Disclaimer
The information contained in this Website is for general information purposes only. The information is provided by EUSPA under delegation of the European Commission (EC) to enhance public access to information about its activities. EUSPA and EC endeavours to keep the information timely and accurate, however, EUSPA and the EC accept no responsibility or liability of any kind with regard to the information on this Website, specifically but not exclusively, with regard to the completeness, accuracy, reliability or suitability of information contained on the Website for any purpose.
In no event EUSPA nor the EC will be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this Website.
This information is:
- of a general nature only and is not intended to address the specific circumstances of any particular individual or entity;
- not necessarily comprehensive, complete, accurate or up to date;
- sometimes linked to external websites over which EUSPA and the EC have no control and for which EUSPA and the EC assume no responsibility or liability of any kind; the inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them; when visitors to the Website choose to follow a link to any external website, they leave the official domain of EUSPA and the EC, and are subject to the cookie, privacy and legal policies of the external website; compliance with applicable data protection and accessibility requirements of external websites linked to from EUSPA/EC websites, falls outside the control of EUSPA/EC and is the explicit responsibility of the external website;
- not professional or legal advice (if you need specific advice, you should always consult a suitably qualified professional).
Please note that it cannot be guaranteed that a document available online exactly reproduces an officially adopted text. Only the Official Journal of the European Union (the printed edition or, since 1st July 2013, the electronic edition on the EUR-Lex website) is deemed authentic and produces legal effects.
It is the goal of EUSPA and the EC to minimise disruption caused by technical errors. However, some data or information on the Website may have been created or structured in files or formats that are not error-free, and EUSPA nor the EC cannot guarantee that the service will not be interrupted or otherwise affected by such errors. EUSPA and the EC accept no responsibility or liability of any kind with regard to such errors incurred as a result of using this Website or any linked external websites.
Every effort is made to keep the Website up to date and running smoothly. However, EUSPA and the EC take no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond the control of EUSPA and of the EC.
Copyright Notice
“Website” means the webpages (singularly considered and their entirety, in their external aspect as well as in their internal content) located under the URL [www.gsc-europa.eu], the layout and the graphical contents, the codes HTML, the configuration and the structure, the organisation, the choice of contents, the coordination, the “look and feel”, the technologies, the programs for computer, the processes and the methods used for the operation of the Website and, in general, any element which is part of the Website.
All the materials and the documents published on the Website, whichever their nature may be (and therefore, for instance, phono records, video, photos, images or sequences of images in motion, designs, software and so on) and, in general, the information and the contents of the Website different from the above mentioned contents of the Website, are fully and exclusively owned by the European Union (EU) (© EU 2011-2025), or by third parties as indicated on the Website.
Unless otherwise stated, downloading, reproduction and use of all the materials and documents published on the Website are authorised provided the source is acknowledged as follow: © EU 2011-2025. This permission does not extend to any textual or artistic material (for instance drawings, photos, audio, video) on the Website which is identified as being the copyright of a third-party. In these circumstances, authorisation to download, reproduce and use such material must be obtained directly from the copyright holders.
Where prior permission must be obtained for such reproduction or use, such permission shall prevail over the abovementioned general permission and shall clearly indicate any restrictions on use. Where copyright vests in a third party, permission for reproduction must be obtained from this copyright holder as indicated on the Website, unless otherwise stated.
All logos and trademarks are excluded from the above-mentioned permission.
Legal Notice and Terms of Use
All information on this website is subject to a disclaimer, copyright notice, cookies and protection of personal data. By accessing any part thereof, you will be deemed to have accepted the terms.
Privacy statement regarding the protection of personal data in relation to the European GNSS Service Centre (GSC) web portal
EUSPA is committed to protect your personal data and to respect your privacy. All personal data are dealt with in compliance with the applicable rules on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (currently Regulation (EU) No 2018/1725).
The present privacy statement outlines the criteria by which EUSPA collects, manages and uses your personal data in relation to the GSC web portal. It further explains the rights you have in relation to your personal data and specifies the contact details of the responsible Data Controller with whom you may exercise your rights, of the Data Protection Officer and of the European Data Protection Supervisor.
Identity of the Controller and Data Protection Officer:
- Controller: European Union Agency for the Space Programme (EUSPA), Head of Galileo Exploitation Department; helpdesk@gsc-europa.eu (in case this email account is not available, users will be informed of the alternative e-mail address).
- DPO: European Union Agency for the Space Programme (EUSPA), Data Protection Officer; dpo@euspa.europa.eu
Identity of the Processors:
Galileo Service Operator – Spaceopal GmbH, Arnulfstrasse 58, 80335 Munich, Germany.
