General Data Protection Regulation Notice
Effective Date: September 2022
The General Data Protection Regulation (GDPR) applies to users of JPL’s websites or mobile applications who are residents of the European Union (EU) or the European Economic Area (EEA) (consisting of the European Union, Iceland, Lichtenstein, and Norway). The law sets forth a framework for various individual rights on how personal data can be used, processed, transmitted, and protected. JPL is committed to take reasonably necessary steps to ensure that your personal data is protected consistent with GDPR requirements.
Legal Basis
Under the GDPR, JPL is required to have a legal basis for collecting personally identifiable information (PII) from residents of the EU and the EEA. The legal basis depends on the circumstances in which we collect and use your PII and is described more fully in the applicable privacy notice. The basis for our processing of your PII will fall into one or more of the following categories:
- It is necessary to perform and facilitate contractual duties;
- It is necessary to protect the interests of the data subject or another person;
- There is a legitimate interest in understanding how our site is being used;
- There is a legitimate interest in carrying out our business purposes;
- There is a legitimate interest in cybersecurity;
- There is a legitimate interest in meeting our obligations and enforcing our legal rights; or
- You have provided your consent.
International Transfers
Data that you provide to us may be transferred to, and stored at, a destination outside the EU or the EEA. For instance, this happens when it is processed or maintained by staff and/or systems operating in the United States. The information that you provide to us is stored on our secure servers or those of our service providers. We will take reasonably necessary steps to safeguard your data securely.
Data Retention
We will retain your PII for as long as necessary to meet the uses described in JPL’s applicable privacy notice and in compliance with business requirements and legal document retention obligations. Even where you have exercised one of the rights listed below with respect to your personal data, we may have the right to retain your personal data for various purposes, including compliance with legal obligations, the performance of tasks carried out in the public interest, archiving purposes in the public interest, scientific or historical research purposes, statistical purposes, or the establishment, exercise, or defense of legal claims.
Your Rights
Website or mobile application users located in the EU or EEA are provided with the following rights:
- The right to be informed about the collection and use of your personal data;
- The right to object to the processing of your personal data;
- The right to rectification of any of your personal data that is inaccurate or incomplete;
- The right to request the deletion of your personal data;
- The right to restrict or limit the ways in which we process your personal data;
- The right to transfer or obtain a copy of your personal data in an easily accessible format;
- The right to withdraw consent;
- The right to withhold consent to automated individual decision-making processes;
- The right to complain to a supervisory authority.
Please note that the above rights are not absolute. JPL may be entitled to reject requests where certain exceptions apply. To submit a request to the Privacy Manager to delete your data, please visit: https://www.jpl.jobs/emailpersonalinfo
For Additional Information about the GDPR
If you want more in depth detail about the GDPR, you can read the full text of the EU legislation [PDF].
Contact Information
If you have questions about JPL’s policy on Confidentiality of Private Information, this or other JPL’s privacy notices, Caltech's privacy practices, or any other aspect of your privacy and the security of your PII, please contact our Privacy Manager at:
Privacy Manager
JPL
4800 Oak Grove Dr,
Pasadena, California 91109
Phone: 818-354-4447
gdpr@jpl.nasa.gov