Data privacy notice

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).

Your data

The data

We will process the following personal data:

Names and contact details, such as (work) email addresses and (work) telephone numbers for Users of Monitor Space Hazards.

We process your contact details to send you notifications based on your consent and to fulfil our public task.

Purpose

The purpose(s) for which we are processing your personal data is:

  • to set up accounts and enable users to log in via the 'Auth0' 3rd party authentication service https://auth0.com;
  • to send notifications to Users in relation to Conjunction Events/Alerts or Re-entry Events/Alerts;
  • to notify Users of any changes to the service;
  • to contact a User regarding a Conjunction Event/Alert or Re-entry Event/Alert;
  • to contact a User in an emergency; and
  • to keep a record of who has agreed to the Monitor Space Hazards Terms and Conditions

Legal basis of processing

The legal basis for processing your personal data is:

  1. Consent: You consent to us doing so. Consent is obtained during the registration process through a clear affirmative action. You can withdraw your consent at any time by contacting monitorspacehazards@ukspaceagency.gov.uk
  2. Public task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, such as the exercise of a function of the Crown, a Minister of the Crown, or a government department; the exercise of a function conferred on a person by an enactment; the exercise of a function of either House of Parliament; or the administration of justice.

The public task or function in this case is to deliver a pilot service to provide Space Surveillance and Tracking (SST) information on satellite conjunction events to operators of UK-licensed satellites and approved government employees, as well as information on re-entry events to approved government employees 

Recipients

Your personal data will be shared by us with: Contractors of the UKSA including:

  • suppliers involved in building and maintaining the relevant software for Monitor Space Hazards;
  • suppliers providing orbital analysts to the UKSA;
  • suppliers of Monitoring and Evaluation services for the UKSA SST
    Project; and
  • other contractors who work for the UKSA through an intermediary.

As your personal data will be stored on our IT infrastructure it will also be shared with our data processors Microsoft and Amazon Web Services.

We may share your personal data if we are required to do so by law, for example by court order or to prevent fraud or other crime.

We may share your personal data with other HM Government affiliate entities if necessary to deliver Monitor Space Hazards Services.

We have Data Processing Agreements (DPAs) with all contractors, ensuring they adhere to UKGDPR requirements. These agreements mandate the implementation of appropriate security measures and restrict data processing to our instructions.

Retention

Your personal data will be kept by us whilst you are a User of Monitor Space Hazards. Personal data relating to your agreement to the Monitor Space Hazards Terms and Conditions of Use may be stored indefinitely.

Automated decision making

Your personal data will not be subject to automated decision making.

Where personal data has not been obtained from the data subject

Your personal data may be obtained by us from the Civil Aviation Authority or from your organisation’s Monitor Space Hazards Administrator.

Your rights

You have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You have the right to request that any inaccuracies in your personal data are rectified without delay.

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.

Where the personal data is processed on the basis of consent:

You have the right to withdraw consent to the processing of your personal data at any time.

Where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, such as the exercise of a function of the Crown, a Minister of the Crown, or a government department; the exercise of a function conferred on a person by an enactment; the exercise of a function of either House of Parliament; or the administration of justice:

You have the right to object to the processing of your personal data.

To exercise your rights (access, rectification, erasure, etc.), please contact our Data Protection Officer at the below contact details . We will respond to your request within one month.

International transfers

Your personal data will be processed in the UK.
Your personal data will not be processed in the European Economic Area (EEA), or by an international organisation.

As your personal data is stored on our IT infrastructure, and shared with our data processors Microsoft and Amazon Web Services it may be transferred and stored securely outside the European Economic Area. Where that is the case it will be subject to equivalent legal protection through the use of Model Contract Clauses.

Security Measures

We use encryption, access controls, and regular security audits to protect your personal data from unauthorised access and breaches.

Breach Notification

In the event of a data breach, we will notify the Information Commissioner’s Office (ICO) within 72 hours and inform affected individuals if there is a high risk to their rights and freedoms.

Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an UK independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113
Email: casework@ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Contact details

The data controller for your personal data is the Department for Science, Innovation and Technology (DSIT). You can contact the DSIT Data Protection Officer at: 

DSIT Data Protection Officer 

Department for Science, Innovation and Technology
1 Victoria Street
London
SW1H 0ET

Email: dataprotection@beis.gov.uk