Effective as of March 14, 2023
A reference to “Brightidea”, “we”, “us”, “our”, or the “Company” is a reference to Brightidea, Inc.
- Visiting our Websites (defined below (“Website Visitors”) or individuals who request us to contact them via our online web forms;
- Registering to use the products and services which we market for subscription available at www.brightidea.com (the “Service(s)”);
- Visiting our offices;
- Receiving communications from us;
- Attending or registering to attend webinars, sponsored events, or other events at which Brightidea participates;
- Participating in our Innovation community (ideas.brightidea.com).
For the purposed of this Policy, the term “Websites” shall refer collectively to www.brightidea.com and ideas.brightidea.com as well as other websites that Brightidea operates and that link to this Policy.
Scope of this Policy
This Privacy does not apply to Third party websites:
Our Websites may contain links to other websites. The information practices and the content of such other websites are governed by the privacy statements of such other websites. We encourage you to review the privacy statements of any such other websites to understand their information practices.
With the exception of Account Information (as defined below) and other information we collect in connection with your registration or authentication into our Services, this Policy does not apply to our security and privacy practices in connection with electronic data, text, messages, communications or other materials submitted to and stored within the Services by you (“Service Data”). Service Data security and privacy practices are detailed in and governed by our Master Subscription Agreement or such other such agreement between you and Brightidea relating to your access to and your use of such Services (collectively referred to as the “Service Agreement”).
Customers of our Services are solely responsible for establishing policies for, and ensuring compliance with, all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations, relating to the collection of personal data in connection with the use of our Services by individuals (also referred to as “data subjects”) with whom our Customers interact.
We collect information under the direction of our Customers and have no direct relationship with individuals whose personal data we process in connection with our Customer’s use of our Services. The use of information collected through our Services shall be limited to the purpose of providing the service for which Customers have engaged Brightidea. If you are an individual who interacts with a Customer using our Services and require assistance or would either like to amend your contact information or no longer wish to be contacted by one of our Customers that use our Services, please contact the Customer that you interact with directly.
What Personal Data do we collect?
The Personal Data that we collect directly from you may include the following:
- If you express an interest in obtaining additional information about our services, request customer support, use our “Contact Us” or similar features, register to use our websites, sign up for an event or webinar, or download certain content, we generally require you to provide us with your contact information, such as your name, job title, company name, address, phone number, email address, or username and password;
- If you register for an event, we may also require you to provide us with financial and billing information, such as billing name and address and credit card number;
- If you register for an online community that we host, we may ask you to provide a username, email address, photo and/or biographical information such as your occupation, social media profiles, company name, and areas of expertise;
- If you use and interact with our Websites, we automatically collect log files and other information about your device and your usage of our Websites through cookies, web beacons or similar technologies, such as IP addresses or other identifiers, which may qualify as Personal Data;
- If you visit our offices, you may be required to register as a visitor and to provide a copy of your government issued identification and the date and time of arrival.
Personal Data we collect from other sources:
We also collect information about you from other sources, including third parties from whom we have purchased Personal Data, and combine this information with Personal Data provided by you. This helps us to update, expand and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. In particular, we collect Personal Data from the following sources:
- Business contact information, including mailing address, job title, email address, phone number, web use behavior data, IP addresses, social handles, LinkedIn URL, and third-party data providers for the purposes of targeted advertising, delivering relevant email content, event promotion and profiling;
- If you participate in our Innovation online community, we use your email address to inform you of program changes or additional security requirements.
What device and usage data we process
We use information gathering tools, such as log files, cookies, web beacons and similar technologies to automatically collect information, which may contain Personal Data, from your computer or mobile device as you navigate our websites or interact with emails we have sent you.
We gather certain information via log files. This collected information includes your Internet Protocol (IP) address (or proxy server), device and application identification numbers, your location, your browser type, your Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and data/time stamps associated with your usage. This information is used to analyze overall trends, to help us provide and improve our websites and to guarantee it security and continued proper functioning. We also collect IP addresses from users when they log into services as part of our security features.
Cookies, web beacons and other tracking technologies
Opt-Out from the collection of device and usage data
You may opt-out from the collection of device and usage data by managing your cookies at the individual browser level. In addition, if you wish to opt-out of interest-based advertising click here, or if located in the European Union or the United Kingdom click here. Please note, however, that by blocking or deleting cookies and similar technologies used on our Websites, you may not be able to take full advantage of the Websites.
Please note the opting-out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as information about your subscriptions or event registrations, service announcements or security information.
Upon a request submitted to firstname.lastname@example.org, Brightidea will provide website visitors at no cost with access to their personal information that we have on record and the ability to complete, update, or remove such information.
Social Media Features
Our Websites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third-party social media network in order to share with others within your network. Social Media Features are hosted by the respective social media network and may receive information that you have visited our Websites from your IP address. If you are logged into your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile.
Purposes for which we process Personal Data and the legal basis on which we rely
We collect and process your Personal Data for the purposes and on the legal basis identified in the following:
- Promoting security of our Websites: We will process your Personal Data by tracking use of our Websites, creating aggregated, non-personal data, verifying accounts and activity, investigating suspicious activity, as well as violations of and enforcement of our terms and policies;
- Managing user registrations: We will process your Personal Data by managing your user account for the purpose of performing the contract with you according to any applicable terms of service;
- Handling contact and user support requests: If you fill out a “Contact Me” web form, request user support, or if you contact us by other means, we will process your Personal Data for the performance of our contract with you and to the extent it is necessary for the purpose of our legitimate interests to fulfill your request and communicate with you;
- Managing event registrations and attendance: We will process your Personal Data to plan and host the event or webinar, including related communications with you, on basis of the performance of our contract with you;
- Managing payments: If you have provided financial information, we will process your respective Personal Data to collect payments to the extent this is necessary for completing transactions with you under the contract with you.
- Developing and improving our Websites: We will process your Personal Data to analyze trends, track your usage of our Websites and interactions with emails to the extent this is necessary for our legitimate interests to develop and improve our Websites and to provide our users with more relevant and interesting content;
- Managing office visitors: We will process your Personal Data for security reasons, to register who visited our offices.
- Displaying personalized advertisements and content: We will process your Personal Data to conduct market research, advertise to you, provide personalized information about us on and off our Websites, and other personalized content based upon your activities and interests to the extent it is necessary for our legitimate interests to advertise our Websites or, where necessary, to the extent you have provided your prior separate consent;
- Sending marketing communications: We will process your personal Data to send you marketing information, product recommendations and other non-transactional communications, such as marketing newsletters, about us and our partners, including information about our products, promotions, or events as necessary for our legitimate interests to conduct direct marketing or to the extent you have provided your prior separate consent;
- Complying with legal obligations: We will process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights, and is necessary for our legitimate interests to protect against misuse or abuse of our Websites, to protect personal property or safety, to pursue remedies available to us and limit our damages, to comply with judicial proceedings, court order or legal process, and/or respond to lawful requests.
Legal basis for processing (EEA visitors only):
If you are a visitor from the European Economic Area (“EEA”), our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.
However, we will normally collect personal data from you only where we need the personal data to perform a contract with you (e.g., to provide you with our Services), where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent. In some cases, we may also have a legal obligation to collect personal data from you.
If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data)
Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time why we need to use your personal data. If we process personal data in reliance on your consent, you may withdraw your consent at any time.
If you have questions about, or need further information concerning, the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the “Contacting Us” section below.
Who do we share Personal Data with?
We may share your Personal Data with the following recipients:
- Our contracted service providers which provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing, customer support and data enrichment;
- If you attend an event or webinar organized by us, we may share your information with sponsors of the event if you consent to such sharing via the event registration form;
- With third-party social networks, advertising networks and websites, which usually act as separate controllers, so that Brightidea can market and advertise on third-party platforms and websites;
- With partner organizations and companies for service, sales, support, and marketing purposes;
- Any Personal Data or other information you choose to submit in communities, forums, blogs, or chat rooms on our websites may be read, collected, and/or used by others who visit these forums.
