Moonshot Pirates Foundation – Privacy Policy

PRIVACY POLICY MOONSHOT PIRATES 2020

Address: Co-Innovation Factory, Absberggasse 27/1/3, 1100 Vienna, Austria. Valid as of 03.09.19 Last modified: 22.04.20

PRIVACY POLICY
The MOONSHOT PIRATES Website and subsites located at moonshotpirates.com and its subdomains (collectively “Website”) are operated by Beapirate GmbH, a company organized under the laws of Austria (hereinafter referred to as “Beapirate GmbH”, “we” or “us”). Additional information about Beapirate GmbH, such as contact details, as well as the names of the authorized representatives can be found under the “Contact Us” button displayed in the navigation bar of the Site.

Subject Matter of this Privacy Policy
This Privacy Policy explains how we collect, use, share, protect and process information about you and the choices that you have about the collection and use of certain information about you. We value you as a customer and take your personal privacy seriously. In the course of providing you with services, we collect certain personal information about you that we understand you may consider private or confidential. This information may be contained in applications and other forms you submit to us or obtained from other third parties. We are therefore providing you with this Privacy Policy to explain our policies for collecting, using and sharing this information with others.

PERSONAL DATA
Personal Data is any information that can be used to directly or indirectly identify you. Personal Data also includes anonymous information that is linked to information that can be used to directly or indirectly identify you. Personal Data does not include information that has been irreversibly anonymized or aggregated so that it can no longer enable us, whether in combination with other information or otherwise, to identify you.

We will only collect and use information that is necessary to comply with our legal obligations and assist us to administer our business and provide you with the services you request.
Your Personal Data is protected. All the data and information that we receive is protected and only available to authorized personnel.

COLLECTION OF PERSONAL DATA
Here is a description of the types of personal information we may collect and how we may use it:

Information you provide: We collect the information you provide to us over the Website and our registration form. When you register, when we send a communication to you, or when you access, respond to, or decline to open communication from us, complete a form to communicate with us, or contacts us, we collect and store certain information about you such as first and last name, telephone number, company name, email address, age, payment details (if applicable) or other information uploaded by you (e.g. photos, approvals, texts, etc.). Your Personal Data will be kept confidential and will only be used to complete the transaction, handle your attendance at the Beapirate GmbH conference, send you our newsletter and/or provide you with other Website services.

Information from other sources: We may receive information about you from publicly available and third-party databases or services that provide information about students, business people or companies. We may request information from third parties (e.g. credit card information services) with regard to your payment behavior in order to be able to offer you certain payment options.

Information about the use of our services and products: When you visit our Website, we receive and save certain pieces of information, e.g. the IP address of your device, your operating system, the type of Internet browser that you use, usage information, diagnostic information, and location information from or about the computers, phones, or other devices on which you access our Websites, preferences, and settings: time zone, language, and character size, time spent on a page, click through, clickstream data, queries made, search results selected, search history, date and time of your visit, the websites you visit within our service and the website you came from if you visit our Website via a link from a third-party website. We do this to learn more about your interests and to improve our Website and Services.

USE OF PERSONAL DATA
We use Personal Data to provide, improve, and develop our products and services, to communicate with you, to offer you targeted advertisements and services.
We collect, process and determine how to process your Personal Data as a data controller for the following purposes: Providing, improving, and developing our products and services: We use Personal Data to help us provide, improve, and develop our products, services, and advertising. This includes using Personal Data for purposes such as data analysis, research, and audits. Such processing is based on our legitimate interest in offering you products and services and for business continuity.

Communicating with you: Subject to your prior express consent, we may use Personal Data to send you marketing communications in relation to our products and services, communicate with you about your account or participation requests, and inform you about our policies and terms. If you no longer wish to receive email communications for marketing purposes, please Contact Us to opt-out. We also may use your information to process and respond to your requests when you contact us. Subject to your prior express consent, we may share your Personal Data with third-party partners who may send you marketing communications in relation to their products and services.
The following are some other ways in which we may use your information to administer our business and provide you with the products and services you request or may be of interest to you:

  • To operate our Events;
  • To keep records of contact information and correspondence;
  • To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
  • To facilitate social sharing functionality, such as sharing content, through social media networks;
  • To carry out our obligations arising from agreement or contract (including our obligations to you as an attendee of our events) entered into between you and us;
  • To notify you about changes to our policies and/or terms;
  • To create a more accurate and complete customer profile to better understand the products and services you want to use;
  • To improve the products and services we provide you and develop new products and services;
  • To process debit and credit card and other financial transactions;
  • Otherwise with your consent or as permitted or required by law.
  • Offering and measuring targeted advertisements and services: Subject to your prior express consent, we may use Personal Data to personalize your experience with our products and services and on third-party websites and applications and determine the effectiveness of our promotional campaigns.

For any of the uses of your data described above that require your prior express consent, note that you may withdraw your consent by contacting us.

Promoting safety and security: We use Personal Data to help verify accounts and user activity, as well as to promote safety and security, such as by monitoring fraud and investigating suspicious or potentially illegal activity or violations of our terms or policies. Such processing is based on our legitimate interest in helping ensure the safety of our products and services.

DISCLOSURE OF PERSONAL DATA
We make certain Personal Data available to strategic partners that work with us to provide our products and services or help us market to customers. Personal Data will only be shared by us with these companies in order to provide or improve our products, services, and advertising; it will not be shared with third parties for their own marketing purposes without your prior express consent.

Service Providers
We share Personal Data with companies that provide services on our behalf, such as website hosting, email services, marketing, sponsoring of the event, auditing, fulfilling customer requests, data analytics, providing customer service, and conducting customer research and satisfaction surveys. These companies are obligated to protect your information and may be located wherever we operate.

LEGAL COMPLIANCE AND SECURITY
It may be necessary – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – for us to disclose personal data. We may also disclose Personal Data if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
We may also disclose Personal Data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or Customers.

RETENTION OF PERSONAL DATA
We will retain your Personal Data for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
If you are located in the European Economic Area (“EEA”), our processing of your Personal Data will be based on the following: To the extent that we obtain your consent for the processing of your Personal Data such processing will be justified pursuant to Article 6(1) lit. (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). If the processing of your Personal Data is necessary for the performance of a contract between you and us or for taking pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b). Where the processing is necessary for us to comply with a legal obligation, we will process your Personal Data on the basis of GDPR Article 6(1) lit. (c), and where the processing is necessary for the purposes of our legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f).

Please note that where you have given your consent to the processing of your Personal Data you may withdraw your consent at any time which withdrawal will not affect the lawfulness of any processing previously made on basis of your consent.

TRANSFER OF PERSONAL DATA
When we share your Personal Data with our partners and service providers, your Personal Data may be transferred to and/or made accessible from countries out of the European Economic Area. In such circumstances, we will enter into model contractual clauses as adopted by the European Commission, or rely on alternative legal bases such as the Privacy Shield, where applicable, or binding corporate rules where our partners or service providers have adopted such internal policies approved by European data protection authorities.

YOUR RIGHTS
We take reasonable steps to ensure that your Personal Data is accurate, complete, and up to date. You have the right to access, correct, or delete the Personal Data that we collect. You are also entitled to restrict or object, at any time, to the further processing of your Personal Data. You have the right to receive your Personal Data in a structured and standard format. You may lodge a complaint with the competent data protection authority regarding the processing of your Personal Data.
To protect the privacy and the security of your Personal Data, we may request information from you to enable us to confirm your identity and right to access such information, as well as to search for and provide you with the Personal Data we maintain. There are instances where applicable laws or regulatory requirements allow us to refuse to provide or delete some or all of the Personal Data that we maintain. In this case, we reserve the right to refuse to act on a request that is manifestly unfounded or excessive (for example because it is repetitive) and/or to charge a fee that takes into account the administrative costs for providing the information or taking the action requested.
In your request, please make clear what information you would like to have access to or have changed, whether you would like to have your Personal Data suppressed from our database, or other limitations you would like to put on our use of your Personal Data.
You may contact us to exercise your rights. We will respond to your request in a reasonable timeframe, and in any event in less than 30 days.

SOCIAL MEDIA PLUG-INS

  1. a) Facebook
    Our Website uses plug-ins of the social network Facebook, a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. You recognize the Facebook plug-ins on our Website by their Facebook-Logo or the “like button”. An overview over all Facebook plug-ins can be found here: http://developers.facebook.com/docs/plugins/.
    When you visit our Website the plug-ins establish a connection between your browser and the Facebook server. Thereby, Facebook receives the information that you visited our Website with your IP address. This occurs regardless of whether you click on a plug-in or not. When you click on the Facebook “like button” while you are logged on to your Facebook account you may link the information on our Website to your Facebook account. Thereby, Facebook can associate your visit on our Website to your Facebook account. We as the operator of the Website do not gain any knowledge about the content of the data transferred or their usage by Facebook. The data protection policies of Facebook provide additional information, in particular about the collection and use of data by Facebook, your rights in this regard as well as the options available to you for protecting your privacy: https://de-de.facebook.com/about/privacy/.
    If you wish to prevent the transfer to and storage of data by Facebook about you and your interaction with our Website, you must first log out of Facebook before visiting our Website. In addition, tools are freely available on the market that can be used to block Facebook social plug-ins with add-ons from being added to all commonly used browsers: http://webgraph.com/resources/facebookblocker/.
  1. b) YouTube
    This Website also uses a plug-in of YouTube which belongs to Google Inc., San Bruno/California, USA. When you visit one of our websites containing a YouTube plug-in, a connection to the YouTube servers is established. By this, YouTube is informed which website you visited. Furthermore, in case you are logged on to your YouTube account, YouTube may also associate your surfing behaviour to your personal account. If you wish to avoid data being linked to your YouTube account, please log out from YouTube before visiting our Website. Additional information may be obtained from the YouTube data privacy policy on https://www.youtube.com/static?template=privacy_guidelines.
  1. c) Instagram
    Our website contains functions of the Instagram service. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
    If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This means that Instagram can associate visits to our pages with your user account. As the provider of this website, we expressly point out that we receive no information on the content of the transmitted data or its use by Instagram. For more information, see the Instagram Privacy Policy: https://instagram.com/about/legal/privacy/.
  2. e) LinkedIn
    Our website contains functions of the LinkedIn service. These functions are offered by LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA.
    If you are logged into your LinkedIn account, you can click the LinkedIn button to link the content of our pages with your LinkedIn profile. This means that Instagram can associate visits to our pages with your user account. As the provider of this website, we expressly point out that we receive no information on the content of the transmitted data or its use by LinkedIn.

Your interactions with the features mentioned above under lit. a)-e) are governed by the privacy policy of the company providing the respective feature(s).

Personal Data is processed for the following purposes and using the following services:

1. ANALYTICS

Google Analytics
Personal Data: Cookies; Usage Data
Contacting the User

Meta Events Manager
Personal Data: Trackers; Usage Data

Facebook Ads conversion tracking (Facebook pixel)
Personal Data: Trackers; Usage Data

2. CONTACT FORM & MAILING LIST OR NEWSLETTER

Personal Data: email address; first name; last name

3. MANAGING CONTACTS & SENDING MESSAGES

OneSignal
Personal Data: email address; geographic position; language;
Trackers; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); Usage Data; various types of Data as specified in the privacy policy of the service

4. DISPLAYING CONTENT FROM EXTERNAL PLATFORMS

YouTube video widget
Personal Data: Trackers; Usage Data

5. TAG MANAGEMENT

Google Tag Manager
Personal Data: Trackers

YOUR RIGHTS
Our Website may contain links to other Internet websites, including co-branded or other affiliated sites. These links are provided for your convenience only and should be used at your discretion. These linked websites have separate and independent privacy policies. This Privacy Policy does not apply to information provided to or gathered by the third parties that operate them. We are not responsible for any information these third-parties’ services may obtain or how they may use it. You should review their privacy policies to understand how they may use your information.
We have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our Website and welcome any feedback about these linked sites (including if a specific link does not work).

CHANGES IN OUR PRIVACY POLICY
We may periodically change this Privacy Policy to keep pace with new technologies, industry practices, and regulatory requirements, among other reasons. We expect most such changes to be minor. Any non-material changes will take effect immediately upon posting of an updated Privacy Policy. However, there may be cases where changes to the Privacy Policy may be more significant. In such cases, we will first provide a more prominent notice.

Your continued use of our products and services after the effective date of the Privacy Policy means that you accept the revised Privacy Policy. If you do not agree to the revised Privacy Policy, please refrain from using our products or services and Contact Us to close any account you may have created.

CONTACT US
If you have any further questions regarding this Privacy Policy, our handling of your Personal Data or if you would like to be informed of exactly what Personal Data we possess, then we would be pleased to provide you with more detailed information. Please contact us by sending a mail to:

COOKIE STATEMENT
This Cookie Statement applies to all Beapirate GmbH websites, products, and services (collectively, “we,” “us,” or “our”) and explains how we use cookies on our websites and online services and the choices you have.

What are “cookies”
Cookies are small pieces of text used to store information on web browsers. Cookies are widely used to store and receive identifiers and other information on computers, phones, and other devices. We also use other technologies, including data we store on your web browser or device, identifiers associated with your device, and other software, for similar purposes. In this Cookie Statement, we refer to all these technologies as “cookies.”

Types of Cookies
We use cookies to provide, protect, and improve our products and services, such as by personalizing content, offering and measuring advertisements, understanding user behavior, and providing a safer experience. We describe below the various types of cookies we use and the purposes they perform.

