Privacy
Policy

Introduction

At Moonshot we respect your privacy and we are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you. Please also use the Glossary to understand the meaning of some of the terms used in this privacy policy.

Important information and who we are

Purpose of this Privacy Policy

This privacy policy is designed to provide you with information about how Moonshot CVE Limited (“Moonshot”, “we”, “us”, “our”) collects, uses, and safeguards your personal data when you interact with our website. This includes any data you may provide when you subscribe to our newsletter, utilise our services, or contact us.

It’s important to note that our website is not intended for children. We do not knowingly collect or process data pertaining to children. If we discover we have collected personal data from a child without appropriate consent, we will delete it promptly.

Controller

Moonshot CVE Limited, as the controller, is responsible for managing your personal data. We respect your privacy and are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.

To ensure compliance and address any queries or concerns related to this privacy policy or your data protection rights, we have appointed a Data Protection Officer (DPO). Should you have any questions about this privacy policy or wish to exercise your legal rights, please contact our DPO using the contact details provided below.

Contact details

If you have any questions about this privacy policy or our privacy practices, please contact our DPO in the following ways:

  • Email address: privacy@moonshotteam.com 
  • Postal address: 4th Floor, 18 St Cross Street, London EC1N 8UN

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). If you are resident in the European Union, you also have the right to lodge a complaint with your local data protection authority. However, we would appreciate the chance to address your concerns before you approach these authorities, so we encourage you to contact us in the first instance.

Changes to the privacy policy and your duty to inform us of changes

We regularly review and update our privacy policy to reflect best practices and current legislation. The policy was last updated on the 28th of July 2023. If you need access to earlier versions of this policy, please feel free to contact us.

To help us keep your personal data current and accurate, we kindly request that you notify us promptly of any changes in your personal data during your interaction with us. This may include updates to your contact information, preferences for communication, and any other changes that might affect how we process your data.

For those based in the European Union, under the EU General Data Protection Regulation (EU GDPR), you have the right to rectify or update your personal data at any time. If you are based in the UK, similar rights are granted under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please remember, it is your responsibility to ensure the data you provide to us remains accurate, complete, and up-to-date. We appreciate your assistance in this matter.

Third-party links

Our website may contain links to third-party websites, plugins, and applications. Please note that clicking on these links or enabling these connections may potentially allow third parties to collect or share data about you. These third parties have their own privacy policies, and we do not have control over them or bear responsibility for their actions or their privacy policies.

We strongly encourage you to be cautious when leaving our website and to read the privacy policy of each website that you visit, especially if they collect personal information. This is to ensure that you understand how these third parties will handle your personal data.

Do bear in mind that our privacy policy applies only to information collected on our website. Once you click on a link to another website, the protection offered by our privacy policy will no longer apply.

The data we collect about you

“Personal data” or “personal information” refers to any information that can be used to identify an individual. It does not encompass data where the identity has been anonymised.

We may collect, use, store, and transfer a variety of personal data categories about you, which we have grouped together as follows:

  • Identity Data: This includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, and gender. 
  • Contact Data: This includes your billing address, email address, and telephone numbers. 
  • Employment Data: This includes details of your employment and educational history. 
  • Financial Data: This includes bank account and payment card details. 
  • Transaction Data: This includes details about payments to and from you, and other details of services we have provided to you. 
  • Technical Data: This includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. 
  • Usage Data: This includes information about how you use our website and services. 
  • Marketing and Communications Data: This includes your preferences in receiving marketing from us and our third parties, and your communication preferences.

We may also collect, use, and share Aggregated Data, such as statistical or demographic data, for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as it will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this privacy policy.

In certain circumstances, we may collect Special Categories of Personal Data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data. Additionally, we may collect information about criminal convictions and offences. Please note, we only collect this data where the law permits us, and we always handle it with additional care.

Please remember, you have certain rights regarding your personal data under both the UK GDPR and the EU GDPR, such as the right to access, correct, or delete your personal data.

If you fail to provide personal data

There may be circumstances where we need to collect personal data by law, or under the terms of a contract we have with you. If you fail to provide that data when requested, it could impact our ability to perform the contract or provide the services we have agreed on (for example, to provide you with a specific service). In such situations, we may have to cancel a service you have with us.

Please be aware that we will always inform you if this is the case at the time. We understand the importance of personal data, and we aim to be as transparent as possible about the potential implications of not providing such information.

How is your personal data collected?

We use various methods to collect data from and about you, including through:

  • Direct Interactions: You may provide us with your Identity, Contact, and Financial Data through various means. These include corresponding with us by post, phone, email, or other channels. You provide this data when you enquire about our services, subscribe to our services or publications, request marketing materials to be sent to you, participate in a competition, promotion or survey, or when you provide feedback or get in touch with us for other reasons.
  • Automated Technologies or Interactions: As you interact with our website, we automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data using cookies, server logs, and other similar technologies. If you visit other websites using our cookies, we may also receive Technical Data about you. For more details about how we use cookies and similar technologies, please refer to our cookie policy.
  • Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources. For instance, we may obtain Technical Data from analytics providers such as Google, advertising networks, and search information providers. Contact, Financial, and Transaction Data could come from providers of technical, payment, and delivery services. We may also receive Identity and Contact Data from data brokers or aggregators, as well as from publicly available sources such as Companies House, the Electoral Register, and social media platforms.

Please remember that under both the UK and EU GDPR, you have certain rights regarding your personal data. You can access, correct, or delete your personal data, among other rights.

How we use your personal data

We are committed to using your personal data responsibly and only in accordance with applicable laws. We typically use your personal data under the following conditions:

  • Performance of Contract: We use your data when it’s necessary to execute a contract that we are about to enter into or have already entered into with you.
  • Legitimate Interests: We use your data when it is necessary for our legitimate interests, or those of a third party, as long as your interests and fundamental rights do not override these.
  • Legal Obligations: We use your data when we need to comply with a legal obligation.
  • Consent: While we generally do not rely on consent as a legal basis for processing your personal data, there may be certain cases where we do. For example, we will always obtain your consent before sending you third-party direct marketing communications via email or text message.

Please note that you have the right to withdraw your consent at any time. You can do this by contacting us, and we will stop the processing of your data for the purpose you originally consented to.

We are committed to ensuring your rights under the UK GDPR and the EU GDPR are protected. These rights include access, correction, or deletion of your personal data, among others.

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases under GDPR we rely on to do so. Where appropriate, we have also identified what our legitimate interests are, as this is one of the legal bases under GDPR.

Please note that we may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. If more than one ground has been set out in the table below for a particular purpose, and you need details about the specific legal ground we are relying on, please contact us

Purpose/Activity Type of Data Lawful Basis for Processing
To register you as a new client
  1. Identity 
  2. Contact
 Performance of a contract with you
To provide and manage services (including payments, fees, and collections)
  1. Identity 
  2. Contact 
  3. Financial 
  4. Transaction 
  5. Marketing and Communications
  1. Performance of a contract with you
  2. Necessary for our legitimate interests (debt recovery)
To manage our ongoing relationship (includes updates to terms/privacy policy, request for feedback)
  1. Identity 
  2. Contact 
  3. Profile 
  4. Marketing and Communications
  1. Performance of a contract with you 
  2. Compliance with a legal obligation (
  3. Necessary for our legitimate interests (record upkeep, study client service usage)
To process your employment application (including reference checks, background checks, and interview facilitation)
  1. Identity 
  2. Contact 
  3. Employment
  1. Necessary for our legitimate interests (assessing and interviewing prospective employees during recruitment)
To administer and protect our business and website (includes troubleshooting, data analysis, testing, system maintenance, support, reporting, and data hosting)
  1. Identity 
  2. Contact 
  3. Technical
  1. Necessary for our legitimate interests (business operation, IT services, network security, fraud prevention, business reorganisation/group restructuring) 
  2. Compliance with a legal obligation
To deliver relevant website content and measure or understand the effectiveness of our communications
  1. Identity 
  2. Contact 
  3. Profile 
  4. Usage 
  5. Marketing and Communications 
  6. Technical
 Necessary for our legitimate interests (study client service usage, service development, business growth, marketing strategy development)
To use data analytics to improve our website, services, marketing, client relationships, and experiences
  1. Technical 
  2. Usage
 Necessary for our legitimate interests (define client types for services, keep website updated and relevant, develop business, inform marketing strategy)
To make suggestions and recommendations about services of potential interest to you
  1. Identity 
  2. Contact 
  3. Technical 
  4. Usage
  5. Profile 
  6. Marketing and Communications
 Necessary for our legitimate interests (service development, business growth)

 

Please note, we may process your personal data on more than one legal ground, depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we’re relying on.

Marketing

We aim to give you choices over the use of your personal data, especially in relation to marketing.

We may use your Identity, Contact, Technical, Usage, and Profile Data to understand what you may be interested in. This helps us decide which products, services, and offers may be relevant for you (referred to as “marketing”).

You may receive marketing communications from us if you have requested information from us, purchased services from us, or if you have not opted out of receiving that marketing.

Third-party marketing

We will always obtain your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out

You have the right to opt-out of receiving marketing messages from us or any third parties at any time. You can exercise this right by contacting us.

Please note, if you opt-out of receiving marketing messages, it does not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience, or other transactions.

Additionally, you can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.

Change of purpose

We commit to using your personal data only for the reasons we initially collected it, unless we reasonably deem that we need to use it for a different purpose, provided this new purpose is compatible with the original one. If you want an explanation about how the processing for the new purpose is compatible with the original one, please feel free to contact us.

Should we need to use your personal data for a purpose unrelated to the original purpose for which it was collected, we will notify you and explain the legal basis that permits us to do so.

Be aware that in certain circumstances where it is necessary or legally required, we may process your personal data without your knowledge or consent, always in compliance with the applicable laws.

Disclosures of your personal data

We might have to share your personal data with the following parties for the reasons detailed in the table above:

  • Internal Third Parties, as defined in the Glossary. 
  • External Third Parties, as explained in the Glossary. 
  • Third parties to whom we may decide to sell, transfer, or merge parts of our business or our assets. Conversely, we may attempt to acquire other businesses or merge with them. If there are any changes to our business, the new owners may use your personal data in the same way as outlined in this privacy policy.

We obligate all third parties to respect the security of your personal data and treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own ends and only permit them to process your personal data for specific purposes and in line with our instructions.

International transfers

Many of our External Third Parties are based outside the European Economic Area (EEA), which means their processing of your personal data could involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

  • We will only transfer your personal data to countries that the European Commission has determined provide an adequate level of protection for personal data. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
  • We may ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data. These rules are known as “binding corporate rules”. For further details, see European Commission: Binding corporate rules.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission that afford personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

Please contact us if you would like additional information on the specific mechanism we use when transferring your personal data out of the EEA.

Data security

Our Measures: We’ve implemented appropriate security measures to protect your personal data from accidental loss, unauthorised use, alteration, or disclosure.

Who Can Access Your Data: Access to your personal data is restricted to our employees, agents, contractors, and other third parties who need the information for business purposes. These individuals can only process your personal data according to our instructions, and they must keep your information confidential.

Dealing with Data Breaches: We have procedures in place to handle suspected personal data breaches. If a data breach occurs, we will inform you and any relevant regulatory body, as required by law.

Data retention

How long will you use my personal data for?

Duration of Data Retention: We will keep your personal data only as long as necessary for the purposes we collected it. This includes satisfying any legal, regulatory, tax, accounting, or reporting requirements. If a complaint arises or we anticipate possible legal disputes, we may retain your data for a longer period.

