Privacy Policy

Spark92 Privacy Policy

Effective as of March 2023

This Privacy Policy (“Privacy Policy”) is provided by Spark92, LLC (“Spark92”, “we”, “our”, or “us”) and sets forth our policies for the collection, use, storage, sharing, disclosure (collectively, “processing”) and protection of Personal Data, as defined herein.

This Privacy Policy applies to any individuals ( “you” or “your organization”) who directly or indirectly receive our services, or otherwise engage or interact with us, and to individuals accessing and using the website www.spark92.com (the “Site”).

This Privacy Notice explains how we process your personal data and which rights you have in this respect under any applicable privacy and data security laws and regulations (“Data Protection Laws”). If we process your Personal Data under any of the following specific Data Protection Laws, please also refer to the relevant supplementary sections of this Privacy Policy below:

The EU General Data Protection Regulation (“GDPR”), the GDPR as incorporated into UK law by the Data Protection Act 2018 (“UK GDPR”) or the Cayman Island Data Protection Law, 2017 (“DPL”);
The US Gramm-Leach-Bliley Act of 1999, as amended (“GLBA”) and the California Consumer Privacy Act (“CCPA”).

Categories of Personal Data We Process

In this Privacy Policy, the term “Personal Data” generally means any information relating to an individual (also referred to as “Data Subject”) that could be used either alone or together with other information to identify that individual and that is covered by applicable Data Protection Laws.

The nature of the specific Personal Data we process will depend on our relationship with you. During our ordinary business activities, we may process various categories of Personal Data including but not limited to:

Personal information, such as name, position, job title, place of employment and signature
Contact information, such as work address, work telephone number, work mobile phone number, work fax number and work email address; and private contact information including home address, personal email address and cell phone;
Information on our business interactions with you or your organization, such as date, time, place or channel of any communication or other interaction with you and other data which may be generated by such business interactions and the nature of which depends on the nature or such business interaction;
Financial data, such as bank account details and credit card numbers for billing and payment processing purposes;
Marketing and communication data, such as your marketing and communication preferences, marketing communication you responded to, survey responses, any information or services requested by you and records of other communication with you;
Further business information necessarily processed in a business or other contractual relationship with Spark92 ; or provided with your consent;
Data relating to disputes and enforcement of claims, including data relating to or generated from proceedings, disputes, negotiations, statements, pleadings or other related communication or activities;
Information obtained by website, newsletter or other analytics technology, in particular your activities when you use our website, view our electronic information or use our online products and services (such as downloadable content) which may include information about which content you access at what times and how often, unique identifier and the IP address of your computer or mobile device, browser type and version and plug in types or operating system; and

How We Collect Your Data

Depending on the nature of our relationship with you, we may collect your Personal Data in various ways, including:

Directly from you or your organization g., when you or your organization provide Personal Data to us by sending us emails or other written correspondence or otherwise providing us with Personal Data in the course of our business or other relationship.
Automatic collection tools g., Cookies, as defined in this Privacy Policy, and other analytics or tracking technology may be used to collect certain aggregate data (“Anonymized Data”) and non-Personal Data when you visit the Site.

For which Purpose We Use Your Personal Data

Depending on the nature of our relationship with you, we may process Personal Data for the following purposes:

For Business Purposes

To deliver the services or products under a contract with you or your organization;
Financial management and administration, managing billing and payments;
General administration of your or your organizations’ business relationship with us, including communicating with you, service providers and other third parties as required keeping internal records, notifying you about changes to our terms of business or this Privacy Policy;
Engaging vendors, service providers and suppliers and performing relevant contracts;
Interacting with governmental or regulatory bodies or other competent authorities;
Conducting market research, surveys, and similar inquiries to help us understand trends, client and website visitor needs and testing and upgrading our systems and processes to improve and enhance our products, services and technologies;
Allowing you to register for our and attend our conferences and other events that we host;
Maintaining and protecting the security of our premises and facilities, IT systems, databases, websites or other digital infrastructure, including preventing and detecting security incidents, improving data security and protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity, service, testing and maintenance of our systems;
Monitoring and auditing compliance with internal policies and procedures, legal obligations and to meet requirements and orders of regulatory authorities;
To ensure that content from our website are presented in the most effective manner for you and your device;
Establishing, exercising and defending legal claims, investigating and resolving disputes and enforcing our website Terms of Use and other agreements;

To Comply with Legal or Regulatory Obligations

Complying with our legal or regulatory obligations, such as record keeping, disclosures to tax or other regulatory authorities, enforcing and complying with legal judgements, and including auditing relating to interactions, transactions and other compliance activities;
Preventing and detecting crime, including fraud or criminal activity and misuses of our products or services;
Performing a contract with you or your organization or to take steps before entering into a contract, including to: (i) receive and handle complaints, requests or reports from you, (ii) evaluate whether we can offer you a Spark92 product or service and under what conditions; and/or

For Marketing and Communication Purposes

We may collect and share your Personal Data with our affiliates for direct marketing purposes, such as informing you electronically or by paper products and services to you by us or our affiliates, inviting you to participate in surveys and providing you with other news about Spark92 (“Marketing Purposes”) unless and until you notify us that you do not wish to be contacted for Marketing Purposes. You may opt out of Spark92’s direct marketing at any time by clicking the opt-out links in any electronic marketing communication we send to you or by using the contact details in the “Contact and Complaints” section below.

Unless we inform you that the provision of your Personal Data is optional, any Personal Data we request is necessary for us to provide you or your organization with the products and services requested. If you do not provide the Personal Data requested, we may not be able to provide those products and services.

With Whom We Share Personal Data

Spark92 Affiliates. With our affiliates worldwide if legally permitted and to the extent required for the purposes set out above.
Service Providers. With our service providers worldwide, e.g. legal, financial and other professional advisors and third parties related to products and servicers under contract with you who will process your Personal Data on our behalf and in accordance with our instructions only.
Governmental Authorities. We also disclose your Personal Data if we are required or permitted to make disclosures by applicable law (including any regulatory or enforcement body, agency, court or tax authority or their agents) or to the government or private parties in connection with a lawsuit, subpoena, investigation or similar proceeding, or as part of our legislative or regulatory reporting requirements.
As required by Law. To any other person or organization where that is required under applicable law or regulation and permitted under applicable Data Protection Laws.

International Transfers

Because of the international nature of our business, Personal Data may be transferred to countries outside of the country where you reside or where we provide services to you or your organization. As such other countries may not have the same level of data protection, we will comply with any applicable requirements under the Data Protection Laws and apply appropriate safeguards to ensure the security and integrity of your Personal Data, regardless of where it is processed. Where required we will enter into data transfer agreements in accordance with applicable Data Protection Laws, including as specifically set out below for the GDPR, UK GDPR and DPL.

How We Protect Your Personal Data

Personal Data held by us will be kept confidential and protected in accordance with Data Protection Laws and applicable Spark92 policies and procedures. We will use commercially reasonable efforts to ensure that Personal Data is kept secure and safe from any loss or unauthorized disclosure or use.

Use of Cookies

Our Site uses cookies, which are small text files downloaded onto your device. We use the following types of cookies:

Strictly necessary cookies: These are cookies that are required for the operation of our website. Without these cookies, our website will not work properly. Accordingly, we are not asking you for your consent for these cookies.

You can find more information about the individual cookies we use in the table below:

[Add cookie table]

Provider	Cookie Name	Cookie Type	Purpose	Further information
Microsoft Corporation	ARRAffinity	Strictly necessary cookie	This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session to optimise response times.	Expiry: End of browsing session Microsoft Privacy Statement
Microsoft Corporation	ARRAffinitySameSite	Strictly necessary cookie	This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session to optimise response times.	Expiry: End of browsing session Microsoft Privacy Statement
Google LLC	_ga	Analytics cookie	This cookie is used to calculate visitor, session and campaign data for the site’s analytics reports. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors.	Expiry: 2 years Google Analytics Cookies Google Privacy Policy Google Analytics Opt-Out Add on

You may set or change your Cookie Preferences at any time by clicking here. Strictly necessary cookies cannot be opted out as they are required to operate and protect the integrity and security of the Site.

You can also set or amend your web browser controls to reject or block cookies, though your access to some functionality and areas of the Site may be restricted. You should visit your browser’s help menu for more information on how to reject or block cookies.

Retention of Personal Data

For how long we retain your Personal Data will depend on the nature of our relationship with you. We will generally retain your Personal for as long as required for the purposes for which we are processing your Personal Data (as set out above) and for any retention period required to comply with our legal obligations.

The criteria we apply to determine the appropriate retention period include, but are not limited to the following:

The duration of our business relationship with you or your organization and the purposes for which we process your personal data;
Any relevant legal obligations requiring us to retain data (for example, we may be required to keep records of certain transactions for a certain period of time) and
Whether retention is appropriate in consideration of our legal position (such as applicable statutes of limitations, pending or threatened litigation or regulatory investigations).

Additional Information in Relation to Data Processing Under the CCPA

The below additional information applies only to Data Subjects who are residents of the state California in the United States where we process Personal Data under the California Consumer Privacy Act.

Data Subject Rights (CCPA)

In accordance with the CCPA you may have the right to:

Access/port Personal Data about you consistent with legal requirements. In addition, you may have the right in some cases to receive or have your electronic Personal Data transferred to another party.
Request correction of your Personal Data where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your Personal Data or we may refer you to the controller of your Personal Data who is able to make the correction.
Request deletion of your Personal Data, subject to certain exceptions prescribed by law.
Request restriction of or object to processing of your Personal Data, including the right to opt in or opt out of the sale of your Personal Data to third parties, if applicable, where such requests are permitted by law.

If you would like to exercise any of these rights, please contact us via email at: dataprotectionofficer@spark92.com. You may also contact us via phone at: (646) 885-3490. We will process such requests in accordance with Data Protection Laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.

Additional Information in Relation to Data Processing Under the GDPR, UK GDPR and DPL

The below information applies only to Data Subjects who are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”) or the Cayman Islands and whose Personal Data we process under the GDPR, the UK GDPR or the DPL.

a) Responsible Controller

The responsible controller for any Personal Data processed by us for the above purposes will be

Spark 92, LLC (875 Third Avenue, New York, NY 10022, United States of America),

b) Legal Basis

We process your personal data for the purposes set out above (see “For which Purpose We Use Your Personal Data”) on the following legal bases:

Purpose	Legal Basis
Business Purposes
Performing contract with you or your organization	Performance of a contract
Financial management and administration, billing and payments	Performance of a contract Legitimate Interest: to perform our contract with your organisation, manage payments
General administration of your or your organizations’ business relationship with us	Performance of a contract
Engaging vendors and performing vendor contracts	Performance of a contract Legitimate interest: to ensure reliability and suitability of our vendors
Interacting with regulatory authorities	Legal or regulatory obligation
Market research, surveys and technological development	Legitimate Interest: to improve our products, services and technologies
Event registration and management	Legitimate Interest: event management and administration.
Identifying and preventing security threats to facilities, premises and systems	Legitimate Interest: office and facilities security and administration, maintain our IT systems, network and data security
Internal audits and complying with regulatory orders	Legal or regulatory obligation
Website presentation	Legitimate Interest: ensure website content is effectively presented
Establishing, exercising and defending legal claims	Legal claim
Legal or Regulatory Purposes
Compliance activities	Legal or regulatory obligation Legitimate Interest: to comply with our legal obligations
Crime detection and prevention	Legal or regulatory obligation Legitimate Interest: to comply with our legal obligations
Marketing and Communication Purposes
Direct Marketing	Consent (where required) Legitimate Interest: to promote our products and services

c) Data Protection Principles

In respect of the collection, holding, storage, use, and processing of your Personal Data:

We will process your Personal Data lawfully, fairly and in a transparent way.
We will obtain your Personal Data only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
The Personal Data we collect will be relevant to the purposes we have told you about and limited only to those purposes.
We will take reasonable steps to ensure that your Personal Data is accurate and kept up to date.
Subject to applicable legal or other requirements, we will keep your Personal Data only as long as necessary.
We will use appropriate technical and/or organizational measures to ensure appropriate security of your Personal Data.

d) International Transfers

Where we transfer your Personal Data to countries that do not have the same level of data protection as that afforded by Data Protection Laws in the EEA, the UK or the Cayman Islands, we will comply with the applicable requirements under GDPR, UK GDPR and/or DPL and apply appropriate safeguards to ensure the security and integrity of your Personal Data, in particular by entering into data transfer agreements with the data recipients as required under GDPR which are in the form of EU Standard Contractual Clauses and/or equivalent data transfer agreements under the UK GDPR and DPL. Please contact us using the contact details below if you would like to learn more about the specific transfer safeguards applied.

Where required in consideration of the Data Protection Laws and other laws of the recipient country, we will apply appropriate supplementary safeguards to ensure that the recipients can comply with their obligations under the relevant data transfer agreements and that an adequate level of data protection is ensured.

e) Your Data Subject Rights

Under the GDPR, UK GDPR and DPL you may, subject to certain legal conditions, request access to, rectification, erasure or restriction of processing of your Personal Data. You may also object to processing or, under the GDPR or UK GDPR, request data portability. Additionally, you may have the right to request a copy of the Personal Data that we hold about you. If your request is unfounded or excessive, we reserve the right to charge an administrative fee.

For any of the above requests, we may require additional proof of identity to verify your identity and to protect your Personal Data against unauthorized access. We will carefully consider your request and may discuss with you how it can best be fulfilled.

PLEASE NOTE THAT IN ACCORDANCE WITH ARTICLE 21 (2) OF THE GDPR YOU MAY HAVE THE RIGHT TO OBJECT TO THE USE OF YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES.

If you have given us your consent for the processing of your Personal Data, you can withdraw the consent at any time with future effect, i.e., the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. If consent is withdrawn, we may only further process your Personal Data where there is another legal basis for such processing.

If you have any concerns about how your Personal Data is handled by us or wish to raise a complaint on how we have handled your Personal Data, you may contact us to have the matter investigated. You may also submit a complaint to the competent data protection supervisory authority in your country. For example, if you are from the UK, you may contact the Information Commissioners Office via their website (www.ico.gov.uk).

Changes to This Privacy Policy

From time to time, we may make changes or amend this Privacy Policy as required to reflect any changes to the way in which we use Personal Data or as a result of changes to Data Protection Laws. Any amended information will apply from the date it is posted on the Site. You are advised to visit the Site regularly to check for any amendments. In addition, we may communicate material changes to you through the appropriate channel we normally use to communicate with you.

Contact and Complaints

Spark92 takes any complaints we receive about our use of Personal Data seriously. Questions, comments, requests or complaints regarding the Site, this Privacy Policy, or our use of Personal Data should be addressed to: dataprotectionofficer@spark92.com. Any Personal Data we receive when a complaint is made will be treated in accordance with this Privacy Policy and utilized only to process the complaint and check on the level of service we provide. Similarly, where inquiries are submitted to us, we will only use the Personal Data supplied to us to manage and address the inquiry and any subsequent issues and to check on the level of service we provide. To protect your privacy, we will take steps to verify your identity before fulfilling your request.

Complaints may be directed to:

Spark 92, LLC Data Protection Officer
875 Third Avenue,
New York, NY 10022 dataprotectionofficer@spark92.com.