Privacy Policy – SPARK Scorecard 2025

We tried to keep this policy as simple as possible to help you understand what information we collect, how we use it, and what choices you have about it. You should read this policy in full, but here’s a very brief summary with the key points we hope you take away from it:

We don’t sell your personal data to anyone.
All we know about you is what you share by visiting and exploring our website. We don’t collect any of your personal information from any third parties, so it’s completely up to you to decide what you want to share. You can use our website under a pseudonym, for instance.
You are free to opt in and out of our newsletters, update your account details, or delete it entirely at any time. You can also ask us to give you a copy of the information you’ve submitted. We use your answers to our surveys, tests, and other tools to determine what content is relevant to you and to improve our understanding of communities.
You’re completely free to decide which surveys to take and which tools to explore. If you have any questions or comments regarding this policy, please don’t hesitate to get in touch!

1. How Do We Collect Information?

First, we collect, store, and use information you share on our website. This includes your email address, scorecard answers, and any other information you choose to enter on the website. Second, if you purchase something for yourself or for anyone else on our website, we’ll collect payment and tax information (e.g., country of residence), contact and delivery information (e.g., email address), and details of what you bought. Finally, we record certain technical information whenever you use our website. This includes information about your device and about your visits to and use of our website, such as your IP address, browser type and version, page views, etc.

Cookies: We use Google Analytics to analyze the use of our website. This third party service may use cookies and other technologies to collect technical data on your behavior and your device (such as your device’s IP address or screen size). For further details, please see Google’s privacy policy. You can also opt out of Google Analytics tracking at any time. Most browsers allow you to reject all cookies, while some browsers allow you to reject just third party cookies. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including ours.

Whether Information Has to Be Provided by You and Why: The provision of contact and other relevant information is required from you to enable us to communicate with you and to provide the services available on our website. We’ll inform you at the point of collecting information from you (including via this Privacy Policy), whether you’re required to provide the information to us. If you don’t provide the information requested we may not be able to provide the services which require the use of this information (e.g., certain features or assessments).

2. How Do We Use the Information We Collect?

We use the information we collect to provide you with our services as well as content that’s relevant and personal to you. Consequently, it’s necessary for us to use your information to:

send you your scorecard test results, if you request them in the report screen;
identify you and ensure the security of your account – e.g., by verifying that you own the email address linked to your account;
collect payments from you and send you e-mails with your order details, if you decide to purchase something from us;
provide you with content and services relevant to you – e.g., information for people with your personality type;
respond to your questions or complaints, or to complaints made about your use of our website.

We have a legitimate interest in using your information in these ways. It’s necessary for us to do that to make our services and content as relevant to you as possible, and that’s in both of our interests.

In addition, we have a legitimate interest in maintaining our relationship with you, improving our website and services, and protecting both you and other users.

Consequently, we use your information to:

Conduct analytics on how you use our website in order to better understand your needs and to optimize our service and experience. For instance, by measuring the time you spend on a certain page before and after a design change, we can understand whether there’s anything we need to tweak. In order to do that, we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns (for example, how much time you spent reading your personality test results). This information is only processed in a way which does not identify anyone. For example, we don’t make, and don’t allow Google to make, any attempt to match such information with personal data we hold about you.
Improve our website and develop new functionality. For example, if the majority of respondents in one of our surveys say they’d like to learn more about how to create a startup program, we’ll certainly take that into account.
Conduct internal analysis and scientific / statistical research to improve our services and understanding of economic development. For instance, your responses to our surveys could help us figure out whether startup programs or scale up programs are more popular. The raw research data you supply is anonymized or pseudonymized, and access to it is strictly limited. Even our own researchers only see data that cannot be connected back to any individually identifying information, and we only publish aggregate statistical data.
Keep the website secure and prevent fraud – e.g., by logging authentication attempts or activities related to your account;

While our legitimate interests cover a lot of what we do, in the following circumstances other legal grounds apply to how we process your personal data:

Where we expressly require consent from you for the processing in question;
Where we provide services to you as a member – in which case we’ll have a contract with you for this and we’ll process your data in accordance with our contract with you (see our Terms and Conditions). In particular, our contract allows us to retain and delete data in ways which override certain rights you may otherwise have had if we were relying on consent or our legitimate interests for the data processing in question.
Where another legal ground applies (which will be rare) – e.g., to protect your or another person’s vital interests, or where we’re required to process the information by law.

