Data Protection Policy

Effective Date: September 2025

1. Introduction

At Spark Trading SA, we are committed to maintaining the privacy and security of the personal data entrusted to us by our clients, employees, counterparties, and other stakeholders. This Data Protection Policy outlines our practices for collecting, using, storing, and protecting personal data in compliance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and relevant local regulations.

2. Scope

This policy applies to all personal data processed by Spark Trading SA, including data relating to clients, employees, suppliers, business partners, and other individuals who interact with the firm. It covers all data processing activities, whether the data is held electronically or in physical form.

3. Principles of Data Protection

We adhere to the following principles when handling personal data:

  • Lawfulness, Fairness, and Transparency: Data is processed lawfully, fairly, and in a transparent manner.

  • Purpose Limitation: Data is collected for specific, legitimate business purposes and not further processed in incompatible ways.

  • Data Minimization: We collect only the data necessary for the stated purposes.

  • Accuracy: We ensure that personal data is accurate and up to date. Inaccurate data is corrected or deleted promptly.

  • Storage Limitation: Data is retained only as long as necessary, unless longer retention is required by law or regulation.

  • Integrity and Confidentiality: We implement appropriate safeguards to protect data against unauthorized access, loss, or damage.

4. Types of Data Collected

Spark Trading S.A. may collect and process the following categories of personal data:

  • Client & Counterparty Data: Name, contact details, identification documents, financial details, trading activity, and compliance-related information.

  • Employee Data: Information required for employment and HR purposes, including payroll, identification, performance, and compliance training.

  • Business Partner Data: Contact details and information necessary for maintaining supplier, broker, and counterparty relationships.

5. Legal Basis for Processing

We process personal data on the following legal bases:

  • Consent: When individuals have given clear consent for specific purposes.

  • Contractual Necessity: To perform contracts, including commodity trading agreements and related services.

  • Legal Obligations: To comply with financial regulations, anti-money laundering (AML) requirements, tax laws, and employment obligations.

  • Legitimate Interests: To pursue the legitimate business interests of Spark Trading SA, provided these are not overridden by individual rights.

6. Data Security Measures

We implement technical and organisational measures to safeguard personal data, including:

  • Access Controls: Restricting access to authorized personnel only.

  • Encryption: Protecting data transmitted electronically.

  • Physical Security: Secure storage of paper and IT systems.

  • Monitoring & Audits: Regular checks to ensure compliance and identify risks.

7. Data Sharing and Disclosure

We may share personal data under the following circumstances:

  • With regulatory authorities, courts, or law enforcement where required by law.

  • With third-party service providers (e.g., IT, cloud storage, compliance, or audit firms) bound by confidentiality and data protection obligations.

  • In connection with business transactions such as mergers or restructuring.

We do not sell personal data.

8. Data Subject Rights

Individuals whose data we process have the following rights:

  • Access – Request a copy of their data.

  • Rectification – Correct inaccuracies.

  • Erasure – Request deletion, subject to legal requirements.

  • Restriction – Limit how data is processed.

  • Portability – Request transfer of their data in a structured format.

  • Objection – Object to processing based on legitimate interests or direct marketing.

To exercise these rights, please contact us at info@sparktradingsa.com.

9. Data Breach Response

In the event of a data breach that may affect individuals’ rights and freedoms, Spark Trading SA will notify the relevant data protection authority and affected individuals without undue delay, in line with legal requirements.

10. Data Retention

We retain personal data only for as long as necessary for the purposes collected or as required by law/regulation. Once no longer needed, data will be securely deleted or anonymised.

11. Training and Awareness

All employees receive regular training on data protection practices and their responsibilities. Compliance with this policy is mandatory.

12. Policy Review and Updates

This policy will be reviewed regularly and updated as necessary to reflect regulatory changes, business practices, or risk assessments. Updates will be published on our website.

13. Contact Information

For questions, concerns, or to exercise your data protection rights, please contact us at:

info@sparktradingsa.com