WF ID: [306282]

Privacy statement on the protection of personal data in relation to the online CASSINI Matchmaking community and event administration platform including newsletter

The European Union Agency for the Space Programme (EUSPA) is committed to protect your personal data and to respect your privacy. All personal data are dealt with in compliance with the applicable rules on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (currently Regulation (EU) No 2018/1725).

 

This privacy statement explains the reason for the processing of your personal data in relation to:

  1. The online CASSINI Matchmaking community and event administration platform, registration and membership thereof, including end-to-end participation in any subsequent Matchmaking event, both in-person and virtual;
  2. Registering for and receiving a recurring newsletter;
  3. The collection, processing and storage of audio, video and audiovisual materials within the context of points 1 and 2 above.

 

This privacy statement explains the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data being processed for each of the foregoing purposes. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.

 

Identity of controller and data protection officer:

Controller: European Union Agency for the Space Programme (EUSPA), Head of the Market, Downstream & Innovation Department, entrepreneurship@euspa.europa.eu.  

DPO: European Union Agency for the Space Programme (EUSPA), Data Protection Officer, dpo@euspa.europa.eu

 

Purpose(s) of processing:
  1. CASSINI Matchmaking community and event administration platform including events;
  2. To register data subjects on the CASSINI Matchmaking platform, and to assess their eligibility for accessing the platform and participating in related activities;
  3. To establish and manage an online community of registered data subjects within the framework of the CASSINI Matchmaking action, facilitating networking and collaboration among members;
  4. To enable data subjects to create and maintain personal and/or professional profiles, which are then publicly hosted within the CASSINI Matchmaking community for collaborative purposes. This data is also used to facilitate matchmaking, personalised recommendations, and the organisational activities of future Matchmaking events;
  5. To enable the organisation, management and hosting of virtual and/or physical events under the CASSINI Matchmaking action;
  6. To establish a repository of photos, videos and other audio-visual recordings of the events on the CASSINI Matchmaking platform to be used for the promotion of the CASSINI Matchmaking action on EUSPA's social media channels (Facebook/Meta, Instagram, LinkedIn, Twitter/X and YouTube) and other websites of EUSPA including those pages listed under the ‘www.cassini.eu’ and ‘https://www.euspa.europa.eu/’ domains;
  7. To establish a repository of photos, videos and other audio-visual recordings of the events, both physical and virtual, on the CASSINI Matchmaking platform that enables year-round engagement of the data subjects therein registered and the general promotion of CASSINI and its sub-actions within the community.
  8. To invite data subjects to future CASSINI Matchmaking and EUSPA events.

 

2. Newsletter Subscription
  1. To manage subscriptions to newsletters and other communications related to the CASSINI initiative and its actions, facilitating regular updates and information sharing with registered data subjects;
  2. To raise awareness of and invite data subjects to future CASSINI Matchmaking and EUSPA events;
  3. To disseminate audio, video and/or audiovisual materials that have been created during past matchmaking activities for the purpose of promoting the action and/or its members on a continuous basis. 

 

Regarding specific consents for CASSINI Matchmaking

If a data subject wishes to join the online CASSINI Matchmaking community or participate in any future event, whether virtual or in-person, they are obliged to register on the platform and provide personal data necessary for their participation. 

For this initial registration, all data subjects are required to consent to this privacy notice as well as the CASSINI Matchmaking Terms and Conditions, links for which will be provided during registration. This will grant the data subject initial access to the platform but in no way implies that a specific consent has been given for any other of the aforementioned data processing purposes. This consent is given during the subsequent onboarding process, where data subjects will be provided with explicit consent options in the form of yes/no checkboxes for the following data processing purposes:

  • Events;
  • Newsletter subscription;
  • Audio, Video and Audiovisual.

Data subjects have the opportunity to specify their preferences for each of the foregoing data categories individually. These consents are stored within the online platform and are used by the Matchmaking team to ensure that each data subject’s involvement within the action is in line with their consents. 

 

Regarding specific consents for Audio, Visual and Audiovisual Data Collection:

Those participants who do not wish to participate in the live streaming, recording, and/or photographing of events, and the subsequent publication of such content whether on the platform, newsletter or above outlined websites, may decline specific consent to this form of data collection. All related processing and storage processes will be adjusted accordingly depending on each individual data subject’s personalised set of consents. These adjustments include but are not limited to:

  • In-person events: Data subjects will be seated in areas that are not recorded or photographed, will be provided special badges or equivalent to indicate their preference or other suitable accommodations based on the specifics of the event;
  • Virtual events: Data subjects will be clearly made aware of any event recording taking place prior to its commencement in order to disable any recording equipment they may be using; 
  • Newsletter: If data subjects do not provide consent for the use of audio, visual, or audiovisual materials that make them personally identifiable, they will not be included in any newsletter or communication in a manner that could lead to their identification. This includes images, embedded audio, video or audiovisual files and or links to audio, video or audiovisual files.

