Last updated March 4th, 2023
This Policy describes the Personal Information that we gather from you on the Services, how we use and disclose such Personal Information, your rights and choices with respect to your Personal Information, and how you can contact us if you have any questions or concerns.
Collecting Personal Information
When you create an account, we collect certain information necessary to provide your with our service.
We collect your name, company name, company website URL, email, and time zone. We require this information to active our service, to be able to contact you, to properly show dates in your account, and for invoice information.
If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below
Sharing Personal Information
We may share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example, we may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Data Protection - Our Data Processing Agreement
Inline with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act (DPA), you (the Merchant) who uses SparkLayer are referred to as the “Data Controller” and SparkLayer as the platform is referred to as the “Data Processor”. This means that we process data on your behalf. In our case, we process the personal data of our Merchant’s Customers to help facilitate a transaction between the Merchant and Customer. For example, our app reads your Shopify customer data to be able to link the customer to customer specific pricing.
- Only process personal data with your knowledge
- Ensure we have the technical and organisational measures in place to protect unauthorised or unlawful processing of personal data and that on a regular basis we will reassess these measures
- Assist you in responding to any request from a data subject and in compliance with the DPA. For any requests, please email to firstname.lastname@example.org and we will respond within 2 business days.
- Delete any personal data after this agreement ends within the time frame mentioned in ‘Termination’ section of our terms of service.
- We will not, without your consent, divulge, sell, lease, rent or provide in any other way personal information about you or your customers to a third party, except in the following circumstances: if required to by a court of law, if you have signed up for optional services which require us to pass your personal information to another company, for the purpose of processing payments and direct debits from you or your customers
In the event of a data breach, we’ll inform you about the the severity of the breach and the scope of data breach within 2 business days.
SparkLayer is registered with the ICO (Information Commissioner's Office) as a Tier 1 organisation with reference number ZB074246.
Data - Sub-Processors
We may share data with service companies working for SparkLayer and on our behalf and as listed below. Such service companies may need access to or be able to view personal data in order to provide those functions and in such cases, these companies must abide by our data privacy and security requirements and will only be given access to data that is strictly required for them to carry out their tasks.
- Amazon Web Services - hosting of services
- Google Cloud - hosting of services
- Google Analytics - to provide analytics on how our customers use our tools and our sites; but it is not used to gather analytics on how SparkLayer is used on your sites
- Stripe - internal billing for customers of SparkLayer not using Shopify
- ClickUp - managing customer sales pipeline
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:
- Your consent;
- The performance of the contract between you and the Site;
- Compliance with our legal obligations;
- To protect your vital interests;
- To perform a task carried out in the public interest;
- For our legitimate interests, which do not override your fundamental rights and freedoms.
We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when your Personal Information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the specific retention period, we take into account various factors, such as the type of Services provided to you, the nature and length of our relationship with you, and any mandatory retention periods provided by law and the statute of limitations.
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
Services that include elements of automated decision-making include:
- Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
- Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
Cookies used on www.sparklayer.io
We use the following cookies to optimize your experience on our Site and to provide our services: Google Analytics and all associated cookies
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.
Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.
Cookies used via the SparkLayer Shopify app
When using SparkLayer on your Shopify store via the SparkLayer script CDN, we only store data within the customer's browser and data is only used for authenticating the customer against the SparkLayer API. No analytical or/and 3rd party tracking is provided through the SparkLayer script CDN used on your site and therefore no cookies are stored.
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
System security, data & availability
Keeping customer data safe and secure is a top priority for us. We work hard to protect our customers and design our software using security first principles. Our systems are securely hosted in Google Cloud's infrastructure and our primary data centers are in the UK & Europe. Where possible we use Google-managed services for the underlying systems instead of operating them ourselves. With Google, data is encrypted by default, at rest and in transit.
Please be aware that by registering an account with SparkLayer, you may receive email marketing communications from us. We value your privacy and give you the option to unsubscribe at any time by clicking the unsubscribe link in the emails we send. If you have any concerns or questions regarding our email marketing practices, please contact us.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at email@example.com or by mail using the details provided below:
Spark Layer Ltd, 25 Queen Square, Bath, Bath, BA1 2HX, United Kingdom
If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority.