Privacy notice for Unlocking Space for Business programme
Updated 27 August 2024
1. Data Protection
In the course of submitting the form to sign up to the Unlocking Space for Business newsletter and activities, you will provide information about yourself (‘personal data’). We (the UK Space Agency) are the ‘data controller’ for this information, which means we decide how to use it and are responsible for looking after it. This notice sets out how we will process your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).
2. The type of personal information we collect
We will collect and process the following personal data:
- Name
- Email address
- Name of organisation and role within organisation
We will not process any special category data.
There will be some automated processing of your data which will allow us to send you communications based on the interests/topics you select on the form.
3. How we will use your data
We will use your data to contact individuals over email (both individual emails and mass email newsletters) with further information about the programme and upcoming activities.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent separately to use it for that new purpose.
The legal basis for processing your personal data under Article 6 of the UK GDPR is:
1(a)Consent: You consent to the processing of your personal data for one or more specific purposes. Should you change your mind, you can withdraw consent at any time.
See the ‘Contact Us’ section below for contact details.
4. Who has access to your data?
Access to your data held by the UK Space Agency will be provided to staff within the Agency who need to view it as part of their work in carrying out the purposes described above.
We share your data with PricewaterhouseCoopers LLP (PwC), Satellite Applications Catapult and the Cabinet Office, who will act as data processors. These bodies are required to take appropriate security measures to protect your data in line with our policies and this privacy notice. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
5. Retaining your data
We will retain your personal data until 31 March 2025. If you notify that you wish to withdraw your consent, your information with be expunged from our systems within 3 working days. Anonymised and non-personal data may be kept for up to 2 years for statistical purposes.
6. Where we store and use your data
Your personal data will be processed in the UK within secure UK government systems which use the Government Microsoft 365 environment and are hosted in UK-based data centres. As your personal data will be stored on our IT infrastructure it will be shared with our data processors Microsoft and may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through the use of Standard Contractual Clauses. We will not make additional copies of personal data to store outside of this environment.
Your personal data may be processed in the European Economic Area (EEA), or by an international organisation where we use Eventbrite, which stores data in the US. Further information on specific arrangements for this can be found in paragraph 3.2 of the Eventbrite Data Processing Addendum (DPA).
For all instances where your personal data is processed in the EEA or outside UK, the following safeguards will be in place:
- reliance on the EU’s Standard Contractual Clauses together with an international data transfer addendum
Personal data supplied through the website form will be collated and stored within a Customer Relationship Management database. Access will be appropriately limited to staff actively involved in the Unlocking Space for Business programme.
Email communication will be administered through the GOV.UK Notify service provided by the Government Digital Service (GDS) which is part of the Cabinet Office. Your personal data will be processed both in the UK and the European Economic Area (EEA). Your data receives the same level of protection in the EEA as it does in the UK through the safeguard of adequacy decisions.
Electronic data may be transferred to, and stored at, a destination outside the EEA, when we communicate with you using a cloud based service provider that operates outside the EEA such as Eventbrite.
Such transfers will only take place if at least one of the following applies:
- the country receiving the data is considered by the EU to provide an adequate level of data protection
- the organisation receiving the data is covered by an arrangement recognised by the EU as providing an adequate standard of data protection e.g. transfers to companies that are certified under the EU US Privacy Shield
- the transfer is governed by approved contractual clauses
- the transfer has your consent
- the transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract
- the transfer is necessary for the performance of a contract with another person, which is in your interests.
7. Your data protection rights
You have the right to request information about how your personal data is processed, and to request a copy of that personal data.
You have the right to request that any inaccuracies in your personal data is rectified without delay.
You have the right to request that any incomplete personal data is completed, including by means of a supplementary statement.
You have the right to request that your personal data is erased if there is no longer a justification for them to be processed.
You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.
You have the right to withdraw consent to the processing of your personal data at any time.
You have the right to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format.
To exercise your rights please contact the UK Space Agency Data Protection Manager using the contact details below.
8. How to contact us
If you have any questions or concerns about our use of your personal information, you can contact us in the first instance at:
UK Space Agency Data Protection Manager Email: [email protected]
If you are unhappy with the way we have handled your personal data, please write to the department’s Data Protection Officer using the contact details below.
DSIT Data Protection Officer, Department for Science, Innovation and Technology, 1 Victoria Street, London SW1H 0ET. Email: [email protected]
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner , who is an UK independent regulator. The Information Commissioner can be contacted at:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow, Cheshire SK9 5AF
Helpline number: 0303 123 1113
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
9. Updates to this notice
If this privacy notice changes in any way, we will issue a revised notice on the website. The date of issue can be found at the top of this webpage. Please avoid retaining local or offline copies of this notice in case changes are made. A version history will be maintained within the UK Space Agency Records Management system for audit and accountability.
If these changes affect how your personal data is processed, we will take reasonable steps to let you know.
9.1 Updates
A previous version of this notice included reference to an additional commercial partner. Any personal data they processed and held was destroyed following their exit from the programme on 17 July 2024. Personal data held or received from 19 April 2024 will be processed in line with the arrangements outlined in the notice above.