The information collected on this application form will be shared internally with EarthEcho International for the purposes of reviewing the applicant information, selecting potential expedition fellows from among the applicants, and publicly sharing information about selected expedition participants on its website. Information submitted by applicants who are not selected as fellows will not be shared outside of EarthEcho International. Unsuccessful applicants can ask EarthEcho International to delete their data from our servers at any time by May 2021. Applicants selected by EarthEcho International to be fellows will be provided with a written agreement to complete and return to EarthEcho International.
Information provided by those applicants who are selected and return a signed agreement to EarthEcho International (the “expedition participants”) will be shared with Northrop Grumman Systems Corporation, a sponsor of the expeditions program. For purposes of The General Data Protection Regulation 2016/679, EarthEcho International acts a controller of application data when it collects and processes personal information submitted on applications in order to select participants for the expedition, and Northrop Grumman Systems Corporation acts as a controller in requesting consent from expedition participants, and upon consent when it processes personal information from expedition participants, gained from the expedition participants for the purpose of using expedition participant’s name, audio, photos and/or film in internal and external communications promoting the expedition.
(a) Both EarthEcho International and Northrop Grumman are responsible advising EarthEcho Expedition Fellows applicants (the data subjects) the purposes for processing their personal data, the retention periods for that personal data, who it will be shared with, how it will be protected and how EarthEcho Expedition Fellows applicants (the data subjects) can exercise their rights under The General Data Protection Regulation 2016/679.
(b) Both EarthEcho International and Northrop Grumman are responsible for implementing appropriate technical and organisational measures in such a manner that processing will meet the requirements of The General Data Protection Regulation 2016/679 and ensure the protection of the rights of the data subject.
In the case of a personal data breach, the controller that has experienced the breach shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with GDPR Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
The legal basis for the data processing conducted by EarthEcho International and Northrop Grumman Systems Corporation is the consent of the applicants who provide that information. Applicants shall have the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Subject to applicable law, data subjects have the right to request, from either controller, access to and rectification or erasure of their personal information, or the restriction of our use of their personal information, or to object to the processing of their personal information. Applicants can email (email@example.com) to make such a request with EarthEcho International, or firstname.lastname@example.org to make such a request with Northrop Grumman Systems Corporation.
EarthEcho International and Northrop Grumman Systems Corporation, and their servers, are located in the United States. Applicants should be aware that their data will be transferred to the United States and that the European Commission has not found United States law to adequately protect the rights of data subjects. EarthEcho International and Northrop Grumman Systems Corporation take reasonable precautions to ensure that all processing activities conducted on their behalf are compliant with The General Data Protection Regulation 2016/679. Under that regulation, EU users who believe their data has been misused have the right to lodge a complaint with their Member State’s supervisory authority.