We maintain commercial relationships with our Service Providers. This means that we may receive payment when we share information that you provide to us via our webforms with our Service Provider(s) in order to allow them to offer you a quote or information for the product or service that you have requested.
- About us
- How our site works
- What data we collect, and how we collect it
- IP Addresses
- How we use your data
- Transferring your data
- Storing your data
- Legal grounds
- Your rights
- Your California privacy rights
- Contacting us
- Cookies we use, and the purposes we use them for
- Consent Statement
- Service Providers
Spotdif is a brand of Narwhal Group Limited (“Narwhal”, “NMG”, “we”, “us”, “our”). NMG is a company registered in England and Wales (company number: 13603579), whose registered office address is at 2 Marsh Road, Bristol, England, BS3 2NA.
For the purposes of the General Data Protection Regulation (the “GDPR”), NMG is the controller in relation to your data.
HOW OUR SITE WORKS
Requesting quotes or information
Our site enables people to request quotes or information for the product or service shown or selected on the site (the “Product”).
The service that our site provides is to connect people who are looking to purchase the Product with relevant providers of the Product (“Service Providers”).
If you’d like to request and receive quotes or information for the Product (“Quotes”), please complete and submit our webform.
Once we’ve received your request, we’ll connect you with one or more relevant Service Providers who will contact you in response to your request. In order to connect you with the Service Provider(s), we share the information that you provide to us via our webforms with those Service Provider(s). We’ll tell the Service Providers who you are, and your Product requirements, and they’ll then contact you directly with your requested Quotes. Our webforms will ask for your consent before your details are submitted. This statement sets out that Service Providers will contact you.
For certain Products, before connecting you with relevant Service Providers, we may call you to confirm your details or requirements.
You can choose which Service Provider to buy from, but there is no obligation to purchase from any of them.
Requesting to book an appointment
Alternatively, for certain health Products (e.g. hearing aids), our site will enable people to find and hear from relevant health specialists (also “Service Providers”) and/or to book appointments with such Service Providers.
If you would like to hear from a Service Provider and/or book an appointment, please complete and submit our webform.
Once we’ve received your enquiry, we’ll do one of the following:
- We’ll connect you directly with one or more relevant Service Providers. We’ll tell the Service Providers who you are, and the information that you provided on the webform (as set out below). They’ll then contact you directly to book your appointment. You’ll see on our webform that we have a really clear consent statement. This statement sets out the Service Providers that will contact you.
- Alternatively, we’ll call you, either in our brand name or in the name of and on behalf of a Service Provider, to book your appointment.
There’s no obligation to book an appointment with, or purchase anything from, any of the Service Providers that we connect you with.
WHAT DATA WE COLLECT, AND HOW WE COLLECT IT
Contact details and product requirements
If you complete our webform in order to request Quotes or to book an appointment, it will ask you for your contact details, such as your name, email address, telephone number, postal address, and/or postal code.
Our webform will also ask for information regarding your Product requirements.
From time to time, we change our webforms, and so they may ask you for other information. It will always be clear from the webform what information we’re requesting, and we only request information that is relevant to your request, and the service that we’re providing.
When you visit our site, we will do our best to provide you with the information you are looking for. This will mean that, sometimes, we may ask you for your name and email address (via a pop-up box on our site) so that we are able to send you more information about the products or services that you have shown an interest in. You are not required to submit this information to us and, if you change your mind, you can opt out at any time by clicking the unsubscribe link in the email.
Information about your health
If you have completed a webform relating to a health Product, our webform may ask you for information including sensitive personal data (e.g. information about your health).
Additionally, if we call you in response to such a request, we may also ask you for information about your health.
We will only ask you information about your health where it is relevant to your request, and we will only collect this type of information with your consent.
We also store and share Internet Protocol (IP) addresses, as explained below. Every computer or device has an IP address – a unique number – which enables it to communicate with other computers and devices over the Internet.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. At the bottom of this policy, we have included a table, setting out what cookies we use, and the purposes for which we use them.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaopto
We store IP addresses in order to stop unwanted traffic (i.e. spam) to our site. For example, if we become aware that spam is coming from a particular IP address (i.e. computer or location), we can block that IP address.
HOW WE USE YOUR DATA
We use your data (described above) in the following ways.
To connect you with relevant Service Providers
As explained above, if you submit our webform, we’ll pass your request to one or more relevant Service Providers (named on the consent statement). We will do this in a secure way. For example, using HTTP Secure (HTTPS), which means the data is encrypted. The Service Providers then contact you directly with your quotes. They may contact you by telephone, text/SMS or email.
Before we pass your request to any Service Providers, our service may involve an element of automated decision-making. Our technology platform may automatically assess your Product requirements based on the information you have provided us and pass your request to such Service Providers that would like to receive requests for Quotes at the time your request is made.
Some Service Providers may pass your data to third-party credit check agencies as part of your application for specific financial products, and you will be made aware of this in the consent statement section.
To call you to confirm your details or requirements
For certain Products, before connecting you with relevant Service Providers, we may call you to confirm your details or requirements.
We may also call you to ask about your experience using our site and service, and dealing with the Service Providers with which we connected you.
To call you to book an appointment
Where you have requested to book an appointment, we may call you, either in our brand name or in the name of and on behalf of a Service Provider, to book your appointment.
If we book an appointment for you, we’ll share your details, including any information that you provide on the call, with the Service Provider. We’ll also tell you which Service Provider we’ve made an appointment with. We won’t book an appointment without your approval.
Occasionally, we may not be able to find a suitable appointment for you. If this is the case, we’ll let you know on the call. However, we may be working with other Service Providers that can help you. If this is the case, we’ll pass your enquiry to those Service Providers (either named on the consent statement section or during the call), who will contact you directly by telephone, text/SMS or email.
To email or text you about similar products and services – But only if you haven’t opted out of such emails or texts
If you use our quote request service, then, as an existing user, we would like to email you, or send you text/SMS messages, about similar products and services for which we think you might like quotes or information (“Other Products”). Sometimes your mobile network provider may charge you for such SMS messages.
You will always be given an opportunity to opt out of such messages before we send them, and we will not send such messages if you have opted out.
To create custom and lookalike/similar audiences
We like to work with Facebook, Google and other platforms (“Platforms”) to reach out to you with adverts for Other Products. We also like to use Platforms to reach out to other people who might like to use our quote request service.
We do this in two ways. In both cases, your data, along with other data, is used to create a custom audience and/or a lookalike/similar audience. Whenever an audience is shared with a Platform, the data is first hashed and pseudonymised, meaning that any data within the audience that could identify a person is replaced with an artificial identifier. So, the process is secure. Also, we don’t share more data than we need to for the purpose of creating the audience.
- Custom audience – A custom audience is a list of existing users of our service (“Existing Users”). From time to time, we share this with Platforms. As explained above, the data is first hashed and pseudonymised. The Platform uses this audience to show our Existing Users our adverts for Other Products.
- Lookalike/similar audience – A lookalike/similar audience is an audience created by the Platform. From time to time, we share with Platforms a list of Existing Users. The Platform uses this list to find and create lookalikes – i.e. other Platform users who have similar characteristics to the Existing Users – to which it shows our adverts. Again, as explained above, the data is first hashed and pseudonymised.
As we explain below, at any time, you may object to such activity by emailing us at firstname.lastname@example.org.
To improve your in-app experience and for marketing attribution
We may use data collected in our app to better understand how you interact with our content and track the relevance of our marketing campaigns to your interests.
To verify that your webform submission is a genuine request – But only where your submission relates to a finance product or service
We work with a third party supplier, Contact State, so that we can pass on your request to our Service Providers correctly. Contact State provides lead validation services to our Service Providers. Contact State receives de-identified data from us about your request. ‘De-identified’ means that they are unable to establish your real world identity from the data they receive from us. We do not provide them with any access to any contact information, which could be used by them to identify you as an individual person. Contact State uses that de-identified data to indicate to us the likelihood that your request has been submitted by a ‘real’ human and not a robot, or automated request generator. They do this by examining a ‘browser fingerprint’ associated with your request – it contains, for example, details of the model of device you are using, your internet browser, and the region from which you submit your request.
Contact State is based in the UK and will not store your de-identified data outside the UK and European Union. If you do not want us to pass your de-identified data to Contact State, please contact us by emailing email@example.com. You can find out more about how Contact State uses this data here – https://www.contactstate.com/legal/prospect-notice.
To email you to remind you to complete our webform where its partially completed
If you start but don’t complete one of our webforms, we may email you to remind you to complete that webform. We will only store data inputted by you in a partially completed webform for two hours from when you leave the webform. If you don’t return to the webform to complete and submit the form in two hours, we will permanently delete the data you’ve inputted, subject to an automatic back-up of that data being made and stored for 30 days from the date you partially completed our form. Such back-up will not be readily accessible by us and your data will not be used for any other purpose.
Receiving data from Service Providers
From time to time, Service Providers may return data to us. They may do this if they have a query regarding a request for Quotes or an enquiry that we have sent to them in order to enable us to resolve the query. They may also return data to us, together with confirmation on whether or not a product has been purchased, in order to enable us to improve our marketing. We may also use such data to create custom and lookalike/similar audiences, as explained above.
Working with suppliers
We work with a number of suppliers, who process data on our behalf. These include cloud storage providers, email service providers, and cloud telephony providers. We have appropriate contracts in place with such suppliers to ensure the protection and confidentiality of data.
