Effective Date: May 25, 2018
Space Capital (“Space Capital”, “we”, “us”, or “our”) recognizes the importance of privacy. We hold transparency in high priority and as such are providing a disclosure of our use of information.
Where processing of personal data is undertaken by an entity controlled by, or under common control with Space Capital (an “affiliate”) for their own purposes, these affiliates could also be controllers of your personal data. The list of affiliate controllers, their addresses for the purpose of getting in contact with them and, where applicable, the contact details of their representative are available [here].
What Personal Data We Collect
Personal data is any information relating to an identified or identifiable living person.
We collect information about you directly from you, as well as automatically through your use of our Site or Services.
Purposes for Collecting your Personal Data
We use the information that we collect about you for the following purposes:
What is Our Legal Basis for Processing Your Personal Data?
Where you are an EU citizen using our Site or our Services, we require a legal basis to process your data. The personal data processing described in this notice is:
The ‘legitimate interests’ referred to above are:
We may use your personal data to send you direct marketing communications about products or our related services. This will be in the form of email or targeted online advertisements.
Unless we are asked not to (e.g. you have opted out), we use corporate business contact details to provide information that we think will be of interest to you about us and our services via email.
Where we require explicit opt-in consent for direct marketing via electronic communications, including SMS, we will ask for your consent. You can withdraw your consent to such processing at any time, however, you should be aware that if you choose to withdraw your consent we will tell you more about the possible consequences, including if this means that certain services (in particular where you have applied for newsletter updates) can no longer be provided. Where we do not require opt-in consent, we will be relying on our 'Legitimate Interests' for the purposes of GDPR.
We also use your personal data for customizing or personalizing advertisements, offers and content made available to you based on your use of our Site or Services, and analyzing the performance of those advertisements, offers and content, as well as your interaction with them. We may also recommend content to you based on information we have collected about you and your viewing habits. This constitutes 'profiling'.
How We Disclose Your Personal Data
We disclose information to Space Angel affiliates to enable us to operate a global business. We may also disclose the information that we collect about you, including personal information, with the following entities:
Cookies and Other Tracking Mechanisms
Do Not Track. Our Site does not respond to Do Not Track signals, but we do not track your activities once you leave our Site. You may disable certain tracking as discussed in this section (e.g., by disabling cookies).
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies, which are embedded invisibly on web pages. We or our service providers may use clear GIFs (also known as web beacons, web bugs or pixel tags), in connection with our Site to track the activities of visitors to our Site, help us manage content, and compile statistics about usage of our Site. We or our service providers may also use clear GIFs in HTML emails to our users, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
We have taken steps to help protect the information we collect about you from loss, misuse, unauthorized access, disclosure, alteration, and destruction. However, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your account by, among other things, choosing a robust password that nobody else knows or can easily guess and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
If you are an EU citizen, under the GDPR, you have a number of rights with regard to your personal data.
Access. You can ask us to: confirm whether we are processing your personal data; give you a copy of that data; provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.
Rectification. You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.Erasure. You can ask us to erase your personal data, but only where: it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see 'Objection' below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
Restriction. You can ask us to restrict (i.e. keep but not use) your personal data, but only where: its accuracy is contested (see 'Rectification' above), to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal data following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
Objection. You can object to any processing of your personal data which has our 'legitimate interests' as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another Data Controller, but only where our processing is based on your consent and the processing is carried out by automated means.
Withdrawal of Consent. You can withdraw your consent in respect of any processing of personal data which is based upon a consent which you have previously provided. You can withdraw your consent by contacting us using the details provided below or using the unsubscribe links in the emails.If you wish to exercise any of these rights, you can do so by sending an email to firstname.lastname@example.org. Please note the following if you do wish to exercise these rights:
Identity. We take the confidentiality of all records containing personal data seriously and reserve the right to ask you for proof of your identity if you make a request.
Fees. We will not ask for a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances.
Timescales. We aim to respond to any valid requests within one month unless it is particularly complicated, or you have made several requests, in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can help by telling us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.
Exemptions. Local laws provide for additional exemptions, in particular to the right of access, whereby personal data can be withheld from you in certain circumstances, for example where it is subject to legal privilege.
International Transfers For operational reasons, some Space Capital affiliates, with whom we share your data, and our service providers who have access to your personal data, are located outside of your country. We may also share your personal data overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests, in particular we will either:
You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Contact us if you would like further information or to request a copy where the safeguard is documented (which may be redacted to ensure confidentiality).
How long do we keep your personal data?
We will retain your personal data for as long as is reasonably necessary for the purposes listed in this notice. In particular, where there has been no interaction (e.g. a log-in, email open, newsletter sign up,) a record will be archived after  years and deleted after  years, unless an exemption applies as follows:
Where we are required to do so to meet legal, regulatory, tax or accounting requirements, we will retain your personal data for longer periods of time, but only where permitted to do so, including so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your personal data or dealings. We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required, and we do not have a legal requirement to retain it, we will ensure it is either securely deleted or stored in a way such that it is anonymized, and the personal data is no longer used by the business.
If you have questions about the privacy aspects of our Site or Services, please contact us at email@example.com. If you remain dissatisfied, you have the right to reach out directly to the Data Protection Authority in your jurisdiction, which for example is the ICO in the UK. We do ask that you please attempt to resolve any issues with us first, although you have a right to contact the Data Protection Authority at any time.