Privacy Policy FOR EU CITIZENS

Space Angels Holdings, Inc.

Website Privacy Policy

Effective date: 
25 May 2018

This notice applies only to Space Angel’s processing of personal data about EU residents. It supplements our Global Privacy Policy where explicitly set out in this policy.

Space Angels Holdings, Inc. d.b.a. Space Angels, Inc. (“Space Angels”, “we”, “us”, or “our”) recognizes the importance of privacy. We hold transparency in high priority and as such are providing a disclosure of our use of information.

Where processing of personal data is undertaken by an entity controlled by, or under common control with Space Angels (an “affiliate”) for their own purposes, these affiliates could also be controllers of your personal data. The list of affiliate controllers, their addresses for the purpose of getting in contact with them and, where applicable, the contact details of their representative are available [here].

In this Privacy Policy, we describe how we collect, use, and disclose information that we obtain about visitors to our website spaceangels.com (the “Site”), what we do with this information, how you might access it and who it might be shared with, as well as the services available through our Site (collectively, the “Services”).

Your use of our Site or Services, and any dispute over privacy, is subject to our Terms of Use (“Terms”), including its applicable limitations on damages and the resolution of disputes.

What Personal Data We Collect
Personal data is any information relating to an identified or identifiable living person.

We collect information about you directly from you, as well as automatically through your use of our Site or Services.

  • Personal data we collect directly from our general emailing list. All visitors to our Site may browse our Site, but in order to use certain Services (e.g., access the Member Portal or to receive our newsletter) we will collect certain information from you. The information we collect from you includes your full name and email address. We will also collect any information that you voluntarily provide to us, such as interests and affiliations (where you work). We may also collect information about you from third parties, such as social media. We may combine automatically collected information with other information that we have collected about you.
  • Personal data we collect directly from our members. All visitors to our Site may browse our Site, but in order to use certain Services (e.g., access the Member Portal) we will collect certain information from you. The information we collect from you may, in the context of administering your investments or otherwise, include your name, social security number, driver’s license number or other identification number, contact information (including mobile phone number, address, and email address), financial account information, and credit or debit card information. We will also collect any information that you voluntarily provide to us, such as demographic information (e.g., your industry) and investment-related information. We may also collect information about you from third parties, such as social media. We may combine automatically collected information with other information that we have collected about you.
  • Personal data we collect automatically. We automatically collect information such as the following about your use of our Site or Services through cookies and other technologies: domain name; browser type; device ID; operating system type; device name and model; pages or screens you view; links you click; IP address; when and the length of time you visit or use our Services; and the referring URL, or the webpage that led you to our Site.

Purposes for Collecting your Personal Data
We use the information that we collect about you for the following purposes:

  • A. Providing Our Services. To provide our Services to you, including to evaluate membership and investors; processing and fulfilling investments; and for other customer service purposes.
  • B. Tailoring Content. To tailor the content and information that we may send or display to you, and to otherwise personalize your experiences while using our Site or Services.
  • C. Communicating with You. To communicate with you about your use of our Services; to respond to your inquiries.
  • D. Marketing. Where we have permissions, to provide you with news and newsletters, to contact you about products or information we think may interest you, and for other marketing, advertising, and promotional purposes.
  • E. Analyzing Use of Our Services. To better understand how users access and use our Site and Services, both on an aggregated and individualized basis; to respond to user desires and preferences; and for other research and analytical purposes.

What is Our Legal Basis for Processing Your Personal Data?

Where you are an EU citizen using our Site or our Services, we require a legal basis to process your data. The personal data processing described in this notice is:

i. Necessary for entry into, or performance of, a contract with you; This applies to the processing purposes described in sections A and C above.
ii. Necessary for the legitimate interest of Space Angels, where these are not overridden by your interests or fundamental rights and freedoms (as described below); This applies to the processing purposes described in sections B, D (where permitted by law) and E above.
iii. Necessary in order to comply with our legal obligations under certain U.S. regulatory bodies, in particular the Internal Revenue Service.
iv. In limited circumstances and to the extent the legal bases for processing set out above do not apply, processed with your consent (which we obtain from you from time to time). To the extent we are relying on your consent to process your personal data, you have the right to withdraw your consent to such processing at any time. You can do this by contacting [website@spaceangels.com].

The ‘legitimate interests’ referred to above are:

  • The processing purposes described in above, to the extent the processing is not necessary in order to (i) comply with our legal obligations under certain laws or (ii) to enter into any contract with you and fulfil our obligations thereunder;
  • Meeting and complying with our accountability requirements and regulatory obligations globally; and
  • Exercising our fundamental rights and freedoms, including our freedom to conduct a business.

Marketing Purposes
We may use your personal data to send you direct marketing communications about products or our related services. This will be in the form of email or targeted online advertisements.

Unless we are asked not to (e.g. you have opted out), we use corporate business contact details to provide information that we think will be of interest to you about us and our services via email.

Where we require explicit opt-in consent for direct marketing via electronic communications, including SMS, we will ask for your consent. You can withdraw your consent to such processing at any time, however, you should be aware that if you choose to withdraw your consent we will tell you more about the possible consequences, including if this means that certain services (in particular where you have applied for newsletter updates) can no longer be provided. Where we do not require opt-in consent, we will be relying on our 'Legitimate Interests' for the purposes of GDPR.

We also use your personal data for customizing or personalizing advertisements, offers and content made available to you based on your use of our Site or Services, and analyzing the performance of those advertisements, offers and content, as well as your interaction with them. We may also recommend content to you based on information we have collected about you and your viewing habits. This constitutes 'profiling'.

How We Disclose Your Personal Data
We disclose information to Space Angel affiliates to enable us to operate a global business. We may also disclose the information that we collect about you, including personal information, with the following entities:

  • Space Angels Entrepreneurs or Investors. We may make your information available to your fellow members and other entrepreneurs or investors if and when you become a member, as part of providing our services.
  • Service Providers. We may also disclose the information that we collect about you, including personal information, to certain third parties in order to help manage our business and deliver our services. These third parties may from time to time have to access your personal data, and include: web developers, vendors in order to manage our IT systems.
  • Regulators. Our regulators, such as the ICO, and other regulators and law enforcement agencies in the EU and round the world. We may also disclose your information in order to comply with the law, a judicial proceeding, subpoena, court order, or other legal process.
  • Solicitors and other professional services. Where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms or this Privacy Policy, or as evidence in litigation in which we are involved.
  • It may also include other business entities which may acquire Space Angels, for example as part of bankruptcy proceedings.

Cookies and Other Tracking Mechanisms
We and our service providers use cookies and other tracking mechanisms to track information about your use of our Site or Services. A cookie is a small file of letters and numbers, which are transferred to your computer's hard drive or mobile device when you visit the website. The cookies are then sent back to the originating website on each subsequent visit or to another website that recognizes that cookie. We or our service providers may combine this information with other personal information we collect from you. We will only do this based on your consent, which we may assume based on your continued use of cookies.

Do Not Track. Our Site does not respond to Do Not Track signals, but we do not track your activities once you leave our Site. You may disable certain tracking as discussed in this section (e.g., by disabling cookies).

Cookies. In order to make our Site as user-friendly as possible, we - like many other companies, use "cookies". We or our service providers may use cookies to track visitor activity on our Site, such as the pages visited, and time spent on our Site. Most browsers allow users to refuse cookies. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies may not be able to browse certain areas of the Site. For further information please see: All About Cookies and http://www.youronlinechoices.eu/

Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies, which are embedded invisibly on web pages.  We or our service providers may use clear GIFs (also known as web beacons, web bugs or pixel tags), in connection with our Site to track the activities of visitors to our Site, help us manage content, and compile statistics about usage of our Site.  We or our service providers may also use clear GIFs in HTML emails to our users, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Third-Party Analytics. We use service providers, such as Google Analytics, to evaluate the use of our Site and our Services. We or our service providers use automated devices and applications to evaluate use of our Site and Services. We or our service providers use these tools to help us improve our Site, Services, performance, and user experiences. These entities may use cookies and other tracking technologies, such as web beacons or Flash LSO, to perform their services. Google's Privacy Policy, which explains how Google Analytics uses your information, can be found here:  https://www.google.com/policies/privacy/.

