Privacy policy


This is the Privacy Policy of OÜ Spaceit. The Privacy Policy presents the ways Spaceit processes its clients’ personal data.
This Privacy Policy does not concern the processing of anonymous information or information about legal persons.


Name: OÜ Spaceit
Address: Lääne tn 2-32, Tartu 50605, Estonia
Contact details: e-mail, phone number


Spaceit processes personal data subject to the principles laid down in this Privacy Policy. Our aim is to ensure high level of personal data protection. Therefore, Spaceit ensures that:

  • Personal data is processed fairly and lawfully;
  • Personal data is always processed in accordance with good practice;
  • Personal data is only collected for specific, explicitly stated and legitimate purposes;
  • Personal data is not processed for any purpose that is incompatible with that for which the information is collected;
  • Personal data that is processed is adequate and relevant in relation to the purposes of the processing;
  • No more personal data is processed than is necessary having regard to the purposes of the processing;
  • Personal data that is processed is correct and, if necessary, up to date;
  • All reasonable measures are taken to complete, correct, block or erase data to the extent that such data is incomplete or incorrect, having regard to the purposes for which they are processed;
  • Personal data is not kept for a longer period than is necessary, having regard to the purposes for which they are processed.


As a data subject, you will be able to exercise the following rights.

Right to access

You have the right to know whether your personal data is being processed or not, and if so – how to access it.

Right to rectification (“Right to edit”)

Every data subject who notices that his/her personal data is not up-to-date, false or needs to be corrected can turn to Spaceit and have this data rectified and corrected. You can also have your incomplete personal data completed. Spaceit will make sure this personal data will be corrected as soon as possible.

Right to erasure (“Right to be forgotten”)

This right allows data subjects to have their personal data erased where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or processed;
  • when the data subject withdraws consent;
  • the data subject objects to the processing and there is no overriding legitimate interest for the processing;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased in order to comply with a legal obligation or because the personal data was processed in relation to the offer of information society services (e.g. apps) to a child.

Right to erasure is not an absolute right and therefore your request to have your personal data erased may not mean that all of your data will be erased after the request. Sometimes we are obligated by law to retain some data and in cases like this we might not be able to satisfy your request to erasure. This can also be the case when we need to retain this data for the exercise or defence of legal claims.

Right to restriction of processing

You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).

Right to be informed

You have the right to know which personal data is stored and by who it is processed.

Right to data portability

You may use the right to receive the personal data concerning you, which you have provided to Spaceit, in a structured, commonly used and machine-readable format. In exercising this right, you may use the right to have your personal data transmitted directly from one controller to another, where it is technically feasible.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interest.

The right to lodge a complaint with a supervisory authority

Every data subject has the right to turn to a data protection supervisory authority with a complaint if the data subject considers that the processing of personal data relating to him or her infringes and is not in accordance with provisions foreseen by the data protection laws.

The right to withdraw consent

If the personal data processing is based on consent, the data subject has the right to withdraw his or her consent at any time.
The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Your rights above can be exercised free of charge by writing to us. Our contact details are set out at the beginning of this policy.
In certain cases, we will need to satisfy ourselves of your identity before we can action a request.


Spaceit processes personal data for several different purposes, which include:

  • data subject identification purposes;
  • operational notifications sending purposes;
  • data analytics and statistics purposes;
  • invoicing and related correspondence with customers;
  • receiving and handling client feedback;
  • conducting surveys for customer feedback and service improvement;
  • marketing purposes (we may periodically send promotional emails about new products, special offers or other information which we think you may find interesting);
  • legal purposes and legal obligations.


The personal data processed by Spaceit includes data subject’s:

  • name;
  • address, phone number, e-mail address and social media user ID;
  • IP address;
  • data subject’s relation to Space mission.


We process and keep most personal information we have about you for as long as you are an active user of our products, services or apps. However, we typically retain personal information related to our contract and business transactions with you for seven years after your last interaction with us.

Where we process personal information for marketing purposes or with your consent, we process the information until you ask us to stop and for a short period after this (to allow us to implement your requests).


Spaceit may sometimes process your personal data in relation with third parties and transfer your personal data to them. Personal data ‘processor’ is a natural or legal person, public authority, agency or other body which processes personal data on behalf of Spaceit.
Spaceit does not disclose personal data to third parties unless such disclosure obligation arises from law, it is necessary to fulfil a contract or it has been permitted by the person to whom the data pertains.

We may share your personal information for the reason(s) disclosed to you at the time we collect it, with your consent, as well as in the following ways:

  • We will share your information with third parties if and when you direct us to. For example, you may ask us to share your personal data when you wish to interact with other users or post certain information on social media.
  • We may share your personal data with our vendors as necessary to enable them to provide services to us. Vendors are third parties (other companies and individuals) that support the operation and maintenance of our services.
  • We may share your personal data as reasonably necessary to comply with law or a legal process, to detect, prevent, or otherwise address fraud, security or technical issues.


Spaceit may transfer personal information to countries other than the country in which the data was originally collected. When we transfer your personal information to other countries, we will protect that information as follows:

Data is kept in an EEA country. Whenever is possible/feasible, we select data processors or specific options inside the data processors’ services in order to keep data inside EEA.
If data is transferred from within the EEA to a jurisdiction outside the EEA, it is done so under a Data Transfer Agreement, which contain standard data protection contract clauses. The European Commission has adopted standard data protection contract clauses (known as the Model Clauses) which provide safeguards for personal information that is transferred outside of Europe. We use Model Clauses when transferring personal data outside of Europe.


Our services have not been designed for children under sixteen and we do not knowingly collect personally identifiable information from children under the age of sixteen. If we learn that we have collected personal information of a child under sixteen, we will take the appropriate steps to delete such information from our files as soon as possible.


Spaceit uses administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Our security controls are designed to maintain data confidentiality, integrity, and an appropriate level of availability. Spaceit uses safeguards which take into account the nature, scope, context and purposes of the processing and the risk to the rights and freedoms of natural persons.


Spaceit reserves the right to make changes to this Privacy Policy. Therefore, this Privacy Policy is subject to a periodical review and possible changes where necessary. Updated Privacy Policy will be made public on the webpage of Spaceit.