Big news! Dash has become an independent company đŸ„‚ Asset Bank continues to operate under Bright Interactive.

Privacy

Privacy Policy

Version 4 Updated 10th of April, 2026.

1. Introduction

  1. Your privacy is extremely important to us here at Bright Interactive, and we are committed to
    handling your personal information responsibly and in line with UK data protection law. We are
    a private limited company incorporated in England and Wales (company number 03865036),
    with our registered office at: 9th Floor, Tower Point, 44 North Road, Brighton, BN1 1YR.
  2. We are registered with the Information Commissioner’s Office in the UK. Our registration
    number is ZA293316.
  3. This Privacy Policy outlines what information we collect about you, how we use it, and your
    rights in relation to it – whether you are visiting our websites (builtbybright.com,
    assetbank.co.uk), using the Asset Bank application, or contacting us. We will always process
    the information you provide in compliance with the UK General Data Protection Regulation (UK
    GDPR), as amended by the Data (Use and Access) Act 2025.
  4. Please take the time to read and understand this privacy notice. It explains how we process
    your personal data when you use our websites, applications, contact us by telephone, or
    provide information to us. This notice is provided for transparency under the UK GDPR (as
    amended by the Data (Use and Access) Act 2025) and does not form part of any contract or
    require your consent to access our services.

2. What we collect and how we use it

In this section we outline the different types of personal data that we process and the purpose for doing so:

  1. When you use our websites, applications, or services, we will collect data regarding your usage
    of the system (“analytics data”). This analytics data may include your IP address, geographical
    information, browser type and version, operating system and version, device model, referral
    source, length of visit, page views and website navigation paths, as well as information about
    the timing, frequency, and pattern of your service use. We may use cookies to collect this
    information; you can read more about this in our cookie policies for builtbybright.com,
    assetbank.co.uk and Asset Bank product. The legal basis for this processing is Article 6(1)(f) –
    legitimate interest. That is, we process this data in order to monitor and improve our website,
    applications, and services, diagnose server problems, and calculate usage levels.
  2. We work with individual representatives of our customers in order to provide the applications
    and services outlined in the agreed contract. In order to communicate with our customers and
    deliver an effective service we need to store and process information about these individuals,
    such as names, email addresses, job titles, company names, telephone numbers, and business
    addresses (“customer relationship data”). The legal basis for this processing is Article 6(1)(b) –
    performance of a contract between us and your organisation and/or Article 6(1)(f) – legitimate
    interests, namely our interests in maintaining customer relationships, the provision of our
    applications and services, and the proper administration of our business.
  3. If you get in touch with us using the contact forms on any of our websites, our Help Centre, our
    in-app messaging services or trusted third party sites we will process the information that you
    send to us (“enquiry data”) to respond to your request or support the delivery of our services
    to you. For example, when you enquire about our applications and/or services then we will
    process this data in order to offer and sell relevant applications and/or services to you. We may
    also contact you to ask for feedback on the service we have provided. The legal basis for this
    processing is Article 6(1)(f) – legitimate interests in responding to your queries and providing/
    offering our applications and services, and/or (where applicable) Article 6(1)(b) – performance
    of a contract with your organisation or steps taken prior to entering into such a contract.
  4. When you choose to subscribe to our marketing communications on either of our websites, or
    provide your details through a third party site in order to access our marketing content, we will
    process the information that you provide (“marketing data”) in order to send marketing
    communications to you and to keep marketing records (including keeping consent records).
    The legal basis for this processing is Article 6(1)(a) – consent and you can withdraw your
    consent at any time, including by using the ‘unsubscribe’ link included in all marketing
    communications.
  5. If you contact us to enquire about an employment opportunity, or to respond to a job advert,
    we will process the personal details you provide (“jobseeker data”) for the purposes of
    assessing your application. The same applies if we receive your application via an agency. Our
    legal basis for this is Article 6(1)(f) – legitimate interests in following up your application and
    assessing your suitability for the role.
  6. In addition to the specific purposes outlined above, we may process your personal data in the
    following circumstances:
    · Legal Claims: Where necessary for the establishment, exercise, or defence of legal
    claims, whether in court proceedings or in an administrative or out-of-court
    procedure. The legal basis for this is Article 6(1)(f) – legitimate interests, specifically to
    protect and assert our legal rights, your legal rights, and the legal rights of others. We
    ensure that such processing is reasonable and proportionate to the claim involved.
    · Legal Obligations: Where processing is necessary for compliance with a legal
    obligation (Article 6(1)(c)) to which we are subject, such as maintaining records for tax
    purposes or responding to a valid request from a law enforcement agency or regulator.
  7. Please do not supply any other person’s personal data to us, unless we prompt you to do so.

