Privacy Notice
Updated May 2026
Introduction
Sparkline Advisory Ltd is committed to protecting your privacy and handling your personal data responsibly and transparently. This notice explains what personal data we collect, why we collect it, how we use it, and what rights you have in relation to it.
This notice applies to all individuals whose personal data we process, including visitors to our website, clients, prospective clients, newsletter subscribers, and purchasers of our digital products and services.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who we are
Sparkline Advisory Ltd is the data controller for the personal data described in this notice. This means we determine the purposes and means of processing your personal data and are responsible for handling it lawfully.
- Company name: Sparkline Advisory Ltd
- Company number: 17164009
- Registration: Registered in England and Wales
- Registered office: Piccadilly Business Centre, Unit C, Aldow Enterprise Park, Blackett Street, Manchester, M12 6AE
- Data protection contact: dataprotection@sparklineadvisory.com
We are registered with the Information Commissioner’s Office (ICO) as a data controller. If you have any questions or concerns about how we handle your personal data, please contact us at the email address above.
What personal data we collect and why
The table below sets out the personal data we collect, the purpose for which we collect it, the legal basis we rely on, and how long we keep it. We only collect personal data that is necessary for the purposes described.
Website visitors
| Processing activity | Personal data involved | Legal basis | Retention period |
| Website analytics | IP address (anonymised), browser type, device type, pages visited, time on site, referral source | Legitimate interests – understanding how our website is used so we can improve it | 26 months (Google Analytics retention setting) |
| Cookie consent management | Record of your consent choices and timestamp | Legal obligation – to demonstrate compliance with UK GDPR consent requirements | 12 months |
Enquiries and contact
| Processing activity | Personal data involved | Legal basis | Retention period |
| Responding to a contact form submission or direct enquiry | Name, email address, organisation (if provided), and the content of your message | Legitimate interests – responding to enquiries from prospective clients and other contacts | 3 years from last contact, or until you ask us to delete it |
| Managing our relationship with prospective clients | Name, job title, organisation, email address, phone number, notes from conversations | Legitimate interests – developing and maintaining business relationships | 3 years from last contact |
Clients
| Processing activity | Personal data involved | Legal basis | Retention period |
| Delivering consultancy services | Name, job title, organisation, email address, phone number, and any personal data included in project materials or communications | Contract – processing is necessary to perform the contract between us | 6 years from end of engagement (for legal and accounting purposes) |
| Invoicing and financial records | Name, organisation, email address, postal address, invoice and payment records | Legal obligation and contract – required for accounting and tax purposes | 6 years from the end of the relevant financial year |
Digital Product Purchasers
| Processing activity | Personal data involved | Legal basis | Retention period |
| Processing a purchase of a digital product or online course | Name, email address, billing address, and payment information (processed directly by Stripe – we do not store card details) | Contract – processing is necessary to fulfil your purchase | 6 years from the date of purchase |
| Managing a website account (where created) | Name, email address, username, purchase history | Contract – necessary to provide account access and order history | For as long as the account is active, plus 2 years |
Newsletter Subscribers
| Processing activity | Personal data involved | Legal basis | Retention period |
| Sending our newsletter and related email communications | Name (where provided) and email address | Consent – you have actively subscribed and can withdraw consent at any time | Until you unsubscribe or ask us to remove your data |
| Monitoring newsletter engagement | Email open rates, click rates, and unsubscribe actions (reported in aggregate or per subscriber by MailerLite) | Legitimate interests – understanding what content is useful to our audience so we can improve it | For the duration of your subscription |
To subscribe to our newsletter you must actively opt in. We will never add you to our mailing list without your consent. You can unsubscribe at any time by clicking the unsubscribe link in any of our emails or by contacting us directly.
Special category data
We do not intentionally collect or process special category personal data (such as health information, racial or ethnic origin, religious beliefs, or biometric data) in the course of our normal business activities.
If you share special category data with us in the course of a consultancy engagement, we will handle it with appropriate care and in accordance with a data processing agreement where applicable.
Who we share your data with
We share personal data only where necessary. We do not sell your personal data to third parties. The organisations listed below process personal data on our behalf as data processors, or receive data as data controllers in their own right.
| Organisation | Role | Country | Transfer safeguard |
| WP Engine, Inc. | Website hosting provider | USA | Standard contractual clauses (SCCs) and Data Privacy Framework participation |
| Google LLC | Website analytics (Google Analytics) | USA | Standard contractual clauses and EU-US Data Privacy Framework participation |
| MailerLite UAB | Newsletter platform | Lithuania (EEA) | EEA-based; no restricted transfer |
| Stripe, Inc. | Payment processing for digital products | USA | Standard contractual clauses and EU-US Data Privacy Framework participation |
| CookieYes Ltd | Cookie consent management | UK | UK-based; no restricted transfer |
| FreeAgent (Sage) | Cloud accounting software | UK | UK-based; no restricted transfer |
We may also disclose personal data where required to do so by law, by a court order, or by a regulatory authority.
