Sparly logo

Privacy policy

Last update: 20 august 2021

Why and for whom?
Why and for whom?

At Sparly AB org. no. (559249-7589) ('Sparly', 'we', 'us', 'ours') we care about personal integrity. This means that we respect and safeguard your privacy and the right to control and transparency in the Processing of your Personal Data.

Sparly is responsible for Personal Data according to the Processing of Personal Data listed in this Privacy Policy(the 'Policy'). The Policy describes for what purposes we need your Personal Data, what lawful basis we rely on and what measures we take to protect Personal Data. We also provide information on how you exercise the rights you have related to our Processing of your Personal Data.

The policy informs you about our handling of Personal Data in cases where you communicate with us, use our service - financial fitness app - or visit our website sparly.co.

This policy is aimed at:

Users of the Service (“Users”, “you”)
Visitors to our website (“Visitors”, “you”)

Definitions
Definitions

"Processing" of Personal Data is anything that can be done with Personal Data, e.g. storage, modification, reading, handover, etc.

"Applicable law" means the legislation applicable to the Processing of Personal Data including the Data Protection Regulation (GDPR), supplementary national legislation, as well as practices, guidelines and recommendations issued by a national or European supervisory authority.

"Personal Data" is all kinds of information that can be linked to an identifiable, living person.

"Personal Data Controller" is the company/organization that decides for what purposes and in what way the Personal Data should be processed and thus is also responsible for the Personal Data being processed in accordance with Applicable Law.

"Personal Data Processor" is the company / organization that processes Personal Data on behalf of the Personal Data Controller and may thus only Process the Personal Data in accordance with the Personal Data Controller's instructions and applicable legislation.

"Data subject" means a living, natural person whose Personal Data is processed.

Personal Data Responsibility
Personal Data Responsibility

The information in this Policy includes the Processing of Personal Data that Sparly is responsible for as Personal Data Controller, ie. the processes for which we determine the purpose of (why a Processing is done) and means for (in what way, what Personal Data, how long, etc.).

We provide the 'Financial Fitness App', which is a service that helps you set up a monthly budget, track the status of your expenses and budget goals (as described in Sparly's General Terms and Conditions). To provide our services, we need access to your Personal Data.

Sparly's Processing of Personal Data
  • Why the Processing of Personal Data is necessary in relation to the purpose
  • What lawful basis have we identified for the Processing.

Lawsuit basis
Lawsuit basis

Agreement - The Processing is necessary to be able to fulfill obligations in an agreement between us and the Data subject or to prepare to enter into an agreement with the Data subject. We may not provide the Service without access to the Personal Data processed under this lawful basis.

Legitimate interest - several of the purposes for which we process Personal Data are based on our legitimate interests, which we state in more detail below in connection with the specific purposes. We have struck a balance of interests between, on the one hand, our legitimate interests, and on the other hand, the interests and rights of our Users and Visitors, and concluded that our legitimate interests can be exercised without constituting a disproportionate infringement on the privacy of our Users and Visitors. To find out more about how we have reasoned, contact us via the information given further down in the Policy.

Legal obligations - we may have legal obligations to process Personal Data, such as in orders from law enforcement agencies, or if more Personal Data needs to be collected in order for us to fulfill requests for the exercise of rights under the GDPR.

How long do we store your personal data?
How long do we store your personal data?

We store your Personal Data for as long as is necessary for the purpose for which it was collected. Depending on the lawful basis on which we base the Processing, this may a) follow from an agreement, b) be dependent on a valid consent, c) appear in legislation or d) follow from an internal assessment based on the purposes of the Processing.

PROCESSING

We will primarily use your Personal Data to be able to provide the Service and to continuously improve it. To fulfill this, we will process Personal Data for the purposes described below.

1.1. Purpose: To administer your membership, including securing your identity, authorizing you to log in and maintain accurate contact information, answering and handling customer inquiries, customer complaints.
1.2 Personal Data: Email address, password, name.
1.3 Lawful basis: In order to fulfill our contractual commitments to you.

2.1. Purpose: To provide the Service in accordance with the Terms of Use between Sparly and you.
2.2 Personal Data: Bank accounts including bank transfers, payment transactions, balances and other similar information.
2.3 Lawful basis: In order to fulfill our contractual commitments to you.

3.1. Purpose: If Data subject takes part in an offer from one of our partners, Sparly can confirm to the Partner that Data subject is Sparly's customer through an anonymised unique link, discount code or by the customer showing the discount code by opening the app when paying in physical stores.
3.2 Personal Data: E-mail address, name.
3.3 Lawful basis: In order to fulfill our contractual commitments to you.

4.1. Purpose: To market, send newsletters and streamline marketing of Sparly to Data subject and others. 4.2 Personal data: E-mail address, name. 4.3 Lawful basis: In order to satisfy our legitimate interest in improving our marketing and making marketing more relevant to you.

5.1. Purpose: Fulfillment of legal obligations and taking care of our own legal interests.
5.2 Personal data: All Personal Data.
5.3 Lawful basis: In order to comply with applicable laws and to meet our legitimate interests, to defend our legal interests, to protect our service, our users, third parties, and observe our rights.

SOURCE

The e-mail address and name come directly from the Data subject. Other Personal Data come from third-party providers such as Tink with the approval of Data subject.

Period of storage: We store your information for as long as necessary to fulfill the purposes of this Privacy Policy, agreements and legal and regulatory requirements.

You can delete all of their data including Personal Data at any given time in the app by navigating to Settings >>> Delete account. It is not enough for you to delete your mobile application from your phone in order to delete all data, as this does not delete your Sparly account.

All Personal Data is automatically deleted if you have been inactive for 12 months.

Your rights
Your rights

You are the one who decides over your Personal Data. We always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.

Access - You always have the right to receive information about the Personal Data Processing that concerns you. We only disclose information to you if we have been able to confirm your identity.

Correction - If you find that the Personal Data we are Processing for you is incorrect, please contact us and we will amend it. Information that is automatically retrieved from your bank accounts, such as expenses can not be corrected, but there will be features that allow you to change, reclassify expenses.

Deletion - Do you want us to forget you completely? You have the right to request deletion of your Personal Data when it is no longer necessary for the purpose for which it was collected. If we are required to retain your information by law or an agreement we have entered into with you, we will ensure that it is processed only for the specific purpose set out in the law or agreement; then we will make sure that the data is deleted as soon as possible.

Objection - Do you not agree with us that our interest in Processing your Personal Data outweighs your interest in protecting your privacy? In that case, we review our legitimate interests and check that it still holds. We of course consider your objection when we make a new assessment to evaluate whether we can still justify our Processing of your Personal Data. If you object to direct marketing, we will delete your Personal Data at once without reviewing our assessment.

Restriction - You may also ask us to limit our Processing of your Data:

  • While we are Processing a request from you for any of your other rights
  • å In cases where we no longer need the data for the purpose for which it was collected; provided that you have no interest in us retaining the information in order to be able to assert a legal claim

Data portability - We can give you the information you have provided to us or that we have received from you in connection with the conclusion of an agreement with you. You will receive your information in a commonly used and machine-readable format which you can then take with you to another Personal Data Controller.

Withdrawal of consent - If you have consented to one or more specific Processing (s) of your Personal Data, you have the right to withdraw your consent at any time and thus ask us to terminate the Processing immediately. Please note that you can only revoke your consent for future Processing (s) of Personal Data and not for any Processing that has already taken place.

How you use your rights If you decide to revoke your consent, it does not affect the legality of our Processing of your Personal Data on the basis of the consent you have previously given and up to the time of revocation.

Transfer to personal data
Transfer to personal data

We may use third parties as Personal Data Processors for the handling of Personal Data. The Personal Data Processors will not share your Personal Data or use it in any way other than in accordance with the Privacy Policy.

In cases where our Personal Data Processors transfer Personal Data to a country outside the EU / EEA, we have ensured that the Processing is legal under applicable law by fulfilling one of the following requirements:

  • There is a decision from the European Commission that the country ensures an adequate level of protection;
  • Application of the European Commission's standard contractual clauses for third country transfers; or
  • Other appropriate protective measures that comply with applicable law. We may also need to provide your Personal Data to certain designated authorities in order to fulfill obligations under law or government decisions

Security
Security

Sparly has taken technical and organizational measures to ensure that your Personal Data is processed securely and that it is protected from loss, misuse and unauthorized access.Information security policy

Our security measures

Organizational security measures are measures that are implemented in working methods and routines within the organization. Our organizational security measures are:

  • Internal control documents (policies / instructions)
  • Technical security measures are measures that are implemented through technical solutions. Our technical security measures are:
  • Encryption of information Amazon DocumentDB uses the 256-bit Advanced Encryption Standard (AES-256) to encrypt data with encryption keys stored in the AWS Key Management Service (AWS KMS). No change in application logic or client connection is required to use an Amazon DocumentDB cluster with encryption when sleep mode is enabled. Amazon DocumentDB handles encryption and decryption of User data transparently, with minimal impact on performance.
  • Data transfer between server and client. The HTTPS protocol is used for communication between servers and clients/ third-party tools to provide secure data transfer.
  • Distribution architecture. Sparly uses Amazon Web Services as a provider of infrastructure for distribution. All modules in the Sparly application (database, various backend modules, etc.) are distributed in a VPC (Virtual Private Cloud) and are protected from external access. Access to the API is only available externally.

If we do not keep what we promise
If we do not keep what we promise

If you have any questions about our Processing of your Personal Data, you are welcome to contact us at: team@sparly.co

Changes to this policy
Changes to this policy

If you feel that we have processed your Personal Data incorrectly, even after you have notified us of this, you always have the right to submit your complaint to the Privacy Protection Authority. You can contact the Privacy Authority by emailing to team@sparly.co

Contact
Contact

Sparly has appointed Jazgul Ismailova as a Data Protection Officer whom you can contact if you have questions regarding Personal Data and privacy by sending an email to: team@sparly.co.

Sparly logo
© 2022 Sparly AB, 559249-7589