Privacy Policy

QLG Media Ltd (“QLG Media”, “we”, “us”) is a company registered in England & Wales, company number 14730927, with its registered office at 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ. We are the data controller for personal data collected through our websites and mobile apps.

We operate a portfolio of UK consumer comparison and quote websites, including (but not limited to) lifequotesuk.co.uk, private-health.co.uk, and releasemyequity.co.uk, together with mobile apps such as Good Boy Ben. We also operate an internal ad-operations platform called Pulse, which is used by QLG Media staff to manage paid advertising campaigns for QLG Media and for gites.co.uk Ltd — a separate Ltd company under common ownership whose advertising is managed in the same Google Ads account. See the Pulse page and the section below titled Use of Google Ads API, Microsoft Advertising API and Meta Marketing API for details on how Pulse interacts with data.

This policy applies to personal data we collect when you visit our websites, submit an enquiry through one of our quote forms, install or use the Good Boy Ben app, or otherwise interact with QLG Media. References below to “our sites” cover all of the consumer comparison websites we operate; references to “our apps” cover Good Boy Ben and any successor mobile applications we publish.

We collect the following categories of personal data:

• Information you provide on enquiry forms: name, date of birth, email address, telephone number, postal address, postcode, and the quote-specific fields appropriate to the product you are enquiring about — for example desired cover amount and smoker status on a life-insurance enquiry, age and current cover details on a private-health enquiry, and property value, property type and outstanding mortgage on an equity-release enquiry.
• Device and connection data: IP address, user agent string, browser type and version, operating system, device type and approximate screen size, the pages on our sites you visit, the referring URL that sent you to us, the time of each visit, and (with your consent) basic interaction-level analytics such as time on page and exit points.
• Advertising and attribution identifiers: Google Click Identifier (gclid) when your visit came from a Google Ads click, Microsoft Click Identifier (msclkid) for Microsoft Advertising clicks, Facebook Click Identifier (fbclid) for Meta clicks, UTM parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content) and the equivalent ValueTrack parameters published by Google Ads (such as keyword ID, match type, network and device). These identifiers tell us which campaign, ad group, keyword and creative drove your visit, so we can measure how well our advertising is performing.
• Cookies and similar technologies: see our cookies section below for the full list, including which are strictly necessary and which require your consent.
• Mobile-app data (Good Boy Ben only): the reminders you create, settings you choose, and crash / diagnostic data necessary to keep the app running. Good Boy Ben does not collect contact data unless you opt in to support correspondence.
• Server logs: access logs generated by our web hosts (request method, URL, response code, response size, referrer, user agent, source IP, timestamp). These are retained for 30 days for security and debugging.

We do not collect special-category data (health information, religious beliefs, biometric data, etc.) except where you voluntarily provide it inside the free-text fields of a quote enquiry where doing so is necessary to obtain an appropriate quote (for example, declaring a pre-existing medical condition on a life-insurance enquiry). Where you do provide such data, we treat it with the additional protections required by UK GDPR.

We use your personal data to:

• Match your enquiry with appropriate FCA-authorised brokers or providers in our partner network, who will then contact you about products that may meet your needs.
• Operate, secure, and improve our websites and apps.
• Measure the performance of our advertising campaigns and improve conversion attribution.
• Comply with legal, regulatory, and accounting obligations.

• Consent — when you submit a quote-enquiry form, you consent to your details being shared with the brokers in our partner network for the purpose of providing a quote and follow-up.
• Legitimate interests — for site security, fraud prevention, performance analytics, and improving our services.
• Legal obligation — to satisfy regulatory and accounting requirements.

We share personal data only with:

• FCA-authorised brokers and product providers you ask us to refer you to, via the lead-distribution platform Visionary Markets / VMLeads. Once your details are passed, the receiving broker becomes a separate data controller for their use of your data.
• Service providers we rely on to operate the business — hosting (Plesk / DigitalOcean), email (Mailgun), analytics (Google Analytics 4, Microsoft Clarity), payment processing (Stripe), and advertising platforms (Google Ads, Microsoft Advertising, Meta).
• Regulators, courts, or law enforcement where required by law.

We do not sell your personal data, and we do not share it for purposes unrelated to your original enquiry.

We use the Google Ads API, the Microsoft Advertising API and the Meta Marketing API exclusively to manage advertising campaigns operated by QLG Media Ltd and by gites.co.uk Ltd, a separate Ltd company under common ownership whose campaigns run in the same Google Ads account. The integration is implemented by our internal platform Pulse, described in more detail on the Pulse page.

Outbound — what we send to the ad platforms:

• Operational changes to our own ad accounts — keyword bid adjustments, paused / resumed keywords, negative-keyword additions, campaign budget changes, and ad-copy updates. These contain no personal data, only ad-account configuration.
• Offline conversion events. When an enquiry that originated from a Google Ads, Microsoft Advertising or Meta click is accepted by an FCA-authorised broker in our partner network (and so becomes a billable conversion for QLG Media), Pulse uploads an offline conversion event back to the originating ad platform. The event consists of the platform's own click identifier (gclid / msclkid / fbclid), a conversion name, a conversion timestamp, and a conversion value. We do not transmit the enquirer's name, email address, telephone number, postal address, or any other free-text field from the enquiry as part of this offline conversion upload.

