We’ll keep this page updated to show you all the things we do with your personal data. This policy applies if you’re a subscriber to our services (member, customer, employee) or use any of our services, visit our website, email, call or write to us. In certain circumstances we may also provide an extra privacy notice, which will always refer to this page.
We only handle personal data for our core business purposes of staff administration, advertising, marketing and PR and accounts and record keeping. We’ll never sell your personal data and will only share it with organisations we work with when it’s necessary and the privacy and security of your data is assured.
Who are ‘we’?
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, ‘BSpark’, it refers to Brightspark Associates Limited.
Brightspark Associates Limited (Reg. number 5613501) is a business registered England and Wales.
What personal data do we collect?
Your personal data (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address) will be collected and used by us. We’ll only collect the personal data that we need.
We collect personal data in connection with specific activities such as subscription requests, placing an order, conducting research, employment etc.
You can give us your personal data by filling in forms on our website, by registering for our blog on our website, partnering with us as an intermediary, subscribing to take part in research on our website or other social media functions on our website, entering a competition, promotion or survey or by corresponding with us (by phone, email or by joining as a partner/customer).
This personal data you give us may include name, title, address, date of birth, age, gender, employment status, demographic information, email address, telephone numbers, personal description, photographs, video images, attitudes, opinions, usernames and passwords).
Personal data provided by you
This includes information you give when interacting with us, for example signing up, placing an order or communicating with us. For example:
- Personal details (name, email, address, telephone, and so on) when you join as a subscriber, partner or customer
- Financial information (payment information such as bank account or direct debit details)
- Your opinions and attitudes about our Services, activities and interests, and your experiences of working with BSpark
We may automatically collect the following information:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and if you access our website via your mobile device we will collect your unique phone identifier
- Information about your visit, including, but not limited to the full Uniform Resource Locators (URL) and query string, clickstream to, through and from our website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as but not limited to,scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number
- Information about your purchases including but not limited to revenue figures, the types of services purchased, renewal dates and so forth.
- The terms that you use to search our website
Please note that certain services on our website won’t be available to you until you’ve registered to use them on our website.
Personal data created by your involvement with us
Your activities and involvement with us will result in personal data being created. This could include details of additional services you have purchased or signed up for.
Information we generate
We may conduct research and analysis on the information we hold, which can in turn generate personal data. For example, by analysing your interests and involvement with our work we may be able to build a profile which helps us decide which of our service communications are likely to interest you.
Information from third parties
We buy anonymous external data (e.g. census data, Experian MOSAIC, TGI) and combine it with your personal data at an aggregated level to build profiles which help us work out what you’re most likely to want to hear from us about and how.
Sensitive personal data
At times we’ll collect sensitive personal data for service quality monitoring, as well as researching whether we deliver great experiences for our customers, but this is only ever analysed at an aggregate level.
How we use your personal data
We’ll only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (from 25 May 2018)/UK Data Protection Act and Privacy of Electronic Communication Regulation.
Personal data provided to us will be used for the purpose or purposes outlined in any fair processing notice in a transparent manner at the time of collection or registration where appropriate, in accordance with any preferences you express. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may need to provide your personal data.
Your personal data may be collected and used to help us deliver our business services, help us promote our business, or complete your order or request. Below are the main uses of your data which depend on the nature of our relationship with you and how you interact with our various services, websites and activities.
Your privacy is important to us, so we’ll always keep your details secure. We’d like to use your details to keep in touch about things that may matter to you.
If you choose to hear from us we may send you information based on what is most relevant to you or things you’ve told us you like. We may also show you relevant content online.
We’ll only send these to you if you agree to receive them and we will never share your information with companies outside BSpark for inclusion in their marketing. (We may however share cookie data with third parties to help with our own advertising targeting).If you agree to receive marketing information from us you can change your mind at a later date. Any marketing emails we send will have opt-out links embedded for you to unsubscribe should you so wish.
However, if you tell us you don’t want to receive marketing communications, then you may not hear about events or other work we do that may be of interest to you.
Personal data provided to us may also be profiled to help us with advertising targeting. For example, your subscriber data may be used to ensure we don’t serve you online subscriber advertisements. Or we may use your personal data to find online users with a similar profile to yourself who may be interested in our products or services.
We may sometimes use third parties to capture some of our data on our behalf, but only where we are confident that the third party will treat your data securely, in accordance with our terms and inline with the requirements set out in the GDPR.
How can I change my contact preferences?