Purpose of processing:
- GSC web portal registration: the purpose of the processing is the establishment of a database of registered users on the GSC web portal (“GSC internal user database”) in order to allow registered users to:
- access the GSC helpdesk service;
- subscribe to email notifications on (1) Newsletters on European GNSS related performances/activities (performance reports, updates of the European GNSS Programme documentation, invitation to European GNSS related events, specific market studies etc.), (2) automatic notifications on Notice Advisory to Galileo Users (“NAGU”), (3) automatic notifications on Galileo products access availability (Galileo Almanac, Galileo Ephemeris, Galileo Clocks and Galileo Orbits), (4) notifications generated by incoming services to which the user could eventually subscribe, (5) OSNMA IDD notifications and (6) Galileo User Satisfaction Survey.
- GSC helpdesk service provided to registered users: the purposes of the processing are:
- the management of queries submitted by registered users;
- the management of queries related to Galileo submitted through E-GNSS call centre;
- the possibility to include tools in the “GNSS Simulation and Testing Tool Infrastructure” (GSTI);
- the management of Galileo Signal in Space (SiS) incidents reports submitted by registered users;
- the management of archived products requests submitted by registered users.
- the management of Galileo PRN Spreading Code Assignment requests submitted by registered users.
- GSC helpdesk service for non-registered users: the purposes of the processing are:
- the management of queries submitted by e-mail;
- the management of queries related to Galileo submitted through E-GNSS call centre;
- the possibility to include tools in the “GNSS Simulation and Testing Tool Infrastructure” (GSTI) through requests submitted by e-mail;
- the management of archived products requests submitted by e-mail.
- High Accuracy Service (HAS) Internet Data Distribution: the purposes of the processing are:
- to allow registered users to receive Galileo HAS corrections through the Ntrip protocol (Networked Transport of RTCM via Internet Protocol);
- to allow registered users to receive HAS IDD notifications in case of relevant service events. For receiving such notifications, users shall give a separate explicit consent when registering to the HAS IDD service.
- to analyse the overall interest of the proposed use case as the granting of connections will be based on its innovation, its benefits to the EU, the existing cooperation agreements with third countries for the use and promotion of EU-GNSS and the need to preserve the security, integrity and resilience of the Galileo System and related services
- Open Service Navigation Message Authentication (OSNMA): the purposes of the processing are:
- to allow registered users to access OSNMA products;
- to allow registered users to receive OSNMA notifications in case of relevant service events. For receiving such notifications, users shall give a separate explicit consent when registering to the OSNMA service.
- Norwegian Radiation Monitor (NORM): the purposes of the processing are
- to allow registered users to receive the NORM data through the GSC
- to analyse the overall interest of the proposed use case as the granting of access will be based on its innovation, contribution to research programmes, its benefits to the EU, etc.
Data/categories of data concerned:
- GSC web portal registration: users submit the following data when registering to the GSC web portal through the registration form (https://www.gsc-europa.eu/user/register):
- username, email address, first and last name.
In case the user does not provide this data, the registration process cannot be completed.
After the registration, the user is invited to voluntarily add some additional personal information (country, function, organisation, type of organisation, type of business or sector) and preferences (market, Galileo services).
- Additionally, users may further authorise the processing of their personal data for the following purposes:
- Subscription to email notifications concerning (1) Newsletter on European GNSS related performances/activities, (2) Notice Advisory to Galileo Users (“NAGU”), (3) Galileo products access availability, (4) OSNMA IDD notifications and (5) Galileo User Satisfaction Survey: only users already registered (i.e. having provided the data mentioned under the first bullet point above) may subscribe to email notifications on automatic products availability notifications, newsletters on European GNSS related performances/activities, automatic NAGU notifications, OSNMA IDD notifications and Galileo User Satisfaction survey. Data subjects may provide the following additional data, which however are not necessary for the purpose of subscribing to any of the afore mentioned services: country of residence, professional function, organisation, type of organisation, type of business sector;
- GSC helpdesk service: only users already registered (i.e. having provided the data mentioned under the first bullet point above) may access the GSC helpdesk service (by using the same ‘username’ when registered through the registration form); there is no need for data subjects to provide any additional personal data; For Galileo related queries submitted through the E-GNSS call centre, only the data necessary for the helpdesk service will be processed (i.e., e-mail address, first and second name, company and user category)
- For the Galileo PRN Spreading Code Assignment requests, only users already registered (i.e. having provided the data mentioned under the first bullet point above) may submit such requests, which require the provision of additional mandatory personal data (i.e., Title, Organization, Telephone, Fax, Address, System Name, Sponsoring Government, ITU filling information, Information related to the requested PRN Code, Justification further request, evidences of interference analysis) for contact purposes and to assess the overall application.
