Version 3.2 Updated 20th January, 2023.
- Your privacy is extremely important to us here at Bright Interactive Ltd (“Bright”) and we want you to know exactly what kind of information we collect about you and how we use it. We are committed to ensuring that the information we collect and use is appropriate for the intended purpose and does not constitute an invasion of your privacy.
- We will always process the information you provide in a manner that is compatible with both the EU’s General Data Protection Regulation (GDPR) and the UK’s GDPR
- Please take the time to read and understand this policy. Please also bear in mind that by using our websites and applications, or contacting us by telephone or providing information to us, you agree to its terms.
- For clarification, this policy relates to our products, Asset Bank and Dash, as well as the builtbybright.com and dash.app marketing websites we use to market said products.
2. What we collect and how we use it
In this section we outline the different types of personal data that we process and the purpose for doing so:
- We work with individual representatives of our customers in order to provide the applications and services outlined in the agreed contract. In order to communicate with our customers and deliver an effective service we need to store and process information about these individuals, such as names, email addresses, job titles, company names, telephone numbers, and business addresses (“customer relationship data”). The legal basis for this processing is our legitimate interests, namely our interests in maintaining customer relationships, the provision of our applications and services, and the proper administration of our business.
- If you get in touch with us using the contact forms on either of our websites, our Help Centre, our in-app messaging services or trusted third party sites we will process the information that you send to us (“enquiry data”) to respond to your request or support the delivery of our services to you. For example, when you enquire about our applications and/or services then we will process this data in order to offer and sell relevant applications and/or services to you. We may also contact you to ask for feedback on the service we have provided. The legal basis for this processing is our legitimate interest in responding to your queries and providing our applications and services. Enquiry data will become customer relationship data if the organisation you represent becomes, or is already, a customer of ours.
- When you choose to subscribe to our marketing communications on either of our websites, or provide your details through a third party site in order to access our marketing content, we will process the information that you provide (“marketing data”) in order to send marketing communications to you and to keep marketing records (including keeping consent records). The legal basis for this processing is consent and you can withdraw your consent at any time, including by using the ‘unsubscribe’ link included in all marketing communications.
- If you contact us to enquire about an employment opportunity, or to respond to a job advert, we will process the personal details you provide (“jobseeker data”) for the purposes of assessing your application. The same applies if we receive your application via an agency. Our legal basis for this is our legitimate interest in following up your application and assessing your suitability for the role.
- In addition to the processing outlined above, we may process any of your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely in order to protect the assertion of our legal rights, your legal rights and the legal rights of others. We may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
- If you choose to log in to Dash through a third-party platform (e.g. Google or Microsoft), we will collect profile information from that platform. You may also choose to connect your Dash account to a third-party cloud storage platform (e.g. Google Drive) for the purpose of importing files from the platform into your Dash account. We will only ever ask for read access to your cloud storage files and you can choose which files to import.
- Please do not supply any other person's personal data to us, unless we prompt you to do so.
3. Our Customers' service data
- When using our applications or services information may be collected about your activity. For example, Asset Bank tracks what a user views, edits, uploads, and downloads. This information is available to administrators of the site to monitor the use of system and assets, as well as to Bright’s team when required to provide services and support to the customer. The retention period of this data can be controlled by client account holders for the relevant application.
- If a customer requests support for a specific issue (i.e. with one of our applications such as Asset Bank) or with configuring an integration, such as Single Sign-On, then the system may record additional service data such as username, first name, surname, and email address in order to facilitate this request; this data will only be held for a temporary period.
- We are the ‘data processor’ for this data and our customers, or those that are trialling our applications and services, are the ‘data controller’. It is primarily the responsibility of our customers to ensure this data is collected and processed in line with data protection law. To the extent that we are a data processor rather than a data controller for this information, this policy shall not apply. Our legal obligations with respect to this data are instead set out in the contract between us and the relevant data controller.
4. Who do we share your information with?
We need to share your details with a limited number of other organisations in order to effectively provide our applications and services to you. When we share your information, we only do so in accordance with our legal data protection and privacy obligations.
Your information may be disclosed to other people and organisations who help us provide our services to you, including:
- Customer relationship management companies (currently Hubspot)
- Marketing attribution companies (currently Bizible)
- Support platform providers (currently Zendesk, Intercom, Zoom, Jira)
- Authentication & authorisation providers (currently Auth0)
- Marketing and feedback communication providers (currently Hubspot, Intercom, G2Crowd, Beamer, Upvoty, Vidyard, Canva)
- Email and general administration platforms (currently Google, Slack, Zapier, Chargebee)
- Accounting and credit card payment processing services (currently Xero and PayPal)
- Applicant tracking systems (currently Workable, Jazz HR)
- Organisations who provide administrative services such as banks and accountants.
The terms and privacy policies of these service providers may apply to you as well, depending on your usage of their services.
- Any new business partners we may have over time, for example, in the event of a joint venture, reorganisation, business merger or sale that affects us
- When required to comply with a law or court order, and only if us doing so is lawful
- Our professional advisors including our lawyers and technology consultants when they need it to give us their professional advice.
5. Social media, blogs, reviews etc.
Any social media posts/comments or public reviews that you submit for either Asset Bank or Dash through third-party sites (e.g. via Facebook or Capterra) will be shared under the terms of the relevant platform and may be used in our marketing, if the third-party site allows. We do not control these platforms and we are not responsible for this kind of sharing. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.
6. Third party websites
Our websites include hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for the privacy policies and practises of third parties.
7. International transfer of your information
We’re based in the UK and use suppliers from many parts of the world to provide our applications and services to you. To allow us to run our business on this basis, the information we collect may on occasion be transferred to, stored and used at premises in other countries including the United States of America. We are committed to data protection and ensuring the security of your data, regardless of its location around the world. Where required by applicable data protection law, our supplier contracts include the European Commission-approved Standard Contractual Clauses in order to safeguard data that is transferred outside of the UK and EEA.
We do not knowingly collect any personal information from children under the age of 16 and would delete any such data upon becoming aware of it.
9. Security of your information
We take the security of your information very seriously. We use appropriate procedures and technical security measures (including encryption, anonymisation and archiving techniques) to safeguard your information. We use secure means to communicate with you where appropriate, such as https and other security and encryption protocols. Read more about our Security Policy. Our customers data is stored and managed by Amazon Web Services who provide details of their security policies and procedures here.
10. How long do we keep information for?
We only hold on to your information for as long as we need it for the purposes we acquired it for. In most cases, this means we will keep your information for as long as the organisation you represent continues to be our customer or use our services, and for a period following the end of that relationship. When you cease to be a customer or end your interactions with us, we will securely archive your data for reference purposes. Our standard data retention periods are as follows:
analytics data - up to 36 months following collection;
customer relationship data - a minimum of 6 years following the end of the end of the relevant customer relationship; thereafter, we will periodically review the retention of this data, and this data will be deleted if we determine that retention is no longer necessary or useful for the purposes of facilitating the provision or support of our applications or services, or for the purposes of our communications with customers or prospective customers;
enquiry data - a minimum of 6 years following the date of collection; thereafter, we will periodically review the retention of this data, and this data will be deleted if we determine that retention is no longer necessary or useful for the purposes of our communications with customers or prospective customers;
marketing data - 6 to 12 months following the last relevant marketing communication that we send to you (providing that, unless you instruct us otherwise, we will retain opt-out information indefinitely);
jobseeker data - with 6 months following the completion of the application process, unless: (i) if you consent to us retaining your information as part of our Total Talent programme, we will retain the jobseeker data for so long as that consent is valid; and (ii) if you become an employee, the jobseeker data will be retained in accordance with our employee privacy policies.
11. Opting out
We provide ways for you to stop all marketing email communications you receive from us, by including the ‘unsubscribe’ link in each email we send to you. We need to send certain communications to our users and customers which are deemed necessary and cannot be opted out of, such as service and administrative emails. Please contact us at email@example.com.
12. Managing your information
Please notify us with any changes to your contact details, to ensure our records stay up to date.
You have the right to ask us what information we hold about you, to request a copy of that data, that your data be updated, corrected or deleted entirely. Any such request should be in writing and include reasonable details about the information you want to know.
Whenever we make changes to this policy we will post an update on our websites and if appropriate, at our discretion, email you directly. Following updates, please check to see if you’re still happy with our latest policy.
14. CCTV information
CCTV is in operation at Bright’s offices. All CCTV footage is captured purely for your security and for the prevention and detection of crime. If you’d like to know more, please see our signage, or contact us using the details provided below.
16. About us
Our full legal name is Bright Interactive Limited. We’re a public limited company incorporated in England and Wales. Our registered company number is 03865036 and our registered address is Ninth Floor, Tower Point, 44 North Road, Brighton, BN1 1YR.
We are registered with the Information Commissioner’s Office in the UK. Our registration number is ZA293316.
17. EU Representative
We process the personal data of individuals in the European Union (EU) and European Economic Area (EEA), in either the role of ‘data controller’ or ‘data processor’ and we have appointed DataRep as our Data Protection Representative for the purposes of GDPR.
If you are based in the EU or EEA and you’d like to exercise your rights under the GDPR you can choose to contact us via Data Rep and any of their 29 locations within the EU and EEA. Details of how to do this can be found on this information sheet.
Here is a link to our EU representative contact summary.
18. Where to go if you want more information about your privacy rights
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here.