All personal data are dealt with in compliance with Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (Regulation (EC) 45/2001).
The following data protection information notice outlines the criteria by which the data is collected, managed and used in relation to the EGNOS APP.
Identity of the controller:
Controller: GSA Executive Director
European GNSS Agency
170 00 Prague 7 – Holesovice
Departament of the Controller:
Controller: EGNOS Exploitation, Communications
Delegated controller: Head of EGNOS Exploitation; Head of Communications
Identity of the Processor:
ESSP SAS (GSA contractor as EGNOS Service Provider - currently under contract GSA/NP/09/12)
3, rue Tarfaya - CS 84432
31 405 Toulouse cedex 4 – France
Executive Director of EUROPEAN SATELLITE SERVICES PROVIDER SAS
Personal Data Protection Officer
Purpose of processing:
The purpose of the processing is the management of the questions submitted via de EGNOS APP to the EGNOS Helpdesk, including the following activities:
- Management of the EGNOS related questions / tickets
- Monitoring and reporting on the EGNOS Helpdesk use / activity
- Dissemination of specific consultations (e.g. DEL-5) and of the annual EGNOS User Satisfaction survey
Data required for the EGNOS Helpdesk management requested by the EGNOS APP:
- obligatory data: name, e-mail address and user category
- optional data: none
When submitting a direct e-mail only the e-mail address is mandatory.
Activities in the frame of EGNOS Service Provision (ESP) contract between GSA and ESSP as contractor (ref. GSA/NP/09/12) and and with data subject’s express consent.
Recipients of the data processed:
Person which have access to the personal data on the basis of the ‘need to know’ principle to:
- a limited number of persons managing the EGNOS Helpdesk activities among ESSP and GSA staff and,
- a limited number of persons working for companies providing support to ESSP activities as regards the EGNOS Helpdesk management (e.g. Conectys) or companies providing IT support or hosting services to ESSP.
These recipients of the personal data concerned are bound by confidentiality clauses regarding the use, disclosure and protection of the personal data.
Lawfulness of processing:
The lawfulness of the processing is based on Article 5(d) of Regulation (EC) No 45/2001. Data subjects unambiguously give their consent when submitting a question via the EGNOS APP to the EGNOS Helpdesk.
Information on the retention period of personal data:
Data shall be stored as long as required by the Financial Regulation and its Rules of Application for audit and discharge purposes: N+5 years from the end of the year of payment of the balance of the contract GSA/NP/09/12 plus additional 2 years for discharge procedure of EU budget (= N+5+2).
Information on storage of the personal data and possible transfer of data
Personal data are electronically stored in:
- EGNOS User Support website database: hosting services sub-contracted to GMV which uses Amazon servers located in Europe; however, personal data may also be transferred to Amazon's servers located in the USA. Amazon is certified under the EU-US Privacy Shield: for the certification see https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4 for more information on the EU-US Privacy Shield see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.
- EGNOS Helpdesk mailbox (firstname.lastname@example.org): ESSP servers (France)
- Specific EGNOS Helpdesk database: ESSP servers (Spain and France)
The data subject’s rights:
- Data subjects have the right of access and rectification of their personal data at any time. Requests shall be addressed to ESSP Personal Data Officer : email@example.com
- Data subjects are entitled to lodge an appeal at any time with the European Data Protection Supervisor (EDPS) at firstname.lastname@example.org should they consider that the processing operations do not comply with Regulation (EC) No 45/2001.