International Transfer of Personal Data
We do not share your personal data with third parties, unless it is necessary to carry out your request, for our professional or legitimate business needs, or as required or permitted by law. Where we do transfer your personal data to third parties or service providers, appropriate arrangement will be made in order to ensure correct and secure data processing in compliance with applicable data protection law.
We store personal data about Website Visitors and Customers within the EEA and the United States. To facilitate our global operations, we may transfer and access such personal data from around the world. Therefore, your personal data may be processed outside of the EEA and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection as the EEA.
In this event, we will ensure that the recipient of your personal data offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask for your prior consent to such international data transfers.
We have implemented safeguards to ensure an adequate level of data protection where your personal data is transferred to countries outside of the EEA, such as:
- The recipient country has an adequacy decision from the European Commission;
- The European Commission’s Standard Contractual Clauses for the transfer of personal data;
- Brightidea participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework; however, we do not rely on the Privacy Shield as a lawful mechanism to transfer personal data from the EU, United Kingdom, or Switzerland. Where the recipient is located in the United States, it may be a certified participant of the EU-U.S. Privacy Shield Framework or the Swiss-U.S. Privacy Shield Framework.
You can obtain more details of the protection given to your personal data when it is transferred outside Europe, including a sample copy of the model contractual clauses, by contacting us as described in the “Contacting Us” section below.
Privacy Shield Frameworks:
Brightidea abides by and has certified adherence to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks as set forth by the U.S. Department of Commerce; however, we do not rely on the Privacy Shield as a lawful mechanism to transfer personal data from the EU, United Kingdom, or Switzerland. For more information on the Privacy Shield frameworks, and to view the scope of Brightidea’s certification, please visit https://www.privacyshield.gov/list. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
In compliance with the Privacy Shield Principles, Brightidea commits to resolve complaints about our collection or use of your personal information. European Union, United Kingdom and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Brightidea at: email@example.com. Written inquiries may be addressed to:
Attn: Privacy Officer
1040 Avenue of the Americas, Suite 18A
New York, NY 10018 – USA
Brightidea has further committed to refer unresolved Privacy Shield complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints for more information and to file a complaint. The services of BBB National Programs are provided at no cost to you.
For residual Privacy Shield disputes that cannot be resolved by the methods above, you may be able to invoke a binding arbitration process under certain conditions. To find out more about the Privacy Shield’s binding arbitration scheme, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction
The Federal Trade Commission has investigation and enforcement authority over our compliance with the Privacy Shield.
If we have received your personal data under the Privacy Shield and subsequently transfer it to a third-party service provider for processing, we will remain responsible if they process your personal data in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
Our Websites are not directed at children. We do not knowingly collect Personal Data from children under the age of 16. If you are under the age of 16, please do not submit any personal data through our Websites or Services. If you are a parent or guardian and believe your child has provided us with Personal Data through the Websites or Services without your consent, please contact us as described in the “Contacting Us” section below and we will use commercially reasonable efforts to delete that information.
Notice to End-Users
Our Services are intended for use by enterprises. Where our Services are made available to you through a Customer of ours, that enterprise is the data controller of your personal data. Your data privacy questions and requests should initially be submitted to the Brightidea Customer in its capacity as your data controller. Brightidea is not responsible for our Customers’ privacy or security practices which may be different than this Policy.
Brightidea’s Customers are able to:
- restrict, suspend, or terminate your access to the Services;
- access and describe your personal data that you provided to them;
- access and export your personal data processed by them;
- amend your personal data, including your end-user profile.
How long do we keep your Personal Data?