Essential cookies: These cookies are strictly necessary to provide you with our websites and services and to enable essential features, such as providing a shopping cart for the event ticket(s). If you disable these cookies, we will not be able to fulfill your request. On the Website, we use session cookies for authentication and authorization purposes and to track a visitor’s identity during a particular session.

Performance and functionality cookies: These cookies are used to store choices you make and your preferences regarding our services (such as your name, language or the region you are in, enable user interface customization). The information these cookies collect allows us to optimize our websites and make it easier for you to use, and it does not personally identify you. If you disable or opt-out of these cookies, you may not be able to use certain features of our websites and services, and it may reduce the support or information that we can provide you.

Analytics and customization cookies: These cookies allow us to recognize and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way our Website works, for example by making sure visitors are finding what they need easily. The information collected through these cookies include anonymous traffic statistics, like the number of page views, number of visitors, and time spent on each page.
In particular, we use cookies from Google Analytics, a web analytics service provided by Google Inc. (“Google”). The information collected by Google (including your internet protocol (IP) address) will be transmitted to and stored by Google on servers in the United States. Google will use this information on our behalf for the purpose of evaluating your use of the Websites, compiling reports on the Website activity and providing further services to us relating to the Website usage. Learn more about Google Analytics’ privacy practices, and see a copy of Google’s privacy policy, at the following link: https://support.google.com/analytics/answer/6004245?hl=en&ref_topic=2919631.

You can also prevent your data from being collected by Google Analytics on the Websites by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Advertising cookies: These cookies collect information about your browsing or shopping history and are used to make advertising messages more relevant to you. They perform functions like preventing the same advertisement from continuously reappearing, ensuring that advertisements are properly displayed, and in some cases selecting advertisements that are based on your interests.  We may share this information with third parties to help create and deliver advertising personalized to you and your interests.  If you disable or opt-out of these cookies, you may not be able to use certain features of our websites and services, and it may reduce the support or information that we can provide you.

Social networking cookies: These cookies are used to enable you to share pages and content on our websites and services through third-party social networking and other websites. These cookies may also be used for advertising purposes.

Cookies Placed by Third Parties
You may also encounter cookies on our websites that are placed by third parties.  For example, when you buy our products online, our e-commerce vendor may use cookies and other technologies.  We may also allow third parties to place cookies on our websites to track information about your online activities and/or across third-party sites or online services, including to send you targeted advertisements based on that information, which may include the remarketing of our products and services that you have viewed on our websites and on third-party websites.
This Cookie Statement does not apply to the cookies, applications, technologies or websites that are owned by and/or operated by third parties, or such third parties’ practices, even if they use or access our technology to store or collect information. To understand how third-parties use cookies, please review their privacy policies.

Controlling and Opting-Out of Cookies
Your browser or device may offer settings that allow you to choose whether browser cookies are set and to delete them. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:

  • Internet Explorer
  • Mozilla Firefox
  • Google Chrome
  • Apple Safari

Please note that if you reject cookies or disable cookies, your use of certain features or functions on our Website or Platforms or service may be limited.

To find out more about cookies and similar technologies, including how to see what cookies and similar technologies have been set and how to manage and delete them, visit  www.allaboutcookies.org and/or or the Network Advertising Initiative’s online resources, at http://www.networkadvertising.org, and follow the opt-out instructions there. If you access the Websites on your mobile device, you may not be able to control tracking technologies through the settings. If you wish to not have your information used for the purpose of serving you targeted ads, you may opt-out by visiting the Network Advertising Initiative’s online resources available here and following the opt-out instructions there, or if located in the European Union, visit the European Interactive Digital Advertising Alliance’s Your Online Choices opt-out tool here. By opting out of targeted advertisements you will no longer see advertisements on our Websites from third-party partners that participate in the Digital Advertising Alliance; however, you may still continue to see other non-targeted advertisements on our Websites.

Do Not Track
Some browsers include the ability to transmit “Do Not Track” signals. We do not process or respond to “Do Not Track” signals. Instead, we adhere to the standards described in our Privacy Policy and this Cookie Statement.

Effective as of May 31, 2025

Your privacy matters to us. This Privacy Policy explains how Moonshot Pirates (“we” or “us”) collects, uses, shares, and protects personal information about you (“Personal Data”), and what choices and rights you have regarding your information. We are committed to safeguarding the privacy of our community members in accordance with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws. Moonshot Pirates is a global movement empowering youth (15–24) to innovate, and we handle data with care especially given many of our participants are minors under 18 who merit specific protection. This Policy should be read in conjunction with our Terms & Conditions and our Child Safeguarding & Protection Policy. By using our websites, applications, or participating in our programs, you agree to the practices described in this Policy. If you do not agree, please do not use our Services.

1. Who We Are (Data Controller)

Moonshot Pirates Foundation is a non-profit organization registered in Austria, and is the sole owner of beapirate GmbH, a Vienna-based social enterprise​. Beapirate GmbH operates the Moonshot Pirates website and sub-sites on behalf of the Foundation​. In essence, Moonshot Pirates Foundation and beapirate GmbH work together to bring you our programs – for simplicity, this Policy refers to them collectively as “Moonshot Pirates” or “we/us.” For GDPR purposes, beapirate GmbH (Moonshot Pirates) is the primary data controller responsible for processing your Personal Data, under the oversight of the Foundation. Our contact details are provided at the end of this Policy.

We have appointed internal personnel responsible for data protection compliance. If you have any questions or concerns about data privacy, you can reach out to us at .

2. What Information We Collect

We only collect Personal Data that is relevant and necessary for the purposes of our programs and operations. The types of information we collect fall into several categories:

  • Information You Provide Directly: When you interact with Moonshot Pirates, such as by registering on our website, applying for a program, filling out a contact form, or corresponding with us, you may give us information about yourself. This includes:
    • Contact Details: Your name, email address, telephone number, postal address, and other basic contact info.
    • Profile Information: Age or date of birth, gender (if you choose to provide it), country of residence, nationality, spoken languages, and possibly your photo or a bio if you upload one. We ask for your age to ensure you meet our age criteria and to determine if parental consent is needed (see Section 7: Children’s Privacy).
    • Education/Background: We may ask for information like your school/university or occupation, areas of interest or expertise (e.g. technology, sustainability), and skills or experience relevant to our innovation programs. This helps us tailor the program experience (for example, matching you with appropriate mentors or forming balanced teams).
    • Program Application Data: If you apply for specific programs, we might request additional information like motivation statements, project ideas, portfolios, or references. This information is used to evaluate your application and organize program content.
    • Event Logistics Data: For in-person events, we might collect travel details (flight times, etc.), accommodation needs, dietary requirements, emergency contact persons, and medical or allergy information but only if necessary for your safe participation. We treat health and emergency data with special care and only use it for planning and emergency preparedness.
    • Payment Information: If a program requires a fee or deposit, we (or our payment processor) will collect necessary billing details. This may include credit/debit card numbers or other payment account details, billing address, and transaction amount. Note: We typically use reputable third-party payment gateways (e.g., Stripe) and do not store full card numbers ourselves.
    • Communications: The content of any messages or inquiries you send us (emails, chat messages, survey responses, etc.) will be collected. This can include feedback, questions, or any other information you choose to provide.
  • When you provide us with Personal Data, we will only use it for the purposes described at the time of collection or in this Policy. We endeavor to keep collected Personal Data confidential and secure​. We will not collect sensitive categories of personal data (like racial origin, political opinions, biometric data, etc.) unless there is a clear reason, such as a diversity survey where you have the option to provide such data voluntarily and with consent.
  • Information We Receive from Third Parties: Occasionally, we may receive information about you from other sources:
    • Partners or Referrals: For example, if a school, youth organization, another participant, or corporate partner refers you to our program, they might provide us with your name and contact info to invite you. Or if you register through a co-branded event page managed with a partner, the information might be shared with us.
    • Public Sources: We might gather basic public information to verify eligibility or enrich your profile. For instance, we could look up your LinkedIn profile to understand your background better, or check public attendee lists from related conferences to invite relevant youth. We may also use third-party databases about students or entrepreneurs to reach out to potential participants​.
    • Payment Verification: To prevent fraud, we might use third-party services to verify payment information or assess risk when offering certain payment options (e.g., verifying a credit card or using a service that checks for fraudulent transactions)​.
  • We treat any Personal Data obtained from third parties with the same care as data you give us directly, and in accordance with this Policy. We will also honor any additional restrictions placed on data that comes from a third-party source (for example, if it was collected with certain consent). If we combine third-party data with data we collected, we will handle the combined data under this Policy.
  • Information We Collect Automatically: When you visit our websites or use our online platform, we (or service providers acting on our behalf) automatically collect certain technical information about your device and usage of our site. This may include:
    • Device and Browsing Info: Your device’s IP address, browser type, browser language, operating system, device identifiers or advertising IDs, and region/country.
    • Usage Data: How you interact with our site or app – e.g., the pages or screens you view, the features you use, the time and date of your visits, the links or buttons you click, the amount of time spent on pages, and the page you visited before coming to our site (referrer URL)​.
    • Cookies and Similar Tech: We use cookies, pixels, and similar technologies to collect and store some of this information (see “Cookies and Tracking” in Section 6 for details).
    • Analytics Information: We may collect analytics data or use third-party analytics tools (like Google Analytics) to help us measure usage and activity trends. These tools collect information such as your interactions with our website, where visitors come from, and which content is most popular. This information helps us understand our community’s interests and improve our web services​.
    • Location Information: We do not track precise GPS location, but from your IP address we can infer an approximate geographic location (such as city or country). This helps us understand our global reach and may be used to customize some content (for example, showing an event that’s in your region).
  • This automatically collected data is generally used in aggregate form (not to identify you individually) but it may be linked with your account if logged in. Collecting this information is standard practice for most websites and it enables us to maintain security (e.g., detecting unusual logins), provide proper functionality (like remembering your language preference), and analyze how our site is used.
  • Special Case – Images and Recordings: As noted in our Terms, we sometimes capture photos or videos during events and may collect those as Personal Data if you are identifiable in them. When we do so, it’s with the purpose of documenting and promoting our programs (see Media section in Terms). If we plan to use a photo of you in any publication, we try to get consent when practical (especially if you are a minor). If you prefer not to be included, we honor opt-out requests (see Terms Section 7). Any recorded video sessions (for example, a webinar) that are stored will be handled as personal data as well.

 

  • Mentors Data Collection: Moonshot Pirates collects personal data from mentors including name, contact details, professional background, profile photos, and recorded sessions. This information is used to facilitate mentoring sessions, communication within the community, program evaluation, and promotional purposes. Mentors’ information and recorded sessions may be shared with participants, our organizational partners, and publicly on our digital channels, as agreed upon registration. Mentors can manage their data and privacy preferences by contacting us at .

3. How We Use Your Information

Moonshot Pirates uses the collected Personal Data to operate effectively and to fulfill our mission of empowering youth. We limit usage to what is necessary and relevant. Specifically, we may use your information in the following ways:

  • Providing Our Services and Programs: First and foremost, we use data to enable you to participate in Moonshot Pirates activities. This includes processing registrations, forming teams or mentor pairings, delivering content (emails, videos, course materials), and generally organizing events. For example, we use participant information to create event schedules, to send out links to online sessions, to produce certificates of completion, and to communicate important updates (like changes in timing or requirements). If you are selected for a program, we use your contact and background info to onboard you and ensure you have what you need.
  • Improving and Developing Our Services: We continuously seek to make our programs better. Personal Data (particularly feedback you provide and usage analytics) helps us understand what is working and what isn’t. We might analyze which resources are most accessed on our platform or which topics generate the most questions, and use that insight to improve content. We may also use data for internal research or innovation challenges; for example, analyzing demographics of applicants to ensure we are reaching diverse communities (in accordance with legitimate interest in evaluating and improving our outreach)​. All such processing is done with respect for your privacy – whenever possible, we use aggregated or anonymized data for analysis.
  • Communication with You: We will use your contact information to communicate with you, such as:
    • Program Communication: sending confirmations, reminders, updates, and essential information about any program or event you have signed up for. For instance, we email detailed instructions before a program, or send a text message alert if there’s a last-minute change.
    • Account-Related Communication: if you have an online account, we might send notifications about your account security (e.g., password reset, login alert), or inform you of changes to our policies or terms that affect you​. These service-related communications are necessary for us to perform our contract with you and you may not opt out of them (except by not using the service).
    • Newsletters and Marketing: with your consent, we will send you our newsletter and information about new opportunities, events, or resources that Moonshot Pirates offers. We may also, if you opt-in, send messages on behalf of our partners or sponsors that could interest you. You are free to unsubscribe from marketing emails at any time; every marketing email will include an “unsubscribe” link or you can contact us to be removed. We will only share your contact info with an external partner for their direct marketing if you have explicitly agreed to that.
    • Responding to You: If you contact us with a question or request, we will use the return contact information (email, phone, etc.) to respond. We also may keep records of correspondence to help any future inquiries.
  • Facilitating Program Activities: Some uses of data are integral to how our programs run. For example, in team-based challenges, we might share participant profiles (name, age, country, interests) with other participants to facilitate networking and team formation. In mentorship programs, we provide mentors with information about their mentees (such as your bio, project idea, and goals) so they can guide you effectively. We may set up internal communication channels (like Slack/Discord groups or email lists) that include participant contact details to enable collaboration. In doing so, we take care to limit what is shared and to create a safe environment (monitored forums, etc.). All participants are expected to respect privacy of information shared within the program.
  • Social Sharing Features: If you choose to engage in any social sharing or community features on our platform, we use data to enable that. For instance, if our platform allows you to create a profile visible to other community members, you control what information is included, and we display it as per your settings. If you connect your account with social media (like a “Log in with Facebook” option or sharing content to Instagram), we use data to facilitate those actions as instructed by you​.
  • Operating Our Website and Technical Functions: We use data to ensure our website and online platform operate smoothly and securely. This includes using logs and identifiers to troubleshoot issues, track outages or bugs, and protect against fraud or abuse. For example, IP addresses may be used to block malicious traffic, and cookies help us remember your session so you don’t have to log in repeatedly. Monitoring usage patterns (with analytics) also helps us manage server load and improve site navigation. Ensuring the integrity and security of our Services is part of our legitimate interests and also a benefit to our users​.
  • Safety and Legal Obligations: Promoting safety and child protection is a core use of data. We may process personal information to verify identities (ensuring, for example, that an adult claiming to be a mentor is who they say, or verifying parental consent forms) and to monitor for any inappropriate behavior on our platforms​. For instance, we might review communications on official forums if we have reason to suspect bullying or abuse, and we keep records of any incidents reported as per our Safeguarding Policy. If necessary, we will use data to investigate and address violations of our Terms or law – this can include cooperating with law enforcement or child protection authorities, which might involve disclosing certain information (see Section 5 on disclosure). We will also use data as needed to comply with any legal obligations (such as keeping transaction records for tax purposes, or responding to lawful requests for information)​.
  • Other Purposes (with Consent): If we intend to use your data for a purpose that is not outlined in this Policy and not obviously related to the original purpose, we will seek your consent. For example, if we consider sharing participant testimonials or contact details in a published report or on a partner’s platform, we would ask for your permission. Generally, we will not do anything new with your data that you wouldn’t reasonably expect from a youth program like ours, without letting you know and getting consent.

We always strive to base our data processing on a valid legal basis under GDPR. The main legal grounds we rely on are: (a) your consent (for optional uses like marketing or certain data sharing), (b) performance of a contract (providing the services you signed up for), (c) compliance with a legal obligation, and (d) our legitimate interests in running a safe, efficient, and effective non-profit program (we balance these interests with your rights). If you have any questions about the legal basis for a particular processing activity, just ask us.

4. How We Share or Disclose Information

Moonshot Pirates is not in the business of selling your data. We consider your information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may need to share your Personal Data with others, strictly for the purposes outlined above. The parties with whom we may share information include:

  • Program Partners and Sponsors: We collaborate with various organizations (such as educational institutions, companies, and NGOs) to run our programs. If a third-party partner is directly involved in an event or program you join, we may share relevant participant information with them. For example, if a company co-hosts a challenge, we might share the list of participating team names and project topics, or if an event is at a partner’s venue, we could provide a list of attendee names for security. We will limit the information to what’s necessary (often just names and maybe affiliation or age group). Partners are generally given participant info only to support the program delivery or follow-up, not for their independent marketing use unless you have permitted that. Any strategic partner we work with is required to handle your data confidentially and use it only in connection with the event or purpose we agreed on. If a partner would like to contact you beyond the program (e.g., to offer an internship), they should obtain your consent directly or via us.
  • Mentors, Judges, and Volunteers: As mentioned, individuals such as mentors or judges in our programs will receive certain Personal Data about participants so they can effectively perform their role. This could include your name, age, country, and summary of your project or application. These individuals are typically bound by our code of conduct and often by a confidentiality agreement or understanding that information is to be used only for mentoring/judging purposes. We also instruct them on safeguarding and privacy, especially when dealing with minors. If a mentor wants to retain your contact to keep mentoring you after the program, that’s great – but they should ask you directly for permission (and if you’re a minor, ensure your parent is aware). Moonshot Pirates does not give mentors a blank check to use participant data beyond the program scope.
  • Service Providers (“Processors”): Like any organization, we rely on trusted third-party companies to help us run operations. These include:
    • Website and IT Hosting: Companies that host our website, cloud storage providers, and IT support services. They might process data that passes through our site or store backups of our database.
    • Email and Communication Tools: Platforms that manage our email newsletters or messaging systems. If you receive emails from us, your email address and name are processed by such providers.
    • Analytics and Tracking: Providers like Google Analytics​, or social media platforms where we may run analytics. These services may set their own cookies to gather usage data (see Section 6 on Cookies). They generally receive aggregated info, but Google Analytics will process your IP and device info as described.
    • Payment Processors: If you make a payment or donation, third-party processors handle the transaction data. They are responsible for storing card details securely and notifying us of success/failure. We receive only limited info (like your name, email, amount, and status) – sensitive financial info is handled by them.
    • Event Management Tools: For instance, if we use Eventbrite to handle RSVPs, or Zoom for webinars, those platforms will collect information as part of registration or usage. We choose reputable providers with their own privacy protections.
    • Marketing and Surveys: Sometimes we use survey tools to collect feedback, or marketing automation tools to segment our contacts. These tools process whatever data you input (e.g., survey answers, which could include personal info if you volunteer it).
  • These service providers act under our direction and are contractually obligated to protect your data and use it only for the purposes we specify​. We sign Data Processing Agreements where required by law, ensuring they provide at least the same level of privacy protection. Some of these providers may operate in various countries – see International Transfers below for how we handle that.
  • Legal Compliance and Protection: We may disclose personal information when required to do so by law or in a good-faith belief that such action is necessary to comply with a legal obligation. For example, responding to a court order or subpoena, or cooperating with a law enforcement investigation (this could include laws both within and outside your country of residence, if applicable)​. Additionally, if we believe that disclosure is necessary to protect our rights or the safety of you or others, investigate fraud, or respond to a government request, we may do so. For instance, if a participant is believed to be in danger or a danger to others, we might share information with authorities or seek help. Or if someone brings a legal claim against Moonshot Pirates, we might need to present relevant data as evidence. We will strive to limit the scope of disclosure and inform affected participants when legally permitted.
  • Organizational Transitions: In the event that Moonshot Pirates undergoes a significant organizational change, such as a merger, acquisition, restructuring, or transfer of program operations to another non-profit entity, your personal information might be transferred as part of that change. If another entity were to take over running Moonshot Pirates programs, it would likely hold the participant database as part of continuity. However, your data would still be protected by equivalent safeguards and this Policy (unless you’re notified of changes and given a choice). We would inform you of any such transfer and the successor’s privacy policy. Please note, since we are a foundation, this scenario would typically involve transferring data to another charitable or educational organization with a similar mission, not a commercial sale of data.
  • With Your Consent: Aside from the above, if there is any situation where we might want to share your data in a way not covered, we will ask for your consent. For example, if a media outlet wants to interview a participant and asks us for your contact, we would reach out to you to see if you’re interested and only connect you if you agree. Or if we ever consider sharing more detailed info with a sponsor for a special opportunity, we’d run it by you first. Your consent can be revoked at any time, and we will honor that going forward.

In all cases of sharing, we aim to share the minimum amount of information necessary for the purpose. We also require recipients to handle the data securely. If you have questions about third parties that may have your info, you can ask us for an up-to-date list of our main processors or partners.

5. Data Security and Storage

We take the security of your personal information seriously. Moonshot Pirates implements a variety of administrative, technical, and physical safeguards to protect the Personal Data we hold against unauthorized access, loss, theft, or alteration. These measures include:

  • Technical Measures: Use of encryption (e.g., HTTPS SSL/TLS) for data in transit on our website – when you enter information, it’s transmitted securely. Important data in our databases may be encrypted at rest as well. We maintain firewalls and access controls on our servers to restrict access to authorized personnel only. Regular security updates and patches are applied to our systems and software. Where applicable, we pseudonymize or anonymize data that we don’t need to keep identifiable.
  • Organizational Measures: Only staff or contractors who have a valid need (e.g., program managers, IT administrators) have access to personal information, and they are trained on confidentiality and data protection. Volunteers (like mentors) receive only necessary data as described, and they are informed of their duty to keep it confidential. We have procedures for handling data incidents and a response plan if a breach were to occur. We also review our information collection and storage practices periodically to ensure we only keep what we need.
  • Payment and Sensitive Data: As noted, we do not store payment card details ourselves on our systems; those are handled by PCI-DSS compliant third parties. Any health or emergency information collected for events is accessible to a very limited set of staff and is deleted after the event (unless an incident requires us to retain a record, in which case we secure it).
  • Device Security: We ensure that any devices (laptops, drives) used by our core team for processing participant data are encrypted and protected by strong authentication. Physical files (if any) are stored securely.
  • Third-Party Security: When we engage service providers, we vet their security practices. Major providers like our cloud and email services have high security standards. Nonetheless, we understand that using any third-party involves some risk outside our direct control; we mitigate this with contracts and by not unnecessarily exposing data (for instance, by using unique identifiers instead of names where possible in certain tools).

Despite all efforts, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of information. However, if we discover any incident affecting your Personal Data that poses a risk to you (such as a data breach), we will notify you and the relevant authorities as required by law. We appreciate your own efforts to maintain security too – for example, using a strong password for our platform and not sharing it, and being cautious about what info you share in any public forums we provide.

6. Cookies and Tracking Technologies

Our websites use cookies and similar tracking technologies to distinguish you from other users and to improve your experience. This section explains what these technologies are and your choices regarding them.

  • What Are Cookies: Cookies are small text files that websites place on your device (computer, smartphone, etc.) when you visit. They often include an identifier that allows the site to recognize your device. Cookies can be “session cookies” (which expire when you close your browser) or “persistent cookies” (which remain until they expire or you delete them). Similar technologies include pixels (small images that track a visit) or local storage in your browser.
  • How We Use Cookies: Moonshot Pirates and our service providers use cookies for several purposes:
    • Necessary Cookies: These are essential for the operation of our website and platform. For example, they enable you to log in, navigate to secure areas, or submit forms. Without these cookies, certain services you ask for (like remembering your event registration details in a session) cannot be provided.
    • Preferences Cookies: These allow our site to remember choices you make (such as your language or region, or if you’ve dismissed a popup already) to provide a more personalized experience. They may also be used to provide services you’ve requested, like watching a video (which might set a cookie from the video host).
    • Analytics Cookies: These cookies collect information about how visitors use our site, which pages are most visited, or if any errors occurred. We use this information to improve our website over time. For example, we use Google Analytics, which sets cookies to anonymously track things like how long users stay on a page, how they got to our site, and what pages they visit​. The data from these cookies is aggregated and not used to identify individuals. It helps us see usage trends and measure the effectiveness of outreach.
    • Advertising and Social Media Cookies: We do not host third-party ads on our site in the way commercial sites do, but we do use some social media and tracking pixels. For example, a Facebook or Instagram pixel may track that you visited our site, which helps us either measure our social media campaigns or show you Moonshot Pirates content on those platforms later. Similarly, if we embed a YouTube video, YouTube/Google may set cookies to track your play of the video​. These cookies can log that you performed certain actions on our site and may connect to broader tracking by those third parties. We only use these to promote our non-profit cause and not to bombard you with irrelevant ads.
  • Third-Party Cookies: As indicated, some cookies on our site are set by external services we use. Notable examples: Google Analytics (Google), YouTube plugin (Google), possibly social share buttons (Facebook, LinkedIn, etc.) if present. Each of these parties has its own privacy policy. For instance, Google’s policies explain how Analytics data might be used and how you can opt out (see below). We do not have control over third-party cookies, but we ensure that we only integrate third-party services that are reputable and privacy-compliant.
  • Your Choices: When you first visit our website, you may see a banner or notice about cookies, especially if required by local law. You can choose to accept or reject certain categories of cookies (except the strictly necessary ones). Moreover, most web browsers allow you to control cookies through their settings:
    • You can usually set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it.
    • You can also block all cookies or delete cookies, but note that if you do so, some parts of our site might not work properly (for example, you might be unable to log in or your preferences may not be saved).
    • To learn more about cookies and how to manage or disable them, you can visit resources like aboutcookies.org.
  • Google Analytics Opt-Out: Google provides a Browser Add-on that allows you to prevent your data from being used by Google Analytics​. You can download and install it for your browser (available at tools.google.com/dlpage/gaoptout). This opt-out is specific to Google Analytics and does not affect other cookies or tracking. We also respect any “Do Not Track” signals your browser may send, and our Analytics will not track users who have DNT enabled.
  • Do Not Track Signals: Our website currently does not respond to every DNT signal automatically, due to the lack of a common industry standard on how to interpret them. However, as noted, you have the above options to control cookies and tracking. We continue to monitor developments around DNT and may adjust our practices if a clear standard emerges.
  • Note: Disabling cookies does not mean you will stop seeing any communications from us. You may still receive contextual announcements (e.g., a popup on our site about a new program, which might not rely on cookies) or emails if you subscribed. Cookies mainly affect the web tracking and personalization aspect.

For more detailed information on the cookies and trackers in use, you can refer to our detailed Cookie Notice (if available on our site) or contact us with specific questions.

7. Children’s Privacy and Parental Consent

Moonshot Pirates focuses on youth aged 15 and up. We recognize that some of our participants are minors (under 18) and we take special care to protect their privacy and safety online, in line with GDPR Recital 38 which emphasizes that children merit specific protection of their personal data.

