Privacy Policy

Privacy policy

The purpose of this privacy policy is to inform you about how your data is being handled by us. You have certain rights in relation to your data, including the right to revoke your consent and the right to object to processing based on legitimate interests, profiling (including the use of custom and lookalike/similar audiences), and direct marketing. At any time, you can exercise your rights by emailing us at support@solarsmile.co.uk. For further details about our processing and your rights, please see below.

Disclaimer

We maintain commercial relationships with our Service Providers. This means that we may receive payment when we share information that you provide to us via our webforms with our Service Provider(s) in order to allow them to offer you a quote or information for the product or service that you have requested.

CONTENTS

  • About us
  • How our site works
  • What data we collect, and how we collect it
  • Cookies
  • IP Addresses
  • How we use your data
  • Transferring your data
  • Storing your data
  • Legal grounds
  • Your rights
  • Your California privacy rights
  • Contacting us
  • Cookies we use, and the purposes we use them for
  • Changes to this Privacy Policy
  • Consent Statement
  • Service Providers

About us

SolarSmile is a brand of Flying Doors Ltd  (“Flying Doors”, “we”, “us”, “our”). Flying Doors is a company registered in England and Wales (company number: 13603579), whose registered office address is at 2 Marsh Road, Bristol, England, BS3 2NA.

For the purposes of the General Data Protection Regulation (the “GDPR”), Flying Doors is the controller in relation to your data. 

How our site works

Requesting quotes or information

Our site enables people to request quotes or information for the product or service shown or selected on the site (the “Product”).

The service that our site provides is to connect people who are looking to purchase the Product with relevant providers of the Product (“Service Providers”).

If you’d like to request and receive quotes or information for the Product (“Quotes”), please complete and submit our webform.

Once we’ve received your request, we’ll connect you with one or more relevant Service Providers who will contact you in response to your request. In order to connect you with the Service Provider(s), we share the information that you provide to us via our webforms with those Service Provider(s). We’ll tell the Service Providers who you are, and your Product requirements, and they’ll then contact you directly with your requested Quotes. Our webform will ask for your consent before your details are submitted. This statement sets out that Service Providers will contact you.

For certain Products, before connecting you with relevant Service Providers, we may call you to confirm your details or requirements.

You can choose which Service Provider to buy from, but there is no obligation to purchase from any of them.

Other than what we state in this Privacy Policy, we do not share your data with anyone else or use it for any other purpose, except on an aggregate and anonymous basis. This means that we also do not transfer it to any advertising network, or use it to build user profiles.

Once we’ve received your enquiry, we’ll do one of the following:

  • We’ll connect you directly with one or more relevant Service Providers. We’ll tell the Service Providers who you are, and the information that you provided on the webform (as set out below). They’ll then contact you directly to finalise your quote. You’ll see on our webform that we have a really clear consent statement. This statement sets out the Service Providers that will contact you.
  • Alternatively, we’ll call you, either in our brand name or in the name of and on behalf of a Service Provider, to book your appointment.

There’s no obligation to book an appointment with, or purchase anything from, any of the Service Providers that we connect you with.

What data we collect and how we collect it

Contact details and product requirements

If you complete our webform in order to request Quotes or to book an appointment, it will ask you for your contact details, such as your name, email address, telephone number, postal address, and/or postal code.

Our webform will also ask for information regarding your Product requirements.

From time to time, we change our webforms, and so they may ask you for other information. It will always be clear from the webform what information we’re requesting, and we only request information that is relevant to your request, and the service that we’re providing.

When you visit our site, we will do our best to provide you with the information you are looking for. This will mean that, sometimes, we may ask you for your name and email address (via a pop-up box on our site) so that we are able to send you more information about the products or services that you have shown an interest in. You are not required to submit this information to us and, if you change your mind, you can opt-out at any time by clicking the unsubscribe link in the email.

