Privacy Policy

Version 3.2 Updated 20th January, 2023.

1. Introduction

1. Your privacy is extremely important to us here at Bright Interactive Ltd (“Bright”) and we want you to know exactly what kind of information we collect about you and how we use it. We are committed to ensuring that the information we collect and use is appropriate for the intended purpose and does not constitute an invasion of your privacy.
2. We will always process the information you provide in a manner that is compatible with both the EU’s General Data Protection Regulation (GDPR) and the UK’s GDPR
3. Please take the time to read and understand this policy. Please also bear in mind that by using our websites and applications, or contacting us by telephone or providing information to us, you agree to its terms.
4. For clarification, this policy relates to our products, Asset Bank and Dash, as well as the builtbybright.com and dash.app marketing websites we use to market said products.
   
   

2. What we collect and how we use it

In this section we outline the different types of personal data that we process and the purpose for doing so:

1. When you use our websites, applications, or services, we will collect data regarding your usage of the system (“analytics data”). This analytics data may include your IP address, geographical information, browser type and version, operating system and version, device model, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency, and pattern of your service use. We may use cookies to collect this information; you can read more about this in our cookie policies for builtbybright.com and dash.app. The legal basis for this processing is our legitimate interest. That is, we process this data in order to monitor and improve our website, applications, and services, diagnose server problems, and calculate usage levels.
2. We work with individual representatives of our customers in order to provide the applications and services outlined in the agreed contract. In order to communicate with our customers and deliver an effective service we need to store and process information about these individuals, such as names, email addresses, job titles, company names, telephone numbers, and business addresses (“customer relationship data”). The legal basis for this processing is our legitimate interests, namely our interests in maintaining customer relationships, the provision of our applications and services, and the proper administration of our business.
3. If you get in touch with us using the contact forms on either of our websites, our Help Centre, our in-app messaging services or trusted third party sites we will process the information that you send to us (“enquiry data”) to respond to your request or support the delivery of our services to you. For example, when you enquire about our applications and/or services then we will process this data in order to offer and sell relevant applications and/or services to you. We may also contact you to ask for feedback on the service we have provided. The legal basis for this processing is our legitimate interest in responding to your queries and providing our applications and services. Enquiry data will become customer relationship data if the organisation you represent becomes, or is already, a customer of ours.
4. When you choose to subscribe to our marketing communications on either of our websites, or provide your details through a third party site in order to access our marketing content, we will process the information that you provide (“marketing data”) in order to send marketing communications to you and to keep marketing records (including keeping consent records). The legal basis for this processing is consent and you can withdraw your consent at any time, including by using the ‘unsubscribe’ link included in all marketing communications.
5. If you contact us to enquire about an employment opportunity, or to respond to a job advert, we will process the personal details you provide (“jobseeker data”) for the purposes of assessing your application. The same applies if we receive your application via an agency. Our legal basis for this is our legitimate interest in following up your application and assessing your suitability for the role.
6. In addition to the processing outlined above, we may process any of your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely in order to protect the assertion of our legal rights, your legal rights and the legal rights of others. We may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
7. If you choose to log in to Dash through a third-party platform (e.g. Google or Microsoft), we will collect profile information from that platform. You may also choose to connect your Dash account to a third-party cloud storage platform (e.g. Google Drive) for the purpose of importing files from the platform into your Dash account. We will only ever ask for read access to your cloud storage files and you can choose which files to import.
8. Please do not supply any other person's personal data to us, unless we prompt you to do so.

3. Our Customers' service data

1. When using our applications or services information may be collected about your activity. For example, Asset Bank tracks what a user views, edits, uploads, and downloads. This information is available to administrators of the site to monitor the use of system and assets, as well as to Bright’s team when required to provide services and support to the customer. The retention period of this data can be controlled by client account holders for the relevant application.
2. If a customer requests support for a specific issue (i.e. with one of our applications such as Asset Bank) or with configuring an integration, such as Single Sign-On, then the system may record additional service data such as username, first name, surname, and email address in order to facilitate this request; this data will only be held for a temporary period.
3. We are the ‘data processor’ for this data and our customers, or those that are trialling our applications and services, are the ‘data controller’. It is primarily the responsibility of our customers to ensure this data is collected and processed in line with data protection law. To the extent that we are a data processor rather than a data controller for this information, this policy shall not apply. Our legal obligations with respect to this data are instead set out in the contract between us and the relevant data controller.

4. Who do we share your information with?

We need to share your details with a limited number of other organisations in order to effectively provide our applications and services to you. When we share your information, we only do so in accordance with our legal data protection and privacy obligations.

Your information may be disclosed to other people and organisations who help us provide our services to you, including:

1. Customer relationship management companies (currently Hubspot)
2. Marketing attribution companies (currently Bizible)
3. Support platform providers (currently Zendesk, Intercom, Zoom, Jira)
4. Authentication & authorisation providers (currently Auth0)
5. Marketing and feedback communication providers (currently Hubspot, Intercom, G2Crowd, Beamer, Upvoty, Vidyard, Canva)
6. Email and general administration platforms (currently Google, Slack, Zapier, Chargebee)
7. Accounting and credit card payment processing services (currently Xero and PayPal)
8. Applicant tracking systems (currently Workable, Jazz HR)
9. Organisations who provide administrative services such as banks and accountants. 

