Updated
iSparks, inc. offers internet services ("Services") through it’s SpamHero and Action Web services (collectively "iSparks", or "we" or "us") and associated websites ("Websites"). This policy describes what personal information iSparks collects, why it is collected, and how it is used. It applies to personal data and other information collected by us from or about prospective clients, current clients ("Clients"), and visitors and users of our Websites.
By using or continuing to use our Services or Websites, you consent to the processing of your data within the terms of this Privacy Policy.
Information we collect
Personal information provided by you
When engaging with iSparks through our Websites or other means, you may be invited to
provide personal information that you may elect to
provide.
Examples of these engagements include, but are not limited to, filling out a web form to
request additional information about our services,
completing a survey, asking a question, contacting us through a web chat, providing
feedback, or commenting on a blog. Personal information may
also be collected by us when you send us an email, call us on the phone, send us a text,
message us through social media platforms, or any other
means you may choose to communicate with us. If you choose to become a Client of our
service, you will be required to provide some basic
personal
information on our order forms and control panels. Our Service order forms and control
panels indicate data that is required or optional. In
these
interactions with you, we may collect the following information about you or other
members of your organization that you elect to provide:
- Name
- Title
- Phone numbers
- Email addresses
- Mailing address
- Account login credentials
- Security questions and answers
- Billing and Payment information
- Time zone
- IP Address
- Feedback, testimonials, comments and notes that you may provide
- Customer support inquiries
Other data Clients process and store with us
As a service provider, iSparks stores and processes data ("Client Controlled
Data") as directed by it’s Clients. For example,
Clients of our
SpamHero service configure the "MX records" on domains they control to route email
through the SpamHero service so that we can filter out spam
messages for them. To cite another example, Clients of our Action Web Service control
what content and emails they store on our servers. Clients
ability to control the Client Controlled Data we store and process for them is limited
by the capabilities of the iSparks Services they are
subscribed to, the associated Terms of Service of the subscribed Services, and
applicable laws for the handling of the data they control.
Website visitor information
When you visit our Websites, our web servers automatically log data about your visit,
including your IP address, browser type, operating system,
geographic location, the pages you visited, the website that referred you, the date,
time and length of your visit and any other data that your
browser may have provided. If you choose to provide additional personal information to
iSparks during a visit to our Websites or by email, your
IP
address may be used to link this additional personal information to the website visitor
data that we collect, which means your website visits
may
not be anonymous to us. See the "Cookies and third party tracking technologies" section
of this policy for additional methods we use to collect
website visitor information.
How we use your information
Personal information collected will only be used in a manner consistent within the context it was collected, unless specific and clear consent is given by you to use the data for purposes beyond the original purpose it was collected for.
To provide Services to Clients
Personal information provided directly by Clients (excluding Client Controlled Data as
defined above) is used to provide Services, provide
Client
support, bill for Services, provide Clients information on using our Service, notify
Clients of issues with our service, improve our Service,
and
keep Clients informed about our service offerings. If Clients choose to provide
additional personal information beyond what is required, this
information will only be used to enhance the Client’s experience unless the Client
provides consent to use the data for other purposes.
To send communications to our Clients
If you are a Client of iSparks, we may occasionally contact you about billing, issues
related to your service, and information about new
services
we offer. In order to stop receiving these communications, you can either change the
contact information on your account profile or cancel your
account with us. We also give customers the option to subscribe to optional
communications that allow them to get service status updates and
feature updates. Customers can subscribe or unsubscribe to these notifications through
the client control panel. Or, if it is more convenient,
you
may also send a request to to be excluded from specific Client
communications. Depending on what types of Client
communications you want to stop, it may require us to discontinue all outbound
communications with you to accomplish your request.
To communicate with prospective clients
lf you have requested information about our services, we may occasionally contact you
about our service offerings. If our communication to you
was
sent by email and an unsubscribe link is not included, you may simply respond with an
opt-out request. You may also opt out of phone calls or
other contacts by simply letting us know that you are no longer interested. You may also
send a request to to opt-out of
these
communications. Please allow up to 2 business days for us to remove you from our contact
lists.
