Legal
GDPR & Data Rights
⚠ CRITICAL USER OBLIGATION — PLEASE READ BEFORE USING THIS PLATFORM
This Platform is NOT designed to store sensitive, special category, or confidential personal data. You are strictly prohibited from uploading such data. SparkRecall Limited accepts NO liability for any damages arising from a user's decision to upload prohibited data in breach of these terms.
Prohibited categories include: racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, sexual orientation, criminal record data, or any data that may cause harm if disclosed.
1. Introduction
SparkRecall Limited ("SparkRecall", "we", "us", "our") is incorporated in Ireland and operates SparkRecall.com and related mobile applications (the "Platform").
We are committed to protecting your personal data in accordance with:
- Regulation (EU) 2016/679 (GDPR)
- Irish Data Protection Act 2018
- UK GDPR (as retained in UK law by the European Union (Withdrawal) Act 2018) and the UK Data Protection Act 2018 — applicable to users accessing the Platform from the United Kingdom
- Other applicable global data protection laws
SparkRecall Limited is the Data Controller for personal data collected through the Platform.
Data Controller Contact
Email: team@sparkrecall.com
SparkRecall Ltd C/O LMS Accountants, Ecowise Building, Block 12, Ballybane Industrial Estate, Galway, Ireland
2. Data We Collect
2.1 Account Information
- Name
- Email address
- Username
- Password (stored in encrypted form only)
2.2 User-Generated Content
Information you voluntarily input into the Platform.
IMPORTANT — User-Generated Content Restriction
The Platform is not designed, intended, or suitable for storing sensitive, special category, or confidential personal data. Users are solely responsible for the content they upload. SparkRecall Limited expressly disclaims all liability for any harm resulting from a user's upload of prohibited data in breach of these Terms.
2.3 Technical Data
- IP address
- Device type
- Browser type and version
- Operating system
- Usage data and interaction logs
2.4 Cookies & Tracking Data
Please refer to our Cookie Policy for full details of cookies and tracking technologies used on the Platform.
3. Special Category & Sensitive Data — Strict Prohibition
STRICT PROHIBITION — Special Category Data Must NOT Be Uploaded
SparkRecall does not collect, intend to collect, or process special category personal data as defined under Article 9 GDPR.
Users are STRICTLY PROHIBITED from uploading any of the following to the Platform:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data used for identification
- Health or medical data
- Sexual orientation or sex life
- Criminal convictions or offences (Article 10 GDPR)
- Any data that could cause harm to an individual if disclosed
Uploading prohibited data constitutes a breach of our Terms of Service. SparkRecall Limited accepts NO liability for consequences arising from such a breach. If we become aware that prohibited data has been uploaded, we reserve the right to delete it immediately without notice.
4. Lawful Bases for Processing
We process personal data under the following lawful bases:
| Article | Basis | Description |
|---|---|---|
| Art. 6(1)(b) | Performance of a Contract | Processing necessary to provide the Platform to you |
| Art. 6(1)(f) | Legitimate Interests | Platform security, fraud prevention, and service improvement |
| Art. 6(1)(c) | Legal Obligation | Processing where required by law |
| Art. 6(1)(a) | Consent | Where we rely on your consent, you may withdraw it at any time |
5. Purpose of Processing
We process personal data only for the following specific purposes:
- Providing and maintaining the Platform
- Authenticating and managing user accounts
- Improving Platform functionality and user experience
- Ensuring Platform security and preventing fraud
- Complying with legal and regulatory obligations
We do not sell personal data to third parties. We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.
6. Limitation of Liability — User-Submitted Data
SparkRecall's Role as a Passive Data Host
SparkRecall Limited operates as a platform that stores user-submitted content. We do not actively review, monitor, or process user-submitted content beyond technical storage operations.
Where a user uploads data in breach of these policies, SparkRecall Limited acts as a processor in respect of that content only. Liability for any consequences arising from such a breach rests solely with the uploading user.
To the fullest extent permitted by applicable law:
- SparkRecall Limited shall not be liable for any direct, indirect, incidental, special, consequential, or punitive damages arising from a user's decision to upload prohibited, sensitive, or special category personal data to the Platform.
- Users who upload prohibited data in breach of these policies indemnify SparkRecall Limited against any claims, penalties, or regulatory action arising from such a breach.
- SparkRecall Limited shall not be responsible for any data breach, regulatory fine, or third-party claim resulting from user-uploaded content that violates these terms.
7. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, and in accordance with our legal obligations:
- Account data is retained for the duration of your active account
- Data required by legal obligation is retained for the period required by law
- Data subject to a deletion request will be deleted promptly, subject to legal hold requirements
We reserve the right to delete accounts and associated data that have been inactive for an extended period, subject to advance notice where reasonably practicable.
8. International Data Transfers
Data may be processed outside the European Economic Area (EEA). Where international transfers occur, we ensure that appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs) as approved by the European Commission
- Adequacy decisions issued by the European Commission
- Other equivalent safeguards as recognised under GDPR
9. Your Rights Under GDPR
As a data subject, you have the following rights:
| Right | Article | Description |
|---|---|---|
| Right of Access | Article 15 | Obtain a copy of your personal data |
| Right to Rectification | Article 16 | Correct inaccurate data |
| Right to Erasure | Article 17 | Request deletion of your data ("right to be forgotten") |
| Right to Restriction | Article 18 | Limit how we process your data |
| Right to Data Portability | Article 20 | Receive your data in a machine-readable format |
| Right to Object | Article 21 | Object to processing based on legitimate interests |
| Withdraw Consent | — | At any time, where processing is consent-based |
| Right to Lodge a Complaint | Article 77 | With the Irish DPC (EU/Irish users) or UK ICO (UK users) |
To exercise any of your rights, please contact us at: team@sparkrecall.com. We will respond within one calendar month as required by GDPR Article 12.
10. Security Measures
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:
- Encrypted data storage
- Access controls and authentication mechanisms
- Regular security assessments
- Staff training on data protection obligations
No method of electronic transmission or storage is 100% secure. Users are advised not to upload sensitive or special category data which they would not wish to be exposed in the event of a security incident.
11. Data Breach Procedures
In the event of a personal data breach, SparkRecall Limited will:
- Promptly assess the nature, scope, and risk of the breach
- Notify the Irish Data Protection Commission (DPC) within 72 hours where the breach is likely to result in a risk to individuals' rights and freedoms, as required by GDPR Article 33
- Notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34
- Maintain an internal record of all breaches in accordance with Article 33(5)
12. Children
The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that data from a minor has been collected, we will delete it promptly.
13. Changes to This Policy
We may update this Policy from time to time. Where changes are material, we will notify users via email or a prominent notice on the Platform prior to the changes taking effect. Continued use of the Platform following notification constitutes acceptance of the revised Policy.
14. Contact & Supervisory Authorities
Irish Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28
www.dataprotection.ie · +353 (0)761 104 800
UK Supervisory Authority — Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
www.ico.org.uk · +44 (0)303 123 1113