Spotlight Privacy Policy

Your privacy is important to us.

This statement applies to a Mindflick product called ’Spotlight’, our personality profiling tool. We only collect information from you through the Spotlight profiler with your permission, and in accordance with this policy.

The purpose of this statement is to explain what personal data we collect from you, how we may use this data and how we protect it.

We encourage you to read this policy.

Mindflick Holdings Ltd is committed to protecting and respecting your privacy by complying with the General Data Protection Regulation and being registered with the UK Information Commissioner's Office (registration number ZA364623).

'At a Glance' Summary

As you complete the Spotlight questionnaire, the responses you give are securely sent to our servers based in the United Kingdom. We then use your responses to generate your unique Spotlight profile. You will receive your profile from an Accredited Spotlight Practitioner, either in a 1-1 setting, or as a part of training event.

Accredited Spotlight Practitioners are required to never share the contents of your personal Spotlight Profile with anyone else (including your employer) without your explicit permission.

We will never sell your personal data for any purpose.

Here Are Some More Details:

Who are we?

We are Mindflick Holdings Ltd (“Mindflick”) and we are registered in England and Wales (registered company number 09655591), with registered offices at Unit F, Whiteacres, Cambridge Road, Whetstone, Leicestershire, LE8 6ZG.

Mindflick is committed to protecting and respecting your privacy, and to acting in compliance with the General Data Protection Regulation (registration number Z6917638). Mindflick is the “data controller” for all of the information you enter into the Spotlight questionnaire. For more information about Mindflick, please visit

What Data Do We Collect & Process?

When you complete the Spotlight questionnaire, Mindflick obtain data from you in order to generate your Spotlight profile - a short report detailing your performance preferences.

  • Personal Details:
    To complete the Spotlight questionnaire, you will be asked for the following “Personal Details”:
    • A Spotlight ID, which will be supplied to you
    • First Name and Family Name
    • Name of your employer / organisation
    • Email address
    • Gender
  • Preference Data:
    Once you have entered your Personal Details, you will be shown a series of adjectives and asked to rate how well these describe you relative to the other adjectives presented. Mindflick then uses this “Preference Data” to generate your Spotlight Profile.
  • IP Address:
    Our UK based servers will also record the IP address of the computer you use to complete the Spotlight questionnaire. We only use this information to help us to identify and resolve any technical issues that might occur whilst you are using the Spotlight questionnaire, and to ensure the security and functioning of the website. We will keep a record of your IP address for no more than six months.

Why Do We Process the Data You Provide?

Our lawful basis for processing your personal data is that it is necessary for the purposes of legitimate interests (i.e the production of the Spotlight profile) pursued by the controller or a third party.

Mindflick uses the Personal Details you provide, together with your Preference Data to generate your Spotlight Profile. We will provide a copy of your Spotlight Profile to you within a workshop or during a 1-1 facilitated by an Accredited Spotlight Practitioner.

If your employer or organisation requests it, we will use the data to provide them with your overall “Performance Preference” and to generate a “Team Map” showing where the Positions of you and your colleagues sit in relation to each other.

Further Spotlight Information:

Within a Spotlight profile, we use colours and a shaded spotlight to represent the recipient’s unique blend of preferences. This also conveys how they tend to behave and how they tend to respond when there is something to be won or lost (this will be covered in detail during your workshop or debrief). The combination of colours is also summarised by a Performance Preference.

A Team Map is a graphic representation of your Performance Preference together with those of your colleagues. Each of the Positions on a team map represents a different combination of colour energies.

It is important to understand that the purpose of the Spotlight profile is to help an individual learn and develop, encouraging the recipient to find new ways to flex their style in order to connect with others, and find new ways to cope more effectively. A Spotlight Profile in no way measures capability and therefore should never be used for the purposes of selection or recruitment.

What Happens After Your Workshop?

Following your workshop or 1-1 debrief, Mindflick will keep your data on its secure servers, unless you request that we delete it.

We may use this data for the following purposes:

  • To improve our products and services;
  • To conduct further research and product testing.
  • To let you see how your preferences change over time, i.e. if you were to complete the profile again in the future.

Should you 'opt-in' and grant us permission to contact you for marketing purposes, we may also use your information to communicate directly with you. For example, informing you about new updates and product information;

Who Has Access to Your data?

