top of page

Privacy Notice

Effective date: November 2025

Spark Advisory Collective (“Spark”, “we”, “our”, “us”) is committed to protecting the privacy and security of personal information we collect from clients, partners, prospects, website visitors and other contacts. This notice explains what personal information we may collect when you contact us or request services, how we use and share it, how we protect it, how long we keep it, and how you can exercise your privacy rights. Our practices align with the fair information principles set out in PIPEDA.

Summary of how this notice meets PIPEDA compliance

1.    Accountability: Spark is responsible for personal information and has designated a Privacy Officer reachable at info@sparkadvisory.ca.


2.    Identifying purposes: We identify why we collect information and state those purposes at or before collection.


3.    Consent: We obtain consent for collection, use and disclosure, except where otherwise legally permitted.


4.    Limiting collection: We collect only what is necessary.


5.    Limiting use, disclosure and retention: We use and retain data only for identified purposes and lawful requirements.


6.    Accuracy: We take steps to keep information accurate and up to date.


7.    Safeguards: We use appropriate security measures to protect personal information.


8.    Openness: We make our policies and practices available and explain them in this notice.


9.    Individual access: Individuals can request access to and correction of their personal information.


10.    Challenging compliance: We provide a mechanism to challenge our compliance and a contact to escalate concerns.

Types of personal information we collect

We collect personal information that is reasonably required to respond to inquiries, propose and deliver services, and manage our relationship with you, including:
 

  • Identity and contact details: name, title, organization, email, phone, mailing address, country.
     

  • Professional information: job role, employer, sector, professional credentials and affiliations.
     

  • Engagement details: project descriptions, contract terms, billing and invoicing information, communications and meeting notes.
     

  • Technical information: IP address, browser and device information, cookies and analytics when you use our website.
     

  • Sensitive Indigenous or community data: where expressly provided in the context of services, community-led projects, or consultations (collected only with explicit informed consent and governed by agreed protocols).

Why we collect personal information and how we use it

We collect and use personal information for clear, identified purposes, including:
 

  • To respond to inquiries, schedule consultations and provide quotes.

  • To negotiate, deliver and manage consulting services, contracts, and related billing.

  • To tailor advice and service delivery, including culturally safe engagement that respects Indigenous data governance principles.

  • To comply with legal, regulatory or contractual obligations.

  • To improve our services, manage client relationships and maintain records.

  • To send service-related communications, invoices and (with your consent) occasional marketing or thought-leadership material.

  • To analyze website usage and improve user experience using cookies and analytics.
     

We will not use personal information for purposes incompatible with those identified at or before the time of collection without obtaining further consent.

Legal basis and consent

Where required, we rely on your consent to collect, use and disclose personal information. Consent may be express (written or verbal) or implied (e.g., providing contact details to receive a proposal). In some cases (such as fulfilling a contract or complying with law), we may collect and use information without consent to the extent permitted by applicable law. You may withdraw consent at any time (subject to legal or contractual restrictions and reasonable notice).

Limiting collection, use and retention

We collect only information necessary for the purposes described and retain personal information only as long as necessary to fulfill those purposes, fulfill legal and contractual obligations, or as reasonably required by our record-retention policies. Retention periods vary by record type; typical retention is the duration of the client relationship plus a limited archival period (commonly 7 years) unless a different period is required or permitted by law or agreed with you.

Accuracy of information

We take reasonable steps to ensure personal information is accurate, complete and up-to-date for its intended use. You are encouraged to notify us if your information changes.

Safeguards and security

We protect personal information using administrative, technical and physical safeguards appropriate to the sensitivity of the information. Safeguards include access controls, encryption where feasible, secure storage, staff training, confidentiality agreements with service providers and regular reviews of our security practices. No internet transmission or electronic storage is 100% secure; we cannot guarantee absolute security.

Openness and transparency

This notice explains our general practices. We will also provide specific information on our privacy practices whenever we collect personal information, and supply additional details upon request.

Individual access and correction

You may request access to the personal information we hold about you, and ask for corrections if you believe the information is inaccurate or incomplete. Requests should be made in writing to our Privacy Officer (contact details below). We will respond within a reasonable timeframe and provide access or correction where appropriate, subject to limited exceptions allowed by law.

Challenging compliance and complaints

If you have questions, concerns or a complaint about our privacy practices, please contact our Privacy Officer first so we can attempt to resolve the matter promptly.
 

If you remain dissatisfied with the outcome of our efforts, you may escalate the complaint to the Office of the Privacy Commissioner of Canada or another relevant supervisory authority.
 

We encourage you to contact us--we will work with you to resolve your complaint and ensure that our practices are adjusted to avoid similar complaints or impacts in the future.

Sharing, third parties and international transfers

We may share personal information with trusted third parties where necessary to provide services (for example: subcontractors, platform providers, legal or financial advisors). Third parties are required to protect your information and only process it for specified purposes.

Where transfers cross international borders (for example, use of cloud-based platforms or external advisors), we take reasonable steps to ensure equivalent protections through contractual safeguards, secure providers, and where appropriate, data transfer agreements. Transferring data outside Canada may expose it to the laws of the receiving country.

Use of cookies and analytics

Our website may use cookies and similar technologies to understand site performance and user behaviour. Cookies may be strictly necessary, functional, analytical or for marketing. You can control cookies through your browser settings; however, disabling cookies may affect website functionality.

Automated decision-making and profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significant outcomes about individuals unless explicitly disclosed and consented to. If we introduce such tools, we will provide meaningful information about the logic, significance and envisaged consequences, and obtain consent where required.

Special considerations: Indigenous data sovereignty and reconciliation

Spark centres Indigenous data governance and reconciliation in engagements where relevant. We will:

  • Obtain informed, preferably written, consent before collecting, using or sharing Indigenous community data.

  • Honour community protocols, data sovereignty agreements and any co‑governance arrangements established for projects.

  • Work with communities to define data use, storage, access controls, ownership and eventual disposition.

  • Respect cultural sensitivity, anonymity requests and community oversight requirements.

Contact, updates and effective date

If you have questions about this notice, wish to access or correct your information, or want to raise a privacy concern, contact:

​

Privacy Officer
Email: info@sparkadvisory.ca

​

We may update this notice from time to time. The effective date at the top of this page indicates when the current version came into force. Material changes will be published on our website with the updated effective date.

bottom of page