TRANSFERRING YOUR DATA
Depending on the countries in which you’re looking for Service Providers, we may transfer your data outside the UK. As of 1 January 2021, the UK is no longer a part of the European Economic Area (the “EEA”). This means that your data may be transferred outside of the UK to countries inside the EEA, or to another country outside of the EEA. For example, if you’re looking for Service Providers in the USA, we may need to transfer your data to the USA.
Although the UK is no longer part of the EEA, we will still hold your data to the same level of protection as we did when we were part of the EEA. This means that for any transfer of your data outside of the UK, we will continue to take steps to ensure that it is protected to the same level of protection that applies to transfers of data outside of the EEA.
Certain countries have a European Commission adequacy decision, which means they are considered to offer an adequate level of data protection and we will continue to only transfer data to those countries on this basis.
Other countries do not have the same level of legal protection as countries in the EEA, or with an adequacy decision. If we do transfer your data in this way, we will take steps to ensure that it is protected to the same levels that apply in the EEA. This may include, for example, adopting the EU’s standard contractual clauses.
STORING YOUR DATA
We have a data retention policy, which clearly sets out how long we keep data for, and for what reasons.
- We will keep your request for Quotes for 6 months after you make the request to enable us to resolve any queries from Service Providers, should they arise.
- If you haven’t opted out of receiving marketing from us, we will keep your details, and send you emails, until such time as you don’t engage with our emails for a period of 6 consecutive months.
Following the periods set out above, we will not use the data, save that we will hash/anonymise the same, and retain it for a further 3 years for compliance purposes.
|Activity||Lawful Basis under the GDPR||Your Rights|
|To connect you with relevant Service Providers, including in respect of certain health-related Products||Consent||To withdraw your consent, as explained below|
|The automated decision-making explained above||Legitimate interests||You have the right to object to processing based on legitimate interests|
|Using and sharing IP addresses||Legitimate interests||You have the right to object to processing based on legitimate interests|
|To email you regarding a partially completed webform||Legitimate interests||You have the right to object to processing based on legitimate interests|
|To call you to confirm your details or requirements||Consent||To withdraw your consent, as explained below|
|To call you to book an appointment||Consent||To withdraw your consent, as explained below|
|Sharing call recordings with Service Providers||Legitimate interests||To object to processing based on legitimate interests|
|To email or SMS message you about similar products and services||Legitimate interests*||To object to processing based on legitimate interests. You also have the right to object to direct marketing|
|To create custom and lookalike/similar audiences||Legitimate interests||You have the right to object to processing based on legitimate interests|
|Receiving data from Service Providers||Legitimate interests||You have the right to object to processing based on legitimate interests|
|To email or SMS message you with more information about the products or services that you have shown an interest in||Consent||To withdraw your consent, by clicking the unsubscribe link in the email or SMS message as applicable.|
|To improve your in-app experience and for marketing attribution||Legitimate interests||You have the right to object to processing based on legitimate interests|
|To verify that your webform submission is a genuine request (only where your submission relates to a finance product or service)||Legitimate interests||You have the right to object to processing based on legitimate interests|
*Under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), we send such emails on the basis of the existing customer (soft opt-in) exemption.
In each case where we have identified legitimate interests as the legal basis for our processing, we have conducted a legitimate interests assessment.
Your rights will be determined by the country in which you reside. If you reside in the European Economic Area or the United Kingdom, you have certain rights under GDPR in relation to your personal data. In relation to our site, and the service that we provide, those rights are set out in the table above. We further explain these rights, and your other rights, below.
Right of access – You have the right at any time to ask us for a copy of the personal information that we hold about you, and to check that we are lawfully processing it.
Right of rectification – If personal information that we hold about you is not accurate or is out of date and requires amendment or correction you have a right to have the data rectified or completed.
Right of erasure – In certain circumstances, you have the right to request that personal information we hold about you is erased (e.g. if the information is no longer necessary for the purposes for which it was collected or processed).
Right to object to or restrict processing – In certain circumstances, you have the right to object to our processing of your personal information. For example, if we are processing your information on the basis of our legitimate interests, and there are no compelling legitimate grounds for our processing which override your rights and interests.
Right of data portability – In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.
Right to withdraw consent – In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. You can exercise this right by accessing our Preference Centre.
Exercising your rights
As explained above, you can exercise your right to withdraw consent by accessing our Preference Centre.
If you wish to exercise any of your other rights under the GDPR or if you wish to discuss our use of your data, please email us at firstname.lastname@example.org. Alternatively, you can write to us at the address set out above, or inform us if you speak with us on the phone.
