- Your privacy is extremely important to us here at Bright Interactive Ltd (“Bright”) and we want you to know exactly what kind of information we collect about you and how we use it. We are committed to ensuring that the information we collect and use is appropriate for the intended purpose and does not constitute an invasion of your privacy.
- We will always process the information you provide in a manner that is compatible with the EU’s General Data Protection Regulation (GDPR).
- Please take the time to read and understand this policy. Please also bear in mind that by using our websites and applications, or contacting us by telephone or providing information to us, you agree to its terms.
What we collect and how we use it
In this section we outline the different types of personal data that we process and the purpose for doing so.
- For each customer we have specific Account Holders. These are the people we work with in order to provide the services outlined in the agreed contract, such as our applications and services. In order to deliver an effective service we need to store information about these individuals, such as, name, email address, job title, company name, telephone number, and business address. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
- If you get in touch with us using our website contact forms, our Help Centre or trusted third party sites we will process the information that you send to us to respond to your request or support the delivery of our services to you. For example, when you enquire about our products and/or services then we will process this data in order to offer and sell relevant products and/or services to you. We may also contact you to ask for feedback on the service we have provided. The legal basis for this processing is our legitimate interest in responding to your query and providing our services to you.
- When you choose to subscribe to our marketing communications we will process the information that you provide in order to to send ongoing marketing communications to you and also to keep a record of your consent. The legal basis for this processing is consent and you can withdraw your consent at any time by using the ‘unsubscribe’ link included in all marketing emails.
- If you contact us to enquire about an employment opportunity, or to respond to a job advert, we will process the personal details you provide for the purposes of assessing your application. The same applies if we receive your application via an agency that we work with. Our legal basis for this is our legitimate interest in following up your application and assessing your suitability for the role.
- In addition to the processing outlined above, we may process any of your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely in order to protect the assertion of our legal rights, your legal rights and the legal rights of others. We may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
- Please do not supply any other person's personal data to us, unless we prompt you to do so.
Our customers service data
- When using our applications or services information may be collected about your activity. For example, Asset Bank tracks what a user views, edits, uploads, and downloads. This information is available to administrators of the site to monitor the use of system and assets, as well as to Bright’s team when required to provide services and support to the customer. The retention period of this data can be controlled by client account holders for the relevant application.
- If a customer requests support for a specific issue (i.e. with one of our applications such as Asset Bank) or with configuring an integration, such as Single Sign-On, then the system may record additional service data such as username, firstname, surname, and email address in order to facilitate this request; this data will only be held for a temporary period.
- We are the ‘data processor’ for this data and our customers or those that are trialing our products and services, are the ‘data controller’. It is the responsibility of our customers to ensure this data is collected and processed in line with data protection regulations. To the extent that we are a data processor rather than a data controller for this information, this policy shall not apply. Our legal obligations with respect to this data are instead set out in the contract between us and the relevant data controller.
Who do we share your information with?
We need to share your details with a limited number of other organisations in order to effectively provides our products and services to you. When we share your information, we only do so in accordance with our legal data protection and privacy obligations.
Your information may be disclosed to:
- Other people who help us provide our services to you, including:
- Customer relationship management companies (currently Hubspot)
- Support platform providers (currently Zendesk and Intercom)
- Authentication & authorisation providers (currently Auth0)
- Marketing attribution and feedback email providers (currently Mailchimp, Advocately, G2Crowd, Hubspot)
- Email and general administration platforms (currently Google, Slack, Zapier)
- Accounting and credit card payment processing services (currently Xero and PayPal)
- Applicant tracking systems (currently Workable)
- Organisations who provide administrative services such as banks and accountants.
The terms and privacy policies of these service providers may apply to you as well, depending on your usage of their services.
- Any new business partners we may have over time, for example, in the event of a joint venture, reorganisation, business merger or sale that affects us
- When required to comply with a law or court order, and only if us doing so is lawful.
- Our professional advisors including our lawyers and technology consultants when they need it to give us their professional advice.
Social media, blogs, reviews, etc.
Any social media posts/comments or public reviews that you send to us (e.g. via Facebook or Capterra) will be shared under the terms of the relevant platform and could be made public. We do not control these platforms and we are not responsible for this kind of sharing. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.
Third party websites
Our website includes hyperlinks to, and details of, third party websites.
We have no control over, and are not responsible for, the privacy policies and practices of third parties.
International transfer of your information
We’re based in the UK and use suppliers from many parts of the world to provide our products and services to you. To allow us to run our business on this basis, the information we collect may on occasion be transferred to, stored and used at premises in other countries including the United States of America. We are committed to data protection and ensuring the security of your data, regardless of its location around the world.
We do not knowingly collect any personal information from children under the age of 16 and would delete any such data upon becoming aware of it.
Security of your information
We take the security of your information very seriously. We use appropriate procedures and technical security measures (including encryption, anonymisation and archiving techniques) to safeguard your information. We use secure means to communicate with you where appropriate, such as https and other security and encryption protocols. Our customers data is stored and managed by Amazon Web Services who provide details of their security policies and procedures here: https://aws.amazon.com/security/
How long do we keep your information for?
We only hold on to your information for as long as we need it for the purposes we acquired it for. In most cases, this means we will keep your information for as long as you continue to be our customer or use our services, and for a period time afterwards if you stop doing so, incase we need to stay in touch with you and for references purposes.
After that, where appropriate, we delete it or anonymise data so that it cannot be linked back to you.
We provide ways for you to stop all marketing email communications you receive from us, by including the ‘unsubscribe’ link in each email we send to you. We need to send certain communications to our users and customers which are deemed necessary and cannot be opted out of, such as product and administrative emails.
Managing your information
Please keep us up to date with any changes to your contact details, to ensure our records stay up to date.
You have the right to ask us what information we hold about you, to request a copy of that data, that your data is updated, corrected or deleted entirely. Any such request should be in writing and include reasonable details about the information you want to know.
CCTV is in operation at Bright’s offices. All CCTV footage is captured purely for your security and for the prevention and detection of crime. If you’d like to know more, please see our signage, or contact us using the details provided below.
Whenever we make changes this policy we will post the update on our websites and if appropriate, at our discretion, email you directly. Following updates, please check to see if you’re still happy with our latest policy. Continuing to our to use our websites and applications, or contacting us after these changes will indicate you have agreed to the changes.
Our full legal name is Bright Interactive Limited. We’re a public limited company incorporated in England and Wales. Our registered company number is 03865036 and our registered address is Ninth Floor, Tower Point, 44 North Road, Brighton, BN1 1YR.
We are registered with the Information Commissioner’s Office in the UK. Our registration number is ZA293316.
Where to go if you want more information about your privacy rights
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here http://www.ico.gov.uk/for_the_public.aspx.
Last updated: 20/11/19