Privacy Policy

Introduction  

Welcome to Sparkrock Edsembli Inc. (“we,” “our,” or “the Company”). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with applicable privacy laws, including both private sector privacy legislation (such as PIPEDA) and public sector privacy laws applicable to K-12 educational institutions. 

Scope  

This Privacy Policy applies to all personal information collected, used, or disclosed by Sparkrock Edsembli Inc. through our services, websites, applications, and interactions with our clients, including both private and public sector organizations. This includes our cloud-based Enterprise Resource Planning (ERP) solutions and related services for educational institutions and nonprofit organizations.  

Terms not otherwise defined herein shall have the meaning ascribed to such terms in the General Terms and Conditions. 

Definitions 

“Customer” means the party that has entered into the Services Agreement with Sparkrock Edsembli Inc.  for the provision of Hosted Services. 

“Data Subject” The individual to whom personal information relates  

“Individual” means a person from whom Personal Information is being collected. 

“Personal Information” Any information about an identifiable individual  

“Privacy Legislation” means the privacy and personal information statutes, rules or regulations applicable to the Services Agreement or the relationship between the Parties. 

“Processing” Any operation performed on personal information  

“Record” means any hard copy document or any data in a machine-readable format containing Personal Information. 

“Sensitive Information” Personal information that requires special protection  

“Service Providers” Third parties who process information on our behalf  

Jurisdiction and Regulatory Compliance  

We operate in Canada and the United States, and comply with applicable privacy laws including:  

Canada  

• Personal Information Protection and Electronic Documents Act (PIPEDA)  
• Provincial private sector privacy laws (e.g., Alberta PIPA, BC PIPA, Quebec Law 25)  
• Provincial public sector privacy laws (e.g., FIPPA, MFIPPA)  
• Provincial education acts and related regulations  

United States  

• Family Educational Rights and Privacy Act (FERPA)  
• Children’s Online Privacy Protection Act (COPPA)  
• State-specific privacy laws where applicable  
• State-specific education privacy laws  

Data Storage and Processing Locations  

Our primary data centers are located in Canada. For Canadian customers, all personal information is stored and processed within Canada unless explicitly agreed otherwise. For US customers, data is stored and processed in compliance with applicable US federal and state regulations.  

Types of Personal Information We Collect  

We collect various types of personal information, including but not limited to:  

Basic Information  

• Names and contact information
• Addresses  
• Email addresses  
• Phone numbers  
• Employment information  

Sensitive Information  

• Social Insurance Numbers (when required for payroll and tax purposes)  
• Medical records and health information (for benefits administration)  
• Financial information and bank records (for payroll and payment processing)  
• Educational records (including student information and academic records)  
• Employment history and performance records  
• Background check information (where permitted by law)  
• Diversity and inclusion information (on a voluntary basis)  

Technical Information  

• IP addresses and device information  
• Browser type and version  
• Operating system information  
• Login credentials and access logs  
• Usage data and analytics  
• Cookies and similar tracking technologies  

How We Collect Personal Information  

We collect personal information through:

• Direct interactions with you
• Our software applications and services
• Forms and documentation
• Our website and online platforms
• Third-party service providers
• Our clients (including educational institutions)  
• Automated data collection through our software
• Integration with authorized third-party systems
• Public records and publicly available information
• Customer support interactions
• Security and access monitoring systems  

Purposes for Collection, Use, and Disclosure  

We collect, use, and disclose personal information for the following purposes:  

• To provide our services and products 
• To manage client relationships  
• To process payments and transactions  
• To maintain business records  
• To comply with legal and regulatory requirements  
• To improve our services and products  
• To communicate with you about our services  
• To protect against fraud and error
• To provide technical support and troubleshooting
• To conduct system maintenance and upgrades
• To generate aggregated analytics and reports
• To comply with audit requirements
• To respond to security incidents
• To fulfill contractual obligations with our clients

Consent  

We obtain consent for the collection, use, and disclosure of personal information in various ways:  

• Express consent (verbal, written, or electronic)  
• Implied consent (when reasonably implied from actions or inactions)  
• As required or permitted by law  

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice.  