  • Minimum Age: We do not knowingly collect personal information from children under 15 years of age. Our programs and Services are not directed to children below that age. If you are under 15, please do not attempt to register or send any personal data about yourself to us. If we learn that we have inadvertently collected information from a child under 15, we will delete that information as quickly as possible. Parents or guardians who believe we might have any information from or about a child under 15 should contact us immediately so we can take appropriate action.
  • Participants Aged 15-17: For individuals who are between 15 and 17 (inclusive), we require consent from a parent or legal guardian to participate in certain Moonshot Pirates activities (particularly any offline events or intensive programs)​. Even for general use of our online platform, we ask that minors have their parent/guardian’s permission. We may verify this by requesting a signed parental consent form, informing the parent via email or similar documentation when you register​. By providing personal data to us (for example, filling out a profile or application), a minor participant is representing that they have obtained such consent. We reserve the right to contact a parent/guardian to confirm consent or to provide notifications regarding a minor’s participation.
  • Parental Rights: If you are a parent or guardian of a participant under 18, you have the right to review what personal information we have collected about your child, to correct or update it, or to request deletion of your child’s personal data (subject to some exceptions if we must keep certain data for legal reasons or to protect the child or others). If at any time you wish to exercise these rights, please contact us at . We may need to verify your identity and relationship (we only release data to the verified parent/guardian). Note that we generally will not require more data from a minor than an adult for the same process; we try to minimize data collection overall for youths.
  • Use of Data for Minors: Any personal information about minor participants is used strictly for the purposes of their involvement in our programs and ensuring their well-being. We do not profile or target children for marketing. We may send program-related communications directly to minors (since much of our program interaction is with the youth themselves), but any marketing-type communications (like newsletters about unrelated events) will be sent only if the minor (if above the age of consent for such communications in their jurisdiction, often 16) has opted in, or if a parent has. We avoid collecting sensitive personal data from minors unless necessary (for example, health info for an event with parental consent). We do not share minors’ data with third parties for any reason outside of program operation, safety, or legal compliance. For instance, we would never sell a list of teen participants or allow outside advertising to target them.
  • Social Media and Minors: If we feature participants (e.g., spotlighting a project winner) on our website or social media, we typically only include their first name, age, and country – or we may use no last name or a pseudonym – especially if they are under 18, to protect identity. We encourage minors to be cautious about what they share in our public forums or social media groups. Our moderators monitor our youth community spaces to prevent any exploitation or inappropriate contact.
  • Educational Exception (COPPA, etc.): Although our focus is not on under-13, should any educational context arise (for example, a special program with schools involving 13-14 year olds with parental consent), we would adhere to the U.S. Children’s Online Privacy Protection Act (COPPA) and any similar laws. This would involve obtaining verifiable parental consent before collecting personal data from children under 13, and clearly disclosing the data use. As of now, we do not offer services to that age group directly.

In summary, we strive to create a safe environment for all our young participants. If at any point a participant or parent has concerns about privacy or safety, we urge you to contact us. We also direct you to our Child Safeguarding & Protection Policy, which outlines additional measures we take to protect minors in our programs.

8. Data Retention

We keep personal data only for as long as necessary to fulfill the purposes outlined in this Policy, or as required by law, whichever is longer​. How long we retain data can vary depending on the type of information and the context:

  • Active Program Data: For participants in an ongoing program, we retain your data throughout the duration of the program (which could be days, weeks, or months). This includes your contact info, application details, work submitted, and any communications. We need this to manage the program effectively.
  • User Accounts: If you create an account on our platform, your profile data is retained until you delete your account or it’s deemed inactive. Inactivity: if you have not logged in or interacted for a long period (e.g., 2 years), we may reach out to ask if you wish to retain your account. If not, we may delete or anonymize it.
  • Alumni Data: After a program ends, we generally keep basic participant info (name, contact, program attended, year) as part of our alumni records. This can be used for issuing certificates, verifying past participation if you request it, inviting you to alumni opportunities, and measuring our impact over time (e.g., tracking how many people we’ve engaged). We consider this a legitimate interest, but we also respect requests to remove data. So if an alum no longer wants us to keep any info, they can let us know (except we may still need to keep minimal records to note that we shouldn’t contact them).
  • Communication History: Emails or messages you send us might be stored for a certain period depending on our email system backups and archive policies (commonly 2-5 years), unless you request deletion sooner and we have no overriding need to keep them.
  • Analytics Data: Web analytics data (from cookies etc.) is usually retained for a shorter period in identifiable form. For instance, Google Analytics retains user-level data for 14 months by default, after which it is deleted or anonymized. We don’t keep raw logs longer than necessary, typically not more than a few months unless investigating security issues. Aggregated analytics (with no personal identifiers) might be kept longer for historical comparison.
  • Legal and Financial Records: We retain certain information to comply with legal obligations and financial regulations. For example, records of any payments or donations are kept for the duration required under Austrian accounting/tax law (often 7 years) and any applicable reporting obligations for grants. Similarly, if we obtained parental consent forms or liability waivers for an event, we might keep those on file for a number of years as a protective measure.
  • Incident Records: If a safeguarding incident or disciplinary issue occurred, we may retain the investigation records and related personal data as long as deemed necessary to protect the well-being of participants and the organization (this could be several years, often at least until the minor involved reaches adulthood or longer if needed for potential legal follow-up). These are kept highly confidential.
  • Deleted Data: When you request deletion of your data or close your account, we will erase personal information from our active systems and further use, except for logs or archives where it may inadvertently persist for a short time until those are cycled out, or any data we must retain (as noted above). We may keep a note of your deletion request (to ensure we don’t accidentally recreate your profile, for instance). Backups: our systems may have routine backups; deleting data from active database will ensure it’s not used, and backups will eventually expire or be destroyed per our schedule.

In summary, we try not to keep personal data longer than we truly need it. When data is no longer required, we delete it or anonymize it (removing identifying details so it can be used for statistical purposes without identifying you). If you have specific questions about retention for certain data, feel free to ask.

9. International Data Transfers

Moonshot Pirates operates out of Austria (in the European Union), but our community is global, and we use digital services that may be located in various countries. Therefore, your Personal Data may be transferred to, stored, or processed in a country different from your home country. In particular:

  • Many of our core systems (website hosting, cloud storage, email communications) are based in the European Economic Area (EEA), so if you are outside the EEA, your data will be transferred to our servers in the EEA.
  • We also use service providers in the United States and other countries outside the EEA. For example, Google (Analytics, cloud) and other tools (Zoom, Slack, etc.) may process data in the U.S. or globally.
  • Additionally, if you interact with mentors or participants in other countries, there is a practical aspect of data flow (e.g., an email from you in Germany to a mentor in Japan, or your profile being viewed by someone in another country).

Data protection laws vary by country. Countries in the EEA are all governed by GDPR or equivalent laws, which are robust. Some other countries may not have the same standard of data protection as the EEA. When we transfer personal data out of the EEA (or UK, or other regions with data transfer restrictions), we take steps to ensure it remains protected:

  • We primarily rely on Standard Contractual Clauses (SCCs) approved by the European Commission​. These are legal clauses we include in contracts with our service providers to commit them to GDPR-level protection of your data regardless of where it’s processed. For example, our contract with an email provider in the US would have SCCs.
  • We also consider whether the receiving country has an “adequacy” decision by the EU (meaning the EU deems its privacy laws sufficient). For instance, transfers to countries like Canada, Japan, or the UK are covered by adequacy decisions (if applicable in our context).
  • For intra-organization transfers (between the Foundation and beapirate GmbH and potentially any affiliated chapters in other countries) we also ensure compliance with GDPR standards through internal agreements and policies.
  • In all cases, we only transfer data to the minimum extent necessary – e.g., if a database is in EU but accessed by a staff member traveling abroad, that’s a transfer but under our control and policies.
  • If none of the above safeguards are available for a particular transfer, we would ask for your explicit consent before transferring personal data to a risky jurisdiction, and you would have the right to refuse.

By using our Services or participating in our programs, you understand that your personal data may be transferred internationally as described. We understand our responsibility in these transfers and continuously monitor legal developments (like updates to SCCs or new rulings like Schrems II) to remain compliant. If you have questions about cross-border data handling (for example, “Will my data go to the US and how is it protected?”), we’re happy to provide more specific info.

10. Your Rights and Choices

We want you to have control over your personal information. Under GDPR and other privacy laws, individuals have certain rights with respect to their personal data. We have outlined many of these in Section 6 (Privacy Choices) of the Terms and earlier in this Policy, but to recap and add context:

  • Right to Access: You can request confirmation whether we are processing your personal data, and if so, request a copy of the data we hold about you​. This is commonly known as a Subject Access Request. We will provide you with all information required by law – typically this includes the categories of data, purposes of processing, recipients (or categories) who have seen the data, storage period, and the data itself in an understandable format.
  • Right to Rectification: If you believe any personal data we have is inaccurate or incomplete, you have the right to request correction​. For example, you can ask us to update your contact number or fix a misspelled name. If we have shared incorrect data with others, we will (where possible) inform them of the correction.
  • Right to Erasure: Also known as the “right to be forgotten,” this allows you to request deletion of your personal data in certain circumstances. You can request erasure if: the data is no longer necessary for the purposes collected, or you withdraw consent (and we have no other lawful basis), or you object to processing (and we have no overriding grounds), or we processed it unlawfully, or we must erase it to comply with law. If your case meets these criteria, we will erase the data and also notify any processors to do the same. Keep in mind this right is not absolute – if an exemption applies (like we need to keep data for legal claims or freedom of expression or legal obligation), we will let you know.
  • Right to Restrict Processing: You can ask us to limit the processing of your data under certain scenarios, for instance: if you contest the data’s accuracy (we’ll restrict while verifying), or the processing is unlawful but you prefer restriction over deletion, or we no longer need the data but you need it for a legal claim, or you have objected (pending our assessment of override). When restricted, such data will only be processed with your consent or for specific reasons like legal claims. We will inform you before lifting a restriction.
  • Right to Object: You have the right to object to certain processing activities. You can object to direct marketing at any time – we will stop sending you marketing communications (this is often managed by the unsubscribe link). You can also object to processing based on our legitimate interests or public interest tasks; in such cases, we will evaluate your objection and will stop processing unless we demonstrate compelling legitimate grounds that override your interests, or if it’s needed for legal claims. Notably, you can object if we were to do any profiling (we currently do not profile individuals in a way that produces legal effects).
  • Right to Data Portability: For data you provided to us and which we process by automated means based on consent or contract, you can request to receive it in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another controller (or ask us to, where technically feasible). This mostly applies to typical scenarios like transferring your account info to another service. In our context, if you wanted your core registration/profile data exported, we can provide it likely as a CSV or JSON file.
  • Right to Withdraw Consent: If we rely on consent for any processing, you can withdraw that consent at any time. This will not affect the lawfulness of processing done before withdrawal. For example, if you gave consent for us to share your email with a partner for a one-time event, you can later withdraw – and while we can’t undo what was already done, we will cease any further sharing. Withdrawing consent may mean we can’t provide certain services (like sending newsletters or certain opportunities to you), but of course we will respect your decision.
  • Right to Lodge a Complaint: If you believe your rights were violated or that we are not complying with our data protection obligations, you have the right to file a complaint with a Data Protection Authority. As we are based in Austria, our lead authority is: Österreichische Datenschutzbehörde (Austrian Data Protection Authority) at Barichgasse 40-42, 1030 Vienna, Austria, . However, you can typically choose to contact the authority in your country of residence, work, or where the issue occurred. We would appreciate the chance to address your concerns directly first, so we encourage you to reach out to us with any complaint, and we will do our best to resolve it amicably.

To exercise any of your rights, you can contact us via email at . Please clearly state what right you wish to exercise and provide necessary information to verify your identity (we need to ensure we’re giving data to the right person). We may ask for additional info to confirm identity, especially for sensitive requests. We will respond within one month of receiving a request, or inform you if we need more time (we can extend by two further months for complex requests, but we’ll let you know why). Generally, we will not charge a fee for handling a request. If a request is manifestly unfounded or excessive (like repetitive requests), we may charge a reasonable fee or refuse to act on it​, but we will provide our reasoning in such case.

Finally, we want you to know that you are not required to provide personal information to us. But if you choose not to provide certain data, we may not be able to offer you some services (for example, we can’t register you for a program without a name and email). We will always indicate which information is optional. And if at any time you’re uncomfortable or unsure about something we’re asking for, just ask us why we need it and we’ll gladly clarify.

11. Updates to This Privacy Policy

We may revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we update the Policy, we will post the new version with an updated effective date at the top. For any significant changes, we will provide a more prominent notice – for example, we might email you or show a notice on our website (especially if you are an account holder)​. Significant changes could include any new purposes for data processing, change in data sharing practices, or changes in rights. Non-material changes (clarifications, wording changes) will take effect immediately upon posting of the updated Policy​.

We encourage you to review this Policy periodically to stay informed about how we are protecting your information. If you continue to use our Services after changes to the Privacy Policy are in effect, it means you have accepted the revised terms. Should you not agree with the changes, you have the choice to discontinue use and request deletion of your data.

For historical reference, previous versions of our Privacy Policy are available upon request. We maintain an archive of changes to ensure transparency about how our practices evolve.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or any aspect of your privacy when dealing with Moonshot Pirates, please contact us:

Moonshot Pirates – Privacy Inquiry
Co-Innovation Factory, Absberggasse 27/1/3,
1100 Vienna, Austria
Email:
Phone: +43 670 507 9815 (ask for the Data Protection Officer/Privacy Team)

We are here to help and will gladly assist you with any questions about your personal data or our privacy practices. Your trust is crucial to us, and we will do everything we can to uphold it.

Thank you for taking the time to read our Privacy Policy. We value your participation in the Moonshot Pirates community and are dedicated to protecting your personal information as you shoot for the moon!