Skip to content
Privacy Policy

BLUERISM

Privacy Policy

Released by:

European Space Agency, as Data Controller

 

Addressed to:

individuals whose personal data is collected and processed

 

The European Space Agency (herein the “Agency” or “ESA” or “We”) is committed to protect Personal Data in line with the ESA Framework on Personal Data Protection (herein the “ESA PDP Framework”) available at: http://www.esa.int/About_Us/Law_at_ESA/Highlights_of_ESA_rules_and_regulations composed by:

  • The Principles of Personal Data Protection adopted by ESA Council on 13 June 2017.
  • The Rules of Procedure for the Data Protection Supervisory Authority adopted by ESA Council on 13 June 2017.
  • The Policy on Personal Data Protection (including its Annex “Governance Scheme of the Agency’s Personal Data Protection”) adopted by Director General of ESA on 1 March 2022 (“ESA PDP Policy”).

This notice is intended to describe why and how Your personal data are collected and processed by, or on behalf of, ESA, as Data Controller, upon initiative of ESA EO Science, Applications and Climate Department, as well as what rights You have in relation to Your personal data. It also informs You about the contact details of the Data Protection Officer. This privacy notice was last updated on 01-04-2025. It must be read in conjunction with the ESA PDP Framework and other privacy notices referred to herein.

The main objective of BLUERISM is to facilitate the uptake of Copernicus data for coastal leisure and tourism activities with an initial thematic focus on four use cases. The BLUERISM initiative is implemented by the consortium of CLS, EOMAP and Novaspace in close cooperation with ESA.

When you contact us via the “Contact Us” function, we collect and process your personal data

The consortium (Processor) processes your personal data to respond to your inquiries and provide the requested information or assistance. The legal basis for this processing is our legitimate interest in addressing your requests. ESA is Controller for personal data. For these purposes only as well as for the purposes mentioned in Article 5 of ESA Policy on Personal Data Protection, ESA is Data Controller. ESA does not instruct any third party to conduct any web analytics, profiling, or any other processing on ESA’s behalf, other than the purposes mentioned.

  1. What are the relevant contact details for this notice?

The ESA Data Protection Officer (“DPO”) may be contacted in line with the ESA PDP Framework at DPO@esa.int or: ESA Headquarters; Data Protection Officer; 8-10 RUE MARIO NIKIS; CS 45741; 75738 PARIS CEDEX 15; FRANCE.

Questions may also be addressed to the DPO of Novaspace, Trilateral Research Ltd, which can be contacted at privacy@Novaspace.partners or Trilateral Research, Marine Point (2nd Floor), Belview Port, Waterford, X91 W0XW, Ireland

  1. What kind of personal data are collected and further processed?

ESA collects and processes a variety of Your personal data and may require You to provide personal data for the purposes mentioned further below. Depending on the purpose for which they are collected and further processed, the personal data may include:

  • Identity Data:including names;
  • Contact information:including email address;
  • Professional information:including job title;
  • Technical data, including online identifiers:for example, internet protocol (IP) address or domain names of the devices utilised, login data, browser type and version, uniform resource identifier (URI) address, time zone setting and location, browser plug-in types and versions, ESA or other operating system and platform and other technology on the devices you are using – collected when you access our Website, our electronic portals and platforms which we offer or which we have agreed with you to use or made available to you where you have agreed to their use;
  • Social media data:when you are an user of social media and depending on the circumstances or the social media in question, the personal data that we may collect are derived from:
    • Your user profile, e.g. Your profile picture published on social media, your nickname or avatar);
    • Your interactions (e.g. engagement, reach and sentiment, comments, shares of users on a specific topic, networks and connections) on the social media or other information related to your habits, hobbies, interests, professional and educational background etc.;
    • Your online identifiers, including Technical Data related to your social media use;
    • Personal data processed via third-party platform, app or a website (connected to social media platform) that may be obtained when a user visits or uses their services;
    • The audiovisual content that might be published on the social media platforms; this may include information in or about the content provided by a user (e.g., metadata), such as the location / date of a photo, voice recordings, video recordings, or an image of a data subject;
    • Other personal information You may disclose via the social media or in the use thereof.
  • Other personal information You may provide, in particular content of exchanges with the Agency, as for instance assistance requests, requests for helpdesk services;
  • Sensitive personal data subject to ESA PDP Framework. ESA does not require you to provide special categories of personal data, e.g., sensitive personal data about health, religion, philosophical beliefs, or disabilities.
  1. How are Your personal data collected or further processed?