IP addresses

We also store and share Internet Protocol (IP) addresses, as explained below. Every computer or device has an IP address – a unique number – which enables it to communicate with other computers and devices over the Internet.

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. At the bottom of this policy, we have included a table, setting out what cookies we use, and the purposes for which we use them.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaopto

IP addresses

We store IP addresses in order to stop unwanted traffic (i.e. spam) to our site. For example, if we become aware that spam is coming from a particular IP address (i.e. computer or location), we can block that IP address.

HOW WE USE YOUR DATA

We use your data (described above) in the following ways.

To connect you with relevant Service Providers

As explained above, if you submit our webform, we’ll pass your request to one or more relevant Service Providers (named on the consent statement). We will do this in a secure way. For example, using HTTP Secure (HTTPS), which means the data is encrypted. The Service Providers then contact you directly with your quotes. They may contact you by telephone, text/SMS or email.

Before we pass your request to any Service Providers, our service may involve an element of automated decision-making. Our technology platform may automatically assess your Product requirements based on the information you have provided us and pass your request to such Service Providers that would like to receive requests for Quotes at the time your request is made.

Some Service Providers may pass your data to third-party credit check agencies as part of your application for specific financial products, and you will be made aware of this in the consent statement section.

To call you to confirm your details or requirements

For certain Products, before connecting you with relevant Service Providers, we may call you to confirm your details or requirements.

We may also call you to ask about your experience using our site and service and dealing with the Service Providers with which we connected you.

To call you to book an appointment

Where you have requested to book an appointment, we may call you, either in our brand name or in the name of and on behalf of a Service Provider, to book your appointment.

If we book an appointment for you, we’ll share your details, including any information that you provide on the call, with the Service Provider. We’ll also tell you which Service Provider we’ve made an appointment with. We won’t book an appointment without your approval.

Occasionally, we may not be able to find a suitable appointment for you. If this is the case, we’ll let you know on the call. However, we may be working with other Service Providers that can help you. If this is the case, we’ll pass your enquiry to those Service Providers (either named on the consent statement section or during the call), who will contact you directly by telephone, text/SMS or email.

To email or text you about similar products and services – But only if you haven’t opted out of such emails or texts

If you use our quote request service, then, as an existing user, we would like to email you or send you text/SMS messages, about similar products and services for which we think you might like quotes or information (“Other Products”). Sometimes your mobile network provider may charge you for such SMS messages.

You will always be given an opportunity to opt out of such messages before we send them, and we will not send such messages if you have opted out.

To create custom and lookalike/similar audiences

We like to work with Facebook, Google and other platforms (“Platforms”) to reach out to you with adverts for Other Products. We also like to use Platforms to reach out to other people who might like to use our quote request service.

We do this in two ways. In both cases, your data, along with other data, is used to create a custom audience and/or a lookalike/similar audience. Whenever an audience is shared with a Platform, the data is first hashed and pseudonymised, meaning that any data within the audience that could identify a person is replaced with an artificial identifier. So, the process is secure. Also, we don’t share more data than we need to for the purpose of creating the audience.

  • Custom audience – A custom audience is a list of existing users of our service (“Existing Users”). From time to time, we share this with Platforms. As explained above, the data is first hashed and pseudonymised. The Platform uses this audience to show our Existing Users our adverts for Other Products.
  • Lookalike/similar audience – A lookalike/similar audience is an audience created by the Platform. From time to time, we share with Platforms a list of Existing Users. The Platform uses this list to find and create lookalikes – i.e. other Platform users who have similar characteristics to the Existing Users – to which it shows our adverts. Again, as explained above, the data is first hashed and pseudonymised.

As we explain below, at any time, you may object to such activity by emailing us at support@solarsmile.co.uk.

To improve your in-app experience and for marketing attribution 

We may use data collected in our app to better understand how you interact with our content and track the relevance of our marketing campaigns to your interests.

To verify that your webform submission is a genuine request – But only where your submission relates to a finance product or service

We work with a third party supplier, Contact State, so that we can pass on your request to our Service Providers correctly. Contact State provides lead validation services to our Service Providers. Contact State receives de-identified data from us about your request. ‘De-identified’ means that they are unable to establish your real-world identity from the data they receive from us. We do not provide them with any access to any contact information, which could be used by them to identify you as an individual person. Contact State uses that de-identified data to indicate to us the likelihood that your request has been submitted by a ‘real’ human and not a robot, or automated request generator. They do this by examining a ‘browser fingerprint’ associated with your request – it contains, for example, details of the model of device you are using, your internet browser, and the region from which you submit your request.

Contact State is based in the UK and will not store your de-identified data outside the UK and European Union. If you do not want us to pass your de-identified data to Contact State, please contact us by emailing support@solarsmile.co.uk. You can find out more about how Contact State uses this data here – https://www.contactstate.com/legal/prospect-notice.

To email you to remind you to complete our webform where it's partially completed

If you start but don’t complete one of our webforms, we may email you to remind you to complete that webform. We will only store data inputted by you in a partially completed webform for two hours from when you leave the webform. If you don’t return to the webform to complete and submit the form in two hours, we will permanently delete the data you’ve inputted, subject to an automatic back-up of that data being made and stored for 30 days from the date you partially completed our form. Such back-up will not be readily accessible by us and your data will not be used for any other purpose.

Receiving data from Service Providers

From time to time, Service Providers may return data to us. They may do this if they have a query regarding a request for Quotes or an enquiry that we have sent to them in order to enable us to resolve the query. They may also return data to us, together with confirmation on whether or not a product has been purchased, in order to enable us to improve our marketing. We may also use such data to create custom and lookalike/similar audiences, as explained above.

Working with suppliers

We work with a number of suppliers, who process data on our behalf. These include cloud storage providers, email service providers, and cloud telephony providers. We have appropriate contracts in place with such suppliers to ensure the protection and confidentiality of data.

Transferring your data

Depending on the countries in which you’re looking for Service Providers, we may transfer your data outside the UK. As of 1 January 2021, the UK is no longer a part of the European Economic Area (the “EEA”). This means that your data may be transferred outside of the UK to countries inside the EEA, or to another country outside of the EEA. For example, if you’re looking for Service Providers in the USA, we may need to transfer your data to the USA.

Although the UK is no longer part of the EEA, we will still hold your data to the same level of protection as we did when we were part of the EEA. This means that for any transfer of your data outside of the UK, we will continue to take steps to ensure that it is protected to the same level of protection that applies to transfers of data outside of the EEA.

Certain countries have a European Commission adequacy decision, which means they are considered to offer an adequate level of data protection and we will continue to only transfer data to those countries on this basis.

Other countries do not have the same level of legal protection as countries in the EEA, or with an adequacy decision. If we do transfer your data in this way, we will take steps to ensure that it is protected to the same levels that apply in the EEA. This may include, for example, adopting the EU’s standard contractual clauses.

Storing your data

We have a data retention policy, which clearly sets out how long we keep data for, and for what reasons.

We will keep your data only for as long as is necessary to fulfil the purpose/s for which it was collected in the first place, i.e. as set out in this Privacy Policy.

For example:

  • We will keep your request for Quotes for 6 months after you make the request to enable us to resolve any queries from Service Providers, should they arise.
  • If you haven’t opted out of receiving marketing from us, we will keep your details, and send you emails, until such time as you don’t engage with our emails for a period of 6 consecutive months.

Following the periods set out above, we will not use the data, save that we will hash/anonymise the same, and retain it for a further 3 years for compliance purposes.

Legal grounds

This Privacy Policy sets out (above) how we use your data. Under the GDPR, controllers must have a valid lawful basis for each processing activity that they undertake. This section sets out our lawful basis for each activity.