3. Our Customers’ service data

  1. When using our applications or services information may be collected about your activity. For example, Asset Bank tracks what a user views, edits, uploads, and downloads. This information is available to administrators of the site to monitor the use of system and assets, as well as to Bright’s team when required to provide services and support to the customer. The retention period of this data can be controlled by client account holders for the relevant application.
  2. If a customer requests support for a specific issue (i.e. with one of our applications such as Asset Bank) or with configuring an integration, such as Single Sign-On, then the system may record additional service data such as username, first name, surname, and email address in order to facilitate this request; this data will only be held for a temporary period.
  3. We are the ‘data processor’ for this data and our customers, or those that are trialling our applications and services, are the ‘data controller’. It is primarily the responsibility of our customers to ensure this data is collected and processed in line with data protection law. To the extent that we are a data processor rather than a data controller for this information, this policy shall not apply. Our legal obligations with respect to this data are instead set out in the contract between us and the relevant data controller.

4. Who do we share your information with?

We need to share your details with a limited number of other organisations in order to effectively provide our applications and services to you. When we share your information, we only do so in accordance with our legal data protection and privacy obligations.

Your information may be disclosed to other people and organisations who help us provide our services to you, including:

  1. Customer relationship management companies (currently HubSpot and PlanHat)
  2. Marketing attribution companies (currently Google Analytics (GA4) and Google Tag Manager
    (GTM))
  3. Support platform providers (currently Zendesk, Zoom, JIRA)
  4. Email and general administration platforms (currently HubSpot, Google, Slack, Zapier)
  5. Marketing and feedback communication providers (currently HubSpot, Userguiding,
    G2Crowd, TrustPilot, Capterra, Fathom and Loom)
  6. Accounting and credit card payment processing services (currently Xero and Maxio)
  7. Applicant tracking systems (currently Jazz HR)
  8. Organisations who provide administrative services such as banks and accountants.
  9. Product analytics providers (currently Mixpanel), which help us understand how users interact
    with our application so we can improve functionality and user experience.

The terms and privacy policies of these service providers may apply to you as well, depending on your usage of their services.

  • Any new business partners we may have over time, for example, in the event of a joint venture, reorganisation, business merger or sale that affects us
  • When required to comply with a law or court order, and only if us doing so is lawful
  • Our professional advisors including our lawyers and technology consultants when they need it to give us their professional advice.

5. Social media, blogs, reviews etc.

Any social media posts/comments or public reviews that you submit for either Asset Bank or Dash through third-party sites (e.g. via Facebook or Capterra) will be shared under the terms of the relevant platform and may be used in our marketing, if the third-party site allows. We do not control these platforms and we are not responsible for this kind of sharing.  You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.

6. Third party websites

Our websites include hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for the privacy policies and practises of third parties.

7. International transfer of your information

We are based in the UK. However, to provide our applications and services, we use suppliers and
service providers located in various countries around the world. As a result, your personal data may be transferred to, stored, and processed outside the UK, including in countries such as the United States of America (which does not have an adequacy decision under UK GDPR for general data transfers). We only make such transfers where the standard of data protection in the destination country is not materially lower than that provided under UK law. To ensure this, we conduct a Transfer Risk Assessment (TRA) (also known as the Data Protection Test) for all transfers that rely on appropriate safeguards, such as the UK IDTA or the UK Addendum. This assessment takes into account the nature of the data and the specific risks associated with the transfer to ensure your personal information remains secure.

8. Minors

We do not knowingly collect any personal information from children under the age of 16 and would delete any such data upon becoming aware of it.

9. Security of your information

We take the security of your information very seriously. We use appropriate procedures and technical security measures (including encryption, anonymisation and archiving techniques) to safeguard your information. We use secure means to communicate with you where appropriate, such as https and other security and encryption protocols. Read about Asset Bank’s approach to security. Our customers data is stored and managed by Amazon Web Services who provide details of their security policies and procedures.

10. How long do we keep information for?

We only hold on to your information for as long as we need it for the purposes we acquired it for. In most cases, this means we will keep your information for as long as the organisation you represent continues to be our customer or use our services, and for a period following the end of that relationship. When you cease to be a customer or end your interactions with us, we will securely archive your data for reference purposes. Our standard data retention periods are as follows:

  • analytics data – up to 36 months following collection
  • customer relationship data – a minimum of 6 years following the end of the end of the relevant customer relationship; thereafter, we will periodically review the retention of this data, and this data will be deleted if we determine that retention is no longer necessary or useful for the purposes of facilitating the provision or support of our applications or services, or for the purposes of our communications with customers or prospective customers
  • enquiry data – a minimum of 6 years following the date of collection; thereafter, we will periodically review the retention of this data, and this data will be deleted if we determine that retention is no longer necessary or useful for the purposes of our communications with customers or prospective customers
  • marketing data – 6 to 12 months following the last relevant marketing communication that we send to you (providing that, unless you instruct us otherwise, we will retain opt-out information indefinitely)
  • jobseeker data – with 6 months following the completion of the application process, unless: (i) if you consent to us retaining your information as part of our Total Talent programme, we will retain the jobseeker data for so long as that consent is valid; and (ii) if you become an employee, the jobseeker data will be retained in accordance with our employee privacy policies.

11. Marketing Preferences

We provide ways for you to stop all marketing email communications you receive from us, by including the ‘unsubscribe’ link in each email we send to you. We need to send certain communications to our users and customers which are deemed necessary and cannot be opted out of, such as service and administrative emails. For further information, please contact us at info@builtbybright.com.

12. Managing your information

It is important that the personal information we hold about you is accurate and up to date. Please
notify us of any changes to your personal data (such as contact details, preferences, or other
information you have provided) to help us to keep our records up to date.

13. Your Data Rights

Under the UK General Data Protection Regulation (UK GDPR, as amended by the Data (Use and Access) Act 2025 you have the following rights (depending on the circumstances and any exemptions that may apply):

· You have the right to be informed about what personal data we collect and how we use it.
· You have the right to access the information we hold about you. You can request a copy of your
data and we will conduct reasonable and proportionate searches to find this information. We
may require proof of your identity before releasing any data to ensure we are protecting your
privacy.
· You have the right to ask us to rectify personal information you think is inaccurate. You also
have the right to ask us to complete information you think is incomplete.
· You have the right to ask us to erase your personal information, in certain circumstances.

· You have the right to ask us to restrict the processing of your personal information, in certain
circumstances.
· You have the right to object to the processing of your personal information, in certain
circumstances.
· You have the right to ask that we transfer the personal information you gave us to another
organisation, or to you, in certain circumstances.
· You can object to decisions made solely by automated means (e.g., AI) that have legal or
significant effects on you. You have the right to human review, to express your view, and to
contest the decision. We do not carry out automated decision-making with legal/significant
effects.

To exercise any of your rights, you can contact our DPO: privacy@bright-interactive.co.uk

14. Complaints

You have the right to make a complaint about how we handle your personal information at any time.
Under the Data (Use and Access) Act 2025, we have a formal internal complaints procedure in place. If you raise a concern with us, we will:

· acknowledge receipt of your complaint within 30 days, and
· respond without undue delay—making any necessary enquiries, keeping you updated on
progress, and working to resolve the matter as promptly as possible.

We are fully committed to addressing your data protection concerns seriously and transparently.

We encourage you to contact us first so we can try to resolve the issue directly.
Please use the contact details below:

Email: privacy@bright-interactive.co.uk
Address: Bright, 9th Floor, Tower Point, 44 North Road, Brighton, BN1 1YR, UK
If you’re not satisfied with our response, you can also complain to the Information Commissioner’s
Office (ICO) at any time:

Website: ico.org.uk/make-a-complaint
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113

15. CCTV information

CCTV is in operation at Bright’s offices. All CCTV footage is captured purely for your security and for the prevention and detection of crime. If you’d like to know more, please see our signage, or contact us using the details provided below.

16. Cookies

We use cookies and other tracking tools to improve your experience of our websites, applications and services, and to improve the quality of our service delivery. Details of how we use cookies can be found in the cookie popup in the lefthand corner of this website and on the marketing sites for Asset Bank.

17. EU Representative

We process the personal data of individuals in the European Union (EU) and European Economic Area (EEA), in either the role of ‘data controller’ or ‘data processor’ and we have appointed DataRep as our Data Protection Representative for the purposes of GDPR.

If you are based in the EU or EEA and you’d like to exercise your rights under the GDPR you can choose to contact us via Data Rep and any of their 29 locations within the EU and EEA. Details of how to do this can be found on this information sheet.

Here is a link to our EU representative contact summary.

18. Updates to this privacy policy

We review the ways we use your information regularly and so may, from time to time, change this
privacy policy to reflect our changing activities.

Whenever we make changes to this policy we will post an update on our websites and if appropriate, at our discretion, email you directly. We will also update the version number and date at the top of this page. Following updates, please check to see if you’re still happy with our latest policy.

We encourage you to review this page periodically to stay informed.