Privacy policy

IABG GmbH, as the data‑controller and lead partner of the three‑partner consortium (IABG, Assimila and Planetek), processes the personal data that visitors may submit through the APEx‑hosted landing page (e.g., name, institutional affiliation, e‑mail address, IP address and the identifiers of strictly necessary session cookies). Processing is required to (i) manage the Early‑Adopter and Advisory‑Board engagement defined in REQ‑1–REQ‑5 of the Statement of Work, (ii) administer the contractual obligations laid out in the Detailed Proposal (e.g., the Data‑Protection Agreement under Art. 28 GDPR, the ESA Framework on Personal Data Protection [AD‑1]), and (iii) collect minimal usage statistics for the APEx environment. The legal bases are the performance of the ESA contract (GDPR Art. 4 (1) (b)) and explicit consent where a contact‑form or newsletter subscription is used. All data are stored on ESA‑approved APEx servers located in the EU, transmitted over TLS 1.2 or higher and encrypted at rest. Data are retained for a maximum of twelve months after the last interaction, unless a longer period is required for CRCF‑certification audits (see REQ‑40) or for evidencing compliance with ESA reporting obligations; any extension is documented in the Input‑Data Inventory (D2.1).

Data subjects may exercise their GDPR rights (access, rectification, erasure, restriction, portability and objection) by contacting IABG’s Data‑Protection Officer at privacy@iabg.de. Requests will be answered within the statutory one‑month period. The consortium has entered a GDPR‑Art 28 Data‑Protection Agreement with ESA that governs all third‑party processors (e.g., NoR cloud services, ESA Third‑Party Missions, analytics tools). Only strictly necessary cookies are set by default; any optional analytics or tracking cookies are activated only after an on‑screen consent banner records the user’s choice, in full compliance with the ESA Framework and the EU e‑Privacy Directive.