About us and this privacy notice
SPARK Advisory Partners Limited (“we” or “us“) is an FCA authorised and regulated corporate finance advisory firm.
We come across and collect various personal information (also referred to as personal data) about individuals in the course of our business activities, for example our business contacts, individuals working for our clients, and other individuals connected with the transactions in which we are involved, or who interact with us in the course of our business. We also collect certain information about visitors to our website (www.sparkadvisorypartners.com) (our “Site“). If you are one of such individuals, this privacy notice will inform you as to how we look after your personal data and will tell you about your privacy rights and how the law protects you.
As a data controller, we are committed to protecting the privacy and security of personal information, in accordance with the applicable data protection laws, including the General Data Protection Regulation (GDPR). We will only collect such data as is necessary for our legitimate business purposes, as set out in this privacy notice.
What information do we collect?
The amount and type of information we collect will depend on the nature of our relationship with you.
If you are a visitor to our Site, we may collect certain technical information about your visit, such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Site. We collect such data for administrative and statistical purposes and to help us improve our Site.
If you make an enquiry by email or telephone, we will collect your name and contact information, which will allow us to respond to your enquiry. We may also keep records of our communications and/or add your contact details to our business database, if we believe that we may have a good reason to contact you in the future.
Similarly, if you are an individual working for our client or business contact, we will keep your contact details and the organisation you work for, in order to manage and maintain our relationship with such organisation.
As a regulated professional services firm, we are required to conduct “know your customer” and anti-money laundering checks. As a result of such checks we will collect detailed information about certain senior individuals involved in the businesses concerned. Some of this information will be collected via our designated client on-boarding form, whilst some of it may be collected by us from publically available sources and/or credit reference or ID checking agencies.
In certain circumstances we may be required to carry out enhanced due diligence checks to comply with our obligations under the Money Laundering Regulations 2017. These enhanced checks may reveal information about criminal convictions or information about an individual’s political opinions and associations and/or other sensitive personal data (also referred to as special categories of data). We will only collect and process such information to the extent necessary to comply with our regulatory obligations and in accordance with the applicable data protection laws. Other than as a result of enhanced due diligence checks, we do not collect any special categories of data, such as your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, information about your health and genetic and biometric data.
We will also come across and process various documents that contain personal data in the course of the provision of our services. We will only process such information to the extent necessary to provide our services, and to fulfil our legal and regulatory obligations.
If collection of your personal data is necessary for the provision of our services and you refuse to provide us such data or object to our processing of your data, we may not be able to perform our services. We will notify you or the business you work for if this is the case.
Lawful basis and purposes of processing of your personal information
- We will only use your personal information when the law allows us to, i.e. when it is necessary to:
- perform our contractual obligations towards you and/or the business you work for;
- comply with our legal and regulatory obligations;
- pursue our legitimate interests (e.g. conducting our business in an efficient, compliant and profitable manner), and your interests and fundamental rights do not override these interests. It may also become necessary to process your personal data for legitimate interests of a third party, for example another adviser involved in the same transaction.
We collect information about you so that we can:
- administer and manage our Site;
- provide our services;
- detect and prevent fraud;
conduct “know your customer” and anti-money laundering checks;
- liaise with you and other parties involved in the same transaction, or with our suppliers;
improve our services;manage our business, including for accounting and auditing purposes;
- conduct our regular reporting activities on the performance of our company, in the context of a business reorganisation or group restructure;
- maintain our IT systems and manage hosting of our data;
- deal with legal disputes involving you, the business you work for (if applicable), any other party involved in the same transaction, or our suppliers; and
- comply with our reporting obligations; and
- comply with our legal and regulatory obligations.
Some of the above grounds and purposes for processing will overlap and there may be several grounds which justify our use of your personal information.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may use your contact details to send you news about our services or events. We will only use your contact details for our own direct marketing purposes when the law allows us to, for example if you have specifically requested to receive such information from us, in response to your enquiry or if we email your work email address, if you work for a company or a limited liability partnership. You can always opt-out from receiving further communications about our services and events by clicking the unsubscribe link at the bottom of our email. We will not send you any further communications of this type if you have not opted-out from receiving them from us.
We will not pass your contact details to any third party for direct marketing purposes.
Will we disclose your personal information to anyone?
We will share your personal information with third parties such as:
- our agents and service providers (for example our IT systems suppliers and maintenance services providers);
- credit reference agencies and certain third party providers;
- if appropriate and necessary for the purpose of the provision of our services, to other third parties, such as for example entities involved in the same transaction (but we will only share such information as is necessary for the purpose of the provision of our services);
- our regulators, including , inter alia the Financial Conduct Authority and AIM;
- law enforcement agencies in connection with any investigation to help prevent unlawful activity;
We require third parties to respect the security of your data and to treat it in accordance with the law. All our third-party service providers are required to take appropriate security measures to protect your personal information. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Keeping your data secure
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Transfers of your information out of the EEA
We may need to transfer your personal data outside the European Economic Area (EEA), for example if one of our suppliers or group companies is located outside the EEA. We will ensure that any transfer of your data will be subject to appropriate safeguards, such as for example a European Commission approved contract (if appropriate) that will ensure you have appropriate remedies in the unlikely event of a security breach.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, in accordance with our legal and regulatory requirements, we will retain records for a minimum period of six years following the termination of our agreement for the provision of our services. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you.
Rights and duties
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
0) Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it.
1) Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
2) Request erasure of your personal information (often referred to as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
3) Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
4) Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interests but we need to hold some of it for the purpose of legal proceedings.
5) Request the transfer of your personal information to another party.
If you would like to exercise any of the above rights, please:
- email, call or write to us (see paragraph 10 below);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill). This is to allow us to verify your identity and prevent disclosure to unauthorised third parties; and
- let us know the details of your request, for example by specifying the personal data you want to access, the information that is incorrect and the information with which it should be replaced.
Please note that if you request erasure, object to our processing of your personal data or request the restriction of our processing of your personal data we may not be able to provide our services in relation to your investments.
Contact us or the ICO
If you wish to contact us, please send an email to firstname.lastname@example.org or write to us at SPARK Advisory Partners Limited, 5 St. John’s Lane. London EC1M 4BH or call us on +44(0)203 368 3550.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can also contact the ICO on 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.