General Privacy Policy – Sparkers
1. OBJECT AND PURPOSE OF THIS GENERAL PRIVACY POLICY
Since its creation, Sparkers has attached great importance to privacy and it is one of the fundamental values on which its policy is based. In an increasingly digital world, Sparkers needs to collect and process personal data in order to provide the products and services it offers.
Being at the core of B2B-integrations, and experts in automated data exchange processes, we understand that the data we handle has significant value and could be sensitive.
We strive to handle your data with most possible care and privacy, therefore we handle your personal data according to the following protection principles.
This General Privacy Policy explains in general terms how Sparkers collects and processes your personal data when you use Sparkers’ website, applications, products and services or when you interact with Sparkers in any other way (e.g. by mailing Sparkers Customer Support).
2. WHO IS THE DATA CONTROLLER?
The Controller is Sparkers SA, with registered offices at avenue Reine Astrid 92, 1310 La Hulpe – BE 0757.787.952. Hereinafter also referred to as “we” or “us”.
3. WHAT PERSONAL DATA DOES SPARKERS COLLECT, FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS?
Personal data
Sparkers collects and processes the following categories of personal data:
- Identification data such as name, first name, Function, Position and Language
- Contact details such as e-mail address and telephone number
- Transaction data such as information on products or services purchased, VAT number and company number
- CVs and other information communicated in the context of a job application via the careers website (https://apply.workable.com/sparkers/ ) or via e-mail.
- Information resulting from your interaction with Sparkers such as feedback to satisfaction surveys and content of emails.
Your data is treated as received in the context of the required services and is not subject to uninformed additional processing.
Purposes and legal grounds
The purposes and legal grounds for processing personal data are set out in the table below.
If Sparkers wishes to process your personal data for another purpose, it will ask for your permission where necessary.
| Purposes | Legal grounds |
| For the creation of a (demo) account and confirmation thereof | If Sparkers has an agreement with the data subject, the processing for these purposes is necessary for the conclusion or performance of the agreement between Sparkers and the data subject.
If the creation of an account is not linked to an agreement between the data subject and Sparkers or if the support or interaction with the data subject is not strictly necessary for the performance of the agreement, the processing is based on Sparkers’ legitimate interest. |
| For the negotiation, drawing of a quote, conclusion and/or performance of an agreement that your organization concludes or has concluded with Sparkers in relation to specific products and/or services, to provide and follow up on the requested products and/or services, for the management of these agreements, for invoicing and collections within the framework of these agreement(s) | If Sparkers has an agreement with the data subject, the processing for these purposes is necessary for the conclusion or performance of the agreement between Sparkers and the data subject.
If the negotiation, drawing of a quote, conclusion and/or performance of an agreement is not linked to an agreement between the data subject and Sparkers or if the support or interaction with the data subject is not strictly necessary for the performance of the agreement, the processing is based on Sparkers’ legitimate interest. Certain processing operations may also be necessary for a legal obligation incumbent on Sparkers. |
| To be able to process your question, communication or request and, if necessary, to reply to it (e.g. to provide you with requested information on Sparkers’ products or services), in the context of applying for or providing bids or requests for offers, for support and incident handling with respect to the Sparkers products or services, for general customer management | If Sparkers has an agreement with the data subject, the processing for these purposes is necessary for the conclusion or performance of the agreement between Sparkers and the data subject.
If the question, communication or request is not linked to an agreement between the data subject and Sparkers or if the support or interaction with the data subject is not strictly necessary for the performance of the agreement, the processing is based on Sparkers’ legitimate interest in ensuring good relations with its customers or third parties. |
| To improve Sparkers’ websites, applications, products and services (e.g. by collecting feedback through satisfaction surveys, market studies or e-mails) | This processing is based on the legitimate interest of Sparkers to continuously improve and adapt its websites, applications, products and services. |
| To send marketing, informative (e.g. newsletters, blog) or operational (e.g. reports) messages concerning Sparkers’ products and services and to send warnings concerning illegal practices that could affect Sparkers’ customers or application users (for example, sending alerts concerning phishing practices that abuse Sparkers’ name). | If Sparkers has an agreement with the data subject, the processing for these purposes is necessary for the conclusion or performance of the agreement between Sparkers and the data subject.
If the communication is not linked to a contract between the data subject and Sparkers or if it is not strictly necessary for the performance of the contract, this processing is based on the legitimate interest of Sparkers to inform its customers and the users of its applications about matters relating to Sparkers’ products and services and thus to strive for the improvement of its services. |
| For responding to requests concerning personal data (e.g. access or deletion) on the basis of the General Data Protection Regulation | The processing of personal data in the context of such requests is necessary in order to comply with a legal obligation incumbent on Sparkers (GDPR articles 12-22). |
| To evaluate or carry out an acquisition, merger, demerger, restructuring, reorganization, dissolution or other sale or transfer of some or all of Sparkers’ assets, whether by way of transfer of all or part of the business, or as part of bankruptcy, liquidation or similar proceedings, where personal data held by Sparkers form part of the transferred assets | The processing for these purposes is necessary for the legitimate interest of Sparkers in carrying out the said business transactions in order to implement its business strategies or grow its business. |
| For accountability purposes, the combating of fraud, crimes and infringements, and the management of disputes and any legal proceedings, in order to comply with legal obligations or court orders | These processing operations are necessary for a legal obligation to which Sparkers is subject or, in the absence of such an obligation, for the legitimate interest of Sparkers in defending itself before the courts and in combating fraud, offenses and infringements. |
You acknowledge and accept that Sparkers stores, accesses or collects (or allows third parties to do so) information directly or indirectly on or from users’ devices, including by placing, accessing or recognizing cookies or similar technology on users’ devices or browsers ; you have read and accepted our Cookie Policy.
4. DOES SPARKERS USE YOUR PERSONAL DATA FOR PROFILING OR AUTOMATED DECISION-MAKING?
Sparkers does not systematically carry out automated decision making within the meaning of Article 22 of the General Data Protection Regulation, namely automated decision making with a legal or significant consequence for you. This would be the case, for example, when a decision on whether or not to subscribe to a particular service is taken by a computer program without the involvement of a Sparkers employee.
Exceptionally, if Sparkers were to engage in automated decision-making in the context of a specific web site, application, product or service, this would be stated in the applicable Specific Privacy Policy for the web site, application, service or product.
5. WITH WHOM DOES SPARKERS SHARE YOUR PERSONAL DATA?
In relation to the purposes referred to under point 3, Sparkers may use service providers that process personal data in the name and on behalf of Sparkers when it is necessary in the context of providing Sparkers services and optimizing them (including but not limited to maintenance works, payment processing, the delivery of services to Sparkers (e.g. subcontracting) and database management). These service providers are third parties. In such cases, these service providers act as processors. In particular, Sparkers may use companies providing the following services: hosting and ICT services (e.g. AWS) and cloud partners (e.g. Google).
Sparkers may also transfer your personal data to consultants and professional service providers acting as data controllers, such as lawyers, accountants and auditors. Your personal data may also be transferred to third parties in the context of a corporate transaction such as a demerger, merger or acquisition.
Sparkers may also communicate your personal data to third parties if required to do so by law or following a request or order from the authorities.
Where legally required, Sparkers will seek your consent before disclosing your personal data to third parties.
6. ARE YOUR PERSONAL DATA TRANSFERRED TO COUNTRIES OUTSIDE THE EUROPEAN ECONOMIC AREA?
Certain service providers or third parties to whom your personal data are transferred may be located in a country outside the European Economic Area where the data protection rules differ from those applicable in Belgium and elsewhere in the European Economic Area. In such a case, Sparkers takes the necessary measures to ensure an appropriate level of protection for your personal data and provides at least one of the following guarantees:
- The personal data are transferred to a country that is deemed to provide an adequate level of protection for personal data. This is the case for countries for which the European Commission has issued an adequacy decision, such as the United Kingdom.
- For transfers to countries that are deemed not to provide an adequate level of protection (so-called “third countries”), Sparkers provides additional safeguards, such as the conclusion of standard contractual clauses of the European Commission, which ensure that personal data is given protection equivalent to that provided in the European Economic Area.
7. HOW LONG DOES SPARKERS KEEP YOUR PERSONAL DATA
In principle, Sparkers retains your personal data only for as long as necessary for the purposes described (taking account of the applicable legal retention and/or limitation periods).
Personal data linked to contractual documents (e.g. a subscription to a Sparkers service) are kept for a maximum period of 10 years after the termination of your contract with Sparkers.
8. WHAT DATA SECURITY MEASURES DOES SPARKERS TAKE?
Sparkers takes reasonable, physical, technological and organizational precautions in order to avoid (i) unauthorized access to your personal information, and (ii) loss, abuse or alteration of your personal data. This includes measures to limit access to the personal data as much as possible and to grant access only when necessary. Your data can only be accessed by employees who need this data to support, improve or maintain services you receive from us. Employees who have access to the data have been informed of their obligations with regard to data security. All credentials are encrypted and never stored in clear text on the file system.
Sparkers shall store all personal data which it has collected in the cloud. Notwithstanding Sparkers’ security policy, the checks it carries out and the actions it proposes in this context, an infallible level of security cannot be guaranteed. Since no method of transmission or forwarding over the internet, or any method of electronic storage is 100% secure, Sparkers is, in this context, not in a position to guarantee absolute security.
Finally, the security of your (demo) account will also partly depend on the confidentiality of your password in obtaining access to the Platform and/or the App. Sparkers will never ask for your password, meaning that you will never be required to communicate it personally. If you have nonetheless communicated your password to a third party – for example because this third party has indicated that it wishes to offer additional services – this third party shall have access to your (demo) account and your personal data via your password. In such cases, you are liable for the transactions which occur as a result of the use made of your (demo) account. Sparkers therefore strongly advises you, if you observe that someone has accessed your (demo) account, to immediately change your password and contact us.
9. WHAT RIGHTS DO YOU HAVE REGARDING YOUR PERSONAL DATA?
Under the terms of the General Data Protection Regulation, you have the following rights:
- Right of access – You have the right to access the personal data that Sparkers processes about you and to obtain a copy of these personal data (subject to certain exceptions).
- Right to rectification and erasure – You have the right at any time to have your personal data rectified or erased by Sparkers free of charge, provided that the legal conditions for doing so are met. Personal data that Sparkers needs in order to fulfill ongoing orders or for which Sparkers is legally obliged to hold cannot be deleted.
- Restriction of processing – You can require Sparkers, subject to compliance with the applicable legal provisions, to restrict the processing of your data.
- Right to data portability – Under certain conditions, you have the right to portability of the personal data you have provided.
- Objection – You may object to the processing of your personal data for the legitimate interests of Sparkers.
- Withdrawal of consent – If Sparkers processes your personal data on the basis of your consent, you have the right to withdraw it at any time. However, this withdrawal will not affect the lawfulness of the processing of your personal data for the period prior to the time of withdrawal and for processing activities based on another legal basis.
- Automated decision-making: you have the right not to have a decision made about you that is based solely on automated processing if that decision produces legal or similarly significant effects concerning you.
- Restriction: you have the right to ask Sparkers to restrict the processing of your Personal Information, so that Sparkers no longer processes that information until the restriction is lifted.
- Complaint to the competent authority – You always have the right to contact the data protection supervisory authority of the Member State of the European Economic Area where you normally reside, where you have your place of work (if applicable) or where the alleged breach has taken place, and to lodge a complaint if appropriate. For Belgium, this is the Data Protection Authority (gegevensbeschermingsautoriteit.be).
We put in all efforts to periodically update your data, however if you feel this is outdated you also have the right to update this yourself through our customer support portal.If you wish to exercise your rights with regard to Sparkers, you can do so by contacting Sparkers using the contact details provided under the title 10. HOW CAN I CONTACT SPARKERS ?
When we obtain personal data directly from you, you are generally free to decide whether or not to provide Sparkers with the personal data, except in the event of a legal obligation. If you do not wish to provide your personal data, you may not be able to use the products or services offered by Sparkers, your questions may not be answered and/or you may not be able to conclude an agreement with Sparkers.
10. HOW CAN I CONTACT SPARKERS ?
For questions, complaints or the exercise of your rights, please contact Sparkers and its data protection officer:
- Online via e-mail to privacy@Sparkers.com
- By post to the following address: Sparkers, Attn. Data Protection Office, 92, Avenue Reine Astrid, 1310 La Hulpe.
Sparkers may refuse requests that it considers excessive or constitute an abuse of the relevant right.
For a more complete overview on the General Data Protection Regulation enforced on EU citizen’s data please follow this link here.
Last updated: 16/10/2023