‍SparkIL Privacy and Data Protection Policy and Notice

Last Updated 2 March 2022

SparkIL (“we”, “our”, “us”) is a non for-profit lending platform for combining Israel engagement and social impact investing, jointly owned by The Jewish Agency for Israel and Ogen (formerly the Israel Free Loan Association).

SparkIL is a peer-to-peer lending platform that provides a meeting place for young social investors from around the world to identify opportunities to assist Israel’s underserved populations and social entrepreneurs by providing them with interest-free social loans (all together the “Services”).

We respect the privacy of our users and we are committed to protect the personal information that you share with us. We are transparent about our practices regarding the information we may collect and use when you use the Services, visit our websites or otherwise engage with us, and describe our practices in this privacy policy.

Individuals making use of these Services are entitled to protection of their data as described in this privacy and data protection policy and notice (the “Privacy Policy”). A User may be either an individual using or interested in using the Services in his private capacity or an entity. This Policy also describes SparkIL’s practices for collecting, using, maintaining and processing information. It also provides notice to you as may be required by the Israel’s Protection of Privacy Law 5741-1981 or the EU’s General Data Protection Regulations (“GDPR“) and other European Economic Area, UK and Swiss data protection law, California’s Consumer Privacy Act (“CCPA“) or other law (applicable law in any given case is the “Data Protection Law“).

Users who wish to engage with us or to use our Services may be asked to provide us with certain information including Personal Data and Sensitive Information as further detailed in this Privacy Policy (“Data”). SparkIL’s use of this Data in connection with the Services will be undertaken in accordance with this Privacy Policy.

Please read the following carefully to understand our practices regarding your Personal Data and how we will treat it.

For the purposes of the GDPR, SparkIL will generally be regarded as a data controller (the “Controller”), and a Business under CCPA.

1. WHICH INFORMATION MAY WE COLLECT?

Data we collect about you prior to, and from, your use of the Services

We collect and process non-identifiable and anonymous information, and also collect several categories of personal data (“Personal Data”), including sensitive personal data (known in the EU as Special Categories of Personal Data) through your use of the Services. This may include your name (first and last), telephone number, email, ID number, name of the organization you represent and your role or job title, your photograph, your bank account and other such payment details, your SparkIL account username and password and usage details, and other information you may choose to provide to us. We may also collect the email addresses of people who communicate with us via email or via messenger services or other social media platforms or create accounts and login credentials.

SparkIL may collect Personal Data about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings or any other data considered as sensitive under applicable law (“Sensitive Personal Data”).

You do not have any legal obligation to provide any information to us. However, we require certain information in order to provide the Services. If you choose not to provide us with certain information, we may not be able to provide you with the Services. 

Social Media: our website may allow Users to connect and share information with various social media platforms, such as Facebook, Google+, YouTube, LinkedIn, Instagram and Twitter. Doing so is at the discretion and responsibility of the Users. These features may require SparkIL to implement cookies, plugins, and/or APIs provided by such social media platforms to facilitate communications and features. We may share information that Users provide or that we may collect about Users of the website with these platforms, and such information becomes subject to their privacy and data policies. SparkIL encourages Users to visit the privacy policies of these platforms for further information.

In addition, by choosing to use any third-party social media platform or choosing to share content or communication with any social media platform, Users allow us to share information with the designated social media platform. We cannot control any policies or terms of such third-party platform. As a result, we cannot be responsible for any use of Users’ information or content by a third-party platform, which Users use at their own risk.

We will never sell your Personal Data to third parties. (for more information see the Section titled: “Sharing Data gathered by SparkIL with third parties”).

2. HOW DO WE COLLECT PERSONAL DATA ON OUR USERS OR USERS OF OUR SERVICES?

There are two main methods we use:

We collect Personal Data through your use of our Website. In other words, when you are using the website or application, we are aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below. This may include technical information and behavioral information such as the User’s Internet protocol (IP) address used to connect your computer to the Internet, your uniform resource locators (URL), operating system, type of browser, browser plug-in types and versions, screen resolution, Flash version, time zone setting, the User’s ‘click-stream’ on the website, the period of time the User visited the website, methods used to browse away from a page. We likewise may place cookies on your browsing devices (see section ‘Cookies’ below).