Activity

Lawful Basis under the GDPR

Your Rights

To connect you with relevant Service Providers, including in respect of certain health-related Products

Consent

To withdraw your consent, as explained below

The automated decision-making explained above

Legitimate interests

You have the right to object to processing based on legitimate interests

Using and sharing IP addresses

Legitimate interests

You have the right to object to processing based on legitimate interests

To email you regarding a partially completed webform

Legitimate interests

You have the right to object to processing based on legitimate interests

To call you to confirm your details or requirements

Consent

To withdraw your consent, as explained below

To call you to book an appointment

Consent

To withdraw your consent, as explained below

Sharing call recordings with Service Providers

Legitimate interests

To object to processing based on legitimate interests

To email or SMS message you about similar products and services

Legitimate interests*

To object to processing based on legitimate interests. You also have the right to object to direct marketing

To create custom and lookalike/similar audiences

Legitimate interests

You have the right to object to processing based on legitimate interests

Receiving data from Service Providers

Legitimate interests

You have the right to object to processing based on legitimate interests

To email or SMS message you with more information about the products or services that you have shown an interest in

Consent

To withdraw your consent, by clicking the unsubscribe link in the email or SMS message as applicable.

To improve your in-app experience and for marketing attribution

Legitimate interests

You have the right to object to processing based on legitimate interests

To verify that your webform submission is a genuine request (only where your submission relates to a finance product or service)

Legitimate interests

You have the right to object to processing based on legitimate interests

*Under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), we send such emails on the basis of the existing customer (soft opt-in) exemption.

In each case where we have identified legitimate interests as the legal basis for our processing, we have conducted a legitimate interests assessment.

Your rights

Your rights will be determined by the country in which you reside. If you reside in the European Economic Area or the United Kingdom, you have certain rights under GDPR in relation to your personal data. In relation to our site, and the service that we provide, those rights are set out in the table above. We further explain these rights, and your other rights, below.

Right of access – You have the right at any time to ask us for a copy of the personal information that we hold about you, and to check that we are lawfully processing it.

Right of rectification – If personal information that we hold about you is not accurate or is out of date and requires amendment or correction you have a right to have the data rectified or completed.

Right of erasure – In certain circumstances, you have the right to request that personal information we hold about you is erased (e.g. if the information is no longer necessary for the purposes for which it was collected or processed).

Right to object to or restrict processing – In certain circumstances, you have the right to object to our processing of your personal information. For example, if we are processing your information on the basis of our legitimate interests, and there are no compelling legitimate grounds for our processing which override your rights and interests.

Right of data portability – In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.

Right to withdraw consent – In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. You can exercise this right by accessing our Preference Centre.

Exercising your rights

As explained above, you can exercise your right to withdraw consent by accessing our Preference Centre.

If you wish to exercise any of your other rights under the GDPR or if you wish to discuss our use of your data, please email us at support@solarsmile.co.uk. Alternatively, you can write to us at the address set out above, or inform us if you speak with us on the phone.

Our lead supervisory authority for the processing set out in this Privacy Policy is the UK Information Commissioner’s Office (ICO). If you are unhappy with how we have processed your data, you have the right to make a complaint to the ICO.

If you are based outside of the UK, or you have a complaint concerning our activities outside of the UK, you may prefer to lodge a complaint with a different Supervisory Authority. A list of relevant authorities can be accessed here.

YOUR CALIFORNIA PRIVACY RIGHTS

This section provides more information about the personal information we collect about California consumers and the rights afforded to you under the California Consumer Privacy Act (“CCPA”).

You have certain rights in relation to your data, including the right to have your personal data deleted, and the right to object to your personal data being sold to third-parties. For details about the personal information we have collected over the last 12 months, including the categories of sources, please see the “What data we collect, and how” section above. We collect this information for the purposes set out in the “How we use your data” section above. We share this information with the categories of third parties described in the same section. We do not sell (as defined in the CCPA) the personal information we collect. We use third-party cookies for our advertising purposes as described in the Cookies section above and table below.

