🔐Privacy Policy
Welcome to the Sphere Research Ltd (hereinafter, “Sphere,” “Company,” “us,” “our,” or “we”) Privacy Policy (the “Policy”).
This Policy governs our information-handling practices as applicable to residents in the United Kingdom ("UK"), European Union (“EU”), European Economic Area (“EEA”), and Switzerland (collectively, the “Data Subjects”) that are visiting our website, www.sphere.co.uk, and the other websites under the sphere.co.uk domain (collectively, the “Sites”), or are customers who use our web design software, tools, and related services (together with the Sites, the “Service”).
This Policy explains how we collect, use, disclose, and protect Data Subjects’ information as part of the Service in accordance with data-protection laws in the UK, EU, EEA, and Switzerland (collectively the “Data Protection Laws”). Any discussion of your use of the Service in this Policy is meant to include your visits and other interactions with the Sites and Services, whether or not you are a user of Sphere’s technology products.
Capitalized terms that are not defined in this Policy have the meaning given them in our Terms of Service.
By accessing and using the Service, you signify your acceptance to the terms of this Policy. If you do not agree with or you are not comfortable with any aspect of this Policy, or the Terms of Service, you should immediately discontinue access or use of our Services.
1. Our relationship to you
In order for you to understand Sphere’s data protection obligations and your rights to your Personal Information under this Policy, it is important that you identify which relationship(s) you have with Sphere.
A “Customer” is a specific type of User that has engaged us to act as an agent (or, as a “Data Processor”) by obtaining our Services. Sphere is in a “data processor” relationship with Customers.
A “User” is an individual providing personal data to us via our website or other services, products or platforms, such as using our contact form, or signing up for our marketing emails or creating an account. Sphere Research Ltd is in a “data controller” relationship with Users.
Sphere does not have a direct relationship with Customers’ End Users. A “Customer End User” is an individual that provides their Personal Information to our Customers. We do not control the purposes nor the means by which this Personal Information is collected, and we are not in a direct relationship with Customer End Users. For details about how Personal Information about Customer End Users is handled, please review our Customers’ privacy policies instead of this one, and contact them for further information.
Hereinafter we may refer to Customers and Users collectively as “you.”
2. Notice
Sphere provides notice to you through privacy policies on our site, and we may provide additional disclosures about the data collection, use, and sharing practices of specific Services. This Policy describes how we process Personal Information.
As a data processor, Sphere is not able to provide notice to or obtain consent from Customer End Users. To the extent required by law, Sphere supports Customers’ data-protection compliance efforts, but it is up to the Customer to ensure the appropriate data protection safeguards are in place before processing Personal Information from Customer End Users.
3. Collection of Personal Information
Sphere collects various types of Personal Information about you while you are using the Services. Information that is anonymized or aggregated is not “Personal Information.”
In general, we collect the following types of Personal Information:
Registration data: full name, email address, and optional social media account information (e.g., if logging in through your Google account).
Interaction data: authentication data, ID, and other data collected via cookies and similar technologies. Please read our Cookie Policy for more information.
4. Purposes of processing
Under the Data Protection Laws, we are required to notify you about our purposes of processing your Personal Information, as well as the legal basis for such processing.
Unless otherwise permitted by law, we may process your Personal Information:
If you consent to the processing
To satisfy our legal obligations
If it is necessary to carry out our obligations arising from any contracts we entered with you or to take steps at your request prior to entering into a contract with you
In the public interest
In your vital interests, or
For our legitimate interests, such as to protect our property, rights, or the safety of Sphere, our customers, or others
We will only use your Personal Information for the purposes above or for compatible purposes.
If we wish to share your Personal Information with third parties that are not described in this Policy, we may request your permission as required by Data Protection Law. You may opt out of having your Personal Information shared with third parties, or from allowing us to use your Personal Information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorisation. However, if you limit the way we use your Personal Information, certain features or Services may not be available to you.
5. Third party recipients
Sphere conducts the majority of data processing activities required to provide you with the Services. However, we do engage third-party service providers to assist with supporting our Services, including vendors in the following areas:
Marketing or analytics tools
Cloud storage providers
Customer support tools
IT and security service providers, and
Product development tools
Each service provider is vetted and bound by contractual obligations that are equivalent to the provision of this Policy or more stringent.
