Privacy Policy

How we collect, use, and protect your personal information.

Last updated:

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website or contact us. It is written in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR), where applicable.

1. Data Controller

The data controller responsible for your personal data is:

Sparkneck
2 Anchor St, Bishop's Stortford CM23 3BP, United Kingdom
Email: online@sparkneck.world
Phone: +358 300 308453

We have not appointed a Data Protection Officer, as we are not required to do so under UK data protection law. For all data protection enquiries, please use the contact details above.

2. Information We Collect

We may collect the following categories of personal data when you interact with our website:

  • Contact information: name and email address provided through our contact form
  • Communication data: the content of messages you send us
  • Technical data: IP address, browser type, device information, and pages visited
  • Cookie data: preferences stored through our cookie consent mechanism
  • Marketing preferences: records of consent where you opt in to non-essential cookies or communications

We do not collect special category data (such as health information) through our website unless you voluntarily include it in a message. We ask that you avoid sharing sensitive personal data via the contact form.

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and on the following legal bases under the UK GDPR:

  • Responding to inquiries: consent (Article 6(1)(a) UK GDPR) when you submit the contact form and tick the consent checkbox
  • Website functionality and security: legitimate interests (Article 6(1)(f) UK GDPR) to operate, maintain, and protect our website
  • Analytics: consent (Article 6(1)(a) UK GDPR) when you accept analytics cookies via our cookie banner
  • Marketing and advertising measurement: consent (Article 6(1)(a) UK GDPR) when you accept marketing cookies via our cookie banner
  • Compliance with legal obligations: where required by applicable UK law (Article 6(1)(c) UK GDPR)

Where we rely on legitimate interests, we balance our interests against your rights and freedoms and implement appropriate safeguards. You may object to processing based on legitimate interests as described in Section 8 below.

4. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form submissions: up to 24 months from the date of your inquiry
  • Cookie consent preferences: up to 12 months, stored locally in your browser
  • Analytics data: up to 26 months, where consent has been provided
  • Server logs: up to 90 days for security and troubleshooting purposes

5. Data Processors and Sharing

We do not sell your personal data. We may share personal data with trusted third-party processors who assist us in operating the website, such as:

  • Website hosting and infrastructure providers
  • Analytics providers (only where you have consented to analytics cookies)
  • Advertising and measurement partners (only where you have consented to marketing cookies)

These processors act on our instructions and are bound by written data processing agreements that require them to protect your data in line with UK GDPR requirements.

We may also disclose personal data where required by law, regulation, court order, or to protect our legal rights.

6. International Transfers

Some of our service providers may process data outside the United Kingdom. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as:

  • An adequacy decision issued by the UK Secretary of State
  • The UK International Data Transfer Agreement (IDTA) or UK Addendum to EU Standard Contractual Clauses
  • Other transfer mechanisms approved under UK GDPR

You may request further information about international transfers by contacting us using the details in Section 1.

7. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you. Any analytics or marketing tools enabled with your consent may analyse browsing behaviour to measure website performance or campaign effectiveness, but they do not determine access to services or create individual profiles used for automated decisions about you.

8. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data in certain circumstances
  • Right to restrict processing: request limitation of how we use your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests
  • Right to withdraw consent: withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact us at online@sparkneck.world. We will respond within one month, which may be extended by a further two months for complex requests, as permitted by UK GDPR.

We may need to verify your identity before fulfilling a request. There is no fee for exercising your rights unless a request is manifestly unfounded or excessive.

9. Marketing Communications

We do not send unsolicited marketing emails. If you contact us through the contact form, we will use your details only to respond to your inquiry unless you separately opt in to marketing communications. Under PECR, we will obtain your consent before sending any promotional electronic messages.

You may withdraw consent to marketing at any time by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including HTTPS encryption, access controls, and regular security assessments. While we take reasonable precautions, no method of transmission over the internet is entirely secure.

11. Children's Privacy

Our website is not directed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will delete such information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. Material changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

13. Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the matter. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Website: ico.org.uk
Helpline: 0303 123 1113

Nothing in this Privacy Policy affects your statutory rights under UK law.