We collect Personal Data required to provide the Services when you register with us. In addition, we collect your Personal Data, when you provide us such information when filling out forms or by engaging with us for the purpose of using the Services or other correspondences.

We collect your Personal Data on the basis of our legitimate interest to provide the Services to you and to other users in an effort to help Israeli in-need populations and social entrepreneurs. In certain cases, we collect your personal data on the basis of consent. Where this applies, you will be asked if you consent to our processing of your personal data and you may withdraw your consent at any time. 

3. WHAT IS THE PURPOSE OF PERSONAL DATA WE COLLECT?

We will use Personal Data to provide and improve the Services and meet our contractual, ethical and legal obligations, including for example:

• Borrowers (seeking loans to execute social impact projects). 

For creating personal accounts/profiles, filing a loan application to raise money, enabling project pages and amplifying and promoting projects.

• Lenders (interested in supporting social impact projects).

For creating and accessing personal accounts/profiles, enabling lending to projects, sorting/filtering projects based on areas of interest. 

• For administration. 

Approving your project, approving your request to borrow or lend monies, approving loans and set terms, controlling flow of funds from Lenders to Borrowers and back to Lenders, communicating with specific Borrowers and groups of Borrowers. Communicating with specific Lenders and groups of Lenders, and managing Rick Cushions and Trustee accounts.

• to provide you with the information, products and Services that you request from SparkIL;
• Notifying you about changes to our Services;
• Contacting you for the purpose of providing you with technical assistance and other related information about the Services;
• Replying to your queries, troubleshooting problems, detect and protect against error, fraud or other criminal activity;
• Contacting you to inform you of additional services which may be of interest to you. We do this based on our legitimate interests in marketing our services;
• Compliance and audit purposes, such as meeting our reporting obligations in our various jurisdictions, and for crime prevention and prosecution in so far as it relates to our staff, members, facilities etc;
• For security purposes and to identify and authenticate your access to the Services.

Personal Data which you provide us may be combined with personal data which may be provided by other sources, all of which will be used for the purposes set out above. 

4. SHARING DATA GATHERED BY SPARKIL WITH THIRD PARTIES

We may transfer Personal Data to:

Related organizations and affiliates 

SparkIL is jointly owned by The Jewish Agency and Ogen (formerly the Israel Free Loan Association), and may share its information with either of them and their affiliates and sub-contractors.

Third Parties

We transfer personal data to third parties in a variety of circumstances. We endeavor to ensure that these third parties use your data only to the extent necessary to perform their functions, and to have a contract in place with them to govern their processing on our behalf. These third parties may include business partners, suppliers, affiliates, agents and/or sub-contractors for the performance of any contract we enter into with you. They may assist us in providing the Services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, analysing data, providing IT and other support services or in other tasks, from time to time. These third parties may also include analytics and search engine providers that assist us in the improvement and optimisation of our website and our marketing.

We periodically add and remove third party providers. At present our third-party providers to whom we may transfer personal data include also the following: 

• Ministry of Social Affairs
• Ministry of Social Equity
• Israel Voluntarism Council
• Other relevant citizen organizations
• Other relevant Government Offices
• Jewish organizations and / or federations
• Service providers (experts, consultants, app developers / tools)
• Members of the SparkIL Professional Committee
• Google Analytics
• CRM system (Salesforce)
• Website registration system (Form Assembly)

In addition, we may disclose your personal data to third parties: if we are under a duty to disclose or share your personal data in order to comply with any legal or audit or compliance obligation, in the course of any legal or regulatory proceeding or investigation, or in order to enforce or apply the terms of a contract we have with you or for you; or to protect the rights, property, or safety of SparkIL, our staff and Users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.

For avoidance of doubt, SparkIL may transfer and disclose non-personal data to third parties at its own discretion. 

5. WHERE DO WE STORE YOUR DATA?

We may keep Personal Data in a database which will be owned and controlled by the Controller. The Data we collect is hosted on internal data centres and Cloud: Microsoft Azure, Salesforce, Magic.

6. INTERNATIONAL DATA TRANSFERS

Personal Data may be transferred to, and stored and used at, a destination outside the European Economic Area (EEA) that may not be subject to equivalent Data protection laws to those of the EU. Where your Data is transferred outside of the EEA, we will take all steps reasonably necessary to ensure that your Data is subject to appropriate safeguards, and that it is treated securely and in accordance with this Privacy Policy. SparkIL transfers data to other jurisdictions as follows:

• To Israel. SparkIL headquarters are based in Israel. Israel is considered by the European Commission to offer an adequate level of protection for the personal data of EU Member State residents;
• To the United States of America; where we transfer personal data of European persons to the USA, we will do so pursuant to one of the bases described in EU data protection laws, such as standard contractual clauses etc.  
• Within the EU.

We may transfer your personal data outside of the EEA, in order to:

• Store or backup the information;
• Enable us to provide you with the Services and fulfil our contract with you;
• Fulfil any legal, audit or compliance obligations which require us to make that transfer;
• Facilitate the operation of our organization, where it is in our legitimate interests and we have concluded these are not overridden by your rights;
• To offer our Services across multiple jurisdictions; and
• To operate our organization and affiliates in an efficient and optimal manner.

7. MODIFICATION OR DELETION OF PERSONAL DATA GATHERED BY SPARKIL

Users may have a legal right under certain applicable laws (for instance if the User is in the EU) to receive, rectify, erase, and restrict Personal Data about them that is held by us, to object to processing and, if processing occurs based on consent, to withdraw their consent

If, for any reason, a User wishes to modify, delete or retrieve their Personal Data, they may do so by contacting SparkIL [Support@SparkIL.org]. SparkIL shall perform the necessary process to identify the User as a User who has the right to retrieve the specific information and then furnish the data required to be amended, deleted or retrieved together with a specific identification of the User and data. 

Please note that Personal Data may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Data, depending on technical commercial capability. Such information may continue to be used by SparkIL for the purpose of operating the Services. 

8. DATA RETENTION

SparkIL will retain data it processes only for as long as required to provide the Services and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements. Data will be kept in accordance with applicable best business practices and legal obligations.

Please note that some data will not be deleted and shall be kept in an anonymized manner. Some metadata and statistical information concerning the use of the Services are not subject to the deletion procedures in this policy and may be retained by SparkIL. We will not be able to identify you from this data. Some data may also be retained on our third-party service providers’ servers until deleted in accordance with their privacy policy and their retention policy.

9. WEBSITE DATA COLLECTION AND COOKIES

When you access or use our Services, We may use industry standard technologies such as Cookies, pixels and similar technologies, which store certain information on your computer or browsing device and which will allow us to identify the computer or device with the user, and to enable automatic activation of certain features, and make your Service experience much more convenient and effortless. We use different types of Cookies: some cookies are strictly necessary, they are required for the operation of our Site and under our terms with you; this includes for example, cookies that enable you to log into secure areas of our Service. We also use analytical and performance monitoring cookies, which allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. Finally, we use functionality cookies which are used to recognise you when you return to our Site. This enables us, subject to personalise content to your preferences, including for example, your choice of language or region.

Different cookies are kept for different periods. Session cookies are used to keep track of your activities online in a given browsing session; these cookies generally expire when the browser is closed but may be retained for a period on your device. Permanent cookies remain in operation even when you have closed the browser; they are used to remember your login details and password. Third-party cookies are installed by third parties with the aim of collecting certain information to research behaviour, demographics. Third party cookies on our site include, for example, Google Analytics. Likewise, pixels from Facebook and others enable integration of third party service providers (eg Facebook, Twitter) on our site. Third party cookies will be retained according to the terms of those third parties, and you can control those cookies in your browser settings. 

We use Cookies and other technologies on the basis that it is in our legitimate interests and these are not overridden by your rights.

Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience on our website will be limited.

How to disable cookies: The effect of disabling cookies depends on which cookies you disable but, in general, the website and some services delivered through it may not operate properly, may not recognize your device, may not remember your preferences and so on, if cookies are disabled or removed. However, allowing or disabling cookies is your choice and in your control. If you want to disable cookies on our site, you need to change your browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies can be found here: Internet Explorer, Google Chrome, Firefox, Safari.