Determining the Retention Period: When deciding how long to keep your data, we consider its amount, type, sensitivity, the risk of unauthorised use or disclosure, the reasons for processing it, whether the same purpose can be achieved by other means, and the relevant legal or regulatory requirements.

Legal Obligations: By law, we must retain basic client information (including Contact, Identity, Financial, and Transaction Data) for six years after a client stops using our services, for tax and other legal purposes.

Data Deletion: In certain circumstances, you can ask us to delete your data. You can find more information about this in the section on your legal rights.

Data Anonymisation: Sometimes, we may anonymise your data (so it can’t be linked to you) for research or statistical purposes. In such cases, we may use this anonymised information indefinitely without further notice to you.

Requesting Retention Details: You can ask us about the retention periods for different aspects of your personal data by contacting us.

Your legal rights

Under certain conditions, data protection laws grant you the following rights with respect to your personal data. Please contact us if you wish to exercise any of these rights:

  1. Right of Access: You have the right to access and receive a copy of your personal data.
  2. Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data.
  3. Right to Erasure (‘Right to be Forgotten’): You have the right to request the deletion of your personal data in specific circumstances.
  4. Right to Object: You have the right to object to the processing of your personal data in certain circumstances.
  5. Right to Restrict Processing: You have the right to request restriction on the processing of your personal data in specific situations.
  6. Right to Data Portability: You have the right to request transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format.
  7. Right to Withdraw Consent: If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time.

Please note, these rights may not be absolute and are subject to certain exemptions. Therefore, we might not always be able to fully address your request, for instance, if we are bound to keep your information because of legal or official obligations.

No fee is usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Glossary

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

INTERNAL THIRD PARTIES

  • Other companies in the Moonshot Group acting as controllers and processors who may be based in territories outside the EU.

EXTERNAL THIRD PARTIES

  • Service providers acting as processors based both inside and outside the EEA, who provide IT, system administration, and other services. When these service providers are based outside the EEA, we ensure that data transfers are protected by appropriate safeguards.
  • Professional advisers acting as processors or joint controllers, including lawyers, bankers, auditors, and insurers. These parties may be based both inside and outside the EEA, and they provide consultancy, banking, legal, insurance, and accounting services. Again, for advisers based outside the EEA, we ensure that data transfers are protected by appropriate safeguards.
  • HM Revenue & Customs, regulators, and other authorities acting as processors or joint controllers. These parties may be based both inside and outside the EEA, and they may require reporting of processing activities in certain circumstances. Data transfers to these authorities are also protected by appropriate safeguards.

YOUR LEGAL RIGHTS

As a data subject, you are endowed with certain rights under data protection laws in relation to your personal data. These rights include:

  • Right to request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to verify that we are lawfully processing it.
  • Right to request correction of the personal data that we hold about you. This allows you to have any incomplete or inaccurate data we hold about you corrected. We may need to validate the accuracy of the new data you provide to us.
  • Right to request erasure of your personal data. This enables you to ask us to delete or remove personal data when there is no compelling reason for us to continue processing it. You also have this right if you have successfully objected to processing (see below), if we may have processed your information unlawfully or where we must erase your personal data in compliance with local law. Note, we may not always be able to comply with your erasure request due to specific legal reasons, which, if applicable, will be notified to you at the time of your request.
  • Right to object to processing of your personal data when we are relying on a legitimate interest (or those of a third party). You can object if you feel this processing impacts your fundamental rights and freedoms. You also have the right to object if we are processing your personal data for direct marketing purposes. In certain cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: 
  • if you want us to establish the data’s accuracy; 
  • where our use of the data is unlawful but you do not want us to erase it; 
  • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; 
  • you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right applies only to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights mentioned above, please contact us. We are committed to ensuring your rights under data protection laws are upheld.