The terms and privacy policies of these service providers may apply to you as well, depending on your usage of their services.

• Any new business partners we may have over time, for example, in the event of a joint venture, reorganisation, business merger or sale that affects us
• When required to comply with a law or court order, and only if us doing so is lawful
• Our professional advisors including our lawyers and technology consultants when they need it to give us their professional advice.
  
  

5. Social media, blogs, reviews etc.

Any social media posts/comments or public reviews that you submit for either Asset Bank or Dash through third-party sites (e.g. via Facebook or Capterra) will be shared under the terms of the relevant platform and may be used in our marketing, if the third-party site allows. We do not control these platforms and we are not responsible for this kind of sharing.  You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.

6. Third party websites

Our websites include hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for the privacy policies and practises of third parties.

7. International transfer of your information

We’re based in the UK and use suppliers from many parts of the world to provide our applications and services to you. To allow us to run our business on this basis, the information we collect may on occasion be transferred to, stored and used at premises in other countries including the United States of America. We are committed to data protection and ensuring the security of your data, regardless of its location around the world. Where required by applicable data protection law, our supplier contracts include the European Commission-approved Standard Contractual Clauses in order to safeguard data that is transferred outside of the UK and EEA.

8. Minors

We do not knowingly collect any personal information from children under the age of 16 and would delete any such data upon becoming aware of it.

9. Security of your information

We take the security of your information very seriously. We use appropriate procedures and technical security measures (including encryption, anonymisation and archiving techniques) to safeguard your information. We use secure means to communicate with you where appropriate, such as https and other security and encryption protocols. Read more about our Security Policy. Our customers data is stored and managed by Amazon Web Services who provide details of their security policies and procedures here.

10. How long do we keep information for?

We only hold on to your information for as long as we need it for the purposes we acquired it for. In most cases, this means we will keep your information for as long as the organisation you represent continues to be our customer or use our services, and for a period following the end of that relationship. When you cease to be a customer or end your interactions with us, we will securely archive your data for reference purposes. Our standard data retention periods are as follows:

analytics data - up to 36 months following collection;
customer relationship data - a minimum of 6 years following the end of the end of the relevant customer relationship; thereafter, we will periodically review the retention of this data, and this data will be deleted if we determine that retention is no longer necessary or useful for the purposes of facilitating the provision or support of our applications or services, or for the purposes of our communications with customers or prospective customers;
enquiry data - a minimum of 6 years following the date of collection; thereafter, we will periodically review the retention of this data, and this data will be deleted if we determine that retention is no longer necessary or useful for the purposes of our communications with customers or prospective customers;
marketing data - 6 to 12 months following the last relevant marketing communication that we send to you (providing that, unless you instruct us otherwise, we will retain opt-out information indefinitely);
jobseeker data - with 6 months following the completion of the application process, unless: (i) if you consent to us retaining your information as part of our Total Talent programme, we will retain the jobseeker data for so long as that consent is valid; and (ii) if you become an employee, the jobseeker data will be retained in accordance with our employee privacy policies.

11. Opting out

We provide ways for you to stop all marketing email communications you receive from us, by including the ‘unsubscribe’ link  in each email we send to you. We need to send certain communications to our users and customers which are deemed necessary and cannot be opted out of, such as service and administrative emails. Please contact us at info@builtbybright.com.

12. Managing your information

Please notify us with any changes to your contact details, to ensure our records stay up to date.

You have the right to ask us what information we hold about you, to request a copy of that data, that your data be updated, corrected or deleted entirely. Any such request should be in writing and include reasonable details about the information you want to know.

13. Updates to this privacy policy

We review the ways we use your information regularly and so may, from time to time, change this privacy policy to reflect our changing activities.

Whenever we make changes to this policy we will post an update on our websites and if appropriate, at our discretion, email you directly. Following updates, please check to see if you’re still happy with our latest policy.

14. CCTV information

CCTV is in operation at Bright’s offices. All CCTV footage is captured purely for your security and for the prevention and detection of crime. If you’d like to know more, please see our signage, or contact us using the details provided below.

15. Cookies

We use cookies and other tracking tools to improve your experience of our websites, applications and services, and to improve the quality of our service delivery. Details of how we use cookies can be found in our the two cookie policies we maintain for our marketing sites - Bright and Dash.

16. About us

Our full legal name is Bright Interactive Limited. We’re a public limited company incorporated in England and Wales. Our registered company number is 03865036 and our registered address is Ninth Floor, Tower Point, 44 North Road, Brighton, BN1 1YR.

We are registered with the Information Commissioner’s Office in the UK. Our registration number is ZA293316.

17. EU Representative

We process the personal data of individuals in the European Union (EU) and European Economic Area (EEA), in either the role of ‘data controller’ or ‘data processor’ and we have appointed DataRep as our Data Protection Representative for the purposes of GDPR.

If you are based in the EU or EEA and you’d like to exercise your rights under the GDPR you can choose to contact us via Data Rep and any of their 29 locations within the EU and EEA. Details of how to do this can be found on this information sheet.

Here is a link to our EU representative contact summary.

18. Where to go if you want more information about your privacy rights

The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here.