The person responsible for data protection and privacy at SPARK Impact Limited is Marc d’Abbadie. Contact email: firstname.lastname@example.org
SPARK Impact Limited’s ICO registration number is: ZA216689
2. The personal Data we may collect about you:
Where we collect data that identifies an individual, this is classed as “personal data”. Personal data may include (but is not limited to) a name, date of birth, contact address and telephone number.
The types of personal data we may request are:
Full name and title including any previous names
Photographic proof of Identity (typically passports or photo driving licences)
Proof of address (e.g., a utility bill)
Contact information such as postal address, residential address, email address and telephone numbers
Tax information (Unique tax reference number and national insurance number)
Information regarding your investment experience, wealth, source of funds and bank details
Information regarding your knowledge of investment and types of transactions undertaken
Employment history and salary details
Marketing preferences which include the type of information you wish to receive and how.
Information we learn from you such as requests, transactions, services provided or offered, any advice or recommendations made, a log of meetings, telephone recordings (where permitted and required for regulatory purposes) complaints and dissatisfaction notes, as well as email exchanges.
The above list is not exhaustive. We may from time to time require additional information in order to satisfy our legal and regulatory obligations. Where additional information is required, we will provide you with a reasonable explanation of why it is required unless we are prevented from doing so by law.
SPARK Impact Limited may use methods such as pseudonymisation which is a process whereby SPARK Impact Limited can replace identifying fields of data with other non-identifying data fields in order to anonymise the data from the individual therefore meaning the data is no longer personal. SPARK Impact Limited may use this method where we are required to retain certain types of information for clients, such as number of females and males employed, jobs created and average salaries paid. This type of statistical data is often required for ESG (environmental, social and governance) investment purposes by clients to show value added investments made by SPARK Impact Limited on behalf of its clients.
Use of this website
The type of data we collect when you visit our site may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site as well as the types of products and services and searches you conduct on our site.
Special Category Data Special Category data refers to any data which is sensitive and is subject to additional rules and requirements under the General Data Protection Regulations. Special category data may include information regarding: criminal convictions and offences, race, ethnicity, religious or philosophical beliefs, political opinions, sexual orientation, trade union membership and information about your health, genetic and biometric data.
As a general rule we do not collect any Special Category Data about you. However, we are required to request information relating to criminal convictions in a number of cases. This include our recruitment process for staff and contractors undertaking regulated activities and due diligence on companies, their staff and directors as part of our investment process. We require consent from the individual for this. In some cases, we may also require some Special Category Data for ESG reporting on behalf of our clients. Again, we require consent from the individual for this. If we are required by law to request any special category data from you, aside from the reasons mentioned above we will provide you with a reasonable explanation as to the nature and purpose for this request and obtain your consent. We would not be able to proceed without your consent unless there was a lawful reason for doing so.
How do we collect your personal data? Typically, where we are required to obtain your personal data, we will request it from you. However, we may also from time to time receive your personal data through intermediaries where you have authorised the sharing of your personal data with us. Intermediaries may include Accountants, Solicitors, Independent financial advisors, Tax advisors and wealth managers who may be working on your behalf. Personal data may be provided to us via post, in person, email or via a specially created secure data room / platform. The data collection may be facilitated by way of completing an application form or questionnaire or by responding to information requests from us. We may also receive information from publicly available resources.
Why do we collect your personal data? We only collect your personal data where we believe we have a legitimate business interest with you or we have a lawful purpose to do so. These reasons may include but may not be limited to circumstances where you:
Are a shareholder in one of the companies to whom we have an administration and / or management agreement with;
Are a Limited Partner or an investor in one of the funds to which we are appointed manager / operator, or any other such investment schemes under our management?
Are actively receiving investment services or products from us under a contractual arrangement or engagement.
Are an individual, fund or other body corporate who has co-invested with us in the past or who may wish to co-invest with us in the future
Consent to receiving communications from us
Have a contractual agreement with us
request resources or marketing be sent to you;
give us feedback or some other form or legitimate business interest with you.
How and why do we use your personal data: Typically, we only use your data to be able to perform our duties under contracts we may have with you or where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing us at email@example.com
We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. Please email us at firstname.lastname@example.org if you need details about the specific legal ground we are relying on to process your personal data.
Marketing communications You will receive marketing communications from us if you have:
(i) requested information from us or have a contractual agreement with us; or (ii) if you provided us with your details and have positively consented to us sending you marketing communications; and (iii) in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes. You should be advised that consent is not definitive and you can opt-out from receiving marketing communication from us at any time by emailing: email@example.com .
Where you opt out of receiving our marketing communications, this will not apply to communication we make with you in relation to a legitimate business interest or lawful purposes, such as the performance of a contract we may have with you.
Change of purpose We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal grounds for this.
We may process your personal data without your knowledge or consent only where this is required and permitted by law.
Sharing and Disclosure of your personal data: We may share your personal data with the parties set out below for legitimate business interests and lawful purposes, these may include but are not limited to:
Other companies in our group who provide IT and system administration services and undertake leadership reporting as well as service providers who provide IT and system administration services.
Professional advisers including lawyers, bankers, auditors, tax advisors and insurers who provide consultancy, banking, legal, insurance, tax and accounting services.
HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances which may include but is not limited to The Financial Conduct Authority.
Fraud prevention agencies,
Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
International Transfers: We do not share or transfer your data outside of the European Economic Area (EEA) save where one of the following criteria are in place: jurisdictions deemed adequate by the European Commission, Model Contracts/Standard Contractual Clauses, EU-U.S. Privacy Shield, Binding Corporate Rules (BCRs) or Codes of Conduct/Certification Mechanisms.
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
The Security of your Data We have put in place adequate, proportionate and appropriate security measures as is required of an authorised firm to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with data breaches in accordance with the GDPR (General Data protection regulation) and we will notify you and any applicable regulator of a breach where we are legally required to do so.
Data Retention periods: We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory. accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we must keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years for tax purposes and for at least five years after a client ceases to be a client under the UK money laundering regulations 2017.
In some circumstances we may pseudonymise your personal data for statistical purposes in which case we may use this information indefinitely without further notice to you.
GDPR personal rights: Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
Request access to your personal data (subject access request).
Request correction of your personal data.
Request erasure of your personal data.
Object to processing of your personal data.
Request restriction of processing your personal data.
Request transfer of your personal data.
Right to withdraw consent.
For further information visit or if you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org.
We will not charge you a fee to access your personal data (or to exercise any of your rights), although we reserve the right to introduce a fee at any time. One particular instance where we may choose to charge a reasonable fee is if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. In order to respond to a subject access request, we will need to confirm your identity as a security measure to safeguard you from your personal data from being disclosed to non-authorised third parties. Please provide us with as much information as possible to enable us to comply with your request within an acceptable time-frame. We are required to respond to subject access requests where practically possible within 30 days and if this is not possible we will provide you with a reasonable explanation as to why this cannot be achieved.
Complaints and queries: If you are not happy with any aspect of how we collect and use your data, please contact email@example.com and we will do our best to resolve your issue. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
Accurate Data: We will make all reasonable efforts to ensure the data we hold on you is accurate and up-to-date and to correct any inaccuracies that we become aware of. Please help us to comply with our obligations by letting us know of any changes in relation to the data we hold about you as It is very important that the information we hold about you is accurate and up to date. Please email firstname.lastname@example.org with any required updates or amendments.