 

Data/Categories of data concerned:

Data collection for the aforementioned purposes will only occur after successful completion of the registration and onboarding process on the platform:

  • Personal data collected by registering on the platform:
    • First name
    • Last name 
    • E-mail address 

    • Headline (organisation and role/title)

       

  • Personal data collected by completing the post-registration onboarding process:
    • Personal and professional data (biography) to deliver tailored matchmaking recommendations and support activities around event logistics and organisation 
    • Specific consents relating to event participation, newsletter subscription and collection of audio, video and audiovisual material

    • Photos and/or videos as part of the personal or professional profile creation, if this has been consented to. 

       

  • Personal data collected in attending any Matchmaking event – physical or virtual
    • First name
    • Last name 
    • E-mail address 
    • Headline (organisation and role/title)
    • Personal and professional data (biography) added to the profile during onboarding to deliver tailored matchmaking recommendations and support activities around event logistics and organisations 

    • Photos and/or videos and/or audiovisual recordings made during the event(s), if this has been consented to.

       

  • Personal data collected by signing up to a newsletter:
    • First name
    • Last Name
    • E-mail address
    • Information entered within the freeform message box

 

Please be advised that the CASSINI Matchmaking platform, hosted by Intros.at Ltd trading as ‘Grip’, collects and processes personal data during your use of the platform, including when using third-party videoconferencing services and other IT tools and platform integrations such as Zoom, Mailerlite or equivalent services, which also collect and process personal data about you as participant. We recommend that data subjects carefully read the relevant privacy policies of these platforms before providing their consent during onboarding. These explain each company’s policy of personal data collection and further processing, their use of data, users' rights and the ways in which users can protect their privacy when using those services. Furthermore, if these data processors engage sub-processors, each entity is required to outline the specific data safeguards in place, including the legal frameworks, contractual clauses, or equivalents to ensure GDPR[1] and/or EUDPR[2] compliance in the processing of your data.


The use of a third-party IT tool does not in any way imply that EUSPA endorses them or their privacy policies.

 

Recipients/Categories of recipients of the data processed:

Access to personal data is granted on a “need to know” basis to:

  • A limited number of EUSPA staff responsible for carrying out this processing operation; 
  • A limited number of Directorate-General for Defence Industry and Space (DG-DEFIS) staff involved in the CASSINI Matchmaking action;
  • EUSPA engages as data processors the following external contractors which are bound by personal data protection rules equal to those applying to EUSPA:
    • A limited number of staff of the EUSPA contractors in charge of the CASSINI Matchmaking: SpaceTec Partners GmbH (Germany), SpaceTec Partners SRL (Belgium), Verhaert New Products & Services NV (Belgium) and Starburst Accelerator SA (France); Your personal data will also be processed by the following sub-processors on their behalf:
    • Grip under the legal entity Intros.at Ltd (United Kingdom) which provides the Matchmaking platform used for the registration and to manage the organisation of all virtual and physical events as listed on https://www.cassini.eu/matchmaking/;
    • Mailerlite Limited (Ireland) which enables the creation and management of email campaigns, surveys and forms used for communication, registration and feedback purposes; 
    • Zoom Video Communications, Inc. (United States) which provides the videoconferencing software used for registration and for hosting of some of our webinars and online meetings; 
  • A limited number of staff of the EUSPA contractors in charge of its market development services and those involved in the CASSINI Matchmaking action.  
  • Members of the public only for what concerns photos, videos and other audio-visual recordings of the events on the CASSINI Matchmaking platform to be used for the promotion of the CASSINI Matchmaking action on EUSPA's social media channels (Facebook/Meta, Instagram, LinkedIn, Twitter/X and YouTube) and other websites of EUSPA, subject to explicit consent.
  • All registrants to CASSINI Matchmaking platform.

 

Any recipient shall be reminded of her/his obligation not to use the data received for other purposes than the one for which they were transmitted.

