Last updated: January 7, 2025
Spark Systems Rwanda Ltd, registered in Rwanda, acts as the data controller for personal data processed through our platform. We are committed to protecting your privacy in accordance with Rwanda's Data Protection and Privacy Law (Law No. 058/2021) and international best practices. Contact us at privacy@spark.rw for privacy-related inquiries.
We collect: (a) Account information: name, phone number, email, payment details; (b) Location data: pickup/dropoff locations, GPS coordinates, vehicle tracking data; (c) Usage data: app interactions, ride history, vehicle usage patterns; (d) Device information: device type, operating system, vehicle telematics; (e) Driver/Lessee information: license details, driving record, credit assessment, employment history, references; (f) Financial data: income verification, payment history, lease payment records; (g) Vehicle data: mileage, maintenance records, condition reports, fuel/battery usage; (h) Communications: support messages, feedback, lease agreement discussions.
We process your data based on: (a) Contract performance: to provide ride-hailing services and execute operating lease agreements; (b) Legitimate interests: fleet management, asset protection, fraud prevention, credit assessment, and service improvement; (c) Legal obligations: compliance with RTDA regulations, tax laws, leasing regulations, and financial reporting requirements; (d) Consent: for marketing communications and optional features; (e) Vital interests: for emergency situations, vehicle recovery, and safety purposes.
Your data is used to: (a) Execute and manage operating lease agreements; (b) Assess creditworthiness and lease eligibility; (c) Monitor vehicle usage, location, and condition; (d) Process lease payments and maintain financial records; (e) Facilitate ride matching and navigation services; (f) Conduct fleet maintenance and asset management; (g) Ensure compliance with lease terms and usage restrictions; (h) Provide customer support and resolve disputes; (i) Recover vehicles in case of default or theft; (j) Generate reports for regulatory authorities and tax compliance.
We share data only when necessary: (a) With lessees/passengers for ride coordination; (b) With payment processors and financial institutions for lease financing; (c) With insurance companies for claims processing and risk assessment; (d) With maintenance providers and fleet management partners; (e) With credit bureaus and collection agencies for lease management; (f) With RTDA, RRA, and other regulatory authorities as required; (g) With law enforcement for vehicle recovery and legal proceedings; (h) With service providers under strict confidentiality agreements; (i) In emergency situations to protect safety. We do not sell personal data to third parties.
We retain personal data as required for operating lease business: (a) Lease agreement data: 10 years after lease termination for legal and tax compliance; (b) Financial and payment data: 7 years as required by RRA and banking regulations; (c) Vehicle tracking and usage data: duration of lease plus 3 years for warranty and dispute resolution; (d) Driver verification and background check data: as required by RTDA and insurance providers; (e) Maintenance and condition records: vehicle lifetime plus 5 years; (f) Credit assessment data: 7 years for financial reporting; (g) Marketing data: until consent is withdrawn. Data is securely deleted after retention periods expire.
Under Rwandan law, you have the right to: (a) Access your personal data and obtain copies; (b) Correct inaccurate or incomplete data; (c) Delete your data (subject to legal retention requirements); (d) Restrict processing in certain circumstances; (e) Data portability for data you provided; (f) Object to processing based on legitimate interests; (g) Withdraw consent for consent-based processing; (h) Lodge complaints with Rwanda's data protection authority.
We implement comprehensive security measures: (a) Encryption of data in transit and at rest; (b) Access controls and authentication systems; (c) Regular security audits and vulnerability assessments; (d) Staff training on data protection principles; (e) Incident response procedures for data breaches; (f) Secure data centers with physical security controls. We notify authorities and affected users of breaches as required by law.
If we transfer data outside Rwanda, we ensure adequate protection through: (a) Adequacy decisions by Rwandan authorities; (b) Standard contractual clauses approved by regulators; (c) Binding corporate rules for intra-group transfers; (d) Explicit consent for specific transfers; (e) Derogations for contract performance or vital interests. We maintain records of all international transfers.
Our services are not intended for children under 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a child, we will delete it promptly. Parents or guardians who believe their child has provided personal data should contact us immediately.
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated through the app, email, or website notice at least 30 days before taking effect. Continued use after changes indicates acceptance of the updated policy.
For privacy-related questions, requests, or complaints, contact us at: Email: privacy@spark.rw, Phone: +250 788 123 456, Address: Spark Systems Rwanda Ltd, KG 123 St, Kigali, Rwanda. We will respond to requests within 30 days as required by Rwandan law.