Finally, in addition to what we discussed above, we’ll only use your information with your consent:

To send you email newsletters, if you’ve specifically agreed to receive them and confirmed that by clicking a link in the verification email. You can unsubscribe from our newsletters at any time by clicking a link at the bottom of any message.

Please note you may withdraw your consent at any time.

Where you supply us with special category personal data we may also further process this data for research purposes – typically it will be anonymized so that it ceases to be personal data. In this case we’ll also rely on Article 9.2(j) of the General Data Protection Regulation (GDPR) to the extent the processing of data is involved.

We won’t provide your information to any third parties for the purpose of direct marketing by those parties.

3. Do We Transfer Your Information Elsewhere?

As a worldwide digital service, we need to work with a number of providers, some of which are located outside the UK and the European Economic Area (EEA), e.g. in the U.S., in order to be able to operate our website and to make our services available online. Consequently, some of your personal data may be transferred outside the EEA. Some of the countries in question may not have data protection laws equivalent to those in force in the EEA.

We’ll ensure that any transfer of your personal information outside the EEA where the GDPR applies to such transfer will be subject to the appropriate or suitable relevant safeguards (e.g. European Commission approved contract), as permitted under the GDPR, with those measures designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.

In general, we use contract clauses for such transfers (as per the Article 46.2 of the GDPR), unless the country in question is judged adequate under the Article 45 of the GDPR (including in the case of the U.S., Privacy Shield). We also limit access to your personal information to those members of our staff who have a business reason for knowing such information. If you’d like further information on this, please contact us.

Here’s a list of third party providers we’ll share your information with, if necessary:

ActiveCampaign, to deliver our newsletters. We also gather statistics around email opening and clicks to help us monitor and improve our newsletters.

Google, to deliver our non-newsletter e-mails, e.g., when we respond to your messages. Again, we’ll also collect information regarding email delivery and opening rates to improve deliverability and help with troubleshooting.

Stripe and PayPal, to process payments and conduct anti-fraud checks.

Google, to analyze the behavior of our visitors.

Calendly, to schedule meetings and events.

We embed a Facebook widget to allow you to see number of likes/shares/recommends and “like/share/recommend” our webpages. This widget may collect your IP address, your web browser User Agent, store and retrieve cookies on your browser, embed additional tracking, and monitor your interaction with the widget, including correlating your Facebook account with whatever action you take within the widget (such as “liking/sharing/recommending” our webpage), if you are logged in to Facebook. For more information about how this data may be used, please see Facebook’s data privacy policy: https://www.facebook.com/about/privacy/update

We use a LinkedIn Share widget at our website to allow you to share our webpages on LinkedIn. These requests may track your IP address in accordance with their data privacy policy: https://www.linkedin.com/legal/privacy-policy

We’ve listed all our third party providers here to be as transparent as possible. In practice, “sharing” is a very generous term when it comes to us transferring your information outside our company. We always transfer as little data as we can. For instance, our email service provider would need to know your email address to deliver a password recovery link, but we won’t tell them your city.

Similarly, we may discuss an issue you’re having on Stripe, which technically counts as us transferring your information (such as the email address linked to your account) to Stripe servers – however, Stripe wouldn’t be permitted to use that information for anything beyond what’s necessary to provide their service to us.

We use all reasonable security and access control measures to secure our accounts on third party websites and the data stored therein.

Keep in mind that information you publish on our website (such as your profile name or city) may be available around the world. We can’t prevent the use or misuse of such information by others.

4. How Can You Manage Your Information?

If you have an account on our website, you can contact us to delete or change your email address or delete your profile.

