Privacy Policy
BrightCloud Group is committed to ensuring that your personal data and privacy is protected.
We have set out and updated our Privacy Policy so that you can be clear on what we use your information for. At all times, this will be only in accordance with the data privacy laws (such as the Data Protection Act 2018 in the UK and the General Data Protection Regulation in the UK and EU countries).
This Privacy Policy page will refer to the subsidiary companies which are part of BrightCloud Ltd – a company registered under number 07569936 (which includes BrightCloud Group amongst others) as “BrightCloud Group”, “we”, “us” or “our”.
We will do this to make this easier to read and understand.
We will refer to the people who visit our website or who use our software/services as “you” or “your”, again to make this page clear and easier to read and understand.
General information
Your rights
You have the following rights, in addition to any stated below:
- The right to ask what personal data we hold about you at any time;
- The right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you;
- The right to ask us to delete any personal data that we hold about you that isn’t required to be held by other laws;
- The right to opt out of any marketing communications that we may send you.
If you wish to contact us regarding this, please see the section below, called “How to contact us”. We aim to make this process as easy as we can.
Communications we send out
BrightCloud Group will send out messages in two broad categories – Marketing messages and those generated by our products/services which you use, or in direct support of such.
Marketing Messages
With regards to Marketing messages, these are issued only if we have your consent to do so or where we have a legally permissible reason to do so under the GDPR. This will typically be the condition known as ‘legitimate interests’ and we will balance that interest in accordance not only with the GDPR but with the Privacy and Electronic Communications Regulation (PECR), which Marketing emails also fall under.
Each Marketing email we issue will clearly state that it is from BrightCloud Group and has a link in the email to unsubscribe or update your preferences.
If you do not have a recent email from us, or if you wish to unsubscribe or update your preferences, you can do that by contacting the Marketing Team through the options shown in the “How to contact us” section of this Privacy policy.
Product/Service Messages
Our products will only issue out email notifications to users of the software/service as appropriate. Depending upon the product/service in question, in conjunction with contractual agreements, the preferences will allow certain communications to be managed by our users.
Briefly, the principle behind these messages is that they are requesting registered users to perform a task or alerting to issues or receiving communications from the product/service in order for the service to be usable and effective. Some of these may be optional, whereas others are part of the product functionality. Your system administrator or organisational equivalent can advise you.
How to contact us
For further information on how your information is used, how we maintain the security of your information and your rights to access information we hold on you, please contact:
By email:
compliance@BrightCloudGroup.global
By post:
The Data Protection Officer
BrightCloud Group
Lawnswood Business Park
Richmond House
Leeds
LS16 6QY
If you want us to take any steps with regards to your rights, please use these methods. If you want personal data deleted, we would prefer it if you could raise a support case, so we can track the request there, though we are happy to receive the request in the same way as described above.
For Marketing messages, in addition to the options listed earlier on this page, you can:
- Write to us at the address shown above, marking your correspondence “The Marketing Team”;
- Send an email to info@BrightCloudGroup.global.
Complaints
If you wish to make a complaint in relation to how we have handled your personal data, we would of course prefer it if you contacted us directly by following the instructions given in the “How to contact us” section above.
However, you do have a right to lodge a complaint with the data protection authority relevant to your country. For example, in the UK, the data protection authority is the Information Commissioner’s Office (www.ico.org.uk/).
The European Data Protection Board’s website provides a list of all members and their Data Protection Authorities. The link below will provide you with their contact details and websites should you need it.
https://edpb.europa.eu/about-edpb/board/members_en
Policy amendments
We may revise this Privacy Policy from time to time, by updating this page. There will be a date of last update provided so you can determine when the policy was last amended or updated.
Data Protection Officer
Based on BrightCloud Groups’ current activities, business purpose and how it processes personal data, in most countries which have the GDPR as their data protection legislation, there is no mandatory requirement for a Data Protection Officer.
However, BrightCloud Group recognises the importance of this role. The Risk and Compliance Manager has assumed and enacts those responsibilities. This role has full support, is independent and has direct access to the BrightCloud Group Board.