- GSC incident reporting: only users already registered (i.e. having provided the data mentioned under the first bullet point above) may access the GSC incident reporting function; there is no need for data subjects to provide any additional personal data, as the only data that must be provided are related to the incident which is reported (e.g. latitude and longitude of incident’s location, number of occurrences of the incident etc.)
- HAS Internet Data Distribution: only users who have completed the registration may request access to this service, which requires the provision of additional personal data (area of activity/market segment, purpose of the HAS IDD use, access duration, detailed description of intended HAS use) for EUSPA to assess the overall interest of the proposed use case.
- OSNMA: only users who have completed the registration may request access to OSNMA products, which does not require the provision of additional personal data.
- NORM: only users who have completed the registration may request access to NORM data, which require the provision of additional personal data (area of activity, funding programme, name of the related project and detailed description of intended use) for NORM partners to assess the overall interest of the proposed use case.
- Alternatively, unregistered users may contact the GSC Helpdesk and the GSC incident reporting through e-mail ("helpdesk@gsc-europa.eu" or alternative account duly notified to users in case of unavailability of the previous one). In this case, users' email address will be necessary in order to address the users' queries or requests to the GSC Helpdesk service through e-mail. In case the user does not provide this data, the process cannot be completed and no answer will be provided by GSC Helpdesk.
Recipients/categories of recipients of the data processed:
Access to personal data is granted on the basis of the “need to know” principle to a limited number of:
- Staff of the EC;
- Staff of the EUSPA;
- Staff of EUSPA contractors, under the Galileo Service Operator Contract (ref: GSA/CD/14/14), in charge of:
- GSC operations (including user service management);
- GSC web-portal infrastructure provision, maintenance and evolution;
- Staff of EUSPA contractors in charge of:
- providing web services for EUSPA's website www.gsc-europa.eu (such as website design, website hosting including cloud services etc.);
- the evolution of the supporting infrastructure.
- Staff of EUSPA contractors, under the Galileo Service Operator Contract in charge of the "helpdesk@gsc-europa.eu" mailbox maintenance.
- Staff of EUSPA contractors, under the Galileo Service Operator Contract in charge of the "helpdesk@mailbox.gsc-europa.eu" mailbox maintenance and hosting in case the "helpdesk@mailbox.gsc-europa.eu" is active which will be duly communicated to the users:
- HAS IDD user’s organisation: this would be the case when the users:
- request access in their capacity as members of an organisation and they volunteer to share their credentials with other members of the organisation;
- request access in their capacity as members of an organisation for which the maximum capacity has been reached. In such case, users will be invited to liaise with their organisation to understand if another access could be revoked in favour of their request.
- NORM partners:
- European Commission DG DEFIS,
- European Commission DG JRC,
- The Norwegian Space Agency,
- Space Norway HEOSAT.
Any questions received pertaining to EGNOS or GPS could potentially be shared with the EGNOS service provider and the United States Navigation Centre (US-NAVCEN) respectively. In such a case, only the content of the question is shared without the transfer of any other personal data.
Any recipient shall be reminded of its obligation not to use the data received for other purposes than the one for which they were transmitted.
Legal basis/Lawfulness of processing:
Processing is based on the consent of the data subjects (Article 5(1)(d) of Regulation 2018/1725).
More specifically:
- GSC web portal registration: all data subjects interested in registering as users must declare their consent to the treatment of their personal data with the modalities indicated in the present privacy statement for the purpose of establishing a database of registered users, by filling-in an online consent form. Only data subjects which consent to such treatment may proceed with the registration. The consequences of absence/non-provision of the information marked as "mandatory" in the registration form are the inability to create an account in the database and, consequently, to have the user included in the GSC registered user database (and to request the further services indicated below)
- Subscription to email notifications: only users who have completed the registration may access this service; by subscribing to such notifications users declare their informed consent to the further treatment of the personal data which they provided during the registration process or of any additional data they may provide during this step of the process.
- GSC helpdesk service: only users who have completed the registration may access this service, which does not require the provision of any further personal data, except for the "mandatory" data that are required for the Galileo PRN Spreading Code Assignment requests, as described above; by contacting the helpdesk, users declare their informed consent to the further treatment of the personal data which they provided during the registration process. For Galileo related queries submitted through the E-GNSS call centre, users declare their informed consent for the treatment of the necessary data by the GSC helpdesk by remaining in the call after having heard the automated voice message informing them of the processing that will take place and where to find the relevant privacy statement.