Use of Client Controlled Data provided by Clients
Client Controlled Data (as previously defined) that is controlled by our clients is only
used in accordance with the instructions of our Clients
and within the limitations of subscribed Services and Terms of Service. Upon request,
iSparks will provide Clients a data processing addendum
that
is compliant with EU General Data Processing Regulations which amends the agreement (or
Terms of Service) between iSparks and the Client and
governs iSparks’ processing of client data. Regardless of whether clients choose to sign
this data processing addendum, iSparks will follow the
principles for protecting data privacy as specified in the addendum when acting as a
data processor to handle data on behalf of it’s
clients.
To analyze and improve our Websites and Services
iSparks uses website visitor data to track the effectiveness of our advertising, to
improve website compatibility with devices and browsers,
identify and block malicious accesses to our websites, and measure traffic levels in
order to maintain proper server capacities.
Cookies and third party tracking technologies
iSparks uses the following technologies to improve your experience and our business:
-
Cookies. If your web browser allows it, we use cookies to track certain information about you and the status of your current website visit. Examples of information stored includes, but is not limited to, preferences you selected, the source that brought you to our site, and whether or not you are signed in as a customer. Cookies may be required for portions of our website and service offerings to function properly.
-
Third party tracking technologies. We may sometimes embed third party tracking technologies in our website pages to track visits to our website. These third parties may also use cookies. These third party service providers assist us in better understanding our site visitors and are not permitted to use the information they collect on our behalf except to help us analyze our website traffic and improve our business.
Disclosure of personal information
iSparks does not disclose your personal information to third parties except in the following cases:
For legal or safety reasons: We reserve the right to disclose personal information if we have reason to believe, in good faith, that one of the following conditions are met: (1) we have a legal obligation to do so, (2) it is necessary to protect our rights, (3) to investigate fraud, (4) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or (5) it is in the interest of our safety, your safety, or public safety.
Merger or acquisition: In the event that iSparks is involved in a merger or acquisition that requires us to transfer personal information to a new entity. In such a case, the new entity will be bound by the same terms of this privacy policy in relation to your personal information that we collected prior to the merger or acquisition.
Service providers: With third party service providers that act as agents on our behalf (also known as sub-processors) that assist us in our business activities. These service providers are only authorized to use personal information that is necessary to provide services to us and iSparks remains liable to ensure that they provide the same level of protection as this Privacy Policy. The types of third party service providers and the purposes they serve are as follows:
- PCI compliant payment processors for processing Client payments.
- Outsourced phone and chat support vendors. Clients that utilize our phone and chat support may be routed to an outsourced phone and chat support vendor. In such cases, staff members from our outsourced support vendor will have limited access to your account to assist you with your needs and are only authorized to access Client accounts while providing support. These accesses are automatically logged to ensure compliance with our data protection policies.
- Email services for CRM use. Our primary CRM email system is self-hosted, but a backup copy of our email is stored with an email provider for backup use.
- Co-location facilities. Our server hardware is co-located in secure data centers that have implemented strict access controls. Data center personnel are only authorized to access our servers under our direction.
- Outsourced hosting. Most of our Services are hosted on hardware that we own, but we do sometimes outsource the hosting of some Services that we provide to meet the needs of our Clients and our business.
Updating or deleting your personal information
If you are a Client of iSparks, you will normally have access to a client control panel that allows you to correct, update or delete your personal information. If you are not a Client, or the information you need to update or delete is not located in the client control panel, you may send a request to . Requests will be denied if the data in question is required for our financial accounting or legal purposes or where the burden or expense of providing you access would be disproportionate to your privacy risks, or where the rights of other persons would be violated. In addition, our ability to process your request will be subject to our ability to confirm your identity. Requests that are allowed will be processed in a reasonable amount of time, usually less than 3 business days, but no longer than 30 days. Data that is updated or deleted from our live databases may still exist in its original form in our backups. If your personal information was stored on our servers by one of our Clients, where our Client is the data controller and we are only the data processor, we will forward your request to our Client. Our Client’s handling of your request will be subject to any terms of service or contracts that you have with our Client.
