Privacy Statement

Slingshot Aerospace Limited Privacy Policy v6, 26th September 2024

1. Introduction

At Slingshot Aerospace Limited (“Slingshot Aerospace”, “we“, “us“, “our“) we recognise that it is important for you to understand how we use your personal data. Therefore, please read the following details carefully as they contain important information regarding the Slingshot Aerospace products and services, related websites and Slingshot Aerospace platform(s), mobile software applications, forums, blogs and other online or offline offerings (collectively, the “Services“) and the way in which we use your personal data.

This Privacy Policy explains how we use personal data about visitors to, and users of, our Services, including customers and potential customers and about individuals that get in contact with us, our suppliers, agency partners, affiliates, press contacts and those individuals whose personal data we otherwise process in the course of our business. This Privacy Policy also covers data processing related to job applications and our recruitment activities. We will only use personal data in ways that are described in this policy and only ways that are
consistent with our obligations and your rights under applicable data protection laws.

2. Who we are

For the purpose of applicable data protection laws, the “data controller” (in other words, the organisation that determines how and for what purposes your personal data is used) will be Slingshot Aerospace Limited, a company registered in England and Wales with its registered office at Space Systems Operations Facility Spaceport Cornwall, St Mawgan, Newquay, Cornwall, United Kingdom TR8 4HP. The individual responsible for data protection at Slingshot Aerospace Limited is the Data Protection Officer.

3. Personal data we may collect from you and how we collect it

  • Personal data you provide to us directly

Ways in which you might provide the data to us

This is personal data about you that you give us, which can happen in a wide variety of ways, including by:

  • creating an account with us via our Services;
  • making a purchase using our Services;
  • sending us a message through our website;
  • by completing an online form;
  • by inputting through website input fields (including advertisements)
  • corresponding with us by e-mail, telephone, SMS or via our customer service tool on our Services; or
  • mentioning or interacting with us on social media (for example by following/mentioning/tagging us or by contacting us directly).

[It also includes personal data you provide if you complete one of our customer satisfaction surveys, provide us with feedback on our products, search for a product on our Services, report a problem with our Services or products, enter into a contract with us or otherwise provide us with any personal data.]

What type of data might be included?

The personal data you give us may include but is not limited to:

  • your name;
  • postal address;
  • e-mail address;
  • phone number (including mobile number);
  • gender (and preferred salutation);
  • date of birth;
  • social media handle and personal data on your social media account;
  • financial and credit card personal data;
  • IP address;
  • purchase history

If you are one of our suppliers, we will process your business contact details and your job role.

We will only ever ask you to give us personal data which we need in order to provide you with the products or services that you have requested from us. You have the choice on what information to share and the services you want to engage in. You can choose not to provide information to us, but in general some information about you is required in order for you to access certain functionality of the Services, such as those mentioned above or for tracking your preferences, subscribing to a newsletter, or initiating other such actions.

Job applicants

If you apply for a role with us, we will collect a range of information directly from you either by email, over the phone or via an online job application process/system which may include but is not limited to:

  • your name;
  • postal address;
  • e-mail address;
  • phone number (including mobile number);
  • gender (and preferred salutation);
  • date of birth;
  • National Insurance number;
  • your health information (if relevant to your application);
  • the contents of your CV (including details of previous roles, any relevant qualifications you have obtained);
  • evidence that you are legally permitted to work in the United Kingdom;
  • your current and desired annual salary;
  • your current notice period;
  • whether you have previously been employed by us;
  • how you heard about the role you are applying for; and
  • any other information that we reasonably require as part of the recruitment process.

If you are a job applicant and want more detail about how we process your personal data as part of our recruitment process, you can contact our HR department by email at gdpr@slingshotaerospace.com.

Personal data we collect or generate about you.

When you visit our Services or get in touch with us, we may collect, generate, store and use certain personal data about you. In some cases we will use cookies to do this, for further information about the cookies we use and how to opt out of such cookies please see our Cookies Policy here.

This personal data may include:

  • technical information, including: the Internet protocol (IP) address used to connect your computer to the Internet; your login information (if accessing an account with us); browser type and version; time zone setting; browser plug-in types and versions; device types; operating system; time and date of consent and platform; and any phone number used to call our customer service number.
  • information about your visit to our Services, including: the full Uniform Resource Locators (URL); clickstream to, through and from our Services (including date and time); products you viewed, searched for or purchased; page response times; download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs); and methods used to browse our Services.

Slingshot Aerospace may store your information in any country where Slingshot Aerospace or its affiliates, partners, or providers operate facilities, and will retain your information as long as necessary for the purposes outlined in this Privacy Policy.

