Privacy Policy

Last updated: 27 February 2026

Spark Onward respects your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under the GDPR and applicable Dutch privacy law.

1. Who is responsible for your data (Controller)

Controller: SparkOnward

Legal entity name (if applicable): SparkOn

Address: Henk Curierekade 62, 1013 CH, Amsterdam, The Netherlands

KvK: 81457170

VAT: NL003565305B25

Contact: rashmi@sparkonward.com

2. What data we collect

Depending on how you use the Website and services, we may collect:

2.1 Data you provide

  • Name, email address, phone number (if provided)

  • Billing information (invoices, payment status—note: payment card details are handled by our payment provider)

  • Account details (if you create an account)

  • Messages you send (contact forms, email, DMs)

  • Workshop/program registration details

  • Information you voluntarily share related to coaching/counselling (only what you choose to share)

2.2 Data collected automatically

  • IP address (may be partially anonymized depending on configuration)

  • Browser/device information

  • Pages visited, referral source, approximate location

  • Cookies and similar technologies (see Cookie Policy)

2.3 Comments (if enabled)

If you leave a comment, we collect what you submit, plus technical metadata (e.g., IP address) for spam prevention.

3. Why we process your data (Purposes)

We process personal data to:

  • provide and administer services (sessions, programs, events)

  • manage bookings, attendance, and communication

  • process payments and issue invoices

  • improve the Website and user experience

  • send newsletters or updates (only with consent where required)

  • meet legal obligations (tax, accounting)

  • protect safety, prevent fraud, and enforce our terms

4. Legal bases under GDPR

We rely on:

  • Contract (Art. 6(1)(b)) — to deliver what you purchase or request

  • Legitimate interests (Art. 6(1)(f)) — to run and improve our business, secure the Website, prevent fraud

  • Consent (Art. 6(1)(a)) — for marketing emails/cookies where required; you can withdraw consent anytime

  • Legal obligation (Art. 6(1)(c)) — for accounting, tax, and compliance

5. Marketing communications

If you subscribe to our email list, we may send you updates, articles, events, and offers. You can unsubscribe any time using the link in emails or by contacting us.

If you are an existing customer, we may send service-related messages that are not marketing (e.g., booking confirmations, schedule updates).

6. Cookies and analytics

We use cookies and similar tools. For non-essential cookies (e.g., analytics), we request consent where required in the EU.

Details are in our Cookie Policy.

7. Sharing your data (Processors)

We share personal data only when necessary, such as with:

  • website hosting and infrastructure providers

  • booking/scheduling tools

  • payment providers and invoicing/accounting tools

  • email/newsletter providers

  • analytics providers (if enabled and consented)

  • professional advisors (e.g., accountant) where legally necessary

We do not sell your personal data.

If you want a current list of specific providers we use, email us and we’ll share it.

8. International data transfers

Some providers may process data outside the European Economic Area (EEA). Where that happens, we rely on appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs), and

  • additional technical/organisational measures where needed.

9. Data retention

We retain data only as long as necessary:

  • Service/admin records (invoices, payments): typically retained for legal/tax obligations (often 7 years under Dutch rules—confirm with your accountant and update if needed).

  • Account data: retained while the account is active and for a limited period after deletion requests, unless legal retention applies.

  • Coaching/counselling notes (if kept): retained only as long as necessary for service quality and legal obligations, and handled with care.

  • Marketing data: until you unsubscribe or withdraw consent.

  • Comments: retained indefinitely unless you request deletion (and deletion is legally/technically feasible).

10. Your rights (GDPR)

You have the right to:

  • access your data

  • correct inaccurate data

  • request deletion (where applicable)

  • restrict or object to processing

  • data portability

  • withdraw consent (when processing is based on consent)

  • lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

Authority: Autoriteit Persoonsgegevens (Netherlands).

To exercise rights, contact contact@sparkonward.com. We may request verification to protect your data.

11. Security

We take reasonable measures to protect your data, including access controls and secure services. No system is 100% secure; you share data at your own risk.

12. Children

Our Website and services are not intended for individuals under 18, unless explicitly agreed in writing with guardian consent and where permitted by law.

13. Changes to this Policy

We may update this Privacy Policy. The “Last updated” date reflects changes.

14. Contact

Privacy questions or requests: contact@sparkonward.com