Where, and if, BrightCloud Group acts within an EU territory that has additional requirements, those requirements will be met (e.g., The Federal Data Protection Act. in Germany, where we would be obliged to appoint a Data Protection Officer).
Information from Third Parties
Information may be gathered by us from certain third parties but only where the information is publicly available, this may include (but not limited to):
- Analytics providers such as Google
- Networking sites such as Linkedin
- Partners and customers as part of a contractual fulfilment
Information about this website (https://brightcloudgroup.global/)
Personal data submitted on this website will only be used for the purposes specified in this privacy policy.
How we collect, process and your information
Collection and Processing
We collect and process the following information about you either from your use of our site, or your correspondence with us by phone or email:
Information you give us.
We collect and store the personal information that you submit through the site or by corresponding with us by phone, email or other communication methods, such as through online chats or social media.
The information you give us may include your name, postal address, email address, telephone number, plus details of any comments you provide to us. We may also collect and process records of any correspondence and communications with us.
Information we collect about you.
We also collect and store following information regarding each of your visits to our site. As this can be varied based on the cookie settings you allow, we strongly recommend that you read our Cookie Policy, which is available on the site, which will give you more information. That page can also allow you to change your cookie settings.
In brief, we will collect and store:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), products and / or services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page. Your personal information is kept private and stored securely until it is no longer required, as detailed in the GDPR and UK Data Protection Bill (2018).
Every effort has been made to ensure that a safe and secure email submission process exists, however we do advise those people who use such email forms that they do so at their own risk.
As mentioned above, the two types of information, as shown in list a and b can vary, so not all may be collected and stored, if you’ve adjusted your cookies.
We may use your personal information to:
- Send you information, including Marketing communications, which we think may be of interest to you by email, post or similar technology – as outlined in the “Communications we send out” section;
- Communicate with you to gain feedback on our products or services in order to improve them;
- Administer any contest or other promotional feature that you may enter with us and to notify winners;
- Provide other companies with statistical information about our users, such as Google Analytics – but this information will not be used to identify any individual user – it is aggregated, anonymous data. Please see our Cookie Policy Page for further information.
Your personal information is kept private and stored securely, as in accordance with our retention policy. This policy is compliant with the GDPR and UK Data Protection Act (2018) – please contact us for further details.
Every effort has been made to ensure that a safe and secure email submission process exists, however we do advise those people who use such email forms that they do so at their own risk.
Who we share data with
We will only use your personal data with your consent, where:
- We are looking to enter into a contract with you or a common partner or to perform our obligations under the contract with yourselves or common partner
- We are complying with a legal obligation
- To protect your vital interest
- To pursue one of our legitimate interests
We have to share your personal data with:
- Other companies within our group
- By third parties who provide us with services to enable us to deliver the services we offer
- Our professional advisors or by third parties who provide us with services which we use internally to administer our services
- Regulators and other authorities for the purposes of prevention, detection and prosecution of criminal offences or issues relating to national security or, where we are required to do so in the event of a national emergency to comply with other legal or regulatory requirements; as identified within this Privacy Policy or within our contract with you
Some external third parties (for example our suppliers) are based or have offices outside the European Economic Area (‘EEA’) and if the process of your data as part of our relationship with them it may mean that your personal data is transferred outside the EEA. Where this occurs we will ensure that an adequate level of protection is applied in accordance with the Data Protection Laws
Personal data will not be sold or transferred to third parties other than:
- As identified in this Privacy Policy
- In accordance with our Terms and Conditions or the terms of any other contract we have in place with you
- Where you consent to us doing so
- To comply with lawful requests made by a regulator or other authority
How long we hold your data
We will only hold your information for as long as it is required for the purposes for which it was obtained. There may be instances where we keep your personal information for longer periods for legal and regulatory purposes, such as to comply with our audit or revenue reporting obligations.
Our legal basis for using your information
The legal grounds on which we rely to use your information are to allow us to exercise our legitimate interests as a data controller.
We rely on our legitimate interests as a data controller to process the personal information that you provide to us on feedback forms or through any contest or promotional feature that we may run, and to process personal information that we collect from you when you use our site.