ESA commissions the Processors, CLS, EOMAP and Novaspace to set up a website and to respond to user enquiries.

  1. Why are Your personal data collected and further processed?

ESA processes the personal data to promote the consortium work on social media. Where you have consented, ESA may keep your contact details in order to invite you to future events or meetings within the scope of the activity. Your personal data may be accessed by ESA and service providers under ESA contract.

We collect and process Your personal data because it is necessary for the activities conducted to fulfil Our purpose, which is “to provide for and to promote, for exclusively peaceful purposes, cooperation among European States in space research and technology and their space applications, with a view to their being used for scientific purposes and for operational space applications systems” (as per ESA Convention). We serve the public interest, and we seek to foster the public interest in space activities and programmes. All the processing carried out by, or on behalf of, ESA falls in this general purpose and, in particular, into one of the reasons permitted under ESA PDP Framework, in particular under ESA PDP Policy. In any case, we do not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or legally permitted.

  1. On what legal grounds do We collect and process Your data?

We process Your personal data pursuant to the ESA PDP Framework, in particular pursuant to Article 5 of the ESA PDP Policy, for fair, specified and legitimate purposes or for purposes compatible therewith. The processing of your personal data by ESA for this activity is lawful as it is necessary for the performance of a task carried out in the public interest.

Generally, the processing referred to in this notice falls under Article 5.2.1.i. of the ESA PDP Policy, i.e.:

  1. for the performance of an activity carried out by the Agency within its purpose and in the framework of, and in conformity with, the ESA Convention, the Policy on Personal Data Protection adopted by Director General of ESA on 1 March 2022 “Agreement between the States Parties to the Convention for the establishment of a European Space Agency and the European Space Agency for the protection and the exchange of classified information” done in Paris on 19 August 2002, and the applicable rules and procedures, including ESA Security Regulations and Directives; this includes Processing necessary for the Agency’s management and functioning, Dispute Resolution Procedure, and or Investigation Procedures; or
  2. compliance with a legal obligation to which the Agency is subject; or
  3. a task in the frame of the Agency’s cooperation with the competent authority of Member States, in order to facilitate the proper administration of justice; or
  4. for security; or
  5. for the performance of a contract concluded by the Agency within its purpose in relation with an activity carried out by the Agency in the framework of, and in conformity with, the ESA Convention and the applicable rules and procedures; or
  6. for Your legitimate interest; or
  7. for purposes covered by Your Consent, where applicable, as it may be obtained from You under a separate document (e.g., Consent form).

In addition, We may process Your data under Article 5.2.2 of the ESA PDP Policy concerning Sensitive Personal Data, i.e. when the processing:

  1. is covered by the Consent of the Data Subject; or
  2. relates to Sensitive Personal Data which are manifestly made public by any means (for instance, social media) by the Data Subject; or
  • is necessary for:
    1. the protection of the vital interests of the Data Subject or of another natural person where the Data Subject is physically or legally incapable of giving Consent; or
    2. Dispute Resolution and Investigation Procedures; or
    3. the protection against serious threats to security or individual or public health.

Other ESA Rules and Regulations may serve as legal basis, as they may be indicated to You in additional notices, as appropriate.

Depending on the situation, we may consider that your consent is given by various modalities and may result from affirmative motions (e.g., swiping on a screen), browser settings, written statements, filling an electronic online form, sending an email, uploading a scanned document with their signature, using an electronic signature and other modalities that may appear in the future.