  • Personal data we receive from other sources.

We may periodically obtain personal data about you from other sources, for example:

  • service providers that help determine your location based on your IP address in order to customise certain products to your location;
  • information generated by your usage of our products and services; and
  • information generated by the use of cookies on our website (see our separate Cookie Policy).

The data we collect in this way includes the following:

  • name and contact data, including first and last name, job title, email address, work postal address, work phone and, if provided, mobile phone and similar contact data; and
  • demographic, including country, city and preferred language.

We use this personal data for the following purposes:

  • for our own legitimate interests in monitoring usage of our services and improving the service provided to our customers;
  • sending journalists press releases of interest; and
  • informing relevant prospective customers about our products and services.

4. Why and how do we use your personal data and what is our “lawful basis” for doing so?

We will only use your personal information when the law allows us to. Whenever we process your personal data, we are required to identify and maintain a valid “lawful basis” (i.e. a legally compliant justification) for the processing. To help you to understand what we do with data and why, we have described the various relevant lawful bases that we rely on in the table below. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.

How and why we use your personal data What is our legal justification for processing your personal data

To carry out our obligations arising from any contractual agreement with you and to provide you with the information and products or services you request. These may include fulfilling your order with us, managing your account with us, and the provision of services related to these purposes to us by our agreed third-party providers, including:

  • To issue credentials, including passwords to allow you to access and operate your account(s).
  • To contact you about your subscription(s) and to provide customer support services to you.
  • To carry out credit checks, to invoice you or your employer for any services you subscribe to and to collect payments due.

We rely on our contractual arrangements with you as the lawful basis on which we collect and process your personal data in relation to an order for products and services.

Alternatively, in some scenarios, we rely on our legitimate interests as a business, including but not limited to:

  • measuring customer satisfaction and troubleshooting customer issues;
  • maintaining our own records and databases;
  • monitoring use of our products and services to ensure usage is in accordance with our terms and conditions of use; and
  • informing our business customers and prospective customers about our products and services.
To measure how satisfied our Services visitors and our customers are and provide customer service (including troubleshooting in connection with the products you purchase from us or when you ask us questions by email, on the phone or on social media).
To process payments and maintain accounts and records.
To prevent or detect crime, fraud or abuses of our Services and to enable third parties to carry out related technical, logistical, research or other functions on our behalf related to these purposes.

In some circumstances we will use your personal data because it’s necessary for us to comply with a legal obligation (for example, if we receive a legitimate request from a law enforcement agency).

In other cases (such as the detection of theft, fraud or ensuring security of our Services) we will rely on our legitimate interests in keeping our employees and our Services secure and to prevent theft and fraud.
To send you newsletters, updates, information about new products or services that we think might interest you, to send you other promotional and marketing information via email, telephone or post.

Unless we are contacting you in a business to business capacity, we will only use your personal data to send you electronic marketing messages if we have consent from you to do so (or if you are an existing customer and have not opted out of receiving marketing materials).

In some cases, we will rely on our legitimate interests to send these types of communication (our legitimate interest in marketing and advertising our products).

You can amend your preferences or opt out from marketing communications by using the unsubscribe links within our marketing messages, or by contacting us at any time at the contact details set out in this Privacy Policy below.
To measure or understand the effectiveness of advertising we serve to you.
To carry out market research or similar surveys.

To use the reviews, comments and feedback that you leave on our Services or provide to us for our own advertising purposes.

We may use a review, comment or piece of feedback that you submit in our advertising campaigns, such as in press and digital advertising, on our social media pages, in our email marketing or on our Services.

 We have a legitimate interest to promote our own products and services and to use the reviews, comments and feedback that you provide to us to do so.

To find out more about the visitors to our Services and our customer base as a whole (and not to find out more about you as an individual) to ensure that the products and services that we offer are most likely to interest our Services visitors and customers.

We may use cookies to do this.

We have a legitimate interest to make sure that we are providing you with the information that we think is most relevant to you.

We will not place cookies other than “strictly necessary” cookies on your device unless you have told us that you are happy for us to do so. For information on how we use cookies, please see our Cookies Policy.
To notify you about changes to our Services and terms and conditions. We rely on our contractual arrangements with you as the lawful basis for this processing. In some cases, we rely on our legitimate interests as a business to send you these updates.
For administrative or business purposes, where you contact us for a particular reason other than those set out above, such as to report problems with our Services. We have a legitimate interest to respond to your contact for the purposes of administering our business.
If you are a job applicant, we will use your personal data to assess your suitability for the role and to make recruitment decisions.

We have a legitimate interest in recruiting talent into our business and assessing candidates to ensure that we are making fair and appropriate recruitment decisions.

