1. Who we are (Controller)

The controller is the public legal entity "Space Agency of the Republic of Azerbaijan (Azercosmos)". Registered address: [72, Uzeyir Hajibeyli str., AZ1000, Baku, Azerbaijan]. Contact: [+994 12 3100055/info@azercosmos.az].

2. Scope

This Policy covers personal data collected through the Website, including forms such as "Contact Us", newsletter subscriptions, event registrations, recruitment pages, and cookies/online identifiers.

3. Definitions (summary)

"Personal data" means any information relating to an identified or identifiable individual. "Processing" means any operation performed on personal data. Other terms have the meanings given by the laws of the Republic of Azerbaijan, the GDPR, and the CCPA (as amended by CPRA).

4. What data we collect

• •Identification data (name, organization, job title)
• •Contact data (email, phone)
• •Communications (messages you send us)
• •Website usage data and technical data (IP address, device, browser, approximate location, pages viewed, time on page)
• •Cookies and similar technologies (see Section 12 – Cookie Policy)
• •Recruitment data (CV/resume, cover letter) if you apply for a role

5. Sources

We collect data from you directly (forms, emails), automatically via cookies and similar technologies, and, where lawful, from third-party sources or public registries.

6. Purposes of processing

• •To operate and secure the Website
• •To respond to inquiries and provide support
• •To manage events, newsletters, and communications
• •To analyze Website usage and improve content
• •To manage recruitment processes
• •To comply with legal obligations and protect our rights
• •For marketing/communications where permitted by law

7. Legal bases (Azerbaijan & GDPR)

Under the laws of the Republic of Azerbaijan, processing may be based on consent, fulfillment of statutory duties, contract performance, or other grounds defined by law. Under GDPR, processing relies on: (i) consent; (ii) contract performance or steps prior to entering into a contract; (iii) legitimate interests (e.g., Website security, analytics, communications); (iv) legal obligations; and (v) protection of vital/public interests where applicable.

8. CCPA/CPRA categories and purposes (California)

We may process the following categories of personal information (as defined in CCPA/CPRA): identifiers; internet or other electronic network activity information; geolocation (approximate); professional or employment-related information (for recruitment). We use these for the purposes described in Section 6. We do not knowingly sell personal information. We may "share" personal information for cross-context behavioral advertising only with your consent (see Cookie Policy).

9. Data sharing and disclosures

We may disclose personal data to: (i) service providers (hosting, security, analytics, communications); (ii) public authorities where required by law; (iii) professional advisors; and (iv) affiliated public bodies or project partners where necessary and lawful. We implement contractual safeguards (e.g., data processing agreements and, for GDPR, Standard Contractual Clauses for international transfers).

10. International transfers

Personal data may be transferred outside your country. For GDPR-covered transfers, we rely on an adequacy decision (if available) or appropriate safeguards such as Standard Contractual Clauses and supplementary measures. For Azerbaijan law, cross-border transfers are carried out in accordance with applicable legislation.

11. Retention

We retain personal data only as long as necessary for the purposes set out above, or longer if required by law (e.g., records-keeping, litigation, audit). Retention schedules are documented internally; key periods may be requested via the contact listed in Section 1.

12. Cookie Policy (embedded)

Cookies are small files placed on your device to make the Website work, remember preferences, measure performance, and personalize content. We use: (a) strictly necessary cookies; (b) functional/preference cookies; (c) performance/analytics cookies; and (d) advertising/targeting cookies (used only with consent). Cookie settings: You can manage non-essential cookies via our consent banner and settings center at any time. You can also configure your browser to block or delete cookies. Blocking some cookies may affect Website functionality.

13. Your rights

Azerbaijan: access, rectification, blocking, deletion in cases specified by law, withdrawal of consent, and other rights established by legislation. GDPR (EEA): access, rectification, erasure, restriction, portability, objection, and withdrawal of consent; lodge a complaint with an EU supervisory authority. CCPA/CPRA (California): right to know, right to delete, right to correct, right to opt-out of sale/sharing, right to limit use of sensitive personal information (if applicable), and non-discrimination for exercising these rights.

14. Exercising your rights

To submit a request, contact us via info@azercosmos.az. We may need to verify your identity. Authorized agents may submit requests where permitted by law and subject to verification.

15. Children

The Website is not directed to children under the minimum age required by applicable law (e.g., 13 in the U.S., 16 under GDPR unless a lower age is set by a Member State). We do not knowingly collect data from children without appropriate consent.

16. Security

We implement technical and organizational measures appropriate to the risk, including access controls, encryption where reasonable, logging/monitoring, and training. However, no system is 100% secure.

17. Do Not Track / Global Privacy Control

Where required by law, we recognize Global Privacy Control (GPC) signals as an opt-out preference for sale/sharing and targeted advertising cookies.

18. Changes to this Policy

We may update this Policy from time to time. We will indicate the latest version date at the top. Material changes will be notified via the Website or by contacting you where appropriate.