  1. In which circumstances may We transfer or provide access to Your personal data?

Where relevant, We may disclose Your personal data to recipients (e.g. ESA staff members, advisors, contractors), under a “need to know” principle, for carrying out the processing operations referred to in this notice. They are generally located in the European Union, the European Economic Area or in countries that offer an adequate level of protection equivalent to that offered within the European Union and the European Economic Area (e.g. Argentina, Canada, Japan, Switzerland, United-Kingdom).

When the third-party data recipients are located in a country or international organisation not offering an adequate level of protection (e.g. Australia, United States, etc.), We will not proceed to the transfer of Your data unless You consented to it or unless the conditions set forth in ESA PDP framework (see Article 5.3 of ESA PDP Policy) are fulfilled. As appropriate, We take adequate safeguards (e.g. via appropriate contractual clauses) in order to obtain from third-party recipients a level of protection equivalent to that offered within the European Union and the European Economic Area.

In case of transfer of personal data to the United States or other countries not offering an adequate level of protection, transfer may expose You to certain risks, in particular the risk of profiling, the risk that the applicable legal framework may allow further processing of the personal data and that any given consent may not always be withdrawn. You may be provided with information regarding the privacy notices of separate controllers of personal data either herein or elsewhere in Our communications to you. In exceptional cases, for instance in case of a criminal offence evidenced by the collection or processing of data, we may share the said data with the appropriate authorities or bodies, including the ones having an investigative role or the ones involved in the concerned legal proceedings.

  1. How long do We retain Your personal data for?

Your data are stored for the shortest time possible, taking into account the reasons why we need to process Your data, as well as all legal obligations applicable to the Agency. The Agency established time limits to erase or review the data stored. Retention periods applied by the Agency are proportionate to the purposes for which they were collected. Thus, the Agency will keep Your personal data for as long as necessary for the fulfilment of those purposes, which will be at least for the duration mentioned in the Table below. Your Personal Data is deleted upon expiry of the applicable retention period. By way of exception, We may keep Your personal data for a longer period, for archiving purposes in the public interest or for reasons of scientific or historical research, being reminded that appropriate technical and organisational measures are put in place (e.g. anonymisation, encryption, etc.).

 

Personal Data

Retention

ESA internal systems

Up to 10 years.

Name, email transferred by ESA to separate Controllers in Territories not having an Adequate Level of Protection based on your consent

ESA: 5 years, after the end of the activity, then deletion.

Separate Controllers: please refer to the privacy notice of the Controller.

ESA Records of consent

5 years after the end of the activity.

Photos, video recordings on websites and social media

Please refer to the privacy notice of the separate Controllers.

ESA held scientific/technical papers, photos, recordings

Permanent retention for historic/ research purposes, ESA Archives.

 

 

  1. How do We protect and safeguard Your personal data?

All processing operations are carried out pursuant to ESA Rules and Regulations, including ESA PDP Framework and ESA Security Regulations. In particular, the Agency collects and processes personal data in conditions protecting confidentiality, integrity, and security of personal data.

In order to protect Your personal data, ESA has implemented a number of technical and organisational measures against the risks of loss as well as against unauthorised access, destruction, use, modification or disclosure of personal data, in particular when such risks concern sensitive personal data. These measures take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. They may include, as appropriate, the pseudonymisation and encryption of personal data.

  1. What are Your rights as data subject and how can you exercise them?

Under conditions detailed in the ESA PDP Framework, You have:

  • the right to be informed about the identity of the data controller, the contact details of the data protection officer, the purpose of the data processing, the data recipients to whom the personal data shall be disclosed, the rights of rectification or erasure of his/her data, the storage time-limits (if any), the practical modalities of exercising the rights, etc. ; this is the purpose of this privacy notice and any other notice referred to herein;
  • the right to access the personal data We process about You,
  • the right to have Your personal data erased, rectified, completed;
  • the right to lodge a complaint before the Supervisory authority, in accordance with the latter’s rules of procedure, in case You demonstrate or have serious reasons to believe that a data protection incident occurred in relation with Your personal data, following a decision of the Agency.