International data transfers
Some of our third-party service providers are based outside the UK. Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place to protect your data to a standard equivalent to that required under UK GDPR.
The primary safeguards we rely on are:
- Standard contractual clauses (SCCs) approved by the UK Information Commissioner.
- Participation in the EU-US Data Privacy Framework or equivalent international data transfer agreement.
You can request further information about the specific safeguards in place for any transfer by contacting us at dataprotection@sparklineadvisory.com.
How we protect your data
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These include:
- Use of reputable, security-accredited hosting and software providers.
- Encryption of data in transit (HTTPS) across our website.
- Access controls limiting who can access personal data within our systems.
- Payment card data is never stored by us – all payment processing is handled directly by Stripe.
- Regular review of our data protection practices.
No method of transmission over the internet or electronic storage is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.
How long we keep your data
We retain personal data only for as long as necessary for the purposes for which it was collected, taking into account our legal obligations and legitimate business needs. Retention periods are set out in the processing activities table above.
The key principles we apply are:
• Client and financial records are retained for 6 years following the end of the relevant engagement or financial year, in accordance with HMRC requirements and the Limitation Act 1980.
• Newsletter subscriber data is retained for as long as you remain subscribed. If you unsubscribe, we will remove your data from our active mailing list promptly.
• Website analytics data is retained for 26 months, in line with Google Analytics settings.
• Enquiry and contact data is retained for 3 years from last contact, or until you ask us to delete it.
When personal data is no longer required, we delete or anonymise it securely.
Automated decision-making and profiling
We do not carry out any automated decision-making or profiling that produces legal or similarly significant effects on individuals. Decisions about how we engage with clients, prospects, and subscribers are made by a human being.
Your rights
Under UK GDPR, you have the following rights in relation to your personal data. Some rights apply in all circumstances; others apply only in certain situations or where a specific legal basis is relied upon.
| Right | What it means |
| Right of access | You can request a copy of the personal data we hold about you (a subject access request). |
| Right to rectification | You can ask us to correct personal data that is inaccurate or incomplete. |
| Right to erasure | In certain circumstances, you can ask us to delete your personal data. |
| Right to restrict processing | You can ask us to pause or limit how we use your personal data in certain circumstances. |
| Right to object | You can object to processing based on legitimate interests or direct marketing. We must stop processing unless we can demonstrate compelling grounds. |
| Right to data portability | Where processing is based on consent or contract, you can ask us to provide your data in a structured, machine-readable format. |
| Right to withdraw consent | Where we rely on consent as the legal basis for processing (such as the newsletter), you can withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal. |
| Right to lodge a complaint | If you are unhappy with how we have handled your personal data, you can complain to the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113. |
To exercise any of these rights, please contact us at dataprotection@sparklineadvisory.com. We will respond within one calendar month. We may ask you to verify your identity before acting on your request.
Cookies
Our website uses cookies. Cookies are small text files placed on your device that help us operate the site, understand how it is used, and (with your consent) provide additional functionality such as analytics and newsletter forms.
You can manage your cookie preferences at any time via the “Manage cookies” link in the footer of our website. For full details of the cookies we use, please see our Cookie Policy.
Links to other websites
Our website may contain links to third-party websites, resources, and tools. We are not responsible for the privacy practices of those websites and encourage you to read their privacy notices before providing any personal data to them.
Children’s data
Our website and services are directed at business professionals and are not intended for use by children under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data about a child, please contact us and we will delete it promptly.
Changes to this notice
We review this privacy notice periodically and may update it to reflect changes in our practices, technology, or legal requirements. The date at the top of this page indicates when it was last updated.
Where changes are significant, we will notify active newsletter subscribers by email and display a prominent notice on our website. We encourage you to check this page from time to time.
Accessibility
If you require this privacy notice in an alternative format, please contact us at dataprotection@sparklineadvisory.com and we will do our best to accommodate your needs.
Contact us
If you have any questions, concerns, or requests relating to this privacy notice or the way we handle your personal data, please get in touch:
- Company: Sparkline Advisory Ltd
- Company number: 17164009
- Postal address: Piccadilly Business Centre, Unit C, Aldow Enterprise Park, Blackett Street, Manchester, M12 6AE
- Email: dataprotection@sparklineadvisory.com
We aim to respond to all enquiries within five working days. If you wish to make a formal subject access request or exercise another data right, we will respond within one calendar month of receiving your request.
If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office:
- Website: ico.org.uk
- Telephone: 0303 123 1113
- Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF