Effective date: June 15, 2020
1.2 The information on Users is divided into personally identifiable and non-personally identifiable information depending on whether information can identify the User as a specific person. Personally identifiable information shall be referred to as “personal data”.
1.3 Sparq OÜ with its registered headquarters at Harju maakond, Tallinn, Lasnamäe linnaosa, Majaka tn 26, 11412 is responsible for compliance with the principles relating to processing of personal data. You can contact us by sending an e-mail to email@example.com, or if you have any question or concern regarding your privacy, you can contact our data protection officer (DPO) at firstname.lastname@example.org.
1.4 In addition to the definitions provided for in the Terms, the following words and abbreviations shall have the meaning provided herein:
• “personal data” means any information relating to an identified or identifiable natural person (‘User’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• “processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of Sparq.
• “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
2. Personal data that we process
2.1 During your interaction with the Platform or with us directly we may process the following personal data:
• First and last name
• E-mail address
• Phone number
• IP address
• Avatar photo
• Other information you choose to provide
2.2 We may collect personal data when you interact with the Platform, when you register and customize an account or when you contact us. We may also collect some of the personal data about you from other Users such as when they want to send you a referral link.
3. Purposes for processing of personal data
3.1 We process your personal data for the following purposes:
• to provide you with an access to our Services and our Platform,
• to provide you with the Services you requested,
• to create and manage your account,
• to provide you with the customer support,
• to send you information about the Platform,
• to send you advertising emails,
• to comply with our legal obligations.
4. Legal basis for data processing
4.1 Depending on the type of personal data and the purpose for which it is processed, we process the personal data on the following legal basis:
• You have given us the consent for data processing for the specific purpose,
• Processing is necessary for the performance of our obligations under the Agreement
• Processing is necessary for compliance with legal obligations,
• Processing is necessary for the purpose of our legitimate interest.
4.2 We may process your email address to send you information about changes to the platform, introduction of the new services or general news about our Platform. We have a legitimate interest in keeping you informed about the services you subscribed to and to promote our new services which we believe you might be interested in. You can unsubscribe from these emails at any time by following the unsubscribe link in the email. We will not use legitimate interest to send you advertising emails for any Third-Party services.
4.3 We may process you IP address automatically when you access the Site. We have a legitimate interest in ensuring the safety and integrity of our Site, and by collecting your IP address we can scan IP address and ban IP addresses that show malicious signs such as too many password failures, seeking exploits and similar. We will not use your IP address under our legitimate interest for any other purpose. If we need your IP address for other purpose, we will rely on other legal grounds or explain the new legitimate interest prior to commencing the processing.
5. General provisions
5.1 Some Services will not be available to you if you do not provide requested personal data, for example, if you do not provide your name and email you cannot register an account. Different Services may require additional information which will be request at the time of requesting the specific Service.
5.2 We may keep records of any questions, complaints or compliments made by you and the response if any. Whenever you contact us, we shall collect any information which you chose to provide. We shall store and use this information only for the purpose of responding to your inquiries. Information contained within the inquiry, free from any personally identifiable information, will be stored on our servers for the purpose of improving our Services and providing the best customer support possible.
5.4 We have implemented security procedures and measures to ensure appropriate protection of the personal data we process, against any misuse, unauthorized access, disclosure, or modification.
5.5 We acknowledge that the safety of your personal data is one of the highest priorities and therefore only authorized processors have access to your information. Although we take all appropriate measures in respect to keeping your personal data secure, you understand that no data security measures in the world can offer 100% protection. If we ever find or suspect a personal data breach we will without delay, within seventy-two (72) hours after becoming aware of it, notify the appropriate supervisory authority about the breach and Users where necessary.
5.6 The processing of the personal data is being performed automatically, without human intervention. However, whenever you contact us through email or Site contact form, the personal data within such communication will be handled and processed by a real person to provide you with the answers and support required.
6. Children privacy
6.1 The services are intended for a general audience and are not targeted at children. We take children’s online safety very seriously, and if we ever learn that the personal data collected belongs to a child, we will immediately remove any such personal data. If you are younger than 18 you are not allowed to register or use the Platform.
7. Collection and Use of Non-Personally Identifiable Information
7.1 The Platform collects a series of general data and information when a User or automated system calls up the Platform. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the internet site, (6) the internet service provider of the accessing system, and (7) any other similar data and information that may be used in the event of attacks on our information technology systems.
7.2 We collect this information for breach investigation purposes. When using this information, we do not draw any conclusions about the User. Rather, this information is needed to (1) deliver the content of our Platform correctly, (2) optimize the content of our Platform as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. The anonymous data of the server log files are stored separately from all personal data provided by a User.
8. Storage and transfer of personal data
8.1 Personal data will be stored on secure servers within European Union. Hosted servers are controlled and maintained in accordance with sufficient privacy safeguards. We may store or transfer information on Users to processors located outside of European Union, provided that such processors implement appropriate and suitable safeguards regarding the security of personal information.
8.2 If you register an account with us, we will store your personal data for as long as you have an active account. We may keep your personal data for up to a year after your deactivation of the account in our backup in order to maintain the integrity of our backup storage data as well as in order to address any appeals or requests pursuant to your purchases.
• G Suite – Google Ireland Limited, Registration Nr. IE 6388047V Gordon House, Barrow Street, Dublin 4, Ireland.
• Microsoft Azure Cloud – Microsoft Latvia, SIA, Registration No. 40003438292, Zala street 1, Riga, LV-1010.
• Twilio – Twilio Estonia OU, Registration Nr. 12771257, Address: Veerenni 38, Kesklinna linnaosa, Kesklinna, 10135 Harju maakond, Estonia.
9. User’s Rights
9.1 We will process all personal data in line with Users’ rights, in particular their right, in certain circumstances, to:
• Request access to any data held about them by Sparq in a commonly used and machine-readable format.
• Transmit their personal data to another data controller (free of charge), where such personal data is processed on the basis of consent or contractual performance, unless in doing so, it would adversely affect the rights or freedoms of other Users or others e.g. including trade secrets or intellectual property.
• Prevent the processing of their personal data or withdraw their consent at any time in certain circumstances.
• Ask to have inaccurate personal data amended.
• Erasure of their personal data where data is no longer required for the original purpose or where the User has withdrawn their consent and no other lawful processing grounds apply.
• Object to the processing of their personal data in certain circumstances.
• Be notified where their personal data is subject to automated decision making i.e. profiling, including the logic involved, as well as the significance and the envisaged consequence of such processing for the data subject and object to such profiling in certain circumstances.
9.2 You may exercise these rights by contact our DPO at email@example.com.
9.3 Where we are required to provide a copy of personal data this will be free of charge, however, any further copies requested may be subject to reasonable fee based on administration costs.
9.4 Where we stop processing personal data or delete User’s personal data, it will possibly mean that that particular User is unable to continue using or contributing to the provision of some of our Services, and they shall be notified accordingly.
9.5 Where a User requests to rectify or erase (except data required by any legal obligations) their personal data or restrict any processing of such personal data, we may be required to notify, certain Third-Parties to whom such personal data has been disclosed of such request.
9.6 Users may without prejudice to any other administrative or judicial remedy, lodge a complaint with supervisory authority, in particular in the EU member country of their habitual residence or place of the alleged infringement if the User considers that the processing of personal data relating to them infringes the GDPR.