Data security
We have implemented reasonable measures to protect against unauthorized access of personal information. Examples of methods we use are:- The use of strong SSL and TLS encryption for the transmission of personal information.
- The use of both hardware and software firewalls to protect our servers from unauthorized access.
- Providing ongoing training to our employees on the methods and tools we use to protect your information.
Protection of children
Our Websites and Services are all directed to people who are at least 13 years old or older. In compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), we will not knowingly collect data from anyone under 13 years of age.
Links to Third Party websites
Our Websites includes links to third party websites. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
California
Due to the current size and scale of iSparks' operations, the California Consumer Privacy Act (CCPA) does not yet apply. That said, iSparks believes in doing the right thing and is happy to comply with reasonable requests that are allowed within the CCPA from data subjects in California. We also strive to comply with all principles of the CCPA to ensure the privacy and safety of the data we process.
International Data Transfers
Data Transfers from the European Union (EU)
To the extent that iSparks processes any Client Controlled Data protected by the EU Data
Protection Laws (aka EU GDPR) that originates from the
EEA, in a country that has not been designated by the European Commission as providing
an adequate level of protection for Personal Data, the
parties acknowledge that iSparks shall be deemed to provide adequate protection (within
the meaning of EU Data Protection Law) for any such
Client
Controlled Data by virtue of the Standard Contractual Clauses as set forth by the
European Commission. Upon request, iSparks can provide a
signed
Data Processing Addendum that includes these Standard Contractual Clauses.
Data Transfers from the UK
To the extent that iSparks processes any Client Controlled Data protected by UK Data
Protection Law (aka UK GDPR) that originates from the UK,
in
a country that has not been designated by the UK Government as providing an adequate
level of protection for Personal Data, the parties
acknowledge that iSparks shall be deemed to provide adequate protection (within the
meaning of UK Data Protection Law) for any such Client
Controlled Data by virtue of the Standard Contractual Clauses as set forth by the
European Commission (the UK has authorized use of the clauses
set forth by the European Commission until the UK has established its own). Upon
request, iSparks can provide a signed Data Processing Addendum
that includes these Standard Contractual Clauses.
Data Transfers from other countries
iSparks intends to follow all data protection laws from other countries as it learns
about them but has not established formal policies for
countries not mentioned in this policy. In the absence of formal policies, all data will
be protected in a manner consistent with data
protection
laws from the United States, the European Union and the UK.
Other Terms and Conditions
Services offered by iSparks through it’s SpamHero and Action Web services are subject to this privacy policy and the Terms of Service associated with the offered services.
Changes to our Privacy Policy
This privacy policy may change from time to time. The effective date at the top of this policy will be updated when the last change to this policy was made. By continuing your use of our website and services you consent to this privacy policy and modifications made to the policy.
Questions or concerns
If you have questions, comments or concerns regarding this policy, you are welcome to contact us in one of the following ways:By email:
Through the U.S. Postal Service:
iSparks, inc.881 W. State Street #140-434
Pleasant Grove, UT 84062, USA
1-888-355-4376 (From within the U.S.)
+1-702-800-4911 (International callers)
EU GDPR Representative
Pursuant to Article 27 of the EU GDPR, iSparks is considered a data controller and has therefore appointed a GDPR representative in the EU. This representative can be contacted in addition to iSparks in matters pertaining to our compliance to the EU GDPR in the following ways:
- Sending an email to:
-
Mailing your inquiry to:
Rickert Rechtsanwaltsgesellschaft mbH
- Isparks -
Colmantstraße 15
53115 Bonn
Germany
UK GDPR Representative
Pursuant to Article 27 of the UK GDPR (which currently mirrors the EU GDPR), iSparks is considered a data controller and has therefore appointed a GDPR representative in the UK. This representative can be contacted in addition to iSparks in matters pertaining to our compliance to the UK GDPR in the following ways:
- Sending an email to:
-
Mailing your inquiry to:
Rickert Services Ltd UK
- Isparks -
PO Box 1487
Peterborough
PE1 9XX
United Kingdom