Protection of your Personal Data

Please read our Privacy Policy carefully to be sure you understand how we collect and use information and under what circumstances we share information. This privacy statement provides information about the processing and the protection of your personal data. The Privacy statement relates to the event, the European Space Week, which will take place on 3 – 5 December 2019 in Helsinki, Finland.

EFFECTIVE DATE: September 20, 2019

CHANGES TO THIS PRIVACY POLICY: We reserve the right, in our sole discretion, to modify, add or delete provisions of this Privacy Policy at any time. We will post the effective date of any change at the top of this Privacy Policy. Your use of our Website, which includes the Member Portal, after the effective date of any such modification means you accept and agree to be bound by the Privacy Policy, as modified. We urge you to come back to this page and review this Privacy Policy regularly so that you remain aware of the terms and conditions that apply to you.

UPDATES: September 27, 2019: Update made regarding data processor recipients (Section 7), contact information (Section 9) and the DPO register (Section 10).

Table of Contents

1. Introduction
2. Why do we process your data?
3. Which data do we collect and process?
4. How long do we keep your data?
5. How do we protect your data?
6. Who has access to your data and to whom is it disclosed?
7. What are your rights and how can you exercise them?
8. Contact information
9. Where to find more detailed information

1. Introduction

This privacy statement explains the reason for the processing, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you may exercise in relation to your data (the right to access, rectify, block etc.).

The European institutions are committed to protecting and respecting your privacy. As this service/application collects and further processes personal data, Regulation (EU) 2018/17251 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, is applicable.

This privacy statement concerns personal data processing activities undertaken by DG GROW – DG for Internal Market, Industry, Entrepreneurship and SMEs, hereinafter referred as the operating DG and Data Controller.

2. Why and how do we process your personal data?

Purpose of the processing operation: DG GROW – DG for Internal Market, Industry, Entrepreneurship and SMEs, (referred to hereafter as Data Controller) is responsible for the overall organisation of the event, the communication with the speakers and participants before and after the end of the event, reimbursement of expenses of invited participants, as well as communication and promotion of the EU Space Week organized by the operating DG.

The data processor is MCI Benelux S.A., which supports the registration and the logistics of the organisation of the event through a framework contract with the operating DG. Your data may also be shared with additional data processors that are the partners in organising the EU Space Week: Finnish Presidency of the Council of the EU, the European GNSS Agency (GSA), European Space Agency (ESA), and Anwendungszentrum GmbH Oberpfaffenhofen (AZO).

The purpose of the processing of your personal data is handling registration and attendance, reporting on the event, as well as event follow-up actions, such as sharing presentations among participants and feedback collection. It includes, in particular, lists and mailing lists for contacts, invitations, participants, reports, minutes, distribution of reports/minutes, feedback on reports, meeting follow-up, follow-up meetings, follow-up actions, photographs/pictures, presentations, audio and/or video recording of speakers and participants, news and publications.

Your personal data will not be used for an automated decision-making including profiling.

3. On what legal ground(s) do we process your personal data?

3.1 Legal basis

The processing operations on personal data linked to the organization, management, follow– up and promotion of the EU- Space Week is necessary for the management and functioning of the Commission, as mandated by the Treaties, and more specifically Articles 5, 11 and 13 TEU and Articles 15, 244 – 250 TFEU. In addition, the processing is necessary as part of the European Commission’s obligation to provide information about EU-financed external action, according to Article 4(5) of Regulation (EU) No 236/2014 of the European Parliament and of the Council of 11 March 2014 laying down common rules and procedures for the implementation of the Union’s instruments for financing external action (OJ L 77, 15.3.2014, p. 95).

This registration is done via Aventri, which means the tool will collect information to enable you to participate in a questionnaire. The system uses session “cookies” in order to ensure communication between the client and the server. A full description of registration system tool’s privacy policy can be found here. Please note that the collection of the IP addresses from participants is enabled.

Processing operations take place based on the explicit consent of the data subject linked to photos and video during the event, including their name, affiliation and email address in the list of participants which will be shared among participants. The data subjects give their consent via a clear affirmative act by selecting their consent from a dropdown menu. When not consenting, instructions are given to participants.

3.2 Lawfulness

The processing operations on personal data for the organization, management and promotion of the EU – Space Week are necessary and lawful under the following article and recital of Regulation (EU) 2018/1725:

    • Article 5 (a): processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body;
    • Article 5 (b): processing is necessary for compliance with a legal obligation to which the controller is subject;
    • Article 5 (d): the data subject has given consent to the processing of his/her personal data.
    • Recital 22: processing of personal data for the performance of tasks carried out in the public interest by the Union institutions and bodies includes the processing of personal data necessary for the management and functioning of those institutions and bodies.

No restrictions under Article 25 of Regulation (EU) 2018/1725 apply.

