Privacy Policy
Spark UGC Ltd ("we", "us", "our"), a company registered in England and Wales under company number 15305102 with its registered office at 27 Airedale Road, London SW12 8SQ, is the data controller for personal data processed through sparkugc.com (the "Site"). Our ICO registration number is ZB759411.
This privacy policy is published in accordance with Articles 13 and 14 of the UK GDPR.
1. Definitions
1.1 "Data Protection Laws" means the UK General Data Protection Regulation, the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003, and the Data (Use and Access) Act 2025, in each case as amended.
1.2 "Personal Data" and other defined terms have the meanings given to them in the Data Protection Laws.
2. Information we collect
2.1 We collect Personal Data that you provide to us, including when you:
(a) contact us through the Site or by email; (b) subscribe to our communications; (c) request a resource or service; (d) book a meeting with us; (e) apply to join our creator network.
2.2 Personal Data collected under clause 2.1 may include your name, contact details, professional information, links to publicly available social media profiles, and any other information you choose to submit.
2.3 We collect technical information automatically when you access the Site, including IP address, browser type, operating system, device type, pages visited and referral source.
2.4 We use cookies and similar technologies as set out in clause 12.
3. Purposes and lawful bases
3.1 We process Personal Data for the following purposes and on the following lawful bases:
(a) to respond to enquiries and to provide information, resources or services you have requested — performance of a contract or steps prior to entering into a contract (Article 6(1)(b)), or our legitimate interests in operating our business (Article 6(1)(f));
(b) to assess applications to our creator network and to match applicants with relevant briefs — performance of a contract or steps prior to entering into a contract (Article 6(1)(b)), and our legitimate interests in operating our creator network (Article 6(1)(f));
(c) to send marketing communications by electronic mail — your consent (Article 6(1)(a)), obtained in accordance with Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003;
(d) to operate, secure and improve the Site and to prevent fraud or misuse — our legitimate interests in maintaining the Site (Article 6(1)(f));
(e) to measure the performance of our marketing and to deliver advertising to relevant audiences — your consent (Article 6(1)(a)), obtained through our cookie banner;
(f) to comply with our legal and regulatory obligations — compliance with a legal obligation to which we are subject (Article 6(1)(c));
(g) to establish, exercise or defend legal claims — our legitimate interests (Article 6(1)(f)), or, where Article 9 data is involved, Article 9(2)(f).
4. Special category data
4.1 We do not solicit special category data within the meaning of Article 9 of the UK GDPR. Where you provide such data unsolicited, we will delete it or, where you have manifestly made it public, process it under Article 9(2)(e).
5. Recipients
5.1 We may disclose Personal Data to:
(a) our service providers acting as processors on our behalf, including Netlify Inc. (hosting and form submissions), Plausible Insights OÜ (analytics), Calendly Inc. (scheduling), Meta Platforms Ireland Limited (advertising measurement) and Google Ireland Limited (advertising measurement);
(b) brand clients to whom we propose creator candidates, where the candidate has expressed interest in the relevant brief;
(c) our professional advisers, including accountants, lawyers, insurers and auditors, where strictly necessary for the purpose for which they are engaged;
(d) law enforcement, courts, regulators and other competent authorities, where we are required to do so by law or where disclosure is necessary to establish, exercise or defend legal claims;
(e) any successor entity in the event of a sale, merger, restructuring or insolvency of our business.
5.2 We do not sell Personal Data.
6. International transfers
6.1 Where Personal Data is transferred to a recipient outside the United Kingdom, we rely on one or more of the following safeguards:
(a) the United Kingdom's adequacy regulations, including in respect of transfers to the European Economic Area;
(b) the UK Extension to the EU-US Data Privacy Framework, where the recipient is self-certified under that Framework;
(c) the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, in each case supported by a transfer risk assessment.
6.2 Further information about the safeguards applied to a specific transfer is available on request.
7. Retention
7.1 We retain Personal Data for no longer than is necessary for the purposes for which it was collected, taking into account our legal, regulatory, tax and accounting obligations. Indicative retention periods are:
(a) server and hosting logs — 30 days;
(b) records of marketing subscribers — for the duration of the subscription and 12 months following unsubscribe;
(c) enquiry, meeting and contact records — 36 months from the date of last contact;
(d) creator network profiles — for the duration of inclusion on our database, deleted within 90 days of withdrawal save for records required for tax and accounting purposes;
(e) records relating to a contracted engagement — for the duration of the engagement and a further 7 years following its termination, in order to satisfy statutory tax and accounting requirements.
8. Security
8.1 We implement appropriate technical and organisational measures designed to protect Personal Data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
8.2 In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach, and, where the risk is high, the affected individuals without undue delay.
9. Your rights
9.1 Subject to the conditions and exemptions set out in the Data Protection Laws, you have the following rights:
(a) the right of access (Article 15);
(b) the right to rectification (Article 16);
(c) the right to erasure (Article 17);
(d) the right to restriction of processing (Article 18);
(e) the right to data portability in respect of Personal Data processed by automated means under consent or contract (Article 20);
(f) the right to object to processing carried out on the basis of our legitimate interests (Article 21);
(g) the right to withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal (Article 7(3));
(h) the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects (Article 22). We do not currently carry out such processing.
9.2 To exercise any of these rights, contact us using the details at clause 14. We will respond within one month of receipt, extendable by a further two months where necessary, with notice to you.
10. Direct marketing
10.1 You have the right to object to the processing of your Personal Data for direct marketing purposes at any time. We will cease such processing on receipt of your objection.
10.2 Where we send marketing communications by electronic mail, we do so on the basis of your prior consent. Every such communication contains a means of unsubscribing.
11. Complaints
11.1 If you wish to make a complaint about how we process your Personal Data, contact us using the details at clause 14. We will acknowledge your complaint within 30 days of receipt and respond in full within two months, save where the complaint is unusually complex, in which case we will keep you informed.
11.2 You also have the right at any time to lodge a complaint with the Information Commissioner's Office at ico.org.uk/concerns.
12. Cookies
12.1 We use cookies and similar technologies as set out in our Cookie Notice, which is available on the Site.
12.2 Strictly necessary cookies and processing falling within the exemption at Regulation 6(4) of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended by the Data (Use and Access) Act 2025) are used without your consent. All other cookies and similar technologies are used only with your consent, which you may withdraw at any time.
13. Children
13.1 The Site and our services are intended for adults using them in a professional context. We do not knowingly process Personal Data of children. Our creator network is open only to applicants aged 18 or over.
14. Contact
14.1 For any matter relating to this privacy policy or your Personal Data, contact us at:
Spark UGC Ltd 27 Airedale Road London SW12 8SQ United Kingdom
Email: hello@sparkugc.com
15. Changes
15.1 We may amend this privacy policy from time to time. Amendments take effect on publication on the Site. The date at the head of this privacy policy indicates when it was last amended.