Third-Party Links
Our Site and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Privacy Policy but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.

Security
We have taken steps to help protect the information we collect about you from loss, misuse, unauthorized access, disclosure, alteration, and destruction. However, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your account by, among other things, choosing a robust password that nobody else knows or can easily guess and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.Your

Rights
If you are an EU citizen, under the GDPR, you have a number of rights with regard to your personal data.

Access. You can ask us to: confirm whether we are processing your personal data; give you a copy of that data; provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.

Rectification. You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.Erasure. You can ask us to erase your personal data, but only where: it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see 'Objection' below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.

Restriction. You can ask us to restrict (i.e. keep but not use) your personal data, but only where: its accuracy is contested (see 'Rectification' above), to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal data following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.

Objection. You can object to any processing of your personal data which has our 'legitimate interests' as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another Data Controller, but only where our processing is based on your consent and the processing is carried out by automated means.

Withdrawal of Consent. You can withdraw your consent in respect of any processing of personal data which is based upon a consent which you have previously provided. You can withdraw your consent by contacting us using the details provided below or using the unsubscribe links in the emails.If you wish to exercise any of these rights, you can do so by sending an email to website@spaceangels.com. Please note the following if you do wish to exercise these rights:

Identity. We take the confidentiality of all records containing personal data seriously and reserve the right to ask you for proof of your identity if you make a request.

Fees. We will not ask for a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances.

Timescales. We aim to respond to any valid requests within one month unless it is particularly complicated, or you have made several requests, in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can help by telling us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.

Exemptions. Local laws provide for additional exemptions, in particular to the right of access, whereby personal data can be withheld from you in certain circumstances, for example where it is subject to legal privilege.

International Transfers For operational reasons, some Space Angel affiliates, with whom we share your data, and our service providers who have access to your personal data, are located outside of your country. We may also share your personal data overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests, in particular we will either:

  • Only transfer your personal data to countries which are recognized as providing an adequate level of legal protection; or
  • Ensure transfers outside of your country are subject to additional safeguards required under local law - for example, the EU Model Clauses and/or the EU - U.S. Privacy Shield.

You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Contact us if you would like further information or to request a copy where the safeguard is documented (which may be redacted to ensure confidentiality).

How long do we keep your personal data?
We will retain your personal data for as long as is reasonably necessary for the purposes listed in this notice. In particular, where there has been no interaction (e.g. a log-in, email open, newsletter sign up,) a record will be archived after [2] years and deleted after [6] years, unless an exemption applies as follows:
Where we are required to do so to meet legal, regulatory, tax or accounting requirements, we will retain your personal data for longer periods of time, but only where permitted to do so, including so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your personal data or dealings. We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required, and we do not have a legal requirement to retain it, we will ensure it is either securely deleted or stored in a way such that it is anonymized, and the personal data is no longer used by the business.

Changes to this Privacy Policy
This Privacy Policy is current as 25 May 2018. We may change this Privacy Policy from time to time, so please be sure to check back periodically. We will post any changes to this Privacy Policy on our Site. If we make any changes to this Privacy Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change.

Contact Us
If you have questions about the privacy aspects of our Site or Services, please contact us at website@spaceangels.com.If you remain dissatisfied, you have the right to reach out directly to the Data Protection Authority in your jurisdiction, which for example is the ICO in the UK. We do ask that you please attempt to resolve any issues with us first, although you have a right to contact the Data Protection Authority at any time.