Subject to certain limitations, the CCPA provides California consumers the right to request more details about the categories or specific pieces of personal information we collect, such as how we use and disclose this information and to delete their personal information.

California consumers may make a request pursuant to their rights in the CCPA by contacting us at support@solarsmile.co.uk. We will verify your request using the information you have previously submitted to us, including your email address.

Please review our full Privacy Policy for California consumers here.

Contacting us

Our EU Representative:

Under Article 27 of the GDPR, we have appointed an EU representative to act as our data protection agent. Our nominated EU representative is:

Company name: Instant EU GDPR Representative Ltd

Name: Adam Brogden

Email: contact@gdprlocal.com

Tel+ 353 15 549 700

EU Dublin Address: INSTANT EU GDPR REPRESENTATIVE LTD, 69 Esker Woods Drive, Lucan, Co. Dublin Ireland

Under Article 27 of the UK Data Privacy Act, we have appointed a UK representative to act as our data protection agent. Our nominated UK representative is:

Company name: GDPR Local Ltd.

Name: Adam Brogden

Email: contact@gdprlocal.com 

Tel +44 1772 217800

UK Address: 1st Floor Front Suite, 27-29 North Street, Brighton, England, BN1 1EB


COOKIES WE USE, AND THE PURPOSES WE USE THEM FOR

Cookie

Name

Purpose

Universal Analytics (Google)

_ga _gali _gat_UA-1036645-1 _gid

These cookies collect information about how visitors use our website. We use the information to compile reports and to make improvements. The cookies collect information in an anonymous form, including where visitors have come to the website from and the pages they visited. To opt-out: https://tools.google.com/dlpage/gaoptout







Adwords Retargeting (Google)


These cookies are used to adjust the targeting of our paid search and display advertising to show ads to users who have previously been to our sites and/or engaged with our page such as completing a form. They contain no personal information.

DoubleClick Retargeting


These cookies are used to adjust the targeting of our display advertising to show ads to users who have previously been to our sites and/or engaged with our page such as completing a form. They contain no personal information.

Taboola Conversion Tracking


These cookies measure ad conversions and optimise spend for advertising campaigns served on Taboola.






















Adwords Conversion Tracking


These cookies measure when a user has completed an action on site such as completing a form. They contain no personal information.

Bing Conversion Tracking

UET Tag

These cookies measure when a user has completed an action on site such as completing a form. They contain no personal information.

DoubleClick Conversion Tracking


These cookies measure when a user has completed an action on site such as completing a form. They contain no personal information.

Facebook Pixel


These cookies measure ad conversions, optimise and build audiences for advertising campaigns served on Facebook. To opt-out: https://www.facebook.com/policies/cookies/.




Twitter Pixel


These cookies measure ad conversions and optimise advertising campaigns served on Twitter. To opt-out: https://help.twitter.com/en/safety-and-security/privacy-controls-for-tailored-ads

LinkedIn Pixel


These cookies measure ad conversions, optimise and build audiences for advertising campaigns served on LinkedIn. To opt-out: https://www.linkedin.com/legal/cookie-policy

Pinterest Tag


These cookies are used to track conversions, optimise and build audiences to reach customers on Pinterest. To opt-out: https://help.pinterest.com/en/articles/personalized-ads-pinterest

TikTok Pixel


These cookies measure ad conversions, optimise and build audiences for advertising campaigns served on TikTok. To opt-out: https://www.tiktok.com/legal/privacy-policy?lang=en

Changes to this privacy policy

From time to time, we may update this Privacy Policy. This Privacy Policy is our most up-to-date version and it supersedes any earlier version.

Last reviewed: 15/11/2022

Consent Statement

Your privacy is important to us. By submitting this form, you consent to Narwhal Group and a Service Provider contacting you by email, post, telephone (including automated calls) and/or SMS with details or quotes for such products, and/or to confirm your product requirements. You have certain rights in relation to your personal data, including the right to object to direct marketing.