We may process some of your data on the basis of a legal obligation that applies to us as an employer (e.g. in some territories, this may require us to process data relating to race, religion, gender or disability/health).
We use CCTV in our offices, for the safety of and prevention of any crimes committed against our staff, our equipment and our properties, not for other monitoring purposes. For transparency, this is operated by a third party as the office building includes other businesses.

We have a legitimate interest to ensure the safety of and prevention of any crimes committed against our staff, our equipment and our properties.

In some circumstances we will use your personal data because it’s necessary for us to comply with a legal obligation (for example, in the event of any criminal investigations, we may be required by law, to share the data captured with the relevant authorities.).

 

5. What if you fail to provide personal data?

Please make sure you provide us with certain information when requested as if you don’t we may not be able to perform the contract we have entered into with you (such as, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

6. Change of purpose

We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain our legal justification for doing so and we will provide you with any relevant further information. We may also issue a new privacy policy to you.

7. How we share your personal data

  • Third party suppliers and service providers involved in our contractual relationship
    with you

Like most businesses, we work with partners, third party suppliers, contractors, agents and service providers as part of the day to day operations of our business. Some of these trusted suppliers will process your personal data on our behalf and provide services to us such as the provision of ecommerce platforms/solutions (and associated applications) which enable payment processing, marketing, order fulfilment, and so on.

We will always make sure that these trusted suppliers meet agreed standards for the protection of your personal data and they will only ever be allowed to use your personal data in order to provide us with services and not for their own commercial purposes. We require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with applicable data protection law.

Please note that our partners may contact you as necessary to obtain additional information about you, facilitate any use of the Services, fulfil orders, or respond to a request you submit. We may share generic aggregated demographic information not linked to any personal information with our business partners, trusted affiliates and advertisers.

We do not sell your personal information to third party companies, with the exception that we do collect the name, position and email of senior industry personnel for publication in our paid-for services.

For conference delegates, delegate names, job title and organisation may be shared with other delegates. Emails will not be shared without explicit permission.

We transfer personal data to the following categories of recipients:

  • companies who we appoint under contract to host our Services;
  • companies or individuals who we appoint to provide services to us which include processing personal data; and
  • actual or potential business partners who need access to personal data to evaluate or carry out a business relationship or to conclude a transaction with us.

 

  • Other scenarios in which we might share your personal data

We may also share your personal information:

  • with government authorities or professional bodies, such as HM Revenue & Customs in the United Kingdom (for tax purposes);
  • with our professional advisors including tax, legal or other corporate advisors who provide
    professional services to us;
  • with regulators, law enforcement or fraud prevention agencies, as well as our legal advisers, courts, the police and any other authorised law enforcement bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters etc.;
  • in the event that we consider selling or buying any business or assets we will disclose your personal information to any prospective sellers or buyers of such business or assets;
  • in the event of any insolvency situation (e.g. administration or liquidation);
  • if we, or substantially all of our assets, are acquired by a third party, in which case your personal information will be one of the transferred assets;
  • to protect the rights, property or safety of our employees, workers, contractors, clients, or others. This includes exchanging your personal information with other companies and organisations (including without limitation the local police or other local law enforcement agencies) for the purposes of our employee, worker, contractor and client safety, crime prevention, fraud protection and credit risk reduction; or
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.

 

  • Aggregated information

We may publish, share, distribute, or disclose personal information that has been aggregated with information from other users or otherwise de-identified in a manner that does not allow such data about you to be separated from the aggregate data and identified as originating from you, to third parties, including Slingshot Aerospace partners, sponsors, and advertisers. Such information may help Slingshot Aerospace identify and analyse training, demographic, and psychographic trends and information, and report to third parties how many people saw, visited, or clicked on certain content, areas of the Services, ads, or other materials. We may also use such data for research purposes.

8. How do we protect your personal data?

We take the security of your personal data very seriously and have put in place physical, technical, operational and administrative strategies, controls and measures to help protect your personal data from unauthorised access, use or disclosure as required by law and in accordance with accepted good industry practice. We will always keep these under review to make sure that the measures we have implemented remain appropriate. You can obtain further information about these measures from our Data Protection Officer (using the contact details set out in this Privacy Policy below).

