Data Protection Policy

This Data Protection Policy sets out how SparkFusion Innovations (“SparkFusion”, “we”, “us”, or “our”) handles personal data in connection with our translation, interpretation, localization, and linguistic data services.

We are committed to protecting the rights and freedoms of individuals whose personal data we process, in line with applicable data protection laws and industry best practices.

1. Purpose and Scope

The purpose of this Data Protection Policy is to define the principles, rules, and controls governing how SparkFusion Innovations collects, uses, stores, shares, and protects personal data. It supports our obligations under applicable data protection laws (including, where relevant, Kenya’s Data Protection Act and international regulations such as the EU General Data Protection Regulation “GDPR”).

This Policy applies to:

  • All employees, contractors, linguists, and vendors working with SparkFusion Innovations;
  • All processing of personal data in the context of our services and internal operations;
  • All systems, tools, and platforms used to store or process personal data on behalf of SparkFusion.

2. Data Protection Principles

SparkFusion adheres to the following core data protection principles. Personal data must be:

  • Lawfulness, fairness, and transparency — processed lawfully, fairly, and in a transparent manner.
  • Purpose limitation — collected for specified, explicit, and legitimate purposes, and not further processed in a manner incompatible with those purposes.
  • Data minimisation — adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  • Accuracy — accurate and, where necessary, kept up to date; reasonable steps are taken to rectify or delete inaccurate data.
  • Storage limitation — kept in an identifiable form no longer than is necessary for the purposes for which the data is processed.
  • Integrity and confidentiality — processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage.
  • Accountability — SparkFusion is responsible for, and must be able to demonstrate, compliance with these principles.

3. Roles and Responsibilities

3.1 SparkFusion as Data Controller and Processor

Depending on the context, SparkFusion may act as:

  • A data controller when determining the purposes and means of processing personal data (for example, for our own HR, recruitment, and marketing activities); and
  • A data processor when processing personal data on behalf of clients (for example, translating customer communications, annotating datasets, or providing interpretation services).

3.2 Management Responsibilities

Senior management is responsible for ensuring that:

  • This Policy is implemented and communicated across the organisation;
  • Appropriate technical and organisational measures are in place to protect personal data;
  • Data protection risks are assessed and mitigated in project planning and execution.

3.3 Staff, Linguists, and Contractors

All staff, linguists, and contractors who handle personal data must:

  • Follow this Policy and any related procedures or instructions;
  • Respect confidentiality obligations in contracts and NDAs;
  • Use only authorised systems and channels to access and share data;
  • Immediately report any suspected data breach or security incident.

4. Categories of Data We Process

In the course of providing language and data services, SparkFusion may process various categories of personal data, including:

  • Identity data — name, title, contact details, country, and organisation.
  • Professional data — role, skills, language pairs, experience, CV details, project feedback.
  • Communication data — email content, chat transcripts, meeting notes, and reference materials that may contain personal data.
  • Usage and technical data — IP address, device and browser information, and logs related to our websites or platforms.
  • Financial and billing data — invoice information, payment references, and limited banking details for contractors or vendors, where applicable.

On certain client projects, our work may involve special categories of personal data (for example, health-related content, political opinions, or other sensitive information contained within texts or voice data). In such cases, we implement stricter access controls, confidentiality measures, and project-specific data-handling instructions agreed with the client.

5. Lawful Basis for Processing

Where data protection laws require a lawful basis for processing, SparkFusion relies on one or more of the following:

  • Performance of a contract — processing necessary to fulfil our obligations to clients, linguists, or other partners.
  • Legitimate interests — such as ensuring quality, security, and efficiency of our services, and maintaining relationships with our clients and teams.
  • Consent — for certain recruitment activities, communications, or optional data fields where explicit consent is required or appropriate.
  • Legal obligations — processing necessary to comply with tax, accounting, labour, or other regulatory requirements.

6. Key Processing Activities

6.1 Translation and Localization Services

For translation and localization projects, we may receive documents, strings, or other content that include personal data. Our linguists and project teams process this data strictly for the purpose of delivering the agreed service, following client instructions and our internal security protocols.

6.2 Interpretation Services

Interpretation work may involve real-time or recorded conversations, meetings, or calls in which personal data is discussed. Interpreters are bound by strict confidentiality requirements and may be given only the minimum information necessary to perform their role effectively.

6.3 Data Services and AI Projects

For data services (e.g., voice data collection, transcription, annotation, and quality review), we may process:

  • Voice recordings and associated metadata;
  • Text content for annotation or quality evaluation;
  • Project-specific labels and assessments.