Where Brightidea is the data controller of personal data (for example, personal data relating to Website Visitors, Attendees and individuals who register to use our Services), then we retain the personal data we collect where we have an ongoing legitimate business need to do so (for example, to provide you with our Services, to enable your participation in an event, and to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal data, we will either delete or aggregate it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
If your personal data is processed within a Customer’s Service Data, we will process the personal data for as long as we are instructed to do so by the relevant Customer that is the data controller of the Customer’s Service Data.
How to Exercise Your Data Protection Rights
You have certain choices available to you when it comes to your personal data. Below is a summary of those choices, how to exercise them and any limitations.
Correcting, updating, and removing your information:
An individual who seeks to exercise their data protection rights in respect of personal data stored or processed by us on behalf of a Customer of ours within the Customer’s Service Data (including to seek access to, or to correct, amend, delete, port or restrict processing of such personal data) should direct his/her query to our Customer (the data controller). Upon receipt of a request from one of our Customers for us to remove the personal data, we will respond to their request within thirty (30) days. We will retain personal data that we process and store on behalf of our Customers for as long as needed to provide the Services to our Customers.
Accessing and updating or deleting your information:
Our Services and related documentation give End-Users the ability to access, update and delete certain personal data from within the Service. For example, you can access your End-User profile and make updates to your personal data. In cases where we act as the data controller of your personal data, we will provide you with information about whether we hold any of your personal data upon request. We will respond to such requests within a reasonable timeframe. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Deactivating your user profile:
If you no longer wish to use our Services, Brightidea’s Subscriber may be able to deactivate your End-User account. First, please contact Brightidea’s Customer with your request. If you are a Brightidea Customer and are unable to deactivate an End-User account through your administrator settings, contact Brightidea for support. Please be aware that deactivating your account does not delete your information; your information remains visible to other Service users based on your past participation within the Services.
Request that we stop using your information:
You may request that your personal data no longer be accessed, stored, used, and otherwise processed where you believe that a Brightidea Customer or Brightidea do not have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this Policy. Where you gave us consent to use your personal data for a limited purpose, you can contact us to withdraw that consent. You can also opt-out of our use of your personal data for marketing purposes by contacting us, as provided below. When you make such requests, we may need time to investigate and facilitate your request. Please note that an End-User of a Brightidea Customer should first contact Brightidea’s Customer with a request to stop access, storage, use of personal data. If there is delay or dispute as to whether we have the right to continue using your personal data, we will restrict any further use of your personal data until the request is honored or the dispute is resolved, provided the Brightidea Customer does not object (where applicable).
Opt-out of communications:
We offer those who provide personal contact information a means to choose how we use the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of our marketing emails, or you may send a request to firstname.lastname@example.org. You may opt-out of receiving promotional communications from us by using this unsubscribe link within each email. Even after you opt-out from receiving promotional messages from us, if you are a Services Admin, then you will continue to receive transactional messages from us regarding our Services. You can opt out of some notification messages in your account settings.
Other data protection rights:
If you wish to exercise any other data protection rights that are available to you under your local data protection laws (such as the right to data portability or to data restriction) then please send your request to email@example.com and we will respond to your request in accordance with applicable data protection laws.
You have the right to complain to your local data protection authority if you are unhappy with our data protection practices. Contact details for data protection authorities in the European Economic Area are available here.
We take precautions including organizational, technical, and physical measures, to help safeguard against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the Personal Data we process or use.
While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions. If you have questions about the security of our websites, please contact us via the “Contacting Us” section below.
If you do not accept any changes mane to this Policy, please discontinue use of the Websites and the Services.
Supplemental Terms and Conditions for Certain Regions
Personal data collected, stored, used and/or processed by Brightidea, as described in this Policy, is collected, stored, used and/or processed in accordance with the Australian Privacy Act 1988 (Commonwealth) and the Australia Privacy Principles as further detailed here.
If you are dissatisfied with our handling of a complaint or do not agree with the resolution proposed by us, you may make a complaint to the Office of the Australian Information Commissioner (“OAIC”) by contacting the OAIC using the methods listed on their website at http://www.oaic.gov.au. Alternatively, you may request that we pass on the details of your complaint to the OAIC directly.
Personal data collected, stored, used and/or processed in accordance with Brazilian Law No. 13,709/2018, as amended (LGPD). Those individuals who use or access our Website or Services expressly consent to the collection, use, storage, and processing of their personal data by us for the purposes described in this Policy.
Personal data (as the term is defined in the Personal Data Protection and Electronic Document Act of Canada (“PIPEDA”) will be collected, stored, used and/or processed by Brightidea in accordance with Brightidea’s obligations under PIPEDA.
Personal data collected, stored, used and/or processed by Brightidea, as described in this Policy, is collected, stored, used and/or processed in accordance with Japan’s Act of the Protection of Personal Data.
Personal data collected, stored, used and/or processed by Brightidea, as described in this Policy, is collected, stored, used and/or processed in accordance with New Zealand’s Privacy Act 2020 and its 13 Information Privacy Principles (“NZ IPPs”) as further detailed here.
Personal data collected, stored, used and/or processed by Brightidea, as described in this Policy, is collected, stored, used and/or processed in accordance with Brightidea’s obligations under the Personal Data Protection Act 2012 of Singapore as further detailed here.
Personal data collected, stored, used and/or processed by Brightidea, as described in this Policy, is collected, stored, used and/or processed in accordance with Brightidea’s obligations under the UK Data Protection Act 2018.
The California Consumer Privacy Act (“CCPA”), which is effective as of January 1, 2020, regulates how we handle personal information of California residents and gives California residents certain rights with respect to their personal information.
When we act as a service provider (for example, by providing our services to another company that you interact with), we follow the instructions of the business that engaged us with respect to how we process your personal data. If you would like more information about how your personal information is processed by other companies, including companies that engage us as a service provider, please contact those companies directly.
Information We May Collect:
We may collect the following categories of information:
- Demographic Information
- Commercial Information
- Geolocation data
- Audio, electronic, visual, or similar information
- Professional or employment-related information
For each category of information, we collect the information from a variety of sources, including directly from you, from your devices, from your social media profiles, and/or from third party providers. We collect the information to provide you with services, protect our customers and ourselves (including the services), and to improve the services. We do not share personal data with Third Parties as the term is defined under the CCPA.
We do not sell (as such term is defined in the CCPA) the personal information of any individual, including personal information of minors under 16 years of age.
We have disclosed the following categories of personal information for a business purpose in the 12 months prior to this Policy’s last update.
- Demographic Information
- Commercial Information
- Internet or other electronic network activity information
- Geolocation data
- Audio, electronic, visual, or similar information
- Professional or employment-related information
- Inferences drawn from any of the above information
We have not disclosed any personal information for valuable consideration in the 12 months prior to this Policy’s last update.
You may have certain rights with respect to your personal information, including:
- The right to access, including the right to know the categories and specific pieces of personal information we collect;
- The right to deletion of your personal information, subject to certain limitations under applicable law;
- The right to request disclosure of information collected;
- The right to disclosure of information disclosed for valuable consideration; and
- The right not to be discriminated against for exercising certain rights under California law.
To exercise these rights, please submit a request by emailing firstname.lastname@example.org. Please be as specific as possible in relation to the personal information you wish to access. Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly. If we need additional information to verify your identity, we will let you know. We will respond to your request within 45 days of receipt or notify you if we require additional time.
If you would prefer, you may designate an authorized agent to make a request on your behalf.
If you have questions regarding this Policy or about Brightidea’s privacy practices, please contact us via the “Contacting Us” section below.
Attn: Privacy Officer
1040 Avenue of the Americas, Suite 18A
New York, NY 10018 – USA
Or send an email to email@example.com
Please include the following in your request:
- First and Last Name
- Email address
- Are you a Brightidea client?
- Details of your question, comment, or request
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the competent supervisory authority.