If you are based outside of the UK, or you have a complaint concerning our activities outside of the UK, you may prefer to lodge a complaint with a different Supervisory Authority. A list of relevant authorities can be accessed here.
YOUR CALIFORNIA PRIVACY RIGHTS
This section provides more information about the personal information we collect about California consumers and the rights afforded to you under the California Consumer Privacy Act (“CCPA”).
You have certain rights in relation to your data, including the right to have your personal data deleted, and the right to object to your personal data being sold to third-parties. For details about the personal information we have collected over the last 12 months, including the categories of sources, please see the “What data we collect, and how” section above. We collect this information for the purposes set out in the “How we use your data” section above. We share this information with the categories of third parties described in the same section. We do not sell (as defined in the CCPA) the personal information we collect. We use third-party cookies for our advertising purposes as described in the Cookies section above and table below.
Subject to certain limitations, the CCPA provides California consumers the right to request more details about the categories or specific pieces of personal information we collect, such as how we use and disclose this information and to delete their personal information.
California consumers may make a request pursuant to their rights in the CCPA by contacting us at email@example.com. We will verify your request using the information you have previously submitted to us, including your email address.
Our EU Representative
Under Article 27 of the GDPR, we have appointed an EU representative to act as our data protection agent. Our nominated EU representative is:
Company name: Instant EU GDPR
Name: Adam Brogden
Tel+ 353 15 549 700
EU Dublin Address: INSTANT EU GDPR REPRESENTATIVE LTD, 69 Esker Woods Drive, Lucan, Co. Dublin Ireland
Under Article 27 of the UK Data Privacy Act, we have appointed a UK representative to act as our data protection agent. Our nominated UK representative is:
Company name: GDPR Local Ltd.
Name: Adam Brogden
Tel +44 1772 217800
UK Address: 1st Floor Front Suite, 27-29 North Street, Brighton, England, BN1 1EB
COOKIES WE USE, AND THE PURPOSES WE USE THEM FOR
|Universal Analytics (Google)||_ga _gali _gat_UA-1036645-1 _gid||These cookies collect information about how visitors use our website. We use the information to compile reports and to make improvements. The cookies collect information in an anonymous form, including where visitors have come to the website from and the pages they visited. To opt-out: https://tools.google.com/dlpage/gaoptout|
|Adwords Retargeting (Google)||These cookies are used to adjust the targeting of our paid search and display advertising to show ads to users who have previously been to our sites and/or engaged with our page such as completing a form. They contain no personal information.|
|DoubleClick Retargeting||These cookies are used to adjust the targeting of our display advertising to show ads to users who have previously been to our sites and/or engaged with our page such as completing a form. They contain no personal information.|
|Taboola Conversion Tracking||These cookies measure ad conversions and optimise spend for advertising campaigns served on Taboola.|
|Adwords Conversion Tracking||These cookies measure when a user has completed an action on site such as completing a form. They contain no personal information.|
|Bing Conversion Tracking||UET Tag||These cookies measure when a user has completed an action on site such as completing a form. They contain no personal information.|
|DoubleClick Conversion Tracking||These cookies measure when a user has completed an action on site such as completing a form. They contain no personal information.|
|Facebook Pixel||These cookies measure ad conversions, optimise and build audiences for advertising campaigns served on Facebook. To opt-out: https://www.facebook.com/policies/cookies/.|
|Twitter Pixel||These cookies measure ad conversions and optimise advertising campaigns served on Twitter. To opt-out: https://help.twitter.com/en/safety-and-security/privacy-controls-for-tailored-ads|
|LinkedIn Pixel||These cookies measure ad conversions, optimise and build audiences for advertising campaigns served on LinkedIn. To opt-out: https://www.linkedin.com/legal/cookie-policy|
|Pinterest Tag||These cookies are used to track conversions, optimise and build audiences to reach customers on Pinterest. To opt-out: https://help.pinterest.com/en/articles/personalized-ads-pinterest|
|TikTok Pixel||These cookies measure ad conversions, optimise and build audiences for advertising campaigns served on TikTok. To opt-out: https://www.tiktok.com/legal/privacy-policy?lang=en|
Last reviewed: 15/11/2022
Your privacy is important to us. By submitting this form, you consent to Narwhal Group and a Service Provider contacting you by email, post, telephone (including automated calls) and/or SMS with details or quotes for such products, and/or to confirm your product requirements. You have certain rights in relation to your personal data, including the right to object to direct marketing.
Safestyle UK PLC
First Home Improvements Limited
The Data Supermarket Limited
T&K Home Improvements
Britannia Windows (UK) Ltd
North West Heating Solutions
Bristol Business Brokers
Scout Financial Services Ltd
Nationwide Waste Services
St James Global
Swan Business Brokers
Ducere Global Business School
Bespoke Composite Doors