Below you will find the essentials about the processing of personal data of individuals carried out by the European Union Satellite Centre (SatCen) to fulfil its tasks.
The processing of personal data of individuals by the SatCen is regulated by Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of personal data by the EU institutions and bodies.
WHAT IS “PROCESSING” OF PERSONAL DATA?
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
WHAT IS PERSONAL DATA?
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
WHAT ARE THE DATA PROTECTION PRINCIPLES?
- Personal data must be processed fairly and lawfully, and only to the extent necessary to fulfil a specific and legitimate purpose. Re-use of the data for further, incompatible purposes is not permitted;
- The data collected must be adequate, relevant and not excessive in relation to the purposes of the processing;
- It must be kept accurate and up-to-date;
- It should be kept no longer than necessary;
- It can only be processed in accordance with the data subject's rights;
- It should be stored securely;
- It should not be transferred to third parties without adequate safeguards
DATA CONTROLLER, DATA PROCESSOR AND DATA SUBJECT
- The Data Controller
‘Controller’ means the Union institution or body or the directorate-general or any other organisational entity which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by a specific Union act, the controller or the specific criteria for its nomination can be provided for by Union law. Union institutions and bodies’ means the Union institutions, bodies, offices and agencies set up by, or on the basis of, the TEU, the TFEU or the Euratom Treaty;
For each processing operation, a Data Controller/Delegated Controller must be identified and prior notice must be given to the Data Protection Officer of the institution.
- The Processor
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- The Data Subject
The Data Subject is the person whose personal data are collected, held or processed by the Data Controller.
WHO SHOULD YOU CONTACT FOR MORE INFORMATION ABOUT THE PROCESSING OF YOUR PERSONAL DATA?
- The Data Protection Officer (DPO)
Each Union institution or body has a Data Protection Officer (DPO). The DPO should be involved, properly and in a timely manner, in all issues which relate to the protection of personal data, and shall ensure, in an independent manner, the internal application of Regulation (EU) 2018/1725.
The SatCen DPO can be contacted at firstname.lastname@example.org.
- European Data Protection Supervisor (EDPS)
The European Data Protection Supervisor (EDPS) is an independent supervisory authority established in accordance with Regulation (EC) 45/2001, later amended by Regulation 2018/1725. With respect to the processing of personal data, the EDPS is responsible for ensuring that the fundamental rights and freedoms of natural persons, and in particular their right to privacy, are respected by the Union institutions and bodies. The EDPS is also responsible for advising Union institutions and bodies and Data Subjects on all matters concerning the processing of personal data.
You have the right to lodge a complaint to the EDPS. The EDPS is empowered to hear and investigate complaints and to conduct inquiries, including on his or her own initiative.
WHAT ARE MY RIGHTS AS A DATA SUBJECT?
Your rights on the processing of your personal data are stated in Articles 17 to 24 of Regulation (EU) 2018/1725.
When your personal information is processed by the SatCen, you have the right to know about it.
You have the right to access the information and have it rectified without undue delay if it is inaccurate or incomplete.
Under certain conditions, you have the right to ask that we delete your personal data or restrict its use. Where applicable, you have the right to object to our processing of your personal data, on grounds relating to your particular situation, at any time, and the right to data portability. We will consider your request, take a decision and communicate it to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary.
You can request that we communicate, as possible, any changes to your personal data to other parties to whom your data have been disclosed.
You have also the right not to be subject to automated decisions (made solely by machines) affecting you, as defined by law.
If you would like to exercise one of these rights, you can find the instructions and the form here.
Central Register: The SatCen has the legal obligation to keep a central register of records of activities processing personal data (Article 31 of Regulation 2018/1725). You can check the records of processing activities of the SatCen in our Register of Processing Activities.
For the safety and security of its buildings, assets, staff and visitors, the European Union Satellite Centre operates a video surveillance system.
The purpose of the video surveillance system is the reduction and prevention of security incidents. The system helps to ensure the security of the buildings, the safety of staff and visitors, as well as property and information located or stored on the premises, by means of controlling access to the Agency buildings in compliance with Regulation(EU) 2018/1725.
The video surveillance system, which operates through a CCTV camera system, complements other physical security measures, such as access control systems and physical intrusion control systems. It forms part of all the security measures taken within the Agency and helps to prevent, deter, and if necessary, investigate unauthorised physical access, including unauthorised access to secure premises and protected rooms, ICT infrastructure, or operational information. In addition, video surveillance helps to prevent, detect and investigate theft of equipment or assets owned by the Agency, visitors or staff, or threats to the safety of personnel working at the offices (e.g. fire, physical assault).
We use social media to present our work through widely used communications channels.
Each social media channel has its own policy on the way they process your personal data when you access their sites. For example, if you choose to watch one of our videos on YouTube, you will be asked for explicit consent to accept YouTube cookies; if you look at our Twitter activity on Twitter, you will be asked for explicit consent to accept Twitter cookies; the same applies for LinkedIn.
If you have any concerns or questions about their use of your personal data, you should read their privacy policies carefully before using them.