At Sparly AB org. no. (559249-7589) ('Sparly', 'we', 'us', 'ours') we care about personal integrity. This means that we respect and safeguard your privacy and the right to control and transparency in the Processing of your Personal Data.
The policy informs you about our handling of Personal Data in cases where you communicate with us, use the mobile application “Sparly”, or visit our website sparly.co.
This policy is aimed at:
Users of the Service (“Users”, “you”)
Visitors to our website (“Visitors”, “you”)
"Applicable law" means the legislation applicable to the Processing of Personal Data, including the Data Protection Regulation (GDPR), supplementary national legislation, as well as practices, guidelines and recommendations issued by a national or European supervisory authority.
"Data subject" means a living, natural person whose Personal Data is processed.
"Personal Data" is all kinds of information that can be linked to an identifiable, living person.
"Personal Data Controller" is the company/organization that decides for what purposes and in what way the Personal Data should be processed and thus is also responsible for the Personal Data being processed in accordance with Applicable Law.
"Personal Data Processor" is the company / organization that processes Personal Data on behalf of the Personal Data Controller and may thus only Process the Personal Data in accordance with the Personal Data Controller's instructions and applicable legislation.
"Processing" of Personal Data is anything that can be done with Personal Data, e.g. storage, modification, reading, handover, etc.
The information in this Policy includes the Processing of Personal Data that Sparly is responsible for as Personal Data Controller, i.e., the processes for which we determine the purpose of (why a Processing is done) and means for (in what way, what Personal Data, how long, etc.).
We provide the mobile application “Sparly”, which is a hub with courses and challenges about personal finance and sustainable living (as described in Sparly's General Terms and Conditions). To provide our services, we need access to your Personal Data.
We have a responsibility to describe and show how we live up to the requirements placed on us when we process your Personal Data. This section aims to provide information regarding:
Agreement - The Processing is necessary to be able to fulfill obligations in an agreement between us and the Data subject or to prepare to enter into an agreement with the Data subject. We may not provide the Service without access to the Personal Data processed under this lawful basis.
Legitimate interest - several of the purposes for which we process Personal Data are based on our legitimate interests, which we state in more detail below in connection with the specific purposes. We have struck a balance of interests between, on the one hand, our legitimate interests, and on the other hand, the interests and rights of our Users and Visitors, and concluded that our legitimate interests could be exercised without constituting a disproportionate infringement on the privacy of our Users and Visitors. To find out more about how we have reasoned, contact us via the information given further down in the Policy.
Legal obligations - we may have legal obligations to process Personal Data, such as in orders from law enforcement agencies, or if more Personal Data needs to be collected in order for us to fulfill requests for the exercise of rights under the GDPR.
We store your Personal Data for as long as is necessary for the purpose for which it was collected. Depending on the lawful basis on which we base the Processing, this may a) follow from an agreement, b) be dependent on a valid consent, c) appear in legislation or d) follow from an internal assessment based on the purposes of the Processing.
We will primarily use your Personal Data to be able to provide the Service and continuously improve it. To fulfill this, we will process Personal Data for the purposes described below.
1.1. Service/Product: Registration and login
1.2. Purpose: To secure your identity, authorizing you to log in and to block service for consumers below the age of 18. We don’t store your Social Security Number, only access it in a “read-only” mode.
1.3 Personal Data: Social Security number, email
1.4 Lawful basis: In order to fulfill our contractual commitments to you.
2.1. Service/Product: Sparly Challenges
2.3 Personal Data: bank account information, including payment transactions.
2.4 Lawful basis: In order to fulfill our contractual commitments to you.
3.1 Service/Product: Sparly Rewards
3.2. Purpose: If Data subject takes part in an offer or reward from Sparly or one of our partners, Sparly can confirm to the Partner that Data subject is Sparly's customer through an anonymized unique link. Sparly will send digital gift cards via email and physical gift cards to Data subject’s postal address.
3.3 Personal Data: Email, name, postal address
3.4 Lawful basis: In order to fulfill our contractual commitments to you.
4.1. Service/Product: Newsletter and other advertising
4.2. Purpose: To market, send newsletters and streamline marketing of Sparly to Data subject and others.
4.3. Personal Data: Email
4.4. Lawful basis: In order to satisfy our legitimate interest in improving our marketing and making marketing more relevant to you.
5.1 Service/Product: Customer contact
5.2. Purpose: To handle customer communication, user research
5.3 Personal data: Email
5.4 Lawful basis: In order to fulfill our contractual commitments to you.
6.1 Service/Product: All personal data processed by Sparly
6.2. Purpose: Fulfillment of legal obligations and taking care of our own legal interests.
6.3 Personal data: All personal data processed by Sparly
6.4 Lawful basis: In order to comply with applicable laws and to meet our legitimate interests, to defend our legal interests, to protect our service, our users, third parties, and observe our rights.
7.1 Service/Product: All personal data processed by Sparly
7.2. Purpose: To develop new products and to improve our services, such as improvement of our decision models, testing, research and process optimization.
7.3 Personal data: All personal data processed by Sparly
7.4 Lawful basis: In order to satisfy our legitimate interest in developing and improving our products and services.
The email address, name and postal address come directly from the Data subject. Other Personal Data come from third-party providers such as Tink AB, Criipto ApS with the approval of the Data subject.
You can delete all of your data, including Personal Data, at any given time in the app by navigating to the Settings tab and choosing “Delete account”. It is not enough for you to delete your mobile application from your phone in order to delete all your data, as this does not delete your Sparly account. All Personal Data is automatically deleted if you have been inactive for 12 months. If we are required to retain your information by law or an agreement we have entered into with you, we will ensure that it is processed only for the specific purpose set out in the law or agreement; then, we will make sure that the data is deleted as soon as possible.
All Personal Data is automatically deleted if you have been inactive for 12 months.
You are the one who decides over your Personal Data. We always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.
Access - You always have the right to receive information about the Personal Data Processing that concerns you. We only disclose information to you if we have been able to confirm your identity.
Correction - If you find that the Personal Data we are Processing for you is incorrect, please contact us and we will amend it. Information that is automatically retrieved from your bank accounts, such as expenses, can not be corrected.
Deletion - Do you want us to forget you completely? You have the right to request the deletion of your Personal Data when it is no longer necessary for the purpose for which it was collected. If we are required to retain your information by law or an agreement we have entered into with you, we will ensure that it is processed only for the specific purpose set out in the law or agreement; then, we will make sure that the data is deleted as soon as possible.
Objection - Do you not agree with us that our interest in Processing your Personal Data outweighs your interest in protecting your privacy? In that case, we review our legitimate interests and check that it still holds. We, of course, consider your objection when we make a new assessment to evaluate whether we can still justify our Processing of your Personal Data. If you object to direct marketing, we will delete your Personal Data at once without reviewing our assessment.
Restriction - You may also ask us to limit our Processing of your Data:
Data portability - We can give you the information you have provided or that we have received from you in connection with the conclusion of an agreement with you. You will receive your information in a commonly used and machine-readable format which you can then take with you to another Personal Data Controller.
Withdrawal of consent - If you have consented to one or more specific Processing(s) of your Personal Data, you have the right to withdraw your consent at any time and thus ask us to terminate the Processing immediately. Please note that you can only revoke your consent for future Processing(s) of Personal Data and not for any Processing that has already taken place.
How you use your rights If you decide to revoke your consent, it does not affect the legality of our Processing of your Personal Data on the basis of the consent you have previously given and up to the time of revocation.
We do not transfer your data outside the EU / EEA. In cases where our Personal Data Processors transfer Personal Data to a country outside the EU / EEA, we have ensured that the Processing is legal under applicable law by fulfilling one of the following requirements:
We may also need to provide your Personal Data to certain designated authorities in order to fulfill obligations under law or government decisions.
Sparly has taken technical and organizational measures to ensure that your Personal Data is processed securely and that it is protected from loss, misuse and unauthorized access.
Our organizational security measures are outlined in our internal control documents (policies and instructions). Our technical security measures include:
If you have any questions about our Processing of your Personal Data, you are welcome to contact us at: firstname.lastname@example.org
If you feel that we have processed your Personal Data incorrectly, even after you have notified us of this, you always have the right to submit your complaint to the Privacy Protection Authority. You can contact the Privacy Authority by emailing to email@example.com.
We reserve the right to make changes to this Policy. In the event that the change affects our obligations or your rights, we will inform you of the changes in advance so that you are given the opportunity to take a position on the updated Policy. If we adjust the Personal Data Processing based on your consent, we will obtain new consent.
Sparly has appointed Jazgul Ismailova as a Data Protection Officer whom you can contact if you have questions regarding Personal Data and privacy by sending an email to: firstname.lastname@example.org.