Privacy Policy Last updated: 4 June 2025 ​ Nihil Ventures OÜ (registry code 17229540) of Ahtri tn 12, 15551 Tallinn, Harju maakond, Estonia ("Nihil Ventures", "we", "us", "our") operates the website currentlyinspace.com/ and its sub‑domains (collectively, the "Website") providing a directory of space‑industry companies and space‑related news (the "Services"). We respect your privacy and are committed to protecting personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and other applicable data‑protection laws. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights and choices available to you. Note This Privacy Policy is provided for informational purposes only and does not constitute legal advice. Because privacy laws vary by jurisdiction and evolve over time, consult qualified counsel to adapt this document to your specific processing activities. 1. Key Terms "Personal Data" – any information relating to an identified or identifiable natural person. "Processing" – any operation performed on Personal Data, whether automated or not (e.g., collection, storage, use, disclosure, erasure). "Data Subject" – the natural person to whom Personal Data relates. "Controller" – the entity that determines the purposes and means of Processing Personal Data (here, Nihil Ventures OÜ). 2. Personal Data We Collect Category|Examples|Source Account Data|Name, email address, hashed password|Provided by you on registration Contact Data|Email address, social‑media handle|Provided by you when contacting us Directory Submissions|Company contacts, biographies, logos|Provided by you or publicly available sources Usage Data|IP address, browser type/version, pages visited, clicks, referring URL|Collected automatically via cookies, log files, and similar technologies Marketing Preferences|Newsletter opt‑in status, marketing consents|Provided by you We do not intentionally collect sensitive personal data (e.g., health information, political opinions). Please do not submit such data. 3. Purposes & Legal Bases for Processing PurposeLegal Basis (GDPR Art. 6) Provide and maintain the Services (e.g., account creation, directory listings)Art. 6(1)(b) – performance of a contract or to take steps at your request before entering into a contract Respond to inquiries and support requestsArt. 6(1)(f) – legitimate interests (to operate our business and communicate with users) Send newsletters and marketing communicationsArt. 6(1)(a) – consent (you may withdraw at any time) Monitor, analyse, and improve Website performanceArt. 6(1)(f) – legitimate interests (to improve our Services) Detect and prevent fraud or misuseArt. 6(1)(c) – compliance with legal obligations; Art. 6(1)(f) – legitimate interests Comply with legal obligations (e.g., accounting, tax)Art. 6(1)(c) – legal obligation 4. Cookies & Similar Technologies We use essential cookies necessary for the Website’s functionality, and analytics cookies (e.g., Google Analytics) to understand user interactions. Where required by law, non‑essential cookies are placed only after you grant consent via our cookie banner. You can manage cookies through your browser settings and the cookie banner’s preference centre. Disabling cookies may affect certain features. 5. Disclosure of Personal Data We share Personal Data only when necessary and in accordance with this Policy: Service Providers – e.g., web‑hosting, analytics, email delivery, cloud infrastructure, customer‑support tools. Providers are bound by confidentiality and data‑processing agreements. Business Transfers – in connection with a merger, acquisition, or sale of assets, provided the recipient agrees to respect privacy rights. Legal & Safety Requirements – to competent authorities when required by law or to protect our rights, property, or safety. Public Listings – Company data you submit for directory publication may be publicly viewable; submitters must have authority to share such data. We do not sell Personal Data to third parties. 6. International Data Transfers Our servers are located in the European Economic Area (EEA). However, some service providers may process data outside the EEA. Where transfers occur to countries without an adequacy decision, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) or Art. 49 GDPR derogations. 7. Data Retention We retain Personal Data only as long as necessary for the purposes described or as required by law (e.g., accounting records for seven years). When retention is no longer necessary, data is securely deleted or anonymised. 8. Data Security We implement suitable technical and organisational measures to protect Personal Data. However, no internet transmission is completely secure; we cannot guarantee absolute security. 9. Your Rights (EEA & Equivalent Jurisdictions) You have the right to: Access – obtain confirmation whether we process your Personal Data and receive a copy. Rectification – request correction of inaccurate or incomplete data. Erasure ("right to be forgotten") – request deletion under certain conditions. Restriction – request limited processing while we address a concern. Portability – receive data you provided in a structured, commonly‑used format and transmit it to another controller. Object – object to processing based on legitimate interests or direct marketing. Withdraw Consent – at any time, without affecting processing already performed. To exercise these rights, email nihilventures@gmail.com. We may require verification of identity. If we decline a request, we will explain why (subject to legal limits). You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local supervisory authority. 10. Children’s Privacy The Services are not directed to children under 16. We do not knowingly collect Personal Data from children. If you believe a child has provided data, contact us; we will promptly delete it. 11. Third‑Party Links The Website contains links to external sites (e.g., company websites, news sources). We are not responsible for their privacy practices or content. We encourage you to read the privacy policies of every site you visit. 12. Automated Decision‑Making We do not engage in profiling or automated decision‑making that produces legal or similarly significant effects on individuals. 13. Changes to This Policy We may update this Policy periodically. We will post the revised version with a new "Last updated" date and, where appropriate, notify you via email or in‑site banners. Continued use of the Services after changes signifies acceptance. 14. Contact Us Questions, concerns, or requests regarding this Policy or our privacy practices can be directed to: Data Protection Officer (DPO) Nihil Ventures OÜ Ahtri tn 12, 15551 Tallinn, Harju maakond, Estonia - Email: nihilventures@gmail.com ​ © 2025 Nihil Ventures OÜ. All rights reserved.