Note however that We may not erase Your personal data in case the processing is based on the performance of a legal obligation of ESA or where such data is necessary for the establishment, exercise, or defence of legal claims.

When the processing of Your personal data is based on Your consent and unless a specific case applies (e.g. see Article 6 above), You have also the right to withdraw Your consent.

You may wish to withdraw Your consent or to exercise any of the above-mentioned rights, by sending a request explicitly specifying Your query to the ESA DPO via e-mail at DPO@esa.int or addressed to the: ESA Headquarters, Data Protection Officer, 8-10 RUE MARIO NIKIS, CS 45741 75738 PARIS CEDEX 15, FRANCE via postal service. You may be requested to provide additional information to confirm your identity and/or to assist ESA to locate the data You are seeking. Please note that withdrawing consent does not affect the lawfulness of any processing based on the consent given before this consent is withdrawn. In cases where a participants’ request to the ESA relates to the processing of personal data by a separate Controller, it will be forwarded to the separate Controller and vice versa.

  1. ESA Contractors

ESA may enter into contracts with various contractors who, with regard to Your Personal Data and depending on the contract concluded with ESA, may act either as a separate Data Controller or as a Data Processor.

  • To the extent such contractor act as a separate Data Controller, the separate privacy notice of the contractor will apply for the purposes of collection and processing decided by the contractor.
  • To the extent such contractor act as a Data Processor, this privacy notice applies for the purposes of collection and processing decided by ESA.
  1. Third Party Providers and Social Media

ESA may use third party IT Providers or social media for information purposes or to promote an activity (meeting, event, recruitment campaign, etc.). ESA websites may provide links to social media and videos may be made available on ESA social media pages. It is up to You to decide whether You wish, or not, to have access and use those IT tools and social media, in consideration of the fact that they are governed by terms and conditions, including privacy notices, that are not under ESA control and that they may disclose data to territories that do not provide an equivalent protection. If You do not want Your data to be processed by such IT tools or social media, You may decide not to accept the applicable third party terms and conditions. Non-essential cookies may be used to process your Personal Data. You may decline such cookies and/or configure your browser privacy and security settings to manage cookies.

Disclaimer regarding exterior Links, cookies, third parties and Endorsement: websites in the ESA.int domain and ESA associated websites may hold links to external websites in domains not having an Adequate Level of Protection, which may not be maintained by ESA or be under ESA control and for which ESA, is not responsible. If you decide to click on a link to an external website, you leave the ESA domain and become subject to privacy, cookies and legal policies of the external website as separate Controllers, outside the control and responsibility of ESA.

Endorsement disclaimer: ESA websites may offer linked references to external resources or websites or online services, to provide further information, however, linked references, services, information and their providers/organisations are not endorsed by ESA. ESA websites may provide links to third-party sites. To use third party content on ESA websites, may require acceptance of their specific terms and conditions, involving their cookie policies for which ESA has no control.

ESA webpages may provide content from external providers, e.g., YouTube, Facebook, etc. Viewing such third-party content means that you must agree to their terms and conditions and their cookies. ESA has no control over these. If you do not want third-party cookies to be installed on your device, you do not have to view this content.

Please note that if information also comprising personal data, is uploaded online (for example, published on social media), it can be used by third parties for their own purposes, on their platforms, and every so often without ESA having been informed. In such cases, ESA, despite any implemented safeguards may not be able to ensure removal from the internet.

  1. Your consent

The processing of personal data is described in this privacy notice. Where consent is required, You may provide your consent by accepting this privacy notice (selecting the ‘I accept’ checkbox), e.g. prior to submitting the “Contact Us” form.