Where possible, we encourage pseudonymisation or anonymisation to minimise the amount of identifiable personal data used in AI and machine-learning projects.

6.4 Recruitment and Vendor Management

When candidates or linguists submit applications (for example, through our careers pages or dedicated forms), we process their personal data to assess suitability, manage communication, and, where relevant, onboard them into our network. We also maintain records to ensure quality, compliance, and fair allocation of opportunities.

7. Data Security and Confidentiality

SparkFusion applies appropriate technical and organisational measures to protect personal data, including:

  • Use of secure, access-controlled systems for project management and file exchange;
  • Encryption in transit (e.g., HTTPS) and, where appropriate, at rest;
  • Role-based access control, ensuring only authorised personnel can view or handle specific data;
  • Confidentiality agreements and non-disclosure obligations for employees, linguists, and contractors;
  • Regular review of access rights, project folders, and archival storage;
  • Secure disposal or anonymisation of data when it is no longer needed.

Personal data should never be stored on personal devices or transmitted through unapproved channels unless expressly permitted and appropriately secured.

8. Data Sharing and Use of Processors

SparkFusion may engage third-party service providers (data processors) to support our operations, such as:

  • Cloud hosting and storage providers;
  • Project management and communication platforms;
  • Payment and invoicing services;
  • Specialised tools for transcription, annotation, or quality review.

When we use processors, we:

  • Conduct reasonable due diligence on security and privacy practices;
  • Enter into data processing agreements imposing confidentiality and data protection obligations;
  • Limit processing to the purposes specified by SparkFusion and our clients.

Personal data may also be shared with clients where necessary to report project outcomes or quality results, in line with contractual obligations.

9. International Data Transfers

Our linguists, clients, and infrastructure may be distributed across different countries. As a result, personal data may be transferred internationally, including to jurisdictions that may not have the same level of data protection as your home country.

Where required by law, we use appropriate safeguards (such as contractual clauses and access restrictions) to protect personal data during international transfers and ensure that processing remains aligned with this Policy.

10. Data Retention and Disposal

SparkFusion retains personal data only for as long as necessary to fulfil the relevant purposes, including:

  • Completing active projects and providing ongoing support;
  • Maintaining a record of work completed for quality, audit, and contractual reasons;
  • Meeting legal, tax, and accounting requirements;
  • Managing recruitment records and vendor relationships.

When data is no longer required, we will delete it or anonymise it in a secure manner, following documented data-retention schedules and client-specific agreements where applicable.

11. Data Subject Rights

Individuals whose personal data we process may, subject to applicable law, have rights such as:

  • Right of access to the personal data held about them;
  • Right to rectification of inaccurate or incomplete data;
  • Right to erasure (deletion) in certain circumstances;
  • Right to restrict or object to processing in specific situations;
  • Right to data portability, where applicable;
  • Right to withdraw consent where processing is based on consent.

Requests to exercise these rights can be sent to support@sparkfusioninnovations.com. We will handle such requests in accordance with applicable data protection laws and may require proof of identity before responding.

12. Data Breach Management

A data breach is any incident leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

SparkFusion maintains procedures to:

  • Promptly identify and contain suspected or actual data breaches;
  • Assess the impact and risk to affected individuals and clients;
  • Notify clients and, where required by law, relevant authorities and affected individuals within the applicable timeframes;
  • Document incidents and implement corrective actions to prevent recurrence.

All staff, linguists, and contractors are required to immediately report any suspected breach or security issue to the designated SparkFusion contact.

13. Training and Awareness

SparkFusion provides appropriate training and guidance to employees and key contractors on:

  • Data protection and privacy obligations relevant to their role;
  • Secure handling of client content and project data;
  • Recognising and reporting security incidents and data breaches.

Additional instructions may be issued for specific projects, especially those involving sensitive data or specialised regulatory requirements.

14. Policy Review and Updates

This Data Protection Policy is reviewed regularly and updated when needed to reflect:

  • Changes in legal or regulatory requirements;
  • Updates to our services, systems, or organisational structure;
  • Lessons learned from audits, incidents, or client feedback.

Last updated: February 2026

15. Contact for Data Protection Queries

Questions about this Policy or our data protection practices can be directed to:

SparkFusion Innovations
P.O Box 111, 50103, Malava, Kakamega, Kenya
Email: support@sparkfusioninnovations.com