Data Privacy Policy

1. Introduction

Sparkz Electric Ltd. (“we”, “us”, “our”) takes the privacy of our customers, prospective customers, suppliers and visitors seriously. This policy explains what personal data we collect about you, how we use it, who we share it with, how long we keep it, and the rights you have over your data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to personal data we collect through our website, our enquiry and quoting process, our service delivery (domestic, commercial and industrial electrical work), our invoicing and our day-to-day operations.


2. Who we are — Data Controller

For the purposes of UK data protection law, the Data Controller for the personal data described in this policy is:

•      Sparkz Electric Ltd.

•      Registered office: 14 Rowan Close, Killay, Swansea, Wales, SA2 7DW

•      Companies House registered number: 15415122

•      Email: info@sparkzelectric.co.uk

•      Phone: 07466 499235

Day-to-day responsibility for data protection within Sparkz Electric Ltd. rests with our Data Protection Lead, who can be contacted using the details above. We are not currently required to register a Data Protection Officer, but data protection enquiries are handled by the Director, Samuel Parker.


3. What personal data we collect

Depending on your relationship with us, we may collect and use the following categories of personal data:

3.1 Identity and contact data

•      Name, title and (where relevant) job title or role.

•      Postal address (including site address where this differs from the billing address).

•      Email address(es) and phone number(s).

3.2 Job and service data

•      Details of the work you have asked us to quote for or carry out.

•      Site access notes (for example key safe codes, parking instructions, vulnerable occupants), where you choose to share them.

•      Photographs and videos of the work site and completed work, captured for our records, for quoting, for issuing certificates and for evidence of completion.

•      Electrical certificates and reports (for example EICR, Minor Works, Electrical Installation Certificates) which by their nature record the address and identifying details of the installation.

3.3 Financial data

•      Quote, invoice and payment information.

•      Bank details only where you choose to pay by bank transfer, or where you provide them to us for a refund — we do not store payment card details.

3.4 Communications data

•      Records of emails, calls, voicemails, text messages and messaging-app conversations with you.

•      Feedback, reviews and testimonials you provide.

3.5 Website and marketing data

•      Information you submit through any contact or enquiry form on our website.

•      Limited technical data (for example IP address, browser type, pages visited) collected via cookies and similar technologies — see section 9 below.

•      Your communication preferences if you opt in to marketing.


4. How we collect your data

We collect personal data:

•      Directly from you when you contact us by phone, email, text/WhatsApp, social media or through our website.

•      During a site visit, survey or quote, including from photographs and notes we take.

•      From your representative (for example a letting agent, family member, contractor or property manager) where they are dealing with us on your behalf.

•      From publicly available sources where appropriate (for example Companies House or your business website) for business customers.

•      From third-party platforms (for example online review sites) when you leave a review about us.


5. Why we use your data and our lawful basis

Under the UK GDPR we must have a lawful basis to use your personal data. We rely on the following lawful bases, depending on the purpose:

5.1 Performance of a contract (Article 6(1)(b))

To prepare quotes, schedule and carry out electrical work, issue certificates, take payment and provide after-sales support to customers who have engaged us.

5.2 Legitimate interests (Article 6(1)(f))

To respond to enquiries, to follow up on quotes, to keep records of work we have done, to defend against and pursue legal claims, to recover unpaid invoices, to keep customers informed about works in progress, to improve our service, and to keep our business safe and operating efficiently. When relying on legitimate interests, we balance our interests against your privacy rights.

5.3 Legal obligation (Article 6(1)(c))

To comply with legal duties placed on us as an electrical contractor and as a UK company — including notifying competent person schemes and Local Authority Building Control where applicable, keeping accounting and tax records, and meeting health and safety, employment and consumer-law obligations.

5.4 Consent (Article 6(1)(a))

Where required, for example to send you marketing by email or SMS where the law requires opt-in consent, to use non-essential cookies on our website, or to use your photograph or testimonial in our marketing materials. You can withdraw consent at any time without affecting earlier processing.

5.5 Vital interests (Article 6(1)(d))

In rare cases, to protect someone's life — for example if we identify an immediate electrical safety risk on site that needs to be reported to the relevant authority or building occupier.


6. Who we share your data with

We share personal data only when necessary and with appropriate safeguards. The categories of recipient include:

•      Our employees, contractors and engineers, on a need-to-know basis to deliver the service.