We’ll always act upon your choice of how you want to receive communications (for example, by email, post or phone). However, there are some communications that we need to send. These are essential to fulfil our promises to you as a subscriber, partner or buyer of services from BSpark. Examples are:
- Transaction messaging, such as Direct Debit schedules, activity reports, receipted invoices
- Subscriber-related mailings such as renewal reminders, News Magazines and security notifications
We use the personal data you provide as a subscriber to service your subscription period. This includes sending renewal information by email, sending newsletters and reports and information about service updates. It’s also used to verify you when you contact our support line.
Occasionally, we may invite some subscribers and customers to attend relevant special events of potential interest, unless you tell us not to.
We may occasionally carry out research with our customers, staff and partners to get feedback on their experience with us. We use this feedback to improve the experiences that we offer and ensure we know what is relevant and interesting to you.
If you choose to take part in research, we’ll tell you when you start what data we will collect, why and how we’ll use it. All the research we conduct is optional and you can choose not to take part.
We may give some of your personal data (e.g. contact information) to a research agency who will carry out research on our behalf.
We use specific tools to profile how you interact with us online, for example, Google Analytics and Google Adwords. Much of the information we collect is aggregated, however we may also collect some personal data for the use of personalising your experience, optimising our marketing campaigns, and to ensure the site is functioning as intended.
The personal information that is collected includes transactional information (i.e. order number) for Subscriptions, Renewals, and project work.
We may create profiles (personas) for the purposes of improving our marketing. This analysis may be carried out by us or by third party organisations working for us. We may also host encrypted personal data on third party websites (e.g. social media platforms) to ensure that you only see relevant, personalised and interesting content from those organisations.
Recruitment and employment
In order to comply with our contractual, statutory, and management obligations and responsibilities, we process personal data, including ‘sensitive’ personal data, from job applicants and employees.
Such data can include, but isn’t limited to, information relating to health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it’s processed is given below.
Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.
Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring.
Management responsibilities: Our management responsibilities are those necessary for the organisational functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number.
Sensitive personal data
The Act defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.
In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee.
(a) We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent.
(b) We will process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.
(c) Data about an employee’s criminal convictions will be held as necessary.
Disclosure of personal data to other bodies
In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third party supplier.
To meet the employment contract, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.
In order to fulfil our statutory responsibilities, we’re required to give some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.
Updating your data and marketing preferences
We want you to remain in control of your personal data. If, at any time, you want to update or amend your personal data or marketing preferences please contact us in one of the following ways:
- Using the Contact Form on our website
- By email to firstname.lastname@example.org
- Call us on 07739 329678. Open 9.00am – 6.00pm weekdays
- Write to:
9 Entry Hill
Bath BA2 5LZ
Verification, updating or amendment of personal data will take place within 30 days of receipt of your request.
Your data protection rights
Where BSpark is using your personal data on the basis of consent, you have the right to withdraw that consent at any time. You also have the right to ask us to stop using your personal data for direct marketing purposes.
Subject access rights
If you would like further information on your rights or wish to exercise them, please write or email to us at the address above.
You will be asked to provide the following details:
- The personal information you want to access;
- Where it is likely to be held;
- The date range of the information you wish to access
We will also need you to provide information that will help us confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it.
Once we have all the information necessary to respond to your request we’ll provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex.
What to do if you’re not happy
In the first instance, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.
Keeping your information
We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.
How we secure your data
Information system and data security is imperative to us to ensure that we are keeping our customers, partners, employees and contractors safe.
We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up to date and secure against the ever changing threat landscape. In addition to this, we follow a defense in depth security model, which means that your data is protected by multiple layers of security.
When you trust is with your data we will always keep your information secure to maintain your confidentiality. By utilising strong encryption when your information is stored or in transit we minimise the risk of unauthorized access or disclosure; when entering information on our website, you can check this by right clicking on the padlock icon in the address bar.
Disclosing and sharing information
When we allow third parties acting on behalf of BSpark to access to your information, we will always have complete control of what they see, how long they see it for and what they are allowed to do with it. We do not sell or share your personal information for other organisations to use.
Personal data collected and processed by us may be shared with the following groups where necessary:
- BSpark employees and volunteers
- Researchers who run the market research platform on our behalf;
- Third party cloud hosting and IT infrastructure providers who host the website and provide IT support in respect of the website;
Also, under strictly controlled conditions:
- Service Providers providing services to us
Storage of information
BSpark’s operations are based in the UK and we store most of our data within the European Union (EU). Some organisations which provide services to us may transfer data outside the European Economic Area but we’ll only allow this if your data is adequately protected. Some of our systems are provided by US companies and whilst it is our policy that we prefer data hosting and processing to remain on EU-based solutions, it may be that using their products results in data transfer to the USA, however we only allow this when we certain it will be adequately protected (e.g. US Privacy Shield or Standard EU contractual clauses).
