SPARK® Privacy Policy
Effective as of 1 September 2020
We take your privacy seriously. Please read this Privacy Policy carefully as it describes the ways we collect, protect, use, share, and store your personal data.
Applicability of the Privacy Policy
This SPARK Privacy Policy (the “Privacy Policy”) governs the processing of personal data collected from individual users (“you” and “your”) through the websites www.sparkhealthcare.com, www.beaconlearningapp.com, www.sparkcme.org, and the software application Beacon Learning App (the “App”) (collectively, the “Solutions”). The Privacy Policy does not cover any third-party products and services that integrate with the Solutions or any third-party websites, applications, and software.
Data Controller
The Solutions are owned and operated by SPARK Healthcare having a registered business address at 380 Riverside Drive, New York, NY, 10025, USA (“SPARK”, “we”, “us”, and “our”). SPARK acts as a data controller with regard to the personal data processed through the Solutions.
Types and Purposes of Personal and Non-Personal Data
Information You Give Us
We collect your personal and non-personal data in connection with the Solutions for purposes of enabling you to use the Solutions, performing our services, and analysing our business activities. We do not collect any more information than reasonably needed to offer our services.
Personal data.
We collect your personal data when you register your user account, use the Solutions, make changes to your account, or communicate with us. We respect data minimisation principles. Thus, we collect only a minimal amount of personal data that is necessary for your use of the Solutions and such data is used for limited, specific, and legitimate purposes specified in this Privacy Policy.
- When you contact us through the contact forms available on the Solutions, we collect your (i) name, (ii) email address, (iii) phone number, (iv) company/institution name, (v) job title, and (vi) any information that you include in your message. We use such data to respond to your enquiries and provide you with the requested information. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data).
- When you sign up on the App, we collect your (i) first name, (ii) last name, (iii) email address, (iv) city, (v) state, (vi) ZIP code, (vii) role, and (viii) NPI number. We use such data to create and maintain your user account, provide you with access to the App, contact you if necessary, ensure the security of the App, maintain our business records, and analyse the usage of the App. The legal bases on which we rely are ‘performing a contract’, ‘your consent’ (for optional personal data), and ‘pursuing our legitimate business interests’ (i.e., analyse and administer our business).
- When you update your user account, we collect your (i) first name, (ii) last name, (iii) email address, (iv) city, (v) state, (vi) ZIP code, (vii) NPI number, (viii) nickname, and (ix) photo. We use such data to update your user account., maintain our business records, and analyse the usage of the App. The legal bases on which we rely are ‘performing a contract’, ‘your consent’ (for optional personal data), and ‘pursuing our legitimate business interests’ (i.e., analyse and administer our business).
- When you contact us by email, we collect your (i) name, (ii) email address, and (iii) any information that you decide to provide in your message. We use such data to respond to your enquiries and provide you with the requested information. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data).
- When you use the Solutions, we collect your IP address and cookie-related data. We use your IP address to analyse your use of the Solutions. Our cookies are used for the purposes specified in the section “Cookies” below. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to analyse our business) and ‘your consent’ (for cookie-related data).
App usage data.
In the course of your use of the App, we collect and associate with your personal data some non-personal data about your engagement with the App, such as time spent, questions completed, and information about your level of knowledge of the topics covered. Our collection of this information is made directly from you and your interactions with the App. We consider aggregate data to be personal data. We use such data only for internal business purposes, i.e., to analyse the App and our business activities. The legal basis on which we rely is ‘pursuing our legitimate business interests’.
Refusal to provide personal data.
We respect the right to privacy of all users of the Solutions. You may restrict the information provided to the Solutions. For example, you may decline to provide us with some or all of your personal data; however, restricting your personal data will materially reduce and diminish the value of the Solutions to you, and may prevent you from using certain functionalities or the Solutions at all.
Information We Collect from Other Sources
Non-personal data.
SPARK, either directly or through its authorized third-party analytics service providers, also collects analytics information about your use of the Solutions, including information about your access and visits to the Solutions, such as browser type, browser language, referring/exit pages and URLs, other browser history, platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, geolocation, and the date and time of use, some of which may uniquely identify your browser or your account. Such information is collected in a variety of ways, including from web forms, technologies like cookies or other anonymous identifiers, web logging, and software on your computer or other devices. When you visit the Solutions, we store information based on your usage history.
Purposes of non-personal data.
We use non-personal data to analyse the Solutions, including (i) to examine the relevance, popularity, and engagement rate of the content available on the Solutions, (ii) to develop additional features of the Solutions, and (iii) to investigate and prevent security issues and abuse.
De-identified data.
If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any legitimate business purpose.
Sharing Personal and Non-Personal Data
Your personal data is shared only with (i) those persons you expressly authorize via the Solutions to receive such information and (ii) those persons in SPARK (e.g. employees, affiliates, vendors, partners, and third parties) who need to access such information in order to perform the services offered by SPARK or who will utilize the information to improve SPARK’s operations. The disclosure of your personal data is limited to the instances when such data is required for (i) ensuring the proper operation of the Solutions, (ii) ensuring the delivery of the services requested by you, (iii) providing you with the requested information, (iv) pursuing our legitimate business interests, (v) enforcing our rights, preventing fraud, and security purposes, (vi) carrying out our contractual obligations, (vii) law enforcement purposes, or (viii) if you provide your prior consent to such a disclosure.
List of data processors.
The data processors that we choose agree to ensure an adequate level of protection of personal data that is consistent with this Privacy Policy and the applicable data protection laws. The following data processors will have access to your personal data for the purposes specified above:
- Our hosting and cloud storage service providers AWS (https://aws.amazon.com) and Google Firebase (https://firebase.google.com) located in the United States;
- Our email service provider SendGrid (https://sendgrid.com);
- Our analytics service provider Google Analytics for Firebase (https://firebase.google.com/docs/analytics) located in the United States; and
- Our independent contractors.
Disclosure of non-personal data.
Your non-personal data, including de-identified personal data, may be disclosed to third parties for any purpose, including but not limited to performing statistical analysis of the aggregated data, including analysis about the behavior of visitors to the Solutions on an aggregated, anonymous basis, or to share such information with third parties. SPARK may share de-identified personal data with pharmaceutical, biotech, and device manufacturers, insurance companies, healthcare providers, medicare, hospital systems, medical schools, medical professional organizations, and other healthcare-focused organizations who provide and develop drugs for patient treatment, approve payment for such treatment, educate healthcare providers, and render other services, such as information processing and assessing the success of certain treatments. SPARK may be compensated by its third-party business partners. We do not give our partners an independent right to share this information. However, due to our contractual obligations with these third parties and the need to share information to deliver and support the Solutions, we cannot provide you with the opportunity to opt-out of sharing de-identified information with these third parties.
Legal requests.
We may access, preserve, and disclose any information we may have about you and the contents of your account if required to do so by law or in a good faith belief that such access, preservation, or disclosure is reasonably necessary to avoid liability, to comply with legal process, such as a search warrant, subpoena, statute, or court order, or to protect our rights and property, or that of our affiliates or the public. SPARK is not required to question or contest the validity of any search warrant, subpoena, or other similar governmental request that it receives.
Successors.
We may also transfer any information in our possession to a third party in the event of a reorganization, sale, merger, or transfer of some or all of our assets to such third party.
International transfers of personal data.
Some of our data processors listed above are located outside the country in which you reside. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based on standard contractual clauses pre-approved by the European Commission).
WE DO NOT SELL OR RENT YOUR PERSONAL DATA. WE DO NOT SHARE YOUR YOUR PERSONAL DATA WITH SOCIAL NETWORKS OR OTHER PUBLIC OR SEMI-PUBLIC PLACES.
Cookies
The Solutions may send "cookies" to your computer or smartphone when you access them. The Solutions use cookies to improve the quality of the Solutions, make recommendations, and make the Solutions easier to use for you.
What is a cookie?
A cookie is a small text file that is recorded either temporarily or persistently on your device and that a website or app operator can use in order to recognize visitors who revisit the website so as to facilitate their ongoing access to and use of such a website. Some cookies may identify you as a unique user and contain certain information about your particular login session and/or your use of the Solutions. There are several types of cookies, namely, (i) persistent cookies, which remain valid until deleted by you, (ii) cookies that remain valid until their expiration date, and (iii) session cookies that are stored on a web browser and remain valid until the moment the browser is closed. Cookies may also be (i) first-party cookies (set by the website itself) and (ii) third-party cookies (placed by third-party websites).
Types of cookies.
Depending on their purpose, cookies can be:
- Technical (strictly necessary) cookies that are essential for ensuring the correct functioning of the Solutions providing the services requested by you;
- Marketing cookies that allow us to create, implement, and examine our marketing campaigns. Such cookies allow us to reach the right customers, analyse the productivity of our marketing campaigns, and offer you personalised advertisement;
- Preference cookies that allow us to save your preferences regarding your use of the Solutions; and
- Statistics cookies that allow us to generate statistical reports about how you use the Solutions.
Cookies that we use.
The Solutions use the following cookies:
- On the App, we do not use any cookies.
- On the website www.beaconlearningapp.com, we use the technical (essential) third-party (Google) HTML cookies: ‘rc::a’ (persistent cookie ) and ‘rc::c’ (session cookie). The cookies are used to distinguish between humans and bots in order to make valid reports on the use of the website.
- On the websites www.spark-partners.com and www.sparkcme.org, we use the following cookies:
Google Analytics.
We use Google Analytics to help us understand how you navigate to and through the Solutions. This service helps us evaluate how long customers spend visiting different pages and how often they return to our Solutions. Google Analytics also assists our marketing colleagues to determine the effectiveness of our digital marketing campaigns that feeds into the commercial relationship held with Google. To ensure your privacy, your IP address will be anonymised and Google will not combine your IP address with other information Google holds about you. Thus, Google will not be able to identify you. In certain cases (e.g., when required by law or when third parties conduct services on behalf of Google), Google may transfer the information to third parties. For more information about Google Analytics’ privacy practices, please visit https://policies.google.com/technologies/partner-sites and https://support.google.com/analytics/answer/6004245
You can opt out of Google Analytics HERE.
Cookie consent.
When you visit the Solutions for the first time, we may ask you to provide us with your consent to our use of cookies via a cookie consent banner (e.g., if you are based in the EU). If you do not provide your consent, we will not serve you our marketing or statistics cookies. Please note that we may not be able to provide you with the best possible user experience if not all cookies are enabled.
Disabling cookies.
You may disable cookies in your web browser but doing so will impact the usability of the Solutions and may prevent you from using certain functionalities or Solutions at all. Please note that you cannot disable essential cookies. When we ask you to provide your consent to our use of marketing or statistics cookies, you have the freedom not to provide such consent. If you would like to refuse our use of non-essential cookies, you can do it at any time by declining cookies in your browser or device. For more information, you can consult the cookie management instructions of your browser:
- Apple Safari: https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac
- Google Chrome: https://support.google.com/chrome/answer/95647
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
- Microsoft Edge: https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy
Third-party links.
To the extent the Solutions link to other websites, be sure to review the privacy policies on the websites you are visiting, as many such websites have their own policies regarding cookies and the collection and use of personal data.
Do Not Track signals.
SPARK honors “Do Not Track” signals and does not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Marketing Communication
Newsletters.
We may send you a newsletter to keep you updated about the latest developments related to the Solutions, our new services, additional features of the Solutions and special offers. You will receive our newsletters in the following instances:
- If we receive your express (“opt-in”) consent to receive marketing messages (please note that your voluntary subscription for our newsletters substitutes such consent); or
- We decide to send you information about our new services that are closely related to the services already used by you.
Opt-out.
You can opt-out from receiving marketing messages at any time free of charge by clicking on the “unsubscribe” link contained in any of the newsletters sent to you or by contacting us directly.
Informational notices and updates.
From time to time, we may send you important informational notices, such as service-related, technical or administrative emails, your privacy and security, and other administrative matters. Please note that we will send such notices on an “if-needed” basis and they do not fall within the scope of direct marketing communication that requires your prior consent.
Your Rights
The list of your rights.
Subject to any exemptions provided by law, you may ask us to:
- Get a copy of your personal data that we store;
- Get a list of purposes for which your personal data is processed;
- Rectify inaccurate personal data;
- Move your personal data to another processor;
- Delete your personal data from our systems;
- Object and restrict processing of your personal data;
- Withdraw your consent, if you have provided one; or
- Process your complaint regarding your personal data.
How to exercise your rights?
If you would like to exercise any of your rights listed above or ask your user account to be deleted, please contact us by email at [email protected] and explain in detail your request. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to identify you in our system. We will answer your request within a reasonable time frame but no later than 2 weeks. We may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backups), or for which access is not otherwise required.
Complaints.
If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
Data Retention
We will retain your personal data for as long as it is necessary for its intended purposes, your account is active, or as needed to comply with our legal obligations, resolve disputes, and enforce our agreements. You can ask us to erase or delete all or some of your personal data (e.g. if it is no longer necessary to provide services to you). We may retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms and Conditions, or fulfill your request to “unsubscribe” from further messages from us. We will retain de-personalized information after your account has been closed, but will destroy your personal data when it is no longer needed for the foregoing purposes, or we remove your personal data to render it anonymous.
Protecting Your Privacy
We use reasonable security measures, such as secured networks, strong passwords, encryption, and limited access to your personal data by our staff and contractors, to protect the confidentiality of your personal data under our control. We monitor for and try to prevent security breaches.
Further, in order to comply with Fair Information Practices principles articulated by the Federal Trade Commission (https://www.ftc.gov/reports/privacy-online-fair-information-practices-electronic-marketplace-federal-trade-commission), we will notify you (if you have provided an email address to us) via email within 7 business days, should a data breach occur.
Please note that no data transmission over the Internet and no method of data storage can be guaranteed to be secure. SPARK does not guarantee the security of any of your private transmissions against unauthorized or unlawful interception or access by third parties.
Minors
The Solutions are not intended for use by anyone under the age of 16. If you are under 16, please do not attempt to create an account or send any information about yourself to us, including your name, address, telephone number, or email address. No one under the age of 16 may provide any personal data to us, and we do not knowingly collect personal data from anyone under the age of 16. If we learn that we have collected personal data from a child under age 16 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under the age of 16, please contact us immediately.
Links to Other Websites
The Solutions may link to other websites, many of which have their own policies regarding cookies and the collection and use of personal data. Be sure to review the privacy policy on the website you're visiting.
Privacy Policy Updates
We may need to update our Privacy Policy as technology changes and SPARK evolves. We encourage you to periodically review this page for the latest information on our privacy practices. You can always check the “last updated” date at the top of this document to see when the Privacy Policy was last changed. We will not apply any material changes retroactively to any personal data we collected from you before such changes took effect, without your affirmative consent to do so.
Contact Us
If you have any questions or concerns regarding this Privacy Policy, you should contact us by using the following contact details:
Company: SPARK Healthcare, LLC
Postal address: 380 Riverside Drive, New York, NY, 10025, USA
Email address: [email protected]
Phone number: +1-917-453-0562
Contact forms: https://www.sparkhealthcare.com/contact, https://beaconlearningapp.com/contact-us/, and https://www.sparkcme.org/contact