•      Our IT, hosting, website, cloud-storage, accounting, invoicing, scheduling, payments and communications providers, who act as processors on our behalf under written contracts.

•      Competent person schemes and Local Authority Building Control, where notification of certain electrical work is legally required.

•      Our professional advisers, including accountants, insurers and lawyers, where reasonably necessary.

•      Government bodies and regulators (for example HMRC, the Health and Safety Executive, the Information Commissioner's Office) where required by law.

•      Buyers or successors if our business or part of it is sold, transferred or merged.

We do not sell your personal data to third parties for marketing purposes.


7. International transfers

Most of our processing happens in the United Kingdom. Some of our service providers (for example cloud-based email, accounting or file-storage services) may transfer or store data outside the UK. Where this happens, we make sure that an appropriate safeguard is in place, such as the UK addendum to the EU Standard Contractual Clauses, the UK International Data Transfer Agreement, or transfer to a country that the UK government has decided provides an adequate level of protection.


8. How long we keep your data

We keep personal data only for as long as we need it for the purposes set out in this policy or for as long as the law requires. Our typical retention periods are:

•      Enquiries that do not become jobs: up to 12 months, then deleted.

•      Customer job records, certificates, invoices and related correspondence: at least 6 years from the date of the work, in line with HMRC and tax record-keeping requirements, and longer where statutory limitation periods or product/installation warranties may require it.

•      Health and safety records (including site assessments and incident reports): in line with applicable health and safety law.

•      Complaints records: up to 6 years from the date the complaint was closed.

•      Marketing data: until you opt out or, if you do not engage, for up to 24 months from the last contact.

At the end of the relevant retention period, we securely delete or anonymise the personal data so that you can no longer be identified from it.


9. Cookies and similar technologies

Our website uses a small number of cookies to help it function and to allow us to understand how visitors use it. Strictly necessary cookies are used without consent because they are essential to the operation of the site. Analytics, marketing and other non-essential cookies are only set with your consent through the cookie banner shown the first time you visit the site. You can change your cookie choices at any time by clearing your cookies and revisiting the site or by using the controls in your browser.


10. Your rights under the UK GDPR

Subject to certain conditions and exemptions in data protection law, you have the following rights:

•      Right to be informed — about how we use your data (this policy is part of that).

•      Right of access — to ask for a copy of the personal data we hold about you.

•      Right to rectification — to ask us to correct inaccurate or incomplete data.

•      Right to erasure — to ask us to delete data in certain circumstances (sometimes called the right to be forgotten).

•      Right to restriction — to ask us to limit our use of your data in certain circumstances.

•      Right to data portability — to receive certain data in a structured, machine-readable format or to ask us to transfer it to another controller.

•      Right to object — to certain processing, including direct marketing and processing based on legitimate interests.

•      Rights related to automated decision-making — we do not currently take automated decisions that produce legal or similarly significant effects on you.

•      Right to withdraw consent — at any time where we rely on your consent.

To exercise any of your rights, please contact us using the details in section 12. We will usually respond within one (1) calendar month. We may need to verify your identity before responding. There is normally no charge, but we may charge a reasonable fee or refuse to act on a request if it is manifestly unfounded or excessive.


11. How we keep your data safe

We use appropriate technical and organisational measures to protect personal data from unauthorised access, accidental loss, disclosure, destruction or alteration. These include access controls on our systems, encryption in transit, password discipline, secure backups, staff training and contractual safeguards with our processors. Despite our best efforts, no system is completely secure; if we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it and, where the risk is high, we will also notify the affected individuals without undue delay.


12. Contact us and how to complain

Please contact us in the first instance if you have any questions about this Privacy Policy or about how we handle your personal data:

•      Email: info@sparkzelectric.co.uk

•      Phone: 07466 499235

•      Post: Data Protection Lead, Sparkz Electric Ltd., 14 Rowan Close, Killay, Swansea, Wales, SA2 7DW

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

•      Website: https://ico.org.uk/make-a-complaint

•      Helpline: 0303 123 1113

•      Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

You can also see our Complaints Policy for full details of our internal complaints process, including data protection complaints.


13. Changes to this policy

We review this Privacy Policy at least once every twelve (12) months, and sooner where there is a material change in the law, in our processes, or in the categories of data we collect. The current version is always available on our website, and we will tell customers about significant changes by email or with a notice on our website.

Ready to Work with Sparkz?

Get in touch today for a free, no-obligation quote for commercial, industrial or domestic electrical services.