Privacy Policy

Last updated: 08/04/2026

Controller Spark 365 Ltd, trading as Spark 365 ("we", "us", "our"). Registered in England & Wales (Company No 13474003). Registered address: The Old Forge Bowling Green Yard, Kirkgate, Knaresborough, North Yorkshire, HG5 8FL. We are committed to protecting and respecting your privacy. This policy explains how we collect, use, disclose, and safeguard your personal data when you use our website www.spark365.co.uk ("Website"), our software products distributed via Microsoft AppSource ("Apps"), and our related services.

1. Scope This Privacy Policy applies to: Our Website and any forms, enquiries, or interactions conducted through it. All Spark 365 applications published on Microsoft AppSource for Microsoft Dynamics 365 Business Central, including but not limited to the Customer Follow Up app. Any support, consulting, or professional services we provide in connection with the above.

2. Our Apps and Your Data Our Apps for Microsoft Dynamics 365 Business Central are designed to operate entirely within your Business Central environment. This means: No external data transmission. Our Apps process data exclusively within your Dynamics 365 Business Central tenant. We do not access, collect, store, or transmit any of your Business Central data to our own servers or any third-party systems. No telemetry or tracking. Our Apps do not include analytics, telemetry, or usage-tracking features that send data outside of your Business Central environment. Your data stays yours. All data created, modified, or processed by our Apps remains within your Business Central tenant and is subject to your own organisation's data governance policies and your agreement with Microsoft. Microsoft's platform terms apply. Your use of Dynamics 365 Business Central is governed by your agreement with Microsoft. We encourage you to review Microsoft's privacy statement for details on how Microsoft handles data within the Business Central platform. If the functionality of any of our Apps changes in the future to involve external data processing, we will update this Privacy Policy and notify affected users before any such change takes effect.

3. What Data We Collect (Website and Services) We may collect the following personal data through our Website and services: Contact details: name, email address, telephone number. Company details: organisation name, role, business address. Usage data: IP address, browser type, pages visited, date/time stamp, referring/exit pages. Cookies and tracking data: see Section 9 below. Any other information you voluntarily provide (e.g., via forms, enquiries, or support requests).

4. How We Use Your Data and the Legal Basis We process your data for the following purposes: To respond to your enquiries and book discovery calls (legitimate interest). To provide you with information about our services and products (consent or legitimate interest). To deliver and support our Apps and services under contract with you (contractual necessity). To improve our Website and marketing efforts (legitimate interest). To comply with legal obligations (e.g., financial, tax, audit requirements).

5. Disclosure of Your Data We may share your personal data with: Our service providers (e.g., hosting, analytics, email marketing) who act as processors. Microsoft and relevant partners when delivering services (with your prior agreement). Regulatory or legal authorities where required by law. We do not sell your personal data to third parties.

6. International Transfers Where data is transferred outside the UK/EEA (e.g., to Microsoft Azure services), we ensure appropriate safeguards are in place, including Standard Contractual Clauses or UK Transfer Regulations.

7. Data Retention We retain your personal data only for as long as necessary: For enquiries and marketing: up to 3 years unless you ask us to delete it. For contractual and financial records: up to 7 years in line with statutory requirements. After that, data is securely deleted or anonymised.

8. Your Rights Under GDPR and UK data protection law, you have the following rights: Right of access to your personal data. Right of rectification if data is inaccurate. Right of erasure (the "right to be forgotten") in certain cases. Right to restrict processing. Right to data portability. Right to object to processing (including profiling). Right to withdraw consent at any time, without affecting processing done previously. To exercise any of these rights or to ask questions, please contact: privacy@spark365.co.uk

9. Cookies and Tracking We use cookies and similar technologies on our Website. For details, please see our Cookie Policy [link to your Cookie Policy page]. Our Apps for Dynamics 365 Business Central do not use cookies or tracking technologies.

10. Changes to This Policy We reserve the right to update this Privacy Policy at any time. We will publish the date of last update at the top of this page and notify users of significant changes. Where changes affect how our Apps process data, we will provide advance notice through AppSource or direct communication.

11. Contact Us Spark 365 Ltd The Old Forge Bowling Green Yard, Kirkgate, Knaresborough, North Yorkshire, HG5 8FL Email: privacy@spark365.co.uk Phone: 01325 654885 Website: www.spark365.co.uk

Data Subject Rights

Under the General Data Protection Regulation, individuals whose personal data we process have the following rights: access, rectification, erasure, restriction of processing, data portability, object to processing, and withdraw consent.

To submit a request please email privacy@spark365.co.uk with subject “Data Subject Rights Request” and include your name, email address, description of the request and any relevant supporting information. We will respond within one month, unless a longer period is permitted by law.