 

Legal basis/Lawfulness of the processing:

Processing is based on the consent of the data subject (Art. 5(1)(d) of Regulation 2018/1725) for the following purposes:

  1. The CASSINI Matchmaking platform collects and processes personal data to register data subjects, assess their eligibility, and manage an online community. It enables data subjects to create and maintain publicly viewable profiles that facilitate networking, collaboration, and matchmaking, as well as enabling the generation of personalised recommendations. These profiles also directly support the organisation and management of virtual and physical events.
  2. To establish a repository of photos, videos and other audio-visual recordings of the events on the CASSINI Matchmaking platform and to be used for the promotion of the CASSINI Matchmaking action on EUSPA's social media channels (Facebook/Meta, Instagram, LinkedIn, Twitter/X and YouTube)) and other websites of EUSPA;
  3. To manage subscriptions to newsletters and other communications related to the CASSINI initiative and its actions, facilitating regular updates and information sharing, and to invite registered data subjects to future CASSINI Matchmaking and events as hosted by the controller, EUSPA.

Data subjects, through the dedicated consent checkboxes during the platform onboarding, shall unambiguously give their consent to the processing of their personal data for each of the foregoing cases.

 

Information on the storage locations and retention period of personal data:
  • The Data Controller keeps your personal data for the time necessary to fulfil the purpose of collection: Personal data related to the organisation and management of the event, including information provided by participants upon registration, before, during or after the event, will be kept for a five years  period which starts running from the date of expiry of the Contract in February 2028, in line with the audit requirements as contractually defined between the contractors in charge of the CASSINI Matchmaking and EUSPA;
  • The Data Controller keeps your personal data for the time necessary to fulfil the purpose of collection, more specifically until you unsubscribe from the mailing list. You can unsubscribe by following the instructions provided in any email. Appropriate action shall be taken within a week of receiving the request to unsubscribe. Should you not unsubscribe from the mailing list, the data collected for the specific purpose of registering to receive newsletters will be kept for a five years period which starts running from the date of expiry of the Contract in February 2028, in line with the audit requirements as contractually defined between the contractors in charge of the CASSINI Matchmaking and EUSPA;
  • The Data Controller keeps your personal data for the time necessary to fulfil the purpose of collection: Personal data related to audio, video and/or audiovisual recordings of the events will be kept for an initial period of 3 years from their collection, which could be then extended based on an affirmative consent of the data subjects, if given, for a five years period in line with the audit requirements as contractually defined between the contractors in charge of the CASSINI Matchmaking and EUSPA.

 

Once the retention period is over, personal data is destroyed. However, this does not apply to data made public on EUSPA and third party media and social networks as EUSPA has no control over the potential sharing of the photos, videos and other audio-visual recordings by other users; 

Should the data subject leaves the CASSINI Matchmaking action, the online platform, or wishes to exercise their right to be forgotten, the period within which their data is held ends then.

Once the retention period is over, personal data is destroyed. However, this does not apply to data made public on EUSPA and third-party media and social networks as EUSPA has no control over the potential sharing of the photos, videos and other audio-visual recordings by other users.

Photos, videos and other audio-visual recordings which will be published on EUSPA’s websites and social media channels (Facebook/Meta, Instagram, LinkedIn, Twitter/X and YouTube) may also be transferred and stored on servers located in third countries (outside the EU). In view of the nature of such medias and social channels, it cannot be ensured that all online traces of photos and/or videos and associated personal data will be deleted following the expiry of the abovementioned five-years retention period. Any person concerned by information made public via these medias and social networks and wishing to have this information removed should make an explicit request to the contact details given below. EUSPA will then use their best efforts to remove such information (i.e., EUSPA has no control over the potential sharing of photos, videos and other audio-visual recordings by other users).

All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are stored on the servers of EUSPA or of its contractors located in the European Union/EEA and abiding by the necessary security provisions. 

In order to protect your personal data, EUSPA has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation. 

EUSPA’s processors (contractors) are bound by specific contractual clauses for confidentiality and for any processing operations of your personal data on behalf of EUSPA. The processors have to put in place appropriate technical and organisational measures to ensure the level of security, required by EUSPA.
 

 