If you delete your profile, we’ll anonymize your user record, removing your email address, name, age, etc.

We won’t, however, delete your responses to our tests and surveys, log records, and other similar data. We need to keep that data for a number of reasons, such as protecting other users’ right of freedom of expression, preserving the integrity of our research, or ensuring the security of our website, and the retention of this data is necessary for us to provide our services to you and others.

If you decide to delete your profile, please make sure you first save any information you’d like to keep. Once the profile is gone, it’s gone – for instance, if you then realize that you haven’t saved that report another member sent you, we’ll have no way of recovering your account.

You can also ask us to correct any personal data you have provided to us, or to remove specific personally identifying information from our website. E.g., if you accidentally post your email address and ask us to remove it, we’ll do that.

We’ll need to verify the authenticity of any data correction or removal request – so please make sure your account is always linked to an active email address. We don’t ask you for data such as your full name, address, or date of birth – your email address is the only real identifier – so if you lose access to the address linked to your account, we’ll have no way of verifying you own the account.

5. How and When Do We Share Your Information?

Our staff, agents, suppliers, and subcontractors may need to have access to your information where that’s necessary. For example, if you ask us to fix a misbehaving subscription, someone from our team will need to access your account to do that. However, access to your data is strictly limited and monitored.

Besides that, there are also certain other circumstances where we may disclose your information:

Where we’re required to do so by law or in connection with any ongoing, prospective, or reasonably likely (in our opinion) legal proceedings;
Where we need to establish, exercise, or defend our legal rights (e.g., providing information to others for the purposes of fraud prevention);
If we’re engaged in a merger, reorganization, or any similar proceeding requiring the transfer of your information – we’d then share your information with a party involved in such a process (for example, a potential purchaser);

We don’t serve ads on our website, and we don’t share your data with online advertisers. As a general rule, except as discussed above, we don’t share your personal information with any third parties.

6. How Long Do We Keep Your Information?

We keep your information only for as long as we need it to provide services to you and to fulfil the purposes described in this policy or as otherwise described in our Terms and Conditions. This also applies to any other parties that we share your information with.

7. What Can You Ask Us to Do with Your Information?

Under the GDPR you have a number of important rights free of charge. In summary, those include rights to:

Fair processing of information and transparency over how we use your information that this Privacy Policy is already designed to address;
Access to your information and to certain other supplementary information;
Require us to correct any mistakes in your information which we hold;
Require the erasure of information concerning you in certain situations;
Receive the information concerning you which you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit that data to a third party in certain situations;
Object at any time to processing of personal information concerning you for direct marketing;
Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
Object in certain other situations to our continued processing of your personal information;
Otherwise restrict our processing of your information in certain circumstances;
Withdraw your consent to our processing where we are relying on consent as the lawful basis for the processing in question;
Right to lodge a complaint with a supervisory authority.

For further information on each of those rights, including the circumstances in which they apply, see guidance from the UK Information Commissioner’s Office (ICO). ICO is the supervisory authority in the UK.

If you’d like to exercise any of those rights, please email us. Keep in mind you’ll need to send the request from the email address associated with your account in order for us to process it. We won’t be able to confirm you’re the account owner otherwise.

As already mentioned above, if you’d like to unsubscribe from our newsletter, you can also click on the unsubscribe link at the bottom of the email. That’s usually immediate, but in rare cases it may take a few days for this to take place.

8. How Do We Secure Your Information?

We take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your information. For instance, we store this information on our secure (password and firewall-protected) servers, encrypt traffic to and from the website, and anonymize or pseudonymize personal information where possible.

Still, we can’t guarantee complete security of data sent over the internet – for example, someone may discover a vulnerability in the encryption protocol that we use, your internet service provider may record the data you send, and so on. Please take care when posting sensitive data.

9. How Can You Get in Touch with Us?

You can find our contact information here. The best way to get in touch with us is via email (ilana@recastcity.com).

10. Other

We may update this privacy policy from time to time by posting a new version on our website. You should check this page occasionally to ensure you’re happy with any changes.