Go Spark Digital Ltd Privacy Policy
Last updated: 22 July 2025
1. About Us
Go Spark Digital Ltd. (âGo Sparkâ, âweâ, âusâ or âourâ) is a private limited company registered in England and Wales (company number: 16199796). Registered office: Brookside Farm, Townhead, Dunford Bridge, Sheffield, S36 4TG, United Kingdom.
We are the data controller for personal data collected through:
- gospark.digital
- any other subâdomains or pages under the gospark.digital domain that link to this notice
- our related email, marketing or analytic services
If you have questions about this privacy policy or how we handle your personal data, contact us at [email protected].
2. The data we collect
| Category | Examples | How collected |
|---|---|---|
| Identity Data | first name, last name, job title, franchise/location | Forms you fill in, events |
| Contact Data | email address, telephone, postal address, social handles | Forms, correspondence |
| Business Data | organisation name, sector, size, CRM IDs | Forms, discovery calls |
| Technical Data | IP address, browser type & version, timeâzone, device identifiers, operating system | Automatic via cookies & similar tech |
| Usage Data | pages viewed, links clicked, time on page, scroll depth, campaign IDs | Cookies, analytics |
| Marketing & Communications | preferences for receiving marketing from us and third parties | Optâin boxes, email interactions |
We do not intentionally collect special category data (e.g. health, political opinions) or childrenâs data. Please refrain from providing such information.
3. How we use your information & legal bases
| Purpose | Legal basis (UK GDPR art. 6) |
|---|---|
| Respond to enquiries and provide requested information or a âFree Franchise Systems & Marketing Auditâ | Article 6(1)(b) â performance of a contract or steps prior |
| Set up and manage a customer account, deliver consulting, technology or marketing services | Article 6(1)(b) â contract |
| Send service or transactional messages (e.g. project updates, security notices) | Article 6(1)(f) â legitimate interests (provision of our services) |
| Send email newsletters, event invitations or thoughtâleadership | Article 6(1)(a) â consent (PECR optâin) |
| Analyse site performance, measure marketing effectiveness, improve our products | Article 6(1)(f) â legitimate interests (understanding & growing our business) |
| Comply with legal or regulatory obligations (e.g. HMRC, ICO) | Article 6(1)(c) â legal obligation |
Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms and determined they are not overridden.
You may withdraw consent or object to processing based on legitimate interests at any time (see Section 9 below).
4. Cookies & similar technologies
We use firstâparty and thirdâparty cookies, pixels and local storage to:
- remember preferences (functional cookies)
- perform analytics (e.g. Google Analytics 4)
- run advertising or remarketing campaigns (e.g. LinkedIn Insight Tag)
Full details are provided in our Cookie Notice. You can manage cookies via the banner on your first visit or through your browser settings. Where required by PECR we obtain your consent before setting nonâessential cookies.
5. Sharing your data
We only share personal data when necessary and in accordance with this notice:
- Service providers â hosting, CRM, marketing automation, analytics, payment processors, professional advisers
- Business transfers â in connection with a merger, acquisition, or asset sale
- Legal / regulatory â HMRC, courts, lawâenforcement, the Information Commissionerâs Office (âICOâ)
- With your consent â e.g. testimonials
Our suppliers are bound by written agreements to process your data only on our instructions and to implement appropriate security measures.
6. International transfers
Some service providers are located outside the UK. Where we transfer personal data internationally we ensure one of the following safeguards is in place:
- an adequacy decision (e.g. EU, Jersey)
- International Data Transfer Agreement or Standard Contractual Clauses
- another lawful derogation under UK GDPR Article 49
The EU recently confirmed the UKâs adequacy status remains valid until at least 27 December 2025 (carpedatumlaw.com).
7. Data retention
We retain personal data only as long as necessary for the purposes described:
| Data type | Typical retention |
|---|---|
| Prospect & marketing records | 24Â months from last interaction or until you withdraw consent |
| Client project files | 7Â years after contract end (tax & contractual limitation) |
| Analytics logs | 26 months (Google Analytics default) |
| Financial records | 6Â years + current financial year (UK law) |
We securely delete or anonymise data when it is no longer needed.
8. Security
We implement technical and organisational measures including encryption in transit (TLS 1.2+), access controls, multiâfactor authentication, and regular vulnerability checks. Unfortunately, no online service can guarantee 100âŻ% security, but we follow industry best practice frameworks such as ISO 27001 controls.
9. Your rights
Under the UK GDPR and the Data Protection Act 2018, you have rights to:
- Access your personal data
- Rectify inaccurate or incomplete data
- Erase data (âright to be forgottenâ)
- Restrict processing
- Data portability
- Object to processing (including direct marketing)
- Not be subject to decisions based solely on automated processing
To exercise your rights, email [email protected]. We will respond within one month. You also have the right to lodge a complaint with the ICO (ico.org.uk).
10. Changes to this policy
We review this notice regularly and will update it to reflect changes in law or our practices. In particular, we will incorporate any specific requirements arising from the Data (Use and Access) Act 2025, which begins phased implementation from June 2025 (ico.org.uk, gov.uk).
Material changes will be communicated via this page and, where appropriate, by email.
11. Contact
Data Protection Officer (DPO)
Go Spark Digital Ltd.
Email: [email protected]
Phone: [insert telephone]
This privacy notice is provided in accordance with the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (as amended). Nothing in this notice limits your statutory rights.