Sparkrock

Privacy Policy

Last Updated: February 12th, 2025 

Introduction 

Welcome to Sparkrock Edsembli Inc. (“we,” “our,” or “the Company”). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with applicable privacy laws, including both private sector privacy legislation (such as PIPEDA) and public sector privacy laws applicable to K-12 educational institutions.

Scope 

This Privacy Policy applies to all personal information collected, used, or disclosed by Sparkrock Edsembli Inc. through our services, websites, applications, and interactions with our clients, including both private and public sector organizations. This includes our cloud-based Enterprise Resource Planning (ERP) solutions and related services for educational institutions and nonprofit organizations. 

Terms not otherwise defined herein shall have the meaning ascribed to such term in the General Terms and Conditions.

Definitions

Customer” means the party that has entered into the Services Agreement with Sparkrock Edsembli Inc.  for the provision of Hosted Services.

“Data Subject” The individual to whom personal information relates 

Individual” means a person from whom Personal Information is being collected.

“Personal Information” Any information about an identifiable individual 

Privacy Legislation” means the privacy and personal information statutes, rules or regulations applicable to the Services Agreement or the relationship between the Parties.

“Processing” Any operation performed on personal information 

"Record" means any hard copy document or any data in a machine-readable format containing Personal Information.

“Sensitive Information” Personal information that requires special protection 

“Service Providers” Third parties who process information on our behalf 

Jurisdiction and Regulatory Compliance 

We operate in Canada and the United States, and comply with applicable privacy laws including: 

Canada 

  • Personal Information Protection and Electronic Documents Act (PIPEDA) 

  • Provincial private sector privacy laws (e.g., Alberta PIPA, BC PIPA, Quebec Law 25) 

  • Provincial public sector privacy laws (e.g., FIPPA, MFIPPA) 

  • Provincial education acts and related regulations 

United States 

  • Family Educational Rights and Privacy Act (FERPA) 

  • Children’s Online Privacy Protection Act (COPPA) 

  • State-specific privacy laws where applicable 

  • State-specific education privacy laws 

Data Storage and Processing Locations 

Our primary data centers are located in Canada. For Canadian customers, all personal information is stored and processed within Canada unless explicitly agreed otherwise. For US customers, data is stored and processed in compliance with applicable US federal and state regulations. 

Types of Personal Information We Collect 

We collect various types of personal information, including but not limited to: 

Basic Information 

  • Names and contact information 

  • Addresses 

  • Email addresses 

  • Phone numbers 

  • Employment information 

Sensitive Information 

  • Social Insurance Numbers (when required for payroll and tax purposes) 

  • Medical records and health information (for benefits administration) 

  • Financial information and bank records (for payroll and payment processing) 

  • Educational records (including student information and academic records) 

  • Employment history and performance records 

  • Background check information (where permitted by law) 

  • Diversity and inclusion information (on a voluntary basis) 

Technical Information 

  • IP addresses and device information 

  • Browser type and version 

  • Operating system information 

  • Login credentials and access logs 

  • Usage data and analytics 

  • Cookies and similar tracking technologies 

How We Collect Personal Information 

We collect personal information through: - Direct interactions with you - Our software applications and services - Forms and documentation - Our website and online platforms - Third-party service providers - Our clients (including educational institutions) 

Additional collection methods: - Automated data collection through our software - Integration with authorized third-party systems - Public records and publicly available information - Customer support interactions - Security and access monitoring systems 

Purposes for Collection, Use, and Disclosure 

We collect, use, and disclose personal information for the following purposes: 

  1. To provide our services and products 

  2. To manage client relationships 

  3. To process payments and transactions 

  4. To maintain business records 

  5. To comply with legal and regulatory requirements 

  6. To improve our services and products 

  7. To communicate with you about our services 

  8. To protect against fraud and error 

Additional purposes: 9. To provide technical support and troubleshooting 10. To conduct system maintenance and upgrades 11. To generate aggregated analytics and reports 12. To comply with audit requirements 13. To respond to security incidents 14. To fulfill contractual obligations with our clients 

Consent 

We obtain consent for the collection, use, and disclosure of personal information in various ways: 

  • Express consent (verbal, written, or electronic) 

  • Implied consent (when reasonably implied from actions or inactions) 

  • As required or permitted by law 

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. 

Information Security 

We implement appropriate technical and organizational measures to protect personal information, including: 

  • Encryption of sensitive data 

  • Secure server infrastructure 

  • Access controls and authentication 

  • Regular security assessments 

  • Employee training on privacy and security 

  • Physical security measures 

Additional measures: - Regular penetration testing and vulnerability assessments - Incident response procedures - Data backup and disaster recovery plans - Third-party security audits - Data loss prevention controls - Network monitoring and threat detection 

Data Retention 

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law. When personal information is no longer required, it is securely destroyed or anonymized. 

Your Rights 

You have the right to: 

  1. Access your personal information 

  2. Request corrections to your personal information 

  3. Withdraw consent (where applicable) 

  4. File a complaint about our privacy practices 

  5. Request information about our privacy practices 

Special Considerations for Public Sector Clients 

For personal information collected from or on behalf of public sector clients (including K-12 schools): 

  • We comply with applicable public sector privacy laws 

  • We follow specific data handling requirements as required by public institutions 

  • We maintain additional security measures as required by public sector privacy laws 

  • We assist public sector clients in fulfilling their privacy obligations 

Additional considerations: - Compliance with Freedom of Information and Protection of Privacy Act (FIPPA) - Adherence to Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) - Implementation of specific data residency requirements - Support for privacy impact assessments - Specialized access controls for educational records - Compliance with student data protection regulations 

Data Sharing and Third Parties 

We may share personal information with: - Service providers who assist in operating our business - Professional advisors (e.g., auditors, lawyers) - Government authorities when required by law - Educational institutions as necessary for service delivery - Payment processors for transaction processing - Cloud infrastructure providers 

All third parties are contractually bound to protect personal information and use it only for specified purposes. 

International Data Transfers 

If we transfer personal information across borders, we ensure appropriate safeguards are in place and comply with applicable laws and regulations. 

Cross-Border Data Transfers 

For transfers of personal information between Canada and the United States: 

  • We ensure compliance with PIPEDA’s requirements for cross-border transfers 

  • We implement appropriate data transfer agreements 

  • We maintain transparency about data storage locations 

  • We obtain necessary consents for cross-border transfers 

  • We ensure equivalent levels of protection in both jurisdictions 

Provincial and State-Specific Requirements 

Canadian Provinces 

  • Quebec: We comply with Law 25 requirements including mandatory breach reporting and privacy impact assessments 

  • Alberta/BC: We follow specific consent and notification requirements 

  • Ontario: We adhere to FIPPA/MFIPPA requirements for public sector clients 

US Requirements 

  • We maintain FERPA compliance for educational institutions 

  • We implement state-specific privacy requirements where applicable 

  • We follow state-specific breach notification requirements 

Special Considerations for Educational Institutions 

For educational institutions in both Canada and the US: 

  • We maintain compliance with FERPA (US) and provincial education privacy laws (Canada) 

  • We implement specific data handling protocols for student information 

  • We provide necessary tools for institutions to fulfill their regulatory obligations 

  • We support compliance with provincial/state education privacy requirements 

  • We maintain appropriate security measures for educational records 

Changes to This Privacy Policy 

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, sending you a direct notification. 

Contact Us 

If you have questions about this Privacy Policy or our privacy practices, please contact our Privacy Officer: 

Privacy Officer
Sparkrock Edsembli Inc
Email: privacy@sparkrock.com

Governing Law 

This Privacy Policy is governed by and interpreted in accordance with the laws of Ontario, Canada, and applicable Canadian federal laws. For US customers, additional US federal and state laws may apply to their specific circumstances. 

Children’s Privacy 

We recognize the sensitivity of children’s personal information and implement additional safeguards when processing such information. We only collect children’s personal information: - With appropriate parental or guardian consent - As required by our educational institution clients - In compliance with applicable children’s privacy laws.

Are you ready to spark change?

With Sparkrock 365, you'll have the tools to manage your finances and workforce more efficiently so you can focus on what you do best. Go from paper-based processes to intelligent online workflows, and access the data you need to make a real difference in your community.
book a demo
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram