Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data;
EU Privacy Law: Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (the ”GDPR”), as well as any legislation and/or regulation implementing or created pursuant to the GDPR and the e-Privacy legislation, or which amends, replaces, re-enacts or consolidates any of them, and all other national applicable laws relating to the Processing of Personal Data and privacy;
Processor: A natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller;
Recipient: A natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a Third Party or not;
Third Party: A natural or legal person, public authority, agency or body other than the data subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorized to process Personal Data;
Supervisory Authority: An independent public authority which is established by a Member State pursuant to Article 51 of the GDPR;
Personal Data: Any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing: Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Standard Contractual Clauses: Sets of standard contractual clauses for transfers as adopted by the European Commission for the international transfer of Personal Data.
Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
Representative: A natural or legal person established in the Union who, designated by the Controller or Processor in writing pursuant to Article 27 of the GDPR, represents the Controller or Processor with regard to their respective obligations under this Regulation.
(II) WHO ARE WE?
(head office and main establishment)
Sparkcentral Europe NV
Kempische Steenweg 311 b6.01
B – 3500 Hasselt
Responsible person for data protection:
Mission Street 535 Floor 17
CA 94105 San Francisco
As required by Article 27 GDPR, Sparkcentral Inc. designates Sparkcentral Europe as Representative in the European Union.
We value your right to privacy and make every effort to protect your Personal Data in accordance with the EU Privacy Law and the applicable national data protection legislation.
(IV) PERSONAL DATA WE COLLECT
In the context of our business, we collect and process “non-personal data” and “Personal Data.” Non-personal data includes information that cannot be used to personally identify a natural person, such as anonymous usage data and general demographic or statistical information we may collect.
We collect the following Personal Data of you as user of our Service:
- Personal identification data: name, email address, passwords and account information of persons registering with the Service;
This Personal Data is collected in various ways:
- Directly from you when you provide us with your Personal Data, e.g. through the registration process at our website or when you contact us with a question;
- Through cookies;
(V) PURPOSES AND LEGAL BASES OF THE PROCESSING
We use your Personal Data for the following purposes:
- For customer relations management;
- For the handling of user/customer inquiries and complaints;
- For providing technical support;
- For the management of our website;
- To provide you with information requested by you;
- For marketing purposes, i.e. for our electronic mailings (if you had subscribed to them);
For your perfect information, you can find hereinafter the legal grounds applicable to these Processing activities:
- For the Processing of your Personal Data for the delivery of our Service, for the follow-up on sales and invoicing, to provide you with certain information with respect to purchased services, or in the context of complaint handling, we rely upon the necessity for the performance of a contract;
- In all other cases, the Processing of your Personal Data is based on our legitimate business / commercial interests (i.e. the interest of contacting you as a prospective user of our Service, of informing customers of our Service, and to promote our business in general, both online and offline, and the interest of obtaining information about preferences of our customers).
- For the Processing of your Personal Data for electronic direct marketing purposes (tracking and analyzing your interests, sending our electronic newsletter), we rely upon your opt-in consent. Only if you have unambiguously stated that you would like to receive our electronic newsletter (you are entirely free to do this), we will register you for our electronic mailings.
Note that you have the right to withdraw that consent at any time, free of charge, and without this having any negative implications for you. You may do so by e-mail (see below) or via the opt-out link included in each of our marketing mailings.
(VI) WITH WHOM WE SHARE YOUR PERSONAL DATA
We may share your Personal Data with the following actors:
- With our service providers (‘Processors’): in the context our Services, we may share your Personal Data with Third Parties (to the extent this is required for said Third Party to render a service), in particular with service providers (e.g. marketing agencies who organize email communications for us) that act as our ‘Processors’;
- Within our group of undertakings: note that we have an affiliate in Belgium and in the United States (see below for the appropriate safeguards provided);
- With our external law firms in case of (threatened) litigation;
- With government authorities in case we have a legal obligation to do so;
We will implement appropriate legal and technical safeguards when transferring your Personal Data to third parties.
PRIVACY SHIELD STATEMENT
Sparkcentral Inc.‘s accountability for Personal Data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Sparkcentral Inc. remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the Personal Data on its behalf do so in a manner inconsistent with the Principles, unless Sparkcentral Inc. proves that it is not responsible for the event giving rise to the damage.
If you have an unresolved privacy or data use concern that Sparkcentral Inc. has not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (at no cost to you) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim.
For any Privacy Shield disputes that cannot be resolved by the methods above, you may be able to invoke a binding arbitration process under certain conditions. To find out more about the Privacy Shield’s binding arbitration scheme, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
The Federal Trade Commission has investigation and enforcement authority over Sparkcentral’s compliance with the Privacy Shield.
(VII) HOW WE PROTECT YOUR PERSONAL DATA
We implement the necessary administrative, technical and organizational security measures designed to protect your information and to ensure a level of security appropriate to the specific risks that we have identified. We protect your Personal Data against destruction, loss, alteration, unauthorized disclosure of or access to Personal Data transmitted, stored or otherwise processed. Sparkcentral is ISO 27001 certified and will make every effort to maintain this certification indefinitely. Technological security measures we implement to protect your data include sufficiently strong encryption, firewalls and secure socket layer technology (SSL).
Your account is protected by your account password and we urge you to take steps to keep your Personal Data safe by not disclosing your password and by logging out of your account after each use. We strongly recommend that your password is as at the very least eight (8) characters long, is composed of a combination of alphanumeric characters and contains at least one capitalized character and a character such as #, !, ?, *. We reserve the right to enforce these recommendations when you are creating a password on our website.
More information on our protection measures is available upon simple request.
(VIII) RETENTION PERIOD
Your Personal Data will not be stored for longer than is necessary in relation to the purposes for which we process them (as listed above). Afterwards it is still possible that they can be found in our back-ups or archives, but they will no longer be actively processed.
More specifically, the following retention guidelines are applied by us:
- Personal Data included in accounting, financial or other official documents will be retained for as long as such documents legally need to be kept;
- Personal Data required for the execution and follow-up of a contractual relationship will be kept for the entire duration of that relationship and for ten (10) years following termination thereof;
- Personal Data obtained in the context of complaint handling will be deleted (or anonymized) as soon as the complaint is closed; and
- any Personal Data used for marketing purposes will be retained for as long as we are sending you relevant mailings and for a maximum of eighteen (18) months thereafter. As soon as we note that your contact details are no longer accurate or active, or whenever you decide to exercise your right to unsubscribe right, we will no longer keep your Personal Data for these purposes.
Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial or administrative proceedings (e.g. in case of a dispute), will we retain Personal Data for longer periods.
More information regarding our applicable retention periods is available upon simple request.
(IX) YOUR RIGHTS REGARDING THE USE OF YOUR PERSONAL INFORMATION
Within the limits defined by Articles 15-22 GDPR, you have the statutory right to:
- receive information about and access your Personal Data;
- rectify your Personal Data;
- request erasure of your Personal Data (‘right to be forgotten’);
- request restriction of Processing of your Personal Data;
- object to the Processing of your Personal Data;
- receive your Personal Data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organization.
Finally, you have the right to lodge a complaint relating to the Processing of your Personal Data by us with the Supervisory Authority in your country.
In principle you may exercise the above-mentioned rights free of charge. Only where requests are manifestly unfounded or excessive, we may charge a reasonable fee.
We aim to respond as quickly as possible to your requests or questions. We might request and sometimes even be legally required to request proof of identity in advance in order to double-check your request and to avoid unauthorized access by Third Parties.
(X) LINKS TO OTHER WEBSITES
(XII) CONTACTING US
If you feel there is unethical behaviour please contact us by sending an email to firstname.lastname@example.org
If you reside in California, you have the right to ask us one time each year if we have shared Personal Data with Third Parties for their direct marketing purposes. To make a request, please send us an email at email@example.com or write to us at the Californian address listed above. Please indicate in your letter that you are a California resident making a “Shine the Light” inquiry.