on Matomo, an open-source analytics platform, fully controlled and privacy-configured by the ESA, to protect personal data. Matomo aggregated data: refers to accumulated (aggregated) data derived from a large number of visitors. Individual visitor's data cannot be retrieved from the aggregated form. It is used to understand more general visitor behaviours, transitions, preferences. This aggregated data is processed by Matomo in the following functionalities: Locations, Devices, Software, Times, Dashboard. Behaviours, Visitors' summary. In order to comply with full anonymity requirements, the "Visits' log" and "Real-time" menu in the master configuration of the service "ESA Web Analytics" were disabled, with the consequence that end-users would only have access to aggregated data.

Protection of Personal Data and ESA Web Analytics

ESA controls the data. ESA Web Analytics is configured to use the race.esa.int and stores first-party cookies on ESA premises in Europe. Cookies (drawing on Matomo) applied by ESA Web Analytics track website visitors for the purpose of reporting on visitor actions in aggregated statistics reports (that exclude personal data) as follows:

  • IP address: the IP address is gathered from visitors but directly masked up to the last 2 bytes before it is stored and written into the Matomo database, meaning that the specific IP address of a user (in its full form) is never stored on ESA servers.
  • Location: ESA is not able to locate individual visitors up to the country/region level. This category of data is mainly used in the "Real-time map" functionality of Matomo. This data is thus "aggregated”.
  • "Visitor's log": displays the history of the monitored pages which have been visited by an individual visitor over a period of time (maximum 6 months due to limitation of cookie pk_id). This category refers to data which helps to retrieve individual data of a visitor (even if the identity of the visitor remains unknown).
  • Title of the page being viewed (Page Title);
  • URL of the page being viewed (Page URL);
  • URL of the page that was viewed prior to the current page (Referrer URL);
  • Screen resolution of user's device;
  • "Real-time" is offers the possibility to see the live activity of individual visitors on the monitored website. This category refers to data which helps to retrieve individual data of a visitor (even if the identity of the visitor remains unknown).
  • Files that were clicked and downloaded (Download);
  • Links to an outside domain that were clicked (Outlink);
  • Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the visitor: Page speed);
  • Main language of the browser used (Accept-Language header);
  • Browser version, browser plugins (PDF, Flash, Java, …) operating system version, device identifier (User-Agent header);
  • Language of the visited page;
  • Campaigns;
  • Site Search;
  • Events.

To improve the accuracy of the produced reports, information is also stored in a first-party cookie from the ESA website and then collected by ESA Web Analytics:

  • Random unique Visitor ID;
  • Time of the first visit for the specific visitor;
  • Time of the previous visit for the specific visitor;
  • Number of visits for the specific visitor.

ESA Web Analytics uses the following cookies:

Cookie Name First Party or Third Party cookie? Session or Persistent cookie? Type of personal data collected Purpose Expires
_pk_id First party (Matomo) Persistent Contains a visitor id used to identify unique visitors Used to store a few details about the user such as the unique visitor ID 6 months
_pk_ref First party (Matomo) Persistent To identify from where they came Used to store the attribution information, the referrer initially used to visit the website 6 months
_pk_ses, _pk_cvar, _pk_hsr First party (Matomo) Persistent None Short lived cookies used to temporarily store data for the visit 30 minutes
_pk_testcookie First party (Matomo) Session None Used to check whether the visitor’s browser supports cookies Is created and should be then directly deleted

ESA collects information for production of anonymised statistics, by default ESA Web Analytics does not track user browsing.

Disclosure and access to information

ESA Web Analytics (Matomo) reports are accessed by ESA staff or EOX IT Services GmbH (Austria) https://eox.at/, to maintain relevant systems. All analytics data communication is encrypted via HTTPS protocol.

The cookies used on this website can be disabled by following your browser instructions, in the “Help,” “Tools” or “Edit” menu of the browser.

Contact

You may address requests for information on ESA Web Analytics data or the ESA cookie policy to the webmaster: eodash@esa.int and questions concerning the processing of personal data to the ESA DPO: dpo@esa.int.

We use cookies which are essential for you to access our website and/or to provide you with our services and allow us to measure and improve the performance of our website. Learn more.