- HAS Internet Data Distribution: only users who have completed the registration may requests access to this service, which requires the provision of additional personal data, as defined in section ‘Data/categories of data concerned’ above; by requesting access to this service, users declare their informed consent to the further treatment of the personal data which they provided during the registration process.
- OSNMA: only users who have completed the registration may request access to OSNMA products, which does not require the provision of additional personal data, as defined in section ‘Data/categories of data concerned’ above; by requesting access to this service, users declare their informed consent to the further treatment of the personal data which they provided during the registration process.
- GSC incident reporting: users who have completed the registration may access this service, which does not require the provision of any further personal data; by reporting an incident, users declare their informed consent to the further treatment of the personal data which they provided during the registration process.
Alternatively, all users may access the GSC helpdesk service through e-mail which only requires the provision of the e-mail address. In this case, by sending an e-mail to the GSC helpdesk, users declare their informed consent to the further treatment of the personal data.
Information on the retention period and storage locations of personal data:
All personal data are stored on the servers of EUSPA or of its contractors mentioned above (under the section on “recipients of the data”), which are located in the EU and abiding by the necessary security provisions.
Personal data is kept for the time necessary to fulfil the purpose of collection:
- The retention period for the processing operations 1, 2, 4, and 5 mentioned above is 10 (ten) years;
- The retention period for the processing operation 3 mentioned above and for any personal data submitted via e-mail to helpdesk@mailbox.gsc-europa.eu is 3 days. In exceptional circumstances, owing to the unavailability of the relevant IT tool, the retention period may be extended to 30 days for the purpose of moving the personal data to servers located within the European GNSS Service Centre and removing them from the cloud servers.
In order to protect your personal data, EUSPA has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.
EUSPA’s processors (contractors) are bound by a specific contractual clause for confidentiality and for any processing operations of your personal data on behalf of EUSPA. The processors have to put in place appropriate technical and organisational measures to ensure the level of security, required by EUSPA.
Erasure of users’ personal data:
Users’ personal data will be deleted in the following cases:
- once the 10-year retention period indicated under section “Information on the retention period and storage locations of personal data” above expires;
- once a user is no longer registered at the GSC web portal. Users can unregister either from the personal area through the tab "edit" and button "Cancel Account", or by sending an email to helpdesk@gsc-europa.eu or alternative e-mail account duly notified to users in case of unavailability of the previous one.
- if the GSC stops providing its services;
- if a user revokes consent to the processing as explained under the section “the data subjects’ rights” below;
- if a user exercises his/her right of erasure of personal data and the statutory provisions explained under the section “the data subjects’ rights” below are met
In all the cases above, the following modalities will apply:
- In case the 10-year retention period has expired or in case the GSC stops providing its services:
- personal data will be deleted from all storage locations
- In case the 10-year retention period has not expired and the GSC continues providing its services:
- personal data in the GSC operational databases will be deleted immediately, with the exception of the users’ personal data which are stored in the “Jira Service Desk”; the personal data from the “Jira Service Desk” are deleted manually at frequent intervals, therefore the deletion may not be immediate;
- personal data present in backups (i.e. for archiving purposes) will not be deleted before the expiry of the 10-year retention period, however adequate safeguards are in place to ensure that the personal data of data subjects who have withdrawn consent will not be reintroduced to the operational databases in case an archived backup is restored
The data subjects’ rights:
Data subjects have the right:
- to obtain confirmation as to whether or not their personal data are being processed, access the data and obtain detailed information on the processing;
- of rectification of inaccurate personal data;
- of erasure of personal data if the statutory provisions1 are met and subject to provisions under section "Erasure of users' personal data" above
- of restriction of processing if the statutory provisions2 are met;
- to data portability;
- to withdraw their consent to processing of their personal data at any time – this shall not affect the lawfulness of the processing which occurred before such withdrawal;
- to lodge a complaint at any time to the European Data Protection Supervisor (EDPS) at edps@edps.europa.eu should they consider that the processing operations do not comply with Regulation (EU) 2018/1725.
Any request for the exercise of any of the abovementioned rights shall be addressed at helpdesk@gsc-europa.eu or alternative e-mail account duly notified to users in case of unavailability of the previous one; data subjects are kindly requested to describe their requests explicitly.
Contact information:
- Regarding the processing of your personal data: helpdesk@gsc-europa.eu or alternative e-mail account duly notified to users in case of unavailability of the previous one.
- Regarding the interpretation, application or breach of Regulation (EU) 2018/1725: EUSPA Data Protection Officer (DPO) at dpo@euspa.europa.eu.
1 Currently Article 19 Regulation (EU) 2018/1725.
2 Currently Article 20 Regulation (EU) 2018/1725.