Privacy Policy

Last updated: April 2026

Introduction

Nexora Spark is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect data when you interact with our website or use our services.

We respect your right to privacy and handle all information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Information We Collect

Information You Provide Directly

When you contact us or engage our services, we collect information that you voluntarily provide, including:

  • Your name and contact details (email address, postal address)
  • Financial information relevant to the services you request
  • Information about your financial goals and circumstances
  • Communication preferences
  • Any other information you choose to share during consultations

Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

  • IP address and browser type
  • Device information and operating system
  • Pages visited and time spent on each page
  • Referring website addresses
  • Date and time of access

How We Use Your Information

We use the information we collect for the following purposes:

  • Providing financial management services and consultations
  • Responding to enquiries and communicating with you
  • Developing personalised financial strategies and recommendations
  • Improving our services and website functionality
  • Sending service updates and relevant information (only with your consent)
  • Complying with legal obligations and regulatory requirements
  • Maintaining records for business continuity and accountability

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing is necessary to deliver the services you've requested
  • Consent: You have given explicit permission for specific processing activities
  • Legitimate Interests: Processing is necessary for our legitimate business operations, provided it doesn't override your rights
  • Legal Obligation: Processing is required to comply with legal or regulatory requirements

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

  • Service Providers: We work with trusted third-party providers who assist with business operations (such as secure data storage or payment processing). These providers are contractually bound to protect your information and use it only for specified purposes.
  • Legal Requirements: We may disclose information if required by law, court order, or government regulation.
  • Business Transfers: If our business is acquired or merged, your information may be transferred to the new entity, subject to the same privacy protections.
  • Protection of Rights: We may disclose information when necessary to protect our legal rights, prevent fraud, or ensure safety.

We will always inform you of any data sharing unless legally prohibited from doing so.

Data Security

We implement appropriate technical and organisational measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encrypted data transmission using SSL/TLS protocols
  • Secure storage systems with access controls
  • Regular security assessments and updates
  • Staff training on data protection and confidentiality
  • Restricted access to personal information on a need-to-know basis

While we take every reasonable precaution to protect your data, no method of transmission over the internet is completely secure. We cannot guarantee absolute security but remain committed to maintaining the highest standards of protection.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy or as required by law. Specific retention periods include:

  • Client records: Seven years after the end of our business relationship (in line with financial services regulations)
  • Enquiry information: Two years if no service engagement occurs
  • Website analytics data: 26 months
  • Marketing consent records: Until consent is withdrawn, plus three years

Once the retention period expires, we securely delete or anonymise your information.

Your Rights

Under UK data protection law, you have the following rights regarding your personal information:

  • Right of Access: Request a copy of the personal information we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restriction: Request that we limit how we use your information
  • Right to Data Portability: Receive your data in a structured, commonly used format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent for processing at any time (where consent is the legal basis)

To exercise any of these rights, contact us at [email protected]. We will respond within one month of receiving your request.

Cookies and Tracking Technologies

Our website uses cookies to enhance your browsing experience and understand how visitors use our site. For detailed information about our cookie practices, please see our Cookies Policy.

Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies before providing any personal information.

Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.

International Data Transfers

Your information is primarily stored and processed within the United Kingdom. If we transfer data outside the UK or European Economic Area, we ensure appropriate safeguards are in place to protect your information in accordance with UK GDPR requirements.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make significant changes, we will update the "Last updated" date at the top of this page and notify you via email if you are an active client.

We encourage you to review this policy regularly to stay informed about how we protect your information.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Nexora Spark
15 Kingsway
London WC2B 6UN
United Kingdom
Email: [email protected]

Complaints

If you believe we have not handled your personal information appropriately, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Website: nexora-spark.com
Helpline: 0303 123 1113