Privacy Policy
Privacy Policy & GDPR
SparkCore Investment OÜ is committed to protecting the personal data of individuals who interact with our website. This document describes how we collect, use and protect that data, in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR).
Last updated: March 2026
1. Data Controller
The data controller is:
SparkCore Investment OÜ
Männimäe 1, Pudisoo, 74626, Estonia
Registry code: 16265864
Email: [email protected]
SparkCore Investment OÜ is registered as a small alternative investment fund manager with the Estonian Financial Supervision Authority (Finantsinspektsioon) and holds a Financial Institution licence issued by the Estonian Financial Intelligence Unit (FIU). Registration: EFSA register.
2. Data We Collect
We collect only the data you voluntarily provide through the following two channels:
| Channel | Data collected | Legal basis |
|---|---|---|
| Newsletter subscription | Email address | Consent (Art. 6(1)(a) GDPR) |
| Contact form | First name, last name, email address, phone number (optional), referral source | Legitimate interest — pre-contractual communication (Art. 6(1)(b) and (f) GDPR) |
We do not collect any other personal data through our website. We do not use tracking pixels, targeted advertising systems, or any form of behavioural profiling.
3. Purpose of Processing
- Newsletter: sending monthly analysis of the crypto-asset market to subscribers who have explicitly opted in.
- Contact form: handling enquiries from prospective investors or partners and initiating a pre-contractual dialogue.
Your data is never sold, rented or transferred to third parties for commercial or marketing purposes. It is used solely for the purposes described above.
4. Data Retention
| Data type | Retention period |
|---|---|
| Newsletter email address | Until unsubscription or deletion request |
| Contact form data | 3 years from last exchange, unless a contractual relationship is established |
| Investor file (if onboarding) | 10 years minimum — AML/KYC regulatory obligation (MLTFPA) |
5. Third-Party Services
Our website uses two third-party services that may process technical data:
Google reCAPTCHA v2 — used on the contact form to prevent automated submissions. Google may collect IP address, browser data and interaction patterns for spam detection purposes. This service is governed by Google's Privacy Policy and Terms of Service. Legal basis: legitimate interest in website security (Art. 6(1)(f) GDPR).
Cronitor RUM — real user monitoring service used to measure technical performance of our website (page load times, errors). It does not collect personal identity data. Data is processed in accordance with Cronitor's Privacy Policy. Legal basis: legitimate interest in website performance (Art. 6(1)(f) GDPR).
Our website does not use advertising cookies, social media tracking, or analytics platforms such as Google Analytics. No cookie consent banner is displayed as no non-essential cookies are set by SparkCore directly.
6. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of access — obtain confirmation of whether we process your data and receive a copy.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure — request deletion of your data, subject to legal retention obligations.
- Right to restriction — request that we temporarily limit processing of your data.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interest, including for direct marketing purposes.
- Right to withdraw consent — withdraw newsletter consent at any time via the unsubscribe link in each email.
To exercise any of these rights, contact us at: [email protected]. We will respond within 30 days.
7. Supervisory Authority
You have the right to lodge a complaint with the competent supervisory authority. In Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon — AKI). You may also contact the supervisory authority of your country of residence within the EU.
8. Data Security
SparkCore implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss or disclosure. All data transmission via our website is encrypted using TLS. Access to collected data is strictly limited to authorised personnel.
9. Updates to This Policy
This policy may be updated to reflect changes in our practices or applicable law. The date of the last revision is indicated at the top of this page. We encourage you to review this policy periodically.