Inbound — what we retrieve from the ad platforms:

• Aggregated campaign, ad-group, keyword and search-term performance metrics — impressions, clicks, cost, conversion counts and average position — for our own ad accounts. This data is aggregate by design and does not identify any individual end-user.
• Account-configuration metadata necessary to operate the account through the API — campaign names, ad group names, keyword text, match types, and current bids.

Google API Services User Data Policy compliance. QLG Media's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In plain English:

• We use Google API-derived data only to provide and improve the ad-operations functions of Pulse described on this site.
• We do not transfer Google API-derived data to third parties except as necessary to provide or improve those functions, to comply with applicable law, or as part of a merger, acquisition or sale of assets with appropriate notice to users.
• We do not use Google API-derived data for serving advertising, including retargeting, personalised or interest-based advertising.
• We do not allow humans to read Google API-derived data except where (i) we have obtained the user's affirmative consent, (ii) it is necessary for security purposes, including investigating abuse, (iii) it is necessary to comply with applicable law, or (iv) the data is aggregated and used for internal operations such as campaign-performance review by authorised QLG Media staff.

Microsoft and Meta. Our use of the Microsoft Advertising API and the Meta Marketing API is similarly limited to operating QLG Media's and gites.co.uk Ltd's own ad accounts; we do not transfer data retrieved from those APIs to unrelated third parties and we do not use it for advertising outside the respective platform.

Scope of access. Pulse holds OAuth refresh tokens that authorise access only to ad accounts owned or managed by QLG Media Ltd and gites.co.uk Ltd. We do not seek, request or accept access to ad accounts belonging to unrelated third parties; Pulse is not a software-as-a-service product and is not made available for use by clients outside our own group.

Retention. Aggregated campaign-performance data retrieved from the ad-platform APIs is retained inside Pulse for up to 24 months for trend analysis and reporting, after which it is summarised or deleted. Conversion-upload audit rows (recording which conversions Pulse pushed back to which platform, and when) are retained for up to 7 years alongside the corresponding enquiry data to support regulatory record-keeping.

Questions about API data handling. Concerns about how Pulse handles data retrieved from any of the ad platforms can be raised by emailing mail@qlgmedia.co.uk; we will respond within 30 days.

We protect personal data with a combination of organisational and technical measures, including:

• HTTPS / TLS on every public website we operate, with HSTS enabled.
• Encryption-at-rest of sensitive credentials (API keys, OAuth refresh tokens, database connection strings) inside a secrets store on our servers; production secrets are never committed to source control.
• Role-based access to internal systems (including Pulse), with admin-level operations gated behind separate permissions and logged for audit.
• Server-side rate limiting on enquiry forms and other public endpoints to mitigate scraping and credential-stuffing.
• Regular dependency updates and operating-system patching on the hosts that run our sites and internal tools.
• Backups taken at least daily on the databases that hold enquiry data, with point-in-time recovery available.

No internet-connected system can be 100% secure. If we discover a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the UK Information Commissioner's Office within 72 hours and notify affected individuals where required.

We do not make decisions about you that produce legal effects or similarly significant effects on you solely on the basis of automated processing without human involvement. The automated rules used inside Pulse (such as the keyword spend guard that pauses underperforming keywords) act on advertising configuration and do not make decisions about individual enquirers or end-users.

Decisions about which broker to forward your enquiry to are taken according to broker availability and product fit by the lead-distribution platform Visionary Markets / VMLeads; we do not operate an algorithmic profile-based selection.

Some of our service providers (e.g. Google, Microsoft, Meta) process data outside the UK. Where this is the case, transfers are protected by an adequacy decision, Standard Contractual Clauses, or the UK's International Data Transfer Agreement.

We keep enquiry data for as long as needed to provide the service you requested and to meet regulatory record-keeping obligations — typically up to 7 years from your last interaction with us, after which it is deleted or fully anonymised.

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Erase your data (subject to lawful exceptions).
• Restrict or object to certain processing.
• Request data portability.
• Withdraw consent at any time (without affecting the lawfulness of past processing).

To exercise any of these rights, email mail@qlgmedia.co.uk. You also have the right to complain to the UK Information Commissioner's Office at ico.org.uk.

We use strictly-necessary cookies to operate the site and, with your consent, analytics and advertising cookies to measure campaign performance. You can change your cookie preferences at any time using the cookie banner on each site.

Our services are not directed at, and we do not knowingly collect personal data from, anyone under the age of 18.

We may update this policy from time to time. The “Last updated” date at the top will always reflect the latest version. Material changes will be notified prominently on our sites.

Privacy enquiries: mail@qlgmedia.co.uk
General enquiries: mail@qlgmedia.co.uk