Collecting and Using Your Personal Data
We collect personal data when you visit our website, request information, correspond with us, participate in events/webinars, apply for roles, or use our products and service.
Types of Data Collected
Personal data (depending on your interactions)
While using or accessing our website, products, and services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:
- Name, email address, phone number, username, and other contact information
- Billing information
- Name and website of a company you are working for, your job title, etc.
- Job application information
- Records of your correspondence with us
- Additional information that are provided through conferences, events, chatbots, social media, or other types of interaction with us.
Usage data
Usage Data is collected automatically when using the website.
Usage Data may include information such as your device's internet protocol address (e.g., IP address), browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the website by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device's unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use, unique device identifiers and other diagnostic data.
We may also collect information that your browser sends whenever you visit our website or when you access the website by or through a mobile device.
Cookies and Tracking Technologies
We use cookies, local storage, pixels, tags, and SDKs (“cookies”) to: (i) run and secure the site, (ii) remember your settings, (iii) measure and improve performance, and (iv) only with your consent—personalize and measure marketing.
Categories we use:
- Strictly necessary – required for core functions (e.g., login, load balancing, fraud prevention).
- Preferences – remember choices such as language and UI settings.
- Analytics – help us understand how the site is used and improve it.
- Marketing – measure campaigns and build audiences.
Your choices:
In the EEA/UK, we set non-essential cookies (Preferences, Analytics, Marketing) only with your prior consent. You can give or withdraw consent, and change categories at any time via our cookie preference centre (linked in the banner and site footer). You can also block or delete cookies in your browser settings; if you block strictly necessary cookies, some features may not work. We currently do not respond to Do Not Track signals.
For the current list of providers, cookie names, purposes, and lifetimes, see our Cookie Policy and the Cookie Table in the preference centre.
Note: If you apply through our careers portal/ATS, that external site may set additional cookies. Your consent choices on that portal apply to that domain.
How and why we use personal data (purposes & legal bases)
We process personal data only where a legal basis applies under GDPR. When we rely on legitimate interests, we balance our interests against your rights and freedoms.
- Provide and maintain the Services (operate the website, keep it secure and available) Contract (Art. 6(1)(b)) and Legitimate interests (Art. 6(1)(f)).
- Account management (registration, authentication, preferences) Contract (Art. 6(1)(b)).
- Customer support (respond to enquiries, troubleshooting) Legitimate interests (Art. 6(1)(f)).
- Contract performance & billing (orders, invoicing, collections) Contract (Art. 6(1)(b)) and Legal obligation (Art. 6(1)(c)).
- Operational & security communications (service notices, security updates) Legitimate interests (Art. 6(1)(f)) and, where applicable, Legal obligation (Art. 6(1)(c)).
- Marketing—like-for-like (news/offers about products similar to those you bought or asked about) Legitimate interests (Art. 6(1)(f)) (soft opt-in where permitted; you can opt out at any time).
- Marketing—consented (newsletters, events, non-essential cookies/trackers) Consent (Art. 6(1)(a)).
- Analytics & improvements (usage trends, performance, A/B testing) Legitimate interests (Art. 6(1)(f)).
- Compliance, fraud prevention & security (detect/prevent abuse, enforce T&Cs) Legal obligation (Art. 6(1)(c)) and Legitimate interests (Art. 6(1)(f)).
- Business transactions (mergers, acquisitions, restructuring) Legitimate interests (Art. 6(1)(f)) and Legal obligation (Art. 6(1)(c)).
- Events/webinars (registrations, attendance, follow-ups) Legitimate interests (Art. 6(1)(f)); Consent (Art. 6(1)(a)) where required for marketing.
- Recruitment — processed as described in our Candidate / Applicant Privacy Notice.
Automated decision-making / profiling. We do not use personal data for automated decisions that produce legal or similarly significant effects without human involvement.
We do not sell personal data.
Retention of Your Personal Data
We keep personal data only as long as necessary for the purposes described in this Policy and to meet legal, regulatory, tax, accounting, or reporting requirements. When we no longer need personal data, we either delete it or irreversibly anonymize it.
Typical periods/criteria:
- Account & transactions: for the life of the account and up to 5 years thereafter to comply with bookkeeping and tax rules.
- Customer support & general correspondence: 24 months after our last interaction, unless a longer period is needed to resolve an issue.
- Marketing contacts: until you opt out or after 24 months of inactivity, whichever comes first.
- Analytics & cookies: per the lifetimes shown in our Cookie Policy / Cookie Table and your choices in the preference centre.
- Security logs & diagnostics: typically 12 months, or longer where required to investigate incidents.
- Event/webinar registrations: 24 months after the event to handle follow-ups and reporting.
- Backups: encrypted disaster-recovery backups are overwritten on rolling cycles (typically 30–90 days).
- Recruitment: see our separate Candidate / Applicant Privacy Notice
- Disputes & legal claims: we may keep relevant data until the end of applicable limitation periods and while any claim is being pursued or defended.
If specific laws require us to retain data for longer (or allow shorter retention), we will follow those rules.
Transfer of Your Personal Data
Your information, including personal data, may be processed by us and our service providers in countries outside your country of residence, including outside the EEA/UK. When we transfer personal data internationally, we do so in accordance with applicable law.
We rely on
adequacy decisions where available, and otherwise on
appropriate safeguards, such as the
EU Standard Contractual Clauses (SCCs) (and, where relevant, the UK Addendum/IDTA), together with additional measures where appropriate. You may
request a copy of the relevant transfer mechanism by contacting
privacy@sparrowquantum.com.
In
exceptional cases where no adequacy decision or appropriate safeguards are available and a transfer is
strictly necessary, we may rely on a GDPR
Article 49 derogation (for example, your
explicit consent for a specific transfer). If we rely on a derogation, we will inform you at the time and, where consent is used, provide clear information about the risks and you may withdraw consent at any time.
Delete Your Personal Data
You have the right to delete or request that we assist in deleting the personal data that we have collected about you.
You may contact us to request access to, correct, or delete any personal information that you have provided to us.
Please note, however, that we may need to retain certain information when we have a legal obligation or lawful basis to do so.
Disclosure of Your Personal Data
If the company is involved in a merger, acquisition or asset sale, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different Privacy Policy.
Under certain circumstances, the company may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
The company may disclose your personal data in the good faith belief that such action is necessary to:
- Comply with a legal obligation.
- Protect and defend the rights or property of the company.
- Prevent or investigate possible wrongdoing in connection with the website.
- Protect the personal safety of users of the website or the public.
- Protect against legal liability.
Security of Your Personal Data
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and staff training. No method is 100% secure. We maintain an internal incident-response procedure. In the unlikely event of a personal data breach, we will notify affected individuals and/or authorities where required in accordance with Articles 33–34 GDPR.
