Why and for Whom?
At Sparly AB org. no. (559249-7589) ('Sparly', 'we', 'us', 'ours') we care about personal integrity. This means that we respect and safeguard your privacy and the right to control and transparency in the Processing of your Personal Data.
Sparly is responsible for Personal Data according to the Processing of Personal Data listed in this Privacy Policy (the 'Policy'). The Policy describes for what purposes we need your Personal Data, what lawful basis we rely on and what measures we take to protect Personal Data. We also provide information on how you exercise the rights you have related to our Processing of your Personal Data.
The policy informs you about our handling of Personal Data in cases where you communicate with us, use the mobile application “Sparly”, or visit our website sparly.co.
This policy is aimed at:
Users of the Service (“Users”, “you”)
Visitors to our website (“Visitors”, “you”)
Definitions
"Applicable law" means the legislation applicable to the Processing of Personal Data, including the Data Protection Regulation (GDPR), supplementary national legislation, as well as practices, guidelines and recommendations issued by a national or European supervisory authority.
"Data subject" means a living, natural person whose Personal Data is processed.
"Personal Data" is all kinds of information that can be linked to an identifiable, living person.
"Personal Data Controller" is the company/organization that decides for what purposes and in what way the Personal Data should be processed and thus is also responsible for the Personal Data being processed in accordance with Applicable Law.
"Personal Data Processor" is the company / organization that processes Personal Data on behalf of the Personal Data Controller and may thus only Process the Personal Data in accordance with the Personal Data Controller's instructions and applicable legislation.
"Processing" of Personal Data is anything that can be done with Personal Data, e.g. storage, modification, reading, handover, etc.
Sparly's Personal Data Responsibility
The information in this Policy includes the Processing of Personal Data that Sparly is responsible for as Personal Data Controller, i.e., the processes for which we determine the purpose of (why a Processing is done) and means for (in what way, what Personal Data, how long, etc.).
Sparly provides a free mobile application to increase financial literacy through tiny money habits. We call those “Sparly Habs” - habits to build financial skills: learn to save, invest, pay-off debt, reflect and raise awareness about your money situation. We provide personalized Habs by analyzing your purchasing behavior, your financial goals and level of financial knowledge. To provide our services, we need access to your Personal Data.
Sparly's Processing of Personal Data
We have a responsibility to describe and show how we live up to the requirements placed on us when we process your Personal Data. This section aims to provide information regarding:
- Why the Processing of Personal Data is necessary in relation to the purpose
- What lawful basis have we identified for the Processing.
Lawsuit Basis
Agreement - The Processing is necessary to be able to fulfill obligations in an agreement between us and the Data subject or to prepare to enter into an agreement with the Data subject. We may not provide the Service without access to the Personal Data processed under this lawful basis.
Legitimate interest - several of the purposes for which we process Personal Data are based on our legitimate interests, which we state in more detail below in connection with the specific purposes. We have struck a balance of interests between, on the one hand, our legitimate interests, and on the other hand, the interests and rights of our Users and Visitors, and concluded that our legitimate interests could be exercised without constituting a disproportionate infringement on the privacy of our Users and Visitors. To find out more about how we have reasoned, contact us via the information given further down in the Policy.
Legal obligations - we may have legal obligations to process Personal Data, such as in orders from law enforcement agencies, or if more Personal Data needs to be collected in order for us to fulfill requests for the exercise of rights under the GDPR.
How long do we store your Personal Data?
We store your Personal Data for as long as is necessary for the purpose for which it was collected. Depending on the lawful basis on which we base the Processing, this may a) follow from an agreement, b) be dependent on a valid consent, c) appear in legislation or d) follow from an internal assessment based on the purposes of the Processing.
Processing
We will primarily use your Personal Data to be able to provide the Service and continuously improve it. To fulfill this, we will process Personal Data for the purposes described below.
1.1. Service/Product: Sparly Habs
1.2. Purpose:
- 1.2.1. To provide the Service in accordance with the Terms of Use between Sparly and you.
- 1.2.2. To analyse and develop new Habs
- 1.2.3. To improve our decision models and algorithms
- 1.2.4. To give the user information about their financial behavior and situation
1.4 Lawful basis: In order to fulfill our contractual commitments to you and to satisfy our legitimate interest in developing and improving our products and services.
2.1 Service/Product: Customer contact
2.2. Purpose: To handle customer communication and user research
2.3 Personal data: Email, name
2.4 Lawful basis: In order to fulfill our contractual commitments to you.
3.1. Purpose: Fulfillment of legal obligations and taking care of our own legal interests.
3.2 Personal data: All personal data processed by Sparly
3.3 Lawful basis: In order to comply with applicable laws and to meet our legitimate interests, to defend our legal interests, to protect our service, our users, third parties, and observe our rights.
Source
The email address and name come directly from the Data subject. Other Personal Data come from third-party providers such as Tink AB with the approval of the Data subject.