Our website may, from time to time, contain links to external sites. We are not responsible for the operation, privacy policies or the content of such sites.

10. SECURITY AND STORAGE OF INFORMATION

We take great care in implementing, enforcing and maintaining the security of the personal data we process. SparkIL endeavors to implement, enforce and maintain security measures, technologies and policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of Personal Data. We likewise take steps to monitor compliance of such policies on an ongoing basis. Where we deem it necessary in light of the nature of the data in question and the risks to data subjects, we may encrypt data. Likewise, we take industry standard steps to ensure our website is safe.

Note however, that no data security measures are perfect or impenetrable, and we cannot guarantee that unauthorized access, leaks, viruses and other data security breaches will never occur.

Within SparkIL, we endeavor to limit access to Personal Data to those of our personnel who: (i) require access in order for SparkIL to fulfil its obligations under this Privacy Policy and its agreements and (ii) have been appropriately and periodically trained on the requirements applicable to the processing, care and handling of the Personal Data (iii) are under confidentiality obligations as required under applicable law. We take steps to ensure that its staff who have access to Personal Data are honest, reliable, competent and trained.

SparkIL shall act in accordance with its policies to promptly notify the relevant authorities and data subjects in the event that any Personal Data processed by SparkIL is lost, stolen, or where there has been any unauthorized access to it, all in accordance with applicable law and on the instructions of qualified authority. We shall promptly take reasonable remedial measures.

11. DATA SUBJECT RIGHTS

Data subjects, have rights under GDPR and local laws, including, in different circumstances, rights to: access data, rectify data, object to processing, and erase data. It is clarified for the removal of doubt, that data subject rights cannot be exercised in a manner inconsistent with the rights of SparkIL’s employees, with our proprietary rights, and third party rights. As such, job references, reviews, internal notes and assessments, documents and notes including proprietary information or forms of intellectual property, cannot be accessed or erased or rectified. In addition, these rights may not be exercisable where they relate to data that is not in a structured form, for example emails, or where other exemptions apply. If processing occurs based on consent, data subjects have a right to withdraw their consent. 

If, for any reason, a data subject wishes to exercise these rights and modify, delete or retrieve their Personal Data, they may be able to do so by contacting SparkIL [Support@SparkIL.org]. Note that we may have to undertake a process to identify a data subject exercising their rights. SparkIL may keep details of such rights exercised for its own compliance and audit requirements. Please note that Personal Data may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Data, depending on technical commercial capability. Such information may continue to be used by SparkIL.

12. GENERAL

SparkIL aims to process only adequate, accurate and relevant data limited to the needs and purposes for which it is gathered. It also aims to store data for the time period necessary to fulfil the purpose for which the data is gathered. We only collect data in connection with a specific legitimate purpose and only processes data in accordance with this Privacy Policy.

In the event of any concerns about data protection practices at SparkIL, you may contact our Data Protection Officer at [arye@myedpo.com]. EU persons have the right to lodge a complaint with a supervisory authority.

13. MINORS

We do not knowingly collect or solicit information or data from or about children under the age of 16 or knowingly allow children under the age of 16 to register for our Services. If you are under 16, do not register or attempt to register for any of SparkIL Services or send any information about yourself to us. If we learn that we have collected or have been sent Personal Data from a child under the age of 16, we will delete that Personal Data as soon as reasonably practicable without any liability to SparkIL. If you believe that we might have collected or been sent information from a minor under the age of 16, please contact us at: [Support@SparkIL.org] as soon as possible.

14. CHANGES TO THIS PRIVACY POLICY

The terms of this Privacy Policy will govern the use of the services, website and any information collected in connection with them. SparkIL may amend or update this Privacy Policy from time to time. The most current version of this Privacy Policy will be available at: [https://sparkil.org/en/privacy-policy]. Changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of Services will constitute your recognition and acceptance of the Privacy Policy’s governing your personal data at SparkIL.

If you have any reasonable questions or comments concerning this Privacy Policy, you are welcome to send us an email or otherwise contact us at [Support@SparkIL.org] and if we can help, we will make an effort to reply within a reasonable timeframe.