Information Security  

We implement appropriate technical and organizational measures to protect personal information, including:  

• Encryption of sensitive data  
• Secure server infrastructure  
• Access controls and authentication  
• Regular security assessments  
• Employee training on privacy and security  
• Physical security measures  
• Regular penetration testing and vulnerability assessments
• Incident response procedures
• Data backup and disaster recovery plans
• Third-party security audits
• Data loss prevention controls
• Network monitoring and threat detection 

Data Retention  

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law. When personal information is no longer required, it is securely destroyed or anonymized.  

Your Rights  

You have the right to:  

• Access your personal information
• Request corrections to your personal information  
• Withdraw consent (where applicable)
• File a complaint about our privacy practices
• Request information about our privacy practices

Special Considerations for Public Sector Clients  

For personal information collected from or on behalf of public sector clients (including K-12 schools):  

• We comply with applicable public sector privacy laws  
• We follow specific data handling requirements as required by public institutions  
• We maintain additional security measures as required by public sector privacy laws  
• We assist public sector clients in fulfilling their privacy obligations  

Additional Considerations

• Compliance with Freedom of Information and Protection of Privacy Act (FIPPA)
• Adherence to Municipal Freedom of Information and Protection of Privacy Act (MFIPPA)
• Implementation of specific data residency requirements
• Support for privacy impact assessments
• Specialized access controls for educational records
• Compliance with student data protection regulations  

Data Sharing and Third Parties  

We may share personal information with:

• Service providers who assist in operating our business
• Professional advisors (e.g., auditors, lawyers)
• Government authorities when required by law
• Educational institutions as necessary for service delivery
• Payment processors for transaction processing
• Cloud infrastructure providers  

All third parties are contractually bound to protect personal information and use it only for specified purposes.  

International Data Transfers  

If we transfer personal information across borders, we ensure appropriate safeguards are in place and comply with applicable laws and regulations.  

Cross-Border Data Transfers  

For transfers of personal information between Canada and the United States:  

• We ensure compliance with PIPEDA’s requirements for cross-border transfers  
• We implement appropriate data transfer agreements  
• We maintain transparency about data storage locations  
• We obtain necessary consents for cross-border transfers  
• We ensure equivalent levels of protection in both jurisdictions  

Provincial and State-Specific Requirements  

Canadian Provinces  

• Quebec: We comply with Law 25 requirements including mandatory breach reporting and privacy impact assessments  
• Alberta/BC: We follow specific consent and notification requirements  
• Ontario: We adhere to FIPPA/MFIPPA requirements for public sector clients  

US Requirements  

• We maintain FERPA compliance for educational institutions  
• We implement state-specific privacy requirements where applicable  
• We follow state-specific breach notification requirements  

Special Considerations for Educational Institutions  

For educational institutions in both Canada and the US:  

• We maintain compliance with FERPA (US) and provincial education privacy laws (Canada)  
• We implement specific data handling protocols for student information  
• We provide necessary tools for institutions to fulfill their regulatory obligations  
• We support compliance with provincial/state education privacy requirements  
• We maintain appropriate security measures for educational records  

Changes to This Privacy Policy  

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, sending you a direct notification.  

Contact Us  

If you have questions about this Privacy Policy or our privacy practices, please contact our Privacy Officer:  

Privacy Officer 
Sparkrock Edsembli Inc 
Email: privacy@sparkrock.com

Governing Law  

This Privacy Policy is governed by and interpreted in accordance with the laws of Ontario, Canada, and applicable Canadian federal laws. For US customers, additional US federal and state laws may apply to their specific circumstances.  

Children’s Privacy  

We recognize the sensitivity of children’s personal information and implement additional safeguards when processing such information. We only collect children’s personal information:

• With appropriate parental or guardian consent
• As required by our educational institution clients
• In compliance with applicable children’s privacy laws