Effective date: July 12, 2024
1. Introduction
1.1 This Privacy Policy describes how SparkCore (“SparkCore”, “we”, “us” or “our”) processes your personal data when you use our services or your data is necessary to us due to your connection to the person using our service or you contact us through our website https://www.sparkcore-investment.com/ or other means.
1.2 It is important to us that your personal data is protected when using our services. We process personal data in accordance with the data protection legislation applicable to our activities, including the EU General Data Protection Regulation 2016/679 (GDPR). All terms used in this Privacy Policy should be understood as defined in the GDPR.
2. What information do we process?
2.1 Mostly we collect personal data directly from you or from the client who you have a relationship with. We may also collect personal data from public databases, media or other public sources if this is necessary for the processing purpose.
2.2 When you are using or wish to use our services the personal data we collect includes:
2.2.1 name;
2.2.2 personal identification number (in case of absence the date and place of birth and place of residence);
2.2.3 the name and number of the document used for identification and verification of the identity of the person, its date of issue and the name of the issuing authority;
2.2.4 e-mail address and/or telephone number;
2.2.5 permanent place of residence and other places of residence;
2.2.6 occupation, profession, or area of activity;
2.2.7 citizenship and the country of tax residence;
2.2.8 data about being politically exposed person (PEP) or being a close associate or family member of PEP;
2.2.9 origin of assets;
2.2.10 financial information;
2.2.11 status of the person;
2.2.12 imposition of international (financial) sanctions;
2.2.13 photo (selfie).
2.3 When you are representative, beneficial owner, manager, director or head of branch of our legal person client or a family member (in case you are PEP) or a close associate to our client (in case you are PEP), the personal data we collect includes:
2.3.1 name;
2.3.2 personal identification number (in case of absence the date and place of birth and place of residence);
2.3.3 the name and number of the document used for identification and verification of the identity of the person, its date of issue and the name of the issuing authority;
2.3.4 e-mail address and/or telephone number;
2.3.5 permanent place of residence and other places of residence;
2.3.6 connection to the client;
2.3.7 data about being politically exposed person (PEP) or being a close associate or family member of PEP;
2.3.8 document proving right of representation (including the date of issue and name of the issuing party);
2.3.9 imposition of international (financial) sanctions.
2.4 When you contact us, the personal data we collect includes your:
2.4.1 name;
2.4.2 e-mail address;
2.4.3 content of your message.
3.How do we use your information?
3.1 We will use the personal data for creation of the contractual relationship between us, allowing to use our services and to perform the contract, including to contact you, manage your funds, make payments.
3.2 We will use the personal data to fulfil our legal obligations, including to fulfill accounting obligations, obligations related to prevention of money laundering and terrorist financing (including to identify you), to solve data subject requests, to exchange personal data with authorities.
3.3 We will use the personal data based on our legitimate interest to protect our rights and defend ourselves from claims and to mitigate risks.
3.4 We will use the personal data of persons related to our clients based on our legitimate interest to provide services to the client or to fulfil our legal obligation.
3.5 We will use the personal data collected when you contact us based on our legitimate interest to respond to your contact requests or take the measures requested.
3.6 Where we process your personal data based on our legitimate interest, you may use your right to object as described below.
4. Sharing your information
4.1 To provide the best possible service to you, we use the help of some carefully selected service providers who have access to personal data to the extent necessary to perform their services. Examples of such processors are service providers who provide us with identity verification services, other due diligence measures (including sanctions and PEP screening), and appointment booking services. These service providers will only process personal data per our instructions as processors on our behalf and we remain fully responsible for your personal data processing.
4.2 We may sometimes transfer your personal information to third parties that act as data controllers, but only if we have legal basis. For example, we may transfer personal data to service providers through whom payments are made, to supervisory or regulatory authorities and to our legal advisers.
4.3 We do not process personal data outside the European Economic Area (EEA), i.e. the Member States of the European Union, Norway, Iceland and Liechtenstein, but our processors and third parties involved may do so.
4.4 Where it is necessary to process personal data outside the EEA, we will only do so if we have a lawful basis, including, in particular, if the recipient of the personal data: (i) is located in a country that is assessed by the European Commission as providing an adequate level of protection for personal data; or (ii) has entered into an agreement that meets the requirements of the GDPR for the transfer of personal data to recipients located outside the EEA (e.g., SCC-s); or (iii) fulfils other conditions set out in the GDPR that allow the transfer of personal data to such a recipient outside the EEA.
4.5 If you would like more detailed information about our processors, third parties or possible data transfers outside the EEA, please contact us using the contact details below.
5. How long we keep your information?
5.1 SparkCore stores your personal data only for as long as is necessary for the purpose for which the personal data is processed, unless the period for which the personal data must be stored is regulated by law:
5.1.1 accounting records must be retained for 7 years according to the Accounting Act;
5.1.2 data collected in accordance with the Prevention of Money Laundering and Terrorist Financing Act must be retained for 5 years after the end of the business relationship.
5.1.3 SparkCore destroys and/or safely deletes all personal data that is no longer needed for the purposes for which it was collected, or for which the retention period has expired.
6. Your rights
6.1 Right to access. At any time, you can ask us to confirm what personal data we process about you and request a copy of your personal data.
6.2 Right to rectification. You may at any time ask us to correct and/or complete your personal data if it is inaccurate or incomplete.
6.3 Right to erasure. In certain cases, you have the right to ask us to delete your personal data. For example, you have such a right if (i) the personal data is no longer necessary for the purposes for which it was processed; (ii) you withdraw your consent to the processing of personal data and we have no other legal basis for further processing; (iii) you object to the processing of your personal data and there are no overriding legitimate grounds for continuing to process the personal data or if you object to the processing of personal data for direct marketing purposes; (iv) the personal data has been processed unlawfully; (v) erasure is necessary to comply with an obligation under applicable law. However, we are not always obliged to delete personal data at your request. For example, we are not required to do so where the continued processing of personal data is necessary to comply with our legal obligations or to prepare, submit or defend legal claims.
6.4 Right to restriction. In certain cases, you have the right to request the restriction of the processing of your personal data. You have this right if (i) you contest the accuracy of the personal data, for a period of time that allows us to verify the accuracy of the personal data; (ii) the processing of the personal data is unlawful and you are not requesting the erasure of the personal data but the restriction of use; (iii) we no longer need the personal data concerned for the purposes of the processing, but it is necessary for you for the establishment or exercise of legal claims or for the defence of your claims; (iv) you have objected to the processing of the personal data, for a period of time pending verification whether our legitimate grounds for processing the personal data override the grounds you have given us for stopping the processing. Where the processing of personal data is restricted, we may nevertheless process the personal data if (i) you have given your consent; (ii) the data are necessary for us to prepare, submit or defend legal claims; (iii) the data are necessary for us to protect the rights of a natural or legal person; or (iv) the processing is necessary for an important public interest.
6.5 Right to object. Where processing of personal data is based on our or a third party's legitimate interest, you have the right to object to such processing. In such cases, we will not further process the personal data unless we can demonstrate that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment or exercise of legal claims or the defense of legal claims. If you object to the processing of personal data in connection with direct marketing, we will no longer process your personal data for that purpose.
6.6 Right to withdraw consent. Where we process personal data on the basis of your consent, you have the right to withdraw your consent at any time. Please note that withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent prior to the withdrawal.
6.7 Right to data portability. You have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format and the right to transmit that data to another controller where the processing is based on your consent or for the purposes of the performance of a contract and the data is processed by automated means. Where technically feasible, you have the right to request that we transfer the data directly to another controller.
6.8 Right to lodge a complaint with a supervisory authority. If you consider that your personal data have not been processed in accordance with the applicable data protection law and that your rights have been infringed, you have the right to lodge a complaint with the Data Protection Inspectorate (address: Tatari 39, 10134 Tallinn; phone: +372 627 4135; e-mail: info@aki.ee) or with the supervisory authority in the Member State where you have your habitual residence, place of work or the place where the alleged infringement took place (see https://edpb.europa.eu/about-edpb/board/members_en).
6.9 To exercise these rights, please contact us at contact@sparkcore-investment.com.
7. Changes in this Privacy Policy
7.1 If our practice regarding the processing of personal data changes or if we need to amend the Privacy Policy as a result of applicable data protection legislation, other legislation, case law or the guidelines or practice of supervisory authorities, we have the right to unilaterally amend the Privacy Policy at any time. We will notify you of these changes on our website, significant changes will be communicated via email.
8. Contact us
8.1 The controller of your personal data is SparkCore.investment OÜ, registry code 16265864, address: Harju County, Tallinn, Kesklinna district, Võistluse tn 6/2, 10132, Estonia.
8.2 If you have any questions about this Privacy Policy, please contact us at contact@sparkcore-investment.com.