The safeguards we have put in place to ensure that our contractors and other third parties keep your personal data secure and confidential and use it only as authorised by us are as follows:

  • we require all employees and third parties to whom we disclose personal data to enter into a contract with us that includes confidentiality obligations, and limit access to those who process your personal data on our instructions, and have a business need to know in order to perform their job duties and responsibilities;
  • we carry out such due diligence as is reasonably necessary in relation to the technical and organisational measures used by our suppliers to ensure that personal data is processed securely; and
  • we may use data processors located outside the European Economic Area only after taking such steps as are required to ensure that personal data they process on our behalf receives protection equivalent to that provided in the EEA. Our processors are either certified as compliant with the EU U.S. Privacy Shield Framework where they are located in the USA or have entered into an agreement with us containing the model clauses approved by the European Commission as providing contractual protection equivalent to that provided by the data protection regulations applicable in the EEA. To learn more about the Privacy Shield program, please visit privacyshield.gov.

9. How long do we keep your personal data?

We will only retain personal data for as long as necessary, and only where we have a lawful basis to do so.

We retain personal data for the following periods: –

  • for customers’ users we retain data while we are contracted. Post-termination, we will retain information in the same way as other prospective customers as follows:
    • For prospective customers, we retain data up to three years post receipt, renewed consent or customer contract termination.
    • For recipients of our e-news service, we retain required personal data while they are receiving the service. Bouncing (invalid) emails and related personal details are retained for up to one year.
  • After that time, unless there is a need to retain that data for purposes connected with protecting our interests or those of third parties we will permanently erase all data from our IT systems other than that needed to comply with our statutory obligations, and we will also require third parties to destroy or erase such personal data where applicable.
  • In some circumstances we may anonymise your personal data so that it can no longer be associated with you. In this case, we may retain such information for a longer period without further notice to you.

10. Your rights in relation to your personal data

It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes so that our records can be updated. We cannot be held responsible for any errors in your personal information in this regard unless you have notified us of the relevant change.

Data protection law grants you a number of specific rights in respect of your data in addition to the broad and general right to have your data protected. We have set out some information in respect of each of those specific rights, below:

  • Right to be informed about how your personal information will be processed. This enables you to receive information about how we use your personal information. We have set this information out in this policy.
  • Request access to your personal information (commonly known as a “data subject access request“). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request the updating and correction of the personal information that we hold about you.
  • Request erasure of your personal information (commonly known as the “right to be forgotten“). This enables you to ask us to delete or remove personal information where it is excessive or there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). Where allowed by applicable law there may be an administrative charge for supply of copies of data and we may also require you to provide us with appropriate identification before we comply with this request.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.
  • Right to data portability.
  • Right to withdraw consent at any time by using the ‘unsubscribe’ button at the bottom of one of our marketing emails or by replying to the email confirming as such.
  • Not to be subject to a decision solely based on automated processing. We do not anticipate making decisions about you based solely on automated decision making where that decision would have a significant impact on you. If we ever make a decision about you automatically by a computer or an algorithm without human intervention you can ask us to have that decision reviewed by a human.

If you want to exercise any of the rights set out above, please contact our Data Protection Officer (using the contact details set out in this Privacy Policy below).

11. Where your personal data may be processed

Given the international location of some of companies within our corporate group, our clients and suppliers, your personal information may be transferred in and out of the UK and the European Economic Area (“EEA”) where local laws may not provide legal protection for personal data in the same way as is applicable in the UK or the EEA. Where your personal information is processed outside of the UK and EEA, we will ensure that we take the necessary steps to protect your personal information as required by data protection laws.

12. Cookies

Our Services use cookies to distinguish you from other users of our Services. This helps us to provide you with a good experience when you browse our Services and allows us to improve our Services.

We also place tracking cookies in our marketing emails as this helps us to improve our marketing activities – for example, these cookies allow us to see how many people open our emails, what time of day they open our emails and whether they click through on any of the information contained in the emails.

For information on how we use cookies, please see our Cookies Policy.

13. Third-party websites

Our Services may, from time to time, contain links to third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

14. Changes to this Privacy Policy

We reserve the right to update or amend this Privacy Policy at any time, including where we intend to further process your personal data for a purpose other than that for which the personal data was collected or where we intend to process new types of personal data. We will place any updates here on this page. This Privacy Policy was last updated on 23rd September 2024.

15. Complaints

We encourage you to contact us first if you have any queries, comments or concerns about the way we handle your data (our details are in the section immediately below). We will try to put things right.

However, if you are not satisfied with our handling of any request by you in relation to your rights or concerns, you also have the right to make a complaint to a data protection supervisory authority, which, if you are based in:

  • the UK, is the UK’s Information Commissioner’s Office (“ICO”). You can contact the ICO at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF; 0303 123 1113; or https://ico.org.uk/; or
  • if you are not based in the UK and are based in Europe, you can contact your local representative, details of which can be found here.

16. Contact

If you have any questions about this Privacy Policy or how we handle your personal data, please contact our Data Protection Officer as follows: gdpr@slingshotaerospace.com.