Period of storage: We store your information for as long as necessary to fulfill the purposes of this Privacy Policy, agreements and legal and regulatory requirements.
You can delete all of your data, including Personal Data, at any given time in the app by navigating to the Settings tab and choosing “Delete account”. We manage feedback and support details in a different system - to delete these send a separate request by email. It is not enough for you to delete your mobile application from your phone in order to delete all your data, as this does not delete your Sparly account. If we are required to retain your information by law or an agreement we have entered into with you, we will ensure that it is processed only for the specific purpose set out in the law or agreement; then, we will make sure that the data is deleted as soon as possible.
All Personal Data is automatically deleted if you have been inactive for 12 months.
Your Rights
You are the one who decides over your Personal Data. We always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.
Access - You always have the right to receive information about the Personal Data Processing that concerns you. We only disclose information to you if we have been able to confirm your identity.
Correction - If you find that the Personal Data we are Processing for you is incorrect, please contact us and we will amend it. Information that is automatically retrieved from your bank accounts, such as expenses, can not be corrected.
Deletion - Do you want us to forget you completely? You have the right to request the deletion of your Personal Data when it is no longer necessary for the purpose for which it was collected. If we are required to retain your information by law or an agreement we have entered into with you, we will ensure that it is processed only for the specific purpose set out in the law or agreement; then, we will make sure that the data is deleted as soon as possible.
Objection - Do you not agree with us that our interest in Processing your Personal Data outweighs your interest in protecting your privacy? In that case, we review our legitimate interests and check that it still holds. We, of course, consider your objection when we make a new assessment to evaluate whether we can still justify our Processing of your Personal Data. If you object to direct marketing, we will delete your Personal Data at once without reviewing our assessment.
Restriction - You may also ask us to limit our Processing of your Data:
- While we are Processing a request from you for any of your other rights
- In cases where we no longer need the data for the purpose for which it was collected; provided that you have no interest in us retaining the information in order to be able to assert a legal claim.
Data portability - We can give you the information you have provided or that we have received from you in connection with the conclusion of an agreement with you. You will receive your information in a commonly used and machine-readable format which you can then take with you to another Personal Data Controller.
Withdrawal of consent - If you have consented to one or more specific Processing(s) of your Personal Data, you have the right to withdraw your consent at any time and thus ask us to terminate the Processing immediately. Please note that you can only revoke your consent for future Processing(s) of Personal Data and not for any Processing that has already taken place.
How you use your rights If you decide to revoke your consent, it does not affect the legality of our Processing of your Personal Data on the basis of the consent you have previously given and up to the time of revocation.
Transfer of Personal Data
We may use third parties as Personal Data Processors for the handling of Personal Data. The Personal Data Processors will not share your Personal Data or use it in any way other than in accordance with the Privacy Policy.
We do not transfer your data outside the EU / EEA. In cases where our Personal Data Processors transfer Personal Data to a country outside the EU / EEA, we have ensured that the Processing is legal under applicable law by fulfilling one of the following requirements:
- There is a decision from the European Commission that the country ensures an adequate level of protection;
- Application of the European Commission's standard contractual clauses for third country transfers; or
- Other appropriate protective measures that comply with applicable law.
We may also need to provide your Personal Data to certain designated authorities in order to fulfill obligations under law or government decisions.
Security
Sparly has taken technical and organizational measures to ensure that your Personal Data is processed securely and that it is protected from loss, misuse and unauthorized access.
Our security measuresOur organizational security measures are outlined in our internal control documents (policies and instructions). Our technical security measures include:
- Data stored for the purpose of operating the Sparly Habs service is anonymised. The data subject can only be identified using a key that is stored on their own device.
- Encryption at rest: all data stored for the purpose of operating our services is encrypted using standard AWS data storage practices.
- Encryption in transfer: All data transfer outside of our Virtual Private Clouds are encrypted using TLS.
- Access to Sparly infrastructure is restricted to authorized Sparly personnel and access reviews are conducted at least biyearly.
Cookies
Read our cookie policy for more information.
If we do not keep what we promise
If you have any questions about our Processing of your Personal Data, you are welcome to contact us at: team@sparly.co
If you feel that we have processed your Personal Data incorrectly, even after you have notified us of this, you always have the right to submit your complaint to the Privacy Protection Authority. You can contact the Privacy Authority by emailing to imy@imy.se.
Changes to this Policy
We reserve the right to make changes to this Policy. In the event that the change affects our obligations or your rights, we will inform you of the changes in advance so that you are given the opportunity to take a position on the updated Policy. If we adjust the Personal Data Processing based on your consent, we will obtain new consent.
The latest updated version of the Privacy Policy is always available at link. If we update the purposes for Personal Data Processing or categories of Personal Data, you will receive information about this via app notification.
Contact
Sparly has appointed Jazgul Ismailova as a Data Protection Officer whom you can contact if you have questions regarding Personal Data and privacy by sending an email to: jazgul@sparly.co.