Last Updated: January 2026

---

1. Data Controller

The data controller responsible for your personal data is:
Competition Platform Organization
Email: esa-competition@amsat-uk.org

2. Data We Collect

When you register and use this platform, we collect and process the following personal data:

• Account Information: Username, email address, encrypted password
• Profile Data: User role (participant, project lead, judge, admin)
• Team Information: Team memberships, project lead assignments
• Activity Data: Login timestamps, team activities, specification views
• Technical Data: IP address, browser type, session cookies

3. Purpose of Data Processing

We process your personal data for the following purposes:

• Account Management: To create and maintain your user account
• Competition Administration: To manage teams, specifications, and competition activities
• Communication: To send important updates about the competition
• Security: To protect against unauthorized access and ensure platform security
• Legal Compliance: To comply with legal obligations

4. Legal Basis for Processing

We process your personal data based on:

• Consent: You have given explicit consent for registration and participation
• Contract Performance: Processing is necessary for competition participation
• Legitimate Interest: For platform security and improvement
• Legal Obligation: To comply with applicable laws

5. Data Sharing

Your personal data may be shared with:

• Team Members: Your username and email are visible to your team members
• Competition Organizers: Admins and judges can view participant information
• Service Providers: Hosting and technical service providers (under strict data protection agreements)

We do not sell your personal data to third parties.

6. Data Retention

We retain your personal data:

• Active Accounts: For the duration of your account and competition participation
• After Account Deletion: Anonymized data may be retained for statistical purposes
• Legal Requirements: As required by law (typically 6-7 years for financial records)

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

8. Cookies and Tracking

We use the following cookies:

• Authentication Cookie: Essential for maintaining your login session (expires after 24 hours)
• No Third-Party Tracking: We do not use analytics or advertising cookies

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Passwords are encrypted using bcrypt hashing
• HTTPS encryption for data transmission (in production)
• Regular security updates and monitoring
• Access controls and role-based permissions
• Regular backups with secure storage

10. International Data Transfers

Your data is stored on servers located in [specify location]. If data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

11. Children's Privacy

This platform is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes via email or platform notification. Continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact & Complaints

Data Protection Officer:
Email: esa-competition@amsat-uk.org
Phone: +1 (555) 123-4567

Right to Lodge a Complaint:
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.