4. Which personal data do we collect and further process

Personal data collected and further processed for the purposes of the organisation and management of the EU – Space Week may include in particular:

  • Identification/contact data, such as first name, last name, title, job title, organisation, email address, phone number;
  • Dietary requests (if any) for organising meals;
  • Disability requests (if any) for organising access to the event and documents;
  • Information about the form of transport used and hotel, and banking information (for purpose of reimbursement of travel expenses/allowances – see DPO-372 and DPO300)

Please note that there will be photos and audio and/or video recordings taken during the event based on the prior consent of the speakers and the participants. These photos may be published by the operating DG for communication purposes. During registration, participants indicate their preference to opt-in or opt-out from the above recording/publishing activities.

The registration platform available for the online registration uses essential cookies and cookies to improve your website experience and to generate anonymous, aggregate user statistics. For more information on the use of cookies on the registration platform, you can consult the cookie policy of the registration platform, Aventri, here.

5. How long do we keep your personal data?

Personal data is kept as long as follow-up actions to the EU – Space Week are necessary with regard to the purpose(s) of the processing of personal data as well as for the meeting and its related management. Reports containing personal data will be archived according to the relevant Commission’s legal framework. Data necessary for logistics purposes (reimbursement of expenses, transport, etc.) are kept according to the rules set in the Regulation (EU, Euratom) 2018/1046 .
Photos, audio and video recordings are stored in the operating DG’s Press Office drive for three years. Within this time, the files to be used for communication purposes and/or be archived for historical purposes shall be selected. The remaining files shall be deleted.

6. How do we protect and safeguard your personal data?

All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are stored on the servers of the European Commission. All processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.

In order to protect your personal data, the Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

The contractor, MCI, is bound by a specific contractual clause for any processing operations of your data on behalf of the operating DG, and by the confidentiality obligations deriving from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) .

7. Who has access to your personal data and to whom is it disclosed?

Access to your data is granted to authorised staff of the operating DG and service providers bound by confidentiality clauses, involved in the organisation of the event, without prejudice to a possible transmission to the bodies in charge of a monitoring or inspection task in accordance with Union legislation.

List of participants/speakers to the EU – SPACE WEEK is shared among participants/speakers who gave their consent during registration.

For visibility purposes, personal data (pictures, video or audio recording) are diffused to a wider public (intranet or Internet). If you do not agree with your image or voice being recorded and published, please use the possibility to opt out during registration or by contacting the organiser at any stage and explicitly specifying your request.

Personal data is collected via the registration platform, Aventri, which is EU – US privacy shield certified (view). Furthermore, emails and chat will be sent via Help Scout, which is EU-U.S. Privacy Shield certified (view); and email campaigns via MailChimp, which is EU-US Privacy Shield certified (view). The website is hosted via the webservers of (privacy policy).

The operating DG, nor data processor MCI Benelux S.A., shares personal data with third parties for direct marketing.

Personal data of participants to conferences and events (pictures, video/voice recordings) may be published or web streamed on the internet and intranet site of the operating DG and other European Commission social media accounts. If you do not agree with this publication of your personal data, please inform the service responsible for the meeting using the contact information below and explicitly specifying your request. In these cases, and according to available resources, the organizer could offer participants who object to publication a position where their image would not be recorded. In case, however, the participant decides to intervene (by asking questions) his/her voice will be recorded. Clear indication and information to hosts will be provided for to correctly guide participants. If no resources are available, those participants can locally follow live meeting and debates at the web streaming Internet address indicated in the subscription form or in the invitation by the organizer.

If personal data is published on a publicly available website (for instance, Europa), this means that they are accessible worldwide.

Following the recommendation of the EDPS of 13/02/2007, this does not constitute a transfer of personal data.

8. What are your rights and how can you exercise them?

According to Regulation (EU) 2018/1725, you are entitled to access your personal data and rectify, block or delete it in case the data is inaccurate or incomplete. You can exercise your rights by using the contact information below, or in case of conflict the Data Protection Officer and if necessary the European Data Protection Supervisor using the contact information given at point 8.

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access, your personal data and to rectify them in case your personal data are inaccurate or incomplete. Where applicable, you have the right to erase your personal data, to restrict the processing of your personal data, to object to the processing, and the right to data portability.

You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1) (a) of Regulation (EU) 2018/1725 on grounds relating to your particular situation.

You have consented to provide your personal data to the operating DG for the present processing operation. You can withdraw your consent at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.

You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given under Heading 9 below.

Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description (i.e. their Record reference(s) as specified under Heading 10 below) in your request.

9. Contact information

If you have comments or questions or if you wish to exercise your rights please feel free to contact the Data Controller, DG GROW – DG for Internal Market, Industry, Entrepreneurship and SMEs, using the functional mailbox

Recourse: Complaints, in case of conflict, can be addressed to the European Data Protection Supervisor6 via

You can also contact the Data Protection Officer (DPO) of the Commission:

10. Where to find more detailed information?

The Commission Data Protection Officer publishes the register of all operations processing personal data. You can access the register on the following link: