At Sparly AB org. no. (559249-7589) ('Sparly', 'we', 'us', 'ours') we care about personal integrity. This means that we respect and safeguard your privacy and the right to control and transparency in the Processing of your Personal Data.
The policy informs you about our handling of Personal Data in cases where you communicate with us, use our service - financial fitness app - or visit our website sparly.co.
This policy is aimed at:
Users of the Service (“Users”, “you”)
Visitors to our website (“Visitors”, “you”)
"Processing" of Personal Data is anything that can be done with Personal Data, e.g. storage, modification, reading, handover, etc.
"Applicable law" means the legislation applicable to the Processing of Personal Data including the Data Protection Regulation (GDPR), supplementary national legislation, as well as practices, guidelines and recommendations issued by a national or European supervisory authority.
"Personal Data" is all kinds of information that can be linked to an identifiable, living person.
"Personal Data Controller" is the company/organization that decides for what purposes and in what way the Personal Data should be processed and thus is also responsible for the Personal Data being processed in accordance with Applicable Law.
"Personal Data Processor" is the company / organization that processes Personal Data on behalf of the Personal Data Controller and may thus only Process the Personal Data in accordance with the Personal Data Controller's instructions and applicable legislation.
"Data subject" means a living, natural person whose Personal Data is processed.
The information in this Policy includes the Processing of Personal Data that Sparly is responsible for as Personal Data Controller, ie. the processes for which we determine the purpose of (why a Processing is done) and means for (in what way, what Personal Data, how long, etc.).
We provide the 'Financial Fitness App', which is a service that helps you set up a monthly budget, track the status of your expenses and budget goals (as described in Sparly's General Terms and Conditions). To provide our services, we need access to your Personal Data.Sparly's Processing of Personal Data
Agreement - The Processing is necessary to be able to fulfill obligations in an agreement between us and the Data subject or to prepare to enter into an agreement with the Data subject. We may not provide the Service without access to the Personal Data processed under this lawful basis.
Legitimate interest - several of the purposes for which we process Personal Data are based on our legitimate interests, which we state in more detail below in connection with the specific purposes. We have struck a balance of interests between, on the one hand, our legitimate interests, and on the other hand, the interests and rights of our Users and Visitors, and concluded that our legitimate interests can be exercised without constituting a disproportionate infringement on the privacy of our Users and Visitors. To find out more about how we have reasoned, contact us via the information given further down in the Policy.
Legal obligations - we may have legal obligations to process Personal Data, such as in orders from law enforcement agencies, or if more Personal Data needs to be collected in order for us to fulfill requests for the exercise of rights under the GDPR.
We store your Personal Data for as long as is necessary for the purpose for which it was collected. Depending on the lawful basis on which we base the Processing, this may a) follow from an agreement, b) be dependent on a valid consent, c) appear in legislation or d) follow from an internal assessment based on the purposes of the Processing.
We will primarily use your Personal Data to be able to provide the Service and to continuously improve it. To fulfill this, we will process Personal Data for the purposes described below.
1.1. Purpose: To administer your membership, including securing your identity, authorizing you to log in and maintain accurate contact information, answering and handling customer inquiries, customer complaints.
1.2 Personal Data: Email address, password, name.
1.3 Lawful basis: In order to fulfill our contractual commitments to you.
2.2 Personal Data: Bank accounts including bank transfers, payment transactions, balances and other similar information.
2.3 Lawful basis: In order to fulfill our contractual commitments to you.
3.1. Purpose: If Data subject takes part in an offer from one of our partners, Sparly can confirm to the Partner that Data subject is Sparly's customer through an anonymised unique link, discount code or by the customer showing the discount code by opening the app when paying in physical stores.
3.2 Personal Data: E-mail address, name.
3.3 Lawful basis: In order to fulfill our contractual commitments to you.
4.1. Purpose: To market, send newsletters and streamline marketing of Sparly to Data subject and others. 4.2 Personal data: E-mail address, name. 4.3 Lawful basis: In order to satisfy our legitimate interest in improving our marketing and making marketing more relevant to you.
5.1. Purpose: Fulfillment of legal obligations and taking care of our own legal interests.
5.2 Personal data: All Personal Data.
5.3 Lawful basis: In order to comply with applicable laws and to meet our legitimate interests, to defend our legal interests, to protect our service, our users, third parties, and observe our rights.
The e-mail address and name come directly from the Data subject. Other Personal Data come from third-party providers such as Tink with the approval of Data subject.
You can delete all of their data including Personal Data at any given time in the app by navigating to Settings >>> Delete account. It is not enough for you to delete your mobile application from your phone in order to delete all data, as this does not delete your Sparly account.
All Personal Data is automatically deleted if you have been inactive for 12 months.
You are the one who decides over your Personal Data. We always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.
Access - You always have the right to receive information about the Personal Data Processing that concerns you. We only disclose information to you if we have been able to confirm your identity.
Correction - If you find that the Personal Data we are Processing for you is incorrect, please contact us and we will amend it. Information that is automatically retrieved from your bank accounts, such as expenses can not be corrected, but there will be features that allow you to change, reclassify expenses.
Deletion - Do you want us to forget you completely? You have the right to request deletion of your Personal Data when it is no longer necessary for the purpose for which it was collected. If we are required to retain your information by law or an agreement we have entered into with you, we will ensure that it is processed only for the specific purpose set out in the law or agreement; then we will make sure that the data is deleted as soon as possible.
Objection - Do you not agree with us that our interest in Processing your Personal Data outweighs your interest in protecting your privacy? In that case, we review our legitimate interests and check that it still holds. We of course consider your objection when we make a new assessment to evaluate whether we can still justify our Processing of your Personal Data. If you object to direct marketing, we will delete your Personal Data at once without reviewing our assessment.
Restriction - You may also ask us to limit our Processing of your Data:
Data portability - We can give you the information you have provided to us or that we have received from you in connection with the conclusion of an agreement with you. You will receive your information in a commonly used and machine-readable format which you can then take with you to another Personal Data Controller.
Withdrawal of consent - If you have consented to one or more specific Processing (s) of your Personal Data, you have the right to withdraw your consent at any time and thus ask us to terminate the Processing immediately. Please note that you can only revoke your consent for future Processing (s) of Personal Data and not for any Processing that has already taken place.
How you use your rights If you decide to revoke your consent, it does not affect the legality of our Processing of your Personal Data on the basis of the consent you have previously given and up to the time of revocation.
In cases where our Personal Data Processors transfer Personal Data to a country outside the EU / EEA, we have ensured that the Processing is legal under applicable law by fulfilling one of the following requirements:
Sparly has taken technical and organizational measures to ensure that your Personal Data is processed securely and that it is protected from loss, misuse and unauthorized access.Information security policy
Our security measures
Organizational security measures are measures that are implemented in working methods and routines within the organization. Our organizational security measures are:
If you have any questions about our Processing of your Personal Data, you are welcome to contact us at: firstname.lastname@example.org
If you feel that we have processed your Personal Data incorrectly, even after you have notified us of this, you always have the right to submit your complaint to the Privacy Protection Authority. You can contact the Privacy Authority by emailing to email@example.com
Sparly has appointed Jazgul Ismailova as a Data Protection Officer whom you can contact if you have questions regarding Personal Data and privacy by sending an email to: firstname.lastname@example.org.