All Spond products are GDPR compliant.
Compliance with GDPR and related legislation is a top priority for Spond. In addition to our internal resources, we utilise external experts in data protection legislation and technology related to being GDPR compliant.
Our privacy compliance
While we view privacy compliance as an ongoing process, the main pillars of our privacy compliance efforts are
We conduct privacy assessments before and during the development of new features and services
We document our judgements and considerations
We are transparent about how we process personal data
We focus on competence and awareness in the organisation through training
More formally, to fulfil the legal requirements of the GDPR and other relevant data protection regulation, we have implemented an internal control system structured as follows:
The governance documentation describes Spond's privacy strategy, roles and responsibilities and main principles for the processing of personal data.
The Privacy Policy and Procedures describes the procedures and work instructions that Spond has in place to process personal data in accordance with Spond's privacy strategy and relevant data protection legislation.
The monitoring documentation provides a checklist of privacy issues that Spond's Data Protection Officer (DPO) must review at least annually to maintain a continuous focus on privacy. The purpose of the checklists is to verify that the processing of personal data is carried out as described in the governance documentation, privacy policies and procedures and relevant legislation.
Our processing of personal data
Here is a brief summary of our promises to you regarding how we process your personal data.
We process your personal data in accordance with the Personal Data Act and our Privacy Policy. We want complete transparency about what we do with your personal data. If you've any questions, just get in touch.
Most of the information we have about you is information that you provide us with when you register a profile or that's created when you use Spond. If you use Spond Cashback, we receive some transaction information from Nets, but not information about, for example, what you've purchased.
Your personal data won't be shared with anyone unless we need to share to provide the service or you've given us specific consent. We need to share your account number with our data processor Maincard AS/Nets in order to track and distribute transactions related to Spond Cashback.
You can correct and delete your personal data at any time, and we will in any case not keep your personal data longer than necessary for the purpose and statutory obligations.
Children under the age of 15 can use the service, but as long as the child's parent or guardian is registered as a user, they will be able to see the child's activity (for example, events they attend or comments they make). The age limit for creating groups in the service is 13 years.
You also have the option to review the full Spond Privacy Policy to be fully informed.