We do not sell, rent or exchange your personal information with any other third party for commercial reasons.

To receive your Spotlight Profile, you must attend a workshop, 1-1 debrief, or coaching session facilitated by an Accredited Spotlight Practitioner. In order to do this, we will share your Spotlight Profile with the Practitioner before they deliver it to you.

All Accredited Spotlight Practitioners are either:

  • Mindflick employees
  • Independent licensed Practitioners; or are
  • Employed by the company or organisation that purchased the profile for you.

In order to maintain their Spotlight Accreditation, all Accredited Spotlight Practitioners must protect your right to confidentiality, and handle your data in compliance with this policy. They will only share your data with others, including your colleagues and your employer, either (a) where it is permitted by this policy, or (b) if you give your explicit permission.

During a workshop, you may be invited by the Practitioner to share information from your profile with the group. However, only you will decide whether to share your profile.

Accredited Spotlight Practitioners may have administrative assistants to help them in preparing and delivering your profile to you. We only permit these individuals to handle your profile for the purpose of assisting the Practitioner in providing a copy of the Spotlight profile directly to you.

Accredited Spotlight Practitioners may also use external printing suppliers to produce a hard copy of your Spotlight profile for you. Accredited Spotlight Practitioners must check external printing suppliers’ respective privacy policies, confirming that they are GDPR compliant. If such a supplier is used, the Accredited Spotlight Practitioner must also request that your information is deleted after your Spotlight profile has been printed.

If your employer or organisation requests a Team Map, then we will provide this. However, we will still not share your unique Spotlight Profile without your explicit permission.

Where is your data stored and how do we keep it secure?

Your data (including your personal data and your responses to the Spotlight questionnaire) is stored on secure servers located in the United Kingdom.

We take the security of your data and the accessibility to our systems very seriously. The UK based Data Centre's that we use are compliant with the ISO 27018 standard for cloud privacy. With the main Data Centres located in London and Cardiff, data is stored within the boundaries of UK laws. Full testing has been performed to ensure that these act in a failover pair, thus again ensuring data can reside within the boundaries of the UK even during a Data Centre outage.

By submitting your personal data, you agree to this. We take steps to ensure that the information we collect is processed according to this Privacy Statement and the requirements of applicable law wherever the data is located.

What Happens in the Event of a Data Breach?

Mindflick have a procedure in place if there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

In such cases, we will assess the scope and impact of the breach. Based on this assessment and the likely risks to the rights and freedoms of individuals, we will notify the individuals and/or their connected organisations that a data breach has occurred.

Any such notification to individuals will be carried out as soon as reasonably possible and will include information on the nature of the breach. Such individuals will also be provided advice on how to make a complaint to the UK Information Commissioner's Office (ICO).

As Mindflick Holdings Ltd is a UK company we are legally required to register with the UK ICO, an independent authority set up to uphold data privacy. The ICO is internationally recognised as being at the forefront of the protection of personal information. If, due to the nature of a data breach Mindflick is required to inform the ICO, we will do so within 72 hours of becoming aware of the essential facts of the breach.

It is important to note that Mindflick Holdings Ltd cannot be held responsible for client-side breaches of data confidentiality.

What countries could your data could be transferred to?

Mindflick provides products and services to customers around the world. However, we store your data on our servers in the UK. We will only transfer your data outside of the European Economic Area (“EEA”) in the following situations:

  • You are outside the EEA and we are transferring your data to you; or
  • We are transferring your data to a Practitioner who is assigned to deliver your data to you.

All Accredited Spotlight Practitioners are required to handle the personal data in strict compliance with this policy and with the General Data Protection Regulation.

How Long Will We Retain Your Data?

We will only keep data for as long as necessary to meet these purposes. At your request, we will delete your personal data from our records.

Requests for the deletion of personal data should be sent to our Data Protection Officer by email ( or at the postal address at the end of this policy.

If you have any questions about Mindflick Holdings Ltd's privacy policy, wish to opt out of direct marketing, or wish to request any information about your personal data, please contact us at:

The Data Protection Officer
Mindflick Holdings Ltd
3, The Barn
Hathersage Hall Business Centre
Main Road
S32 1BB