6. Retention
We are committed to keeping your Personal Information secure on our Services. We limit our storage of your Personal Information to the amount of time necessary to fulfil the purposes for which we collected the Personal Information, including for the purposes of satisfying any legal, accounting, or reporting obligations, or to resolve disputes. Although retention laws and requirements vary by jurisdiction, we have some standard retention periods for parts of your Personal Information which are described below:
Contact information, such as your name and email address, is retained on an ongoing basis until you unsubscribe from our marketing communications.
Browser interaction data, such as cookies, is kept for a period of up to one year from expiry of the cookie or date of collection.
Product analytics data is kept for up to 5 years, and automatically deleted on an ongoing basis.
If you have questions about retention periods that apply to any other data, please contact us at privacy@sphere.co.uk
07. Security
We are committed to protecting the security of your Personal Information by using reasonable and appropriate physical, electronic, and administrative safeguards.
08. Direct marketing
Direct marketing includes any communications to you that are only based on advertising or promoting products and services. Transactional communications about your account or our Services are not considered “direct marketing” communications.
We will only contact Customers by electronic means (including email) based on our legitimate interests or the Customer’s consent. When we rely on legitimate interest, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you.
If you do not want us to use your Personal Information in this way, please go to the email settings for your account to opt out, click an unsubscribe link in your emails, or contact us at privacy@sphere.co.uk.
09. Your rights
You have the rights to your Personal Information that are described below. You can exercise your rights by contacting us at privacy@sphere.co.uk so that we may consider your request under applicable law. When we receive an individual rights request via email, we may take steps to verify your identity before complying with the request to protect your privacy and security.
Right to withdraw consent. When we rely on your consent for processing of your Personal Information, you have the right to withdraw your consent at any time. However, the withdrawal of your consent will not affect the lawfulness of Sphere’s processing based on consent before your withdrawal.
Right to erasure. You have the right to request erasure of your Personal Information that: (a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) was collected in relation to processing that you previously consented to, but no longer consent to; or (c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. Your right to erasure is subject to limitations by relevant Data Protection Laws.
Right to restriction of processing. You have the right to restrict our processing of your Personal Information where one of the following applies:
The processing is unlawful and you oppose the erasure of your Personal Information and request the restriction of its use instead.
We no longer need your Personal Information for the purposes of the processing, but it is required by you to establish, exercise, or defend legal claims.
You have objected to processing, pending the verification of whether the legitimate grounds of Sphere’s processing override your rights. Right to object to processing. Where the processing of your Personal Information is based on consent, contract, or legitimate interests, you may restrict or object, at any time, to the processing of your Personal Information as permitted by applicable law. We can continue to process your Personal Information if it is necessary for the defence of legal claims, or for any other exceptions permitted by applicable law.
10. Limitations to your rights
Your rights to your Personal Information are not without limits. Access may be denied when:
Denial of access is required or authorised by law
Granting access would have a negative impact on other's privacy
Doing so protects our rights and properties, or
Where the request is frivolous or vexatious
11. Recourse, enforcement, & liability
We will investigate and work expeditiously to resolve any complaints or disputes in accordance with this Policy. If you have an inquiry or complaint regarding our privacy policies or practices, please contact us first at privacy@sphere.co.uk
You have also a right to lodge a complaint with a competent supervisory authority.
12. Children's data
We recognise that some Data Protection Laws vary based on the age of consent. Depending on the jurisdiction, the age of consent can be between 13 to 16 years old. We do not knowingly request to collect Personal Information from any Data Subject under the age of consent as defined by the jurisdiction in which the Data Subject resides. If we are aware of or suspect that a Data Subject is under the age of consent, we will require the Data Subject to terminate their account. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of consent using our Services.
13. Changes to this Policy
We may change this Policy at any time and the changes will apply to any Personal Information we already hold and to any new Personal Information collected after the change occurs. If we make any material changes to this Policy, we will endeavour to notify you by email or by posting a prominent notice on our sites prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of our Services after the effective date of this Policy constitutes an acceptance of the amended terms. You may refer to the “Last Updated” date of this Policy to determine if the Policy has changed since the date of your last visit.
14. Contact us
If you have any questions regarding this Policy or about the privacy practices of Sphere, please contact us by email at privacy@sphere.co.uk.
Policy was last updated on 29th October 2022
Last updated