Transferring the data to third countries:
  • The ‘Grip’ platform as hosted by Intros.at Ltd (United Kingdom) acts as a sub-processor to the aforementioned processors under the data controller, EUSPA. To be noted that personal data can flow from the EU to the United Kingdom without any further safeguard being necessary considering the relevant Adequacy Decision in place, i.e., Commission Implementing Decision (EU) 2021/1772 of 28 June 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom. All data subjects using the Matchmaking platform understand that Grip employs a number of its own sub-processors that together enable the functionality afforded by the platform. Some of these sub-processors are based outside of the European Union (EU) and therefore some data may be transferred to these entities, pursuant to the data subject’s consent in accordance with Art. 50(1)(a) of Regulation (EU) 2018/1725. For certain U.S. based sub-processors, the EU-U.S. Data Privacy Framework (DPF) ensures that personal data transfers are reliable and secure as defined by Regulation (EU) 2018/1725. For other U.S. based sub-processors that are not listed within the DPF, standard contractual clauses (“SCCs” - as deemed lawful after the Court of Justice of the European Union (CJEU) ruled on case C-311/18 in 2020) are in place with Grip to enable the personal data transfers. For more details on each sub-processor that Grip employs please visit: https://support.grip.events/grip-data-processing-subcontractors-and-privacy-assurance and to learn more about the specific data transferred for each of these entities, please visit the official Data Privacy Framework webpage: https://www.dataprivacyframework.gov/.

 

Prior to consenting to this privacy notice during registration, we recommend that each data subject duly familiarise herself/himself with specificities as provided by the Grip Privacy Policy found here: https://www.grip.events/utility-pages/grip-privacy-policy-uk.

In order to allow you to make an informed decision, please note that personal data that may be transferred to non-EU-U.S. Data Privacy Framework certified companies, may be subject to (a) disclosure to governmental authorities and/or (b) further transfer to other economic operators established in third countries; EUSPA has no visibility on such processing operations. Outside of the scope described above, your data will not be transferred to third countries.

YouTube, Facebook, Instagram, LinkedIn and X are certified under the EU-U.S. Data Privacy Framework which ensures that they provide an adequate level of protection of personal data (Commission Implementing Decision of 10 July 2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-U.S. Data Privacy Framework). You can find information on the certification of the said companies under the EU-U.S. Data Privacy Framework here

 

Automated decision-making

The Grip platform employs Artificial Intelligence (AI) to enhance data subject experience whilst facilitating meaningful interactions and optimising data subject engagement based on individual preferences and behaviours. The employed algorithms continuously learn from the data provided by the data subjects through three key learning mechanisms:

  1. Answers to questions provided
  2. Actions and behaviours within the platform
  3. Actions and behaviours of similar data subjects

During profile creation and onboarding, the platform collects various types of data (biography) from data subjects through ‘Custom Profile Fields’. These fields gather detailed data subject information to generate accurate recommendations and include data on roles seeking and offering, such as seeking particular services or expertise, shared characteristics among data subjects like languages spoken or business segments, and additional facts that help refine AI learning, such as years of experience or event objectives. The AI also collects data from data subject actions and behaviours, including search history, interaction patterns, and engagement metrics, to understand implicit preferences and improve recommendation accuracy.

In the context of CASSINI Matchmaking, the information provided within the ‘Custom Profile Fields’ is crucial for optimising the effectiveness of the platform's matchmaking capabilities. These fields capture detailed data subject information, such as interests, skills, roles, and objectives, which the AI system uses to select and recommend participants for relevant events and activities. This enables us to accurately match data subject based on their specified needs and offerings, thereby connecting the correct support with the individuals who need it at the right time. This intelligent, evidence-based insight directly enhances the quality and relevance of interactions and ensures that connections are meaningful and beneficial. The data from Custom Profile Fields thus empowers the AI to deliver precise recommendations, fostering a more efficient and effective matchmaking process that aligns participants with opportunities and resources that best meet their unique requirements.

 

Data subjects have the right:
  • To obtain confirmation as to whether or not their personal data are being processed, access the data and obtain detailed information on the processing;
  • Of rectification of inaccurate personal data;
  • Of erasure of personal data if the statutory provisions are met;
  • Of restriction of processing if the statutory provisions are met;
  • To data portability if the statutory provisions are met;
  • To withdraw the consent to personal data processing at any time, without affecting the lawfulness of the processing before the consent’s withdrawal
  • To lodge a complaint to the European Data Protection Supervisor at EDPS@edps.europa.eu should they consider that the processing operations do not comply with Regulation (EU) No 2018/1725.

 

Any request for the exercise of any of the abovementioned rights shall be addressed to the EUSPA Market, Downstream & Innovation Department at entrepreneurship@euspa.europa.eu; data subjects are kindly requested to describe their requests explicitly.

 

Contact information:
  • If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller: entrepreneurship@euspa.europa.eu;
  • Regarding the interpretation, application or breach of Regulation (EU) 2018/1725, please contact the EUSPA Data Protection Officer (DPO) at dpo@euspa.europa.eu;
  • You have the right to have recourse (i.e., you can lodge a complaint) to the European Data Protection Supervisor (EDPS@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the data controller.

 

[1] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

[2] REGULATION (EU) 2018/1725 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC