2. The Sparkademy Service
3. Collection of Personal Data
5. Use and Purpose of Collected Personal Data
6. Legal Basis of Processing Personal Data
7. Keeping Your Personal Data Secure
8. Personal Data Shared with Third Parties
9. Sparkademy’s vendors and sub-processors
10. International Transfer of Personal Data
11. Retention of Personal Data
12. Your Rights With Respect to Personal Data
14. Contact Sparkademy Regarding Personal Data
Sparkademy is an employee education and project management product and service. We allow businesses to identify high-potential candidates and teach them the mind-set, skills and competencies required to lead more customer-centric projects for the company, and in the long term foster a culture of innovation.
In Short: We collect personal information that you provide to us, such as name and email address, among others.
We collect personal information that you voluntarily provide to us when registering at the Website, expressing an interest in obtaining information about us or our products and services, when participating in activities on the Website or otherwise contacting us.
The personal information that we collect depends on the context of your interactions with us and the Website, the choices you make and the products and features you use.
The personal information we collect can include the following, amongst others:
- Full Name
- Job Title
- E-mail Address
- Employer/Company Name
- Content submitted by you through our Website while using it.
All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.
In Short: Some information – such as IP address and/or browser and device characteristics, location data and psychometric test results – is collected automatically when you visit our Website.
Interaction & Monitoring Data
We automatically collect certain information when you visit, use or navigate the Website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Site and other technical information. This information is primarily needed to maintain the security and operation of our Website, and for our internal analytics and reporting purposes. You may define certain authorizations related to data collection in the settings of your device or of your web browser, according to the available functionalities.
Spark Check (Sensitive Data)
This section applies only to users of the Spark Check service, and such users will be asked to give their explicit consent before using these services.
We automatically collect personal information when you use Spark Check, or its abbreviated form (as of the date of this writing, named “Spark Check Lite”), a combination of psychometric tests and questionnaires assessing a person’s ability to deal with uncertainty, the ability to perceive emotions and the ability to understand emotions, amongst other things. These tests can be expanded to other areas. By going through Spark Check we automatically collect sensitive (health) data from you.
When you visit our Website because your employer has recommended you as a potential participant for one of our programs, participation in these tests is subject to prior approval by the Workers’ Councils based on your country-level regulatory practices. Spark Check is a voluntary based assessment and requires an explicit consent from you.
Spark Check Lite is accessible to the public for free. Anyone can voluntarily participate in Spark Check Lite as a self-assessment exercise. Spark Check Lite also implies a collection of sensitive data and requires prior consent from you. By participating in Spark Check Lite, you consent to us sending you your results via electronic means to the contact information provided by you.
A cookie is a file that is downloaded to your terminal (laptop, computer, smartphone, tablet, etc.) in order to store data that can be updated and retrieved by the entity responsible for its installation.
We use various types of cookies or other similar technologies some of which are likely to automatically process data directly on your devices and/or to transfer personal data concerning you to us. These technologies are generally aimed at monitoring and analysing your interactions with the Website and/or to enable us to improve the Website and their functionalities, namely through a personalization of the Website and the related services, according to your interactions.
If you do not want cookies to be stored on your device, you can configure your browser or your device to refuse and/or restrict the cookies. You may also change your cookies preferences through the interface available on the Website. Certain cookies, however, are essential to the functioning of the Website itself and its use may be altered or prevented by refusing these cookies.
We use the following cookies:
A. Essential cookies
Some cookies we place on your electronic device ensure that the Website delivers you without limitation information securely and optimally. The Website cannot function properly without these Cookies.
We use the service "Cloudfront" provided by Amazon Web Services Inc, 410 Terry Avenue North, Seattle, WA 98109-5210 (hereinafter "AWSCloudfront").
The use of AWS Cloudfront is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1lit. f DSGVO).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
Further information on the topic of security and data protection at AWS Cloudfront can be found here: https://aws.amazon.com/de/data-protection/
B. Functionality cookies (“Personalization” cookies)
Some cookies enable the Website to remember choices persons make, for example, username, and language or text size. These cookies are known as "functionality cookies" and help to improve a person's experience of the Website by providing a more personalized service.
C. Statistics and Productivity Cookies (“Analytics” cookies)
Statistics and productivity cookies help us to understand how users interact with the Website, by collecting and processing data anonymously.
D. AdvertisementCookies (“Marketing” cookies)
These cookies track your online activity to help us deliver more relevant advertising or to limit how many times you see an ad.
For more information please check the user help sections of your internet browser or electronic devices for specific instructions on the management of cookies.
In Short: We process your information for purposes based on legitimate business interests, compliance with our legal obligations, and/or your consent.
We use personal information collected via our Website for a variety of business purposes described below, which includes operating the Site, creating and maintaining a user account, interacting with you, providing you with requested information and services, or in the manner expressly indicated when the personal data concerned are collected. We process your personal information for these purposes in reliance on our legitimate business interests ("Business Purposes"), with your consent ("Consent"), and/or for compliance with our legal obligations ("LegalReasons").
We use the information we collect or receive:
Administrative Purposes. To contact you for administrative purposes such as customer service or to send communications, including updates on promotions and events, relating to products and services offered by us
Information Purposes. To provide services and information that you request and/or information about changes to our terms, conditions, and policies,
Website Improvement Purposes. To understand and analyze the usage trends and preferences of our users, to improve our Website, and to develop new products, services, features, and functionality,
User Support Purposes. To contact you about your use of our Website, to request feedback, respond to comments and questions and otherwise to provide support to users,
Security Purposes. To keep our Website safe and secure (for example, for fraud monitoring and prevention),
Operational Purposes. To operate, maintain, enhance and provide all features of our Website,
Legal Purposes. To enforce our terms, conditions and policies, to respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond,
Business Purposes. Your personal data will be anonymized and used to recommend potential candidates for our educational programs.
Profiling Purposes. Your personal data will be used to create a profile based on data gathered by tracking your user behavior, with Spark Check and/or Spark Check Lite, the submissions throughout the program and the feedback you provide us.
If you are visiting our Website from the European Economic Area, we typically collect and/or process your Personal Data when we have your consent or a legitimate business interest.
Consent. We collect and/or process the following Personal Data based on your Consent:
- Psychometric data generated from Spark Check and/or Spark Check Lite.
Legitimate Business Interests. We collect and/or process the following Personal Data based on Legitimate Business Interests:
- Interaction & Monitoring Data,
- Content submitted by you through our Website,
- Full name,
- Job title,
- E-mail address, and
- Employer/ Company name.
Legal Reasons. We process your personal data for legal reasons, to enforce our terms, conditions and policies, to respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
To protect your Personal Data we use appropriate technical and organizational measures corresponding to the type of Personal Data and the risks associated with processing such Personal Data. In the event of a data breach we will contact those affected and, to the extent required, the required regulator as required by applicable law.
In Short: We only share information with your consent, to comply with laws, to protect your rights, or to fulfill business obligations.
We only share and disclose your information in the following situations:
· Compliance with Laws. We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
· Vital Interests and Legal Rights. We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
· Vendors, Consultants and Other Third-Party Service Providers. We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include, but are not restricted to: payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. We may allow selected third parties to use tracking technology on the Website, which will enable them to collect data about how you interact with the Website overtime. This information may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. Unless described in this Policy, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.
· Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
· Business Partners. We may share your information with our business partners to offer you certain products, services or promotions.
· With your Consent. We may disclose your personal information for any other purpose with your consent.
· Other Users. We may also share any information that you voluntarily choose to include in a publicly accessible area of the Website will be available to anyone who has access to that content, including other users.
Each of Sparkademy’s vendors and sub-processors will have an executed Data Processing Addendum to ensure compliance under the EU GDPR requirements. An audited minimum relevant set of data is shared with each vendor. Vendor and sub-processors belong to the following categories:
Data Management Tool Providers, amongst others:
· AWS: the bulk of user data is hosted in AWS
· Dropbox: user data for user management & grading is maintained in Dropbox
· Zapier: user data e.g. for email marketing automation is maintained in Zapier
Analytics service providers, amongst others:
· Heap: user data for analytics purposes is maintained in Heap
· LogRocket: user data for bug tracking & fixing is maintained in LogRocket
Marketing, sales & communication service providers, amongst others:
· Webflow: user data for information requests is maintained in Webflow
· SendGrid: user data for transactional emails is maintained in SendGrid
· Hubspot: user data for email conversations and email marketing is maintained in Hubspot
· Intercom: user data for learner support is maintained in Intercom
· Qualtrics: user data for surveys and forms are maintained in Qualtrics
· Microsoft: user and customer data for support is maintained in Microsoft through products like Outlook or Excel
Internal communication service providers, amongst others:
· Slack: user and applicant data is discussed in chat in Slack
Professional services providers, amongst others:
· Technical/ IT services
Project management services providers, amongst others:
In Short: We may transfer, store, and process your information in countries other than your own.
Our servers are located in the European Union. Your information, which we receive when you use the Website, may be transferred to and stored by our remote employees as well as service providers located in countries outside of the European Economic Area. Where we transfer your Personal Data outside Switzerland or the European Economic Area, we rely on EU commission approved model contractual clauses to do so. We will ensure that appropriate safeguards (as set out in the standard contractual clauses for the transfer of personal data to processors established in third countries)are in place to help ensure that our third-party service providers provide an adequate level of protection to your Personal Data.
We have concluded a separate Data Processing Agreement (“DPA”) with the service providers to ensure the protection of your personal data.
Finally, while we do what we can to protect your information, we may at times be legally required to disclose your personal information (for example, if we receive a valid court order).
By providing us with information and data, you expressly consent to such transfers.
We may retain your Personal Data in connection with our ongoing legitimate business interest. When an ongoing legitimate business interest with respect to your Personal Data no longer exists we will delete such Personal Data.
In Short: In some regions you have rights that allow you greater access to and control over your personal information.
In some regions (like the European Economic Area), you have certain rights under applicable data protection laws. These may include the right
(i) to request access and obtain a copy of your personal information;
(ii) to request rectification or erasure;
(iii) to restrict the processing of your personal information; and
(iv) to data portability.
Object to processing. You may also have the right to object to the processing of your personal information. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws. If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.
In connection with promotions or other projects, we may ask you specifically whether you would like to opt into a certain kind of data use or sharing. If you do not opt in under such circumstances, we will respect your decision. We may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you and are therefore essential to the service we provide.
Correct or Update. You may send requests about personal information to our Contact Information below. You can request to change contact choices, opt out of our sharing with others, and update your personal information.
Upon appropriate request we will usually update or amend your information, but we reserve the right to use information obtained previously to verify your identity or take other actions that we believe are appropriate.
Withdraw consent. You may withdraw your consent at any time, but such withdrawal shall only apply with respect to any processing after such withdrawal.
Erase & Make Portable. You may request that we delete your personal information as well as request that we make your personal information available for porting. You can receive your provided data in a structured, common and machine-readable format.
Right to complain. You may complain to a data protection authority regarding the use or collection of your personal information. Please contact your local data protection authority for more information regarding how to file such a complaint.
In Short: We will update this policy as necessary to stay compliant with relevant laws.
Data Protection Officer: Daniel Kunz
Email address: firstname.lastname@example.org
Representation for data subjects in the EU
We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/15192156301