Social

Last updated: 10 Nov 2025

Sparq IT Services (“Sparq”, “we”, “us”, “our”) is a sole proprietorship owned by Abdul Waheed and founded/led by Afzal Hameed. Our registered office is on Kursi Road, Lucknow, Uttar Pradesh, India.

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website, contact us, or use our services. By using our website or services, you agree to this Policy.

Note: This is an industry‑standard policy adapted for Indian law (Digital Personal Data Protection Act, 2023 — “DPDP Act”) and international visitors (e.g., GDPR/CCPA). It is not legal advice.

1) Who we are and our roles

  • Controller: For data about website visitors, leads, and our own clients, Sparq acts as the data controller.
  • Processor/Service Provider: When clients instruct us to process their customers’ or users’ data (e.g., ad campaigns, analytics, CRM, marketplace operations), we act as a processor/service provider under a separate agreement or SOW.

2) What we collect

We collect the following categories of data, depending on your interaction with us:

  • Identity and contact data: name, company, role, email, phone, address, social handles.
  • Business and project data: requirements, brand assets, product data, marketplace seller IDs.
  • Transaction data: invoices, payments, tax/GST details. We do not store full card data; payments are handled by payment gateways under their policies.
  • Communications data: emails, chat messages, call notes, support tickets, feedback, testimonials.
  • Marketing preferences: newsletter and campaign opt‑ins/opt‑outs.
  • Technical data: IP address, device identifiers, browser/OS, pages viewed, referral URLs, session logs, cookies.
  • Platform access data (when you engage our services): limited admin or developer access credentials to hosting, CMS, app stores, ad accounts, analytics, marketplaces, CRM, email/SMS systems.
  • Hiring/partnering data (if you apply or collaborate): CV, portfolio, work history, references.
  • Sensitive personal data: We do not intentionally seek sensitive categories. If a project requires it, we will process only with explicit instructions/consent and appropriate safeguards.

3) How we collect data

  • Directly from you: web forms, emails, messaging apps, calls, proposals, contracts, invoices.
  • Automatically: cookies, pixels, SDKs, and analytics tools when you visit our site.
  • From third parties: ad/analytics platforms, social networks (if you connect), marketplace or payment partners, public sources consistent with law.

4) Why we use your data (purposes)

  • Provide and improve our website and services; set up projects, accounts, and integrations.
  • Communicate about proposals, milestones, support, and billing.
  • Run campaigns and analytics as instructed by clients.
  • Personalize content, measure performance, and improve user experience.
  • Legal and security: fraud prevention, compliance, audits, enforcing agreements.
  • Marketing (with consent/legitimate interests): newsletters, updates, event invites, case studies.

5) Legal bases / Lawful use

  • Under DPDP Act: your consent; and legitimate uses such as performance of a contract you request, compliance with law, and to respond to emergencies.
  • Under GDPR (for EEA/UK visitors): consent, performance of a contract, legitimate interests (e.g., site security, basic analytics), legal obligation.
  • Under CCPA/CPRA (California): we act as a “service provider/contractor” for client instructions; for our own site we do not sell personal information as defined by CCPA. You may opt out of “sharing” for cross‑context behavioral advertising via our cookie/banner settings.

6) Cookies, pixels, and similar tech

  • Types we use:
    • Strictly necessary: security, load‑balancing, consent storage.
    • Analytics/performance: traffic stats, conversions, page interactions.
    • Functionality: remember preferences and sessions.
    • Advertising/retargeting: measure ad performance and reach audiences.
  • Control: Use our cookie banner/settings to grant/withdraw consent for non‑essential cookies; you can also clear cookies in your browser. Disabling some cookies may impact site functionality.

7) Marketing communications

  • Email/SMS/WhatsApp: Sent only with consent or as permitted (e.g., service notices). You can unsubscribe via the link in messages or by contacting us.
  • DLT/SMS compliance (India): We send SMS/WhatsApp only to consented recipients and as per TRAI/DLT norms. You may opt out at any time.

8) Data sharing and recipients

We share data only as needed:

  • Service providers/subprocessors: hosting and cloud infrastructure, CDN, email/SMS/WhatsApp platforms, analytics, payment gateways, CRM/automation tools, ad networks (Google, Meta, Amazon Ads, etc.), marketplace integrators, design/dev tools, error/crash reporting. They process data under contracts and only on our instructions.
  • Professional advisors and auditors, and where required by law or to protect rights and safety.
  • Business transfers: part of a merger, acquisition, or similar event (rare for a sole proprietorship, but noted).
    We do not sell personal information.

9) International transfers

We may transfer data outside India when using global vendors. Where required, we use appropriate safeguards (contractual clauses, adequacy/whitelisting under applicable laws, or your explicit consent).

10) Security

We use reasonable technical and organizational measures: access controls and least‑privilege, MFA on critical systems, encryption in transit, secure key management, regular updates, and vendor due diligence. No method is 100% secure; please protect your accounts and promptly inform us of any suspected compromise.

11) Retention

We keep data only as long as necessary for the purposes above or as required by law:

  • Prospect/inquiry data: up to 24 months after last interaction.
  • Client/project records: typically 7 years after project completion (tax/accounting).
  • Analytics logs: 13–26 months (tool‑dependent).
  • Marketing suppression lists (to honor opt‑outs): retained indefinitely.
    We may anonymize data for statistics and research.

12) Your rights

  • Under DPDP Act (India): right to access, correct, and erase your personal data; right to grievance redressal; right to nominate another person to exercise rights in case of death or incapacity; right to withdraw consent.
  • Under GDPR (EEA/UK): rights of access, rectification, erasure, restriction, portability, and objection; right to lodge a complaint with a supervisory authority.
  • Under CCPA/CPRA (California): rights to know/access, correct, delete, and opt out of sale/share; right to limit use of sensitive information; no discrimination for exercising rights.

How to exercise your rights:

  • Use our cookie banner to manage cookie consent.
  • For access/correction/deletion/consent withdrawal, contact us (see Section 17). We may need to verify your identity and request details to locate your data.
  • For client projects where we act as processor, please contact the client (data controller). We will assist them to fulfill your request.

13) Children’s privacy

Our services and website are not directed to children. We do not knowingly collect personal data of individuals under 18 years (India) or the age defined by local law. If you believe a minor has provided data, contact us to remove it.

14) User‑generated content and links

Content you submit (e.g., testimonials) may be public if you consent to publication. Our site may link to third‑party sites and services; their privacy practices apply to your use of them.

15) Automated decision‑making and profiling

We do not make decisions with legal or similarly significant effects based solely on automated processing. We may use analytics, look‑alike or interest‑based audiences, and basic profiling to improve marketing with your consent where required.

16) Client data we process on your behalf

When you engage us for web/app builds, analytics, ads, marketplaces, CRM, email/SMS/WhatsApp, YouTube or social media management:

  • We process personal data only on your documented instructions and for the purposes in the SOW.
  • You must ensure you have the necessary consents and notices for your end users and maintain lawful basis.
  • We will implement appropriate security, assist with data subject requests, and delete/return data at the end of the engagement, subject to legal retention requirements.
  • You authorize our vetted subcontractors/freelancers to assist, under confidentiality and data‑processing terms.

17) Grievance and contact

Grievance Officer: Afzal Hameed
Address: Sparq IT Services, Kursi Road, Lucknow, Uttar Pradesh, India
How to contact us:

  • Use the contact form on our website or your project workspace; or
  • Send a written request to the postal address above; or
  • Provide your preferred privacy contact email/phone and we will add it here.

If you are in India and unresolved concerns remain, you may approach the Data Protection Board of India as per the DPDP Act.

18) Changes to this Policy

We may update this Policy occasionally. The “Last updated” date reflects the latest changes. If we make material changes, we will take reasonable steps to notify you (e.g., website notice or email). Continued use of our website/services after changes means you accept the revised Policy.

19) Jurisdiction

This Policy and any disputes are governed by the laws of India. Courts at Lucknow, Uttar Pradesh shall have exclusive jurisdiction, without prejudice to any mandatory rights you may have under applicable law.