It is in our legitimate interests as a business to process the above information in order administer our site, to ensure that content from our site is presented to you effectively and securely, and to run contests and other promotional features.
Social media linking
We have built into this website social media sharing buttons which, when used, will help share web content from this site directly to the social media platform in question. We advise that before using such sharing buttons that you do so at your own discretion.
Note that the social media platform you share the BrightCloud Group content may track and save your request to share a web page respectively through your social media platform account.
Communication, engagement and actions taken through external social media platforms that we participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
We will never ask for personal or sensitive information through social media platforms.
Disclosure
We may also disclose information we collect to law enforcement, other government authorities, or third parties as required by the laws that may apply to us. We may do this as provided for under contract or as we deem reasonably necessary to provide our services.
In these circumstances, we take reasonable efforts to notify you before we disclose information that may reasonably identify you or your organisation, unless prior notice is prohibited by applicable law or is not possible or reasonable in the circumstances.
Cookies
We use cookies to ensure that we give you the best experience on our website (https://brightcloudgroup.global/). More information about the cookies we use on this website is available on the dedicated Cookies Page.
Data Residency
Whilst BrightCloud Group is primarily a UK based business, we have customers in multiple countries. We take the handling and processing of your data extremely seriously.
To meet our GDPR requirements, we have reviewed our technological and organisational measures to ensure that your data is treated securely and that we have processes in place to help prevent unauthorised access to confidential information about you that is under our control.
Where does my data reside?
BrightCloud Group partners with data centre providers in the UK.
All information you provide to us is stored on our secure servers, which for the UK, are based in Manchester and London.
UK data does not get moved or stored to other data centres outside the UK, including for backup or disaster recovery purposes.
If our UK and EU customers use our software which is not based in the EEA, we will inform you before you agree to use the software. Organisations which have a contract with us, have this – plus other protective provisions – written into contract, which is in place before our software/service is used.
In addition, we have made sure that all our customer data, whether that stored in or outside of the EEA is secure and kept to the same high standards that is expected of a company based in that region. Any citizens who benefit from the GDPR’s provisions are still protected and can enable their rights, as described in the “General Information” section on this page.
Data Protection Adequacy Status for the UK
As of June 2021, the UK continues to maintain its current data protection ‘Adequacy’ status, as determined by the EU Commission. This status has been guaranteed for four years. The ‘Adequacy’ status refers to non-EU/EEA countries who have a level of data protection which is considered to offer the same level of protection that EU/EEA countries using the GPDR benefit from.
Irrespective of this positive decision, BrightCloud Group continues its commitment to data privacy and the GDPR. BrightCloud Group already has technological and organisational safeguards in place to ensure compliance.
Schrems II ruling
BrightCloud Group appreciates that the EU-US Privacy Shield Framework is no longer considered to be an adequate mechanism for the lawful processing of personal data, following on from the European Court of Justice’s 2020 judgement (more commonly known as “Schrems II”).
BrightCloud Group has worked with its customers who have previously used this mechanism and encourages Standard Contract Clauses (“SCCs”), plus a risk assessment of the processing, to ensure lawful processing can continue.
BrightCloud Group will continue to work with its customers and suppliers to ensure that it protects personal data when processing across countries that do not benefit from the GDPR or other deemed adequate data protection mechanisms.
Information about BrightCloud Group Support
BrightCloud Group provides support for its products and/or services.
For all BrightCloud Group products/services, there is an online ticketing system to allow you raise enquiries. If direct access has been provided, then directly through the ticketing system, otherwise, by emailing provided support addresses that will automatically log the request into the ticketing system.
These support systems are designed to allow registered users to ask product-related questions, raise potential defects and enquire about product functionality.
For all support applications, users need to submit a ticket (either directly into the portal or via email). The following personal data is needed for this process:
A person’s name, email address, telephone number; the company or organisation that person works for.
This personal data is only used for the purpose of allowing users to log enquiries in relation to our software/services and for us to be able to identify and respond to such requests in an effective and timely manner for resolution purposes.
User personal data is kept for as long as the user needs access to the ticketing systems; if he or she leaves the company or no longer requires access