Payment Card Security
Our online payment solutions are carried out using GoCardless which is a direct debit payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us, this means that your payment card information is handled by the bank and not processed or held by us.
The Cookie Law is a piece of privacy legislation that requires websites to get consent from visitors to store or retrieve any information on a computer, smartphone or tablet. It started as an EU Directive that was adopted by all EU countries in May 2011. Each country then updated its own laws to comply. In the UK this meant an update to the Privacy and Electronic Communications Regulations.
What is a Cookie?
Session cookies are designed to assist navigation and to help with form completion on our site. These cookies expire when the users browser is closed and are non invasive. We may use persistent cookies on this site. A persistent cookie enables us to track specific information and is generally for record keeping purposes. Persistent cookies remain on your hard drive for an extended period of time. You can remove persistent cookies via your browser’s ‘clear cookies’ function. See AboutCookies.org if you would like further information with relation to blocking cookies on your web browser.
We use an analytics company (Google Analytics) on this website so that we can gain certain information to aid us in the marketing of this site. The analytics company drops cookies via our website and collects non-personally identifiable information about you. We can then access the analytical information and study the traffic that has come to our site. This helps us get a better understanding of how users access and use our site, so that we can help improve our site design and improve the users experience as our website evolves and grows.
Google stores the information collected by the cookie on its servers in the United States. We have no control over what third parties do with their cookies and related information. Google may transfer this information to other third parties where required to do so by law, or where such third parties process the information on Google’s behalf. By using the website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
If you would like to learn about how to reject or delete cookies by Google, please read the information on Google’s web site.
Third Party Cookies
Social Network Cookies
Google cookies are all typically written to the browser upon the loading of Google Maps, Street View and YouTube videos.
|_utma||Twitter.com||This cookie is what’s called a “persistent” cookie, and keeps track of the number of times a visitor has been to the site, when their first visit was, and when their last visit occurred. Twitter does not currently provide information on the use of specific cookies.|
|auth_token||Twitter.com||Twitter does not currently provide information on the use of specific cookies.|
|HSID||Google.com, YouTube.com||Used by Google in combination with SID to verify Google user account and most recent login time|
|SID||Google.com, YouTube.com||This cookie is used by Google in combination with HSID to verify a Google user account and most recent login time.|
|SSID||Google.com||Used by GoogleMaps and YouTube to deliver maps and track usage of their service.|
|APISID||Google.com||Used by GoogleMaps and YouTube to deliver maps and track usage of their service.|
|SAPISID||Google.com||Used by GoogleMaps and YouTube to deliver maps and track usage of their service.|
|secure_session||Twitter.com||Used by Twitter in managing the Twitter content display on this site such as Tweet and Follow buttons. Expires at end of session. Twitter does not currently provide information on the use of specific cookies.|
|twll||Twitter.com||Used by Twitter in managing the Twitter content display on this site such as Tweet and Follow buttons. Expires at end of session. Twitter does not currently provide information on the use of specific cookies.|
|lang||Twitter.com||Twitter does not currently provide information on the use of specific cookies.|
|guest_id||Twitter.com||Used by Twitter in managing the Twitter content display on this site such as Tweet and Follow buttons. Expires at end of session. Twitter does not currently provide information on the use of specific cookies.|
|remember_checked||Twitter.com||Twitter does not currently provide information on the use of specific cookies.|
|remember_checked_on||Twitter.com||Twitter does not currently provide information on the use of specific cookies.|
|_gid||bspark.co.uk, Google.com||This cookie name is asssociated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google. It appears to store and update a unique value for each page visited.|
|_gat||bspark.co.uk, Google.com||This cookie name is associated with Google Universal Analytics, according to documentation it is used to throttle the request rate – limiting the collection of data on high traffic sites. It expires after 10 minutes.|
|_ga||bspark.co.uk, Google.com||This cookie name is asssociated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.|
|__distillery||bspark.co.uk, .fast.wistia.com||This cookie is used to support video delivery services. Its use is not known.|
|wistia-http2-push-disabled||.fast.wistia.com||This cookie is used to support video delivery services. Its use is not known.|
What to do if you do not consent to us using cookies?
If you do not consent to us using cookies you can restrict or delete them from your browser. To help you change your browsers cookie preferences we have collated some instructions for the most popular browsers. Details of how to change your privacy preferences.
Please note if cookies are disabled the online browsing experience may be limited.
Path to Compliance
The information on this page is part of the action we are currently taking as we work towards higher levels of compliance. It is our policy to continually improve our privacy levels and will post updates on this page.
If you’d like to learn more about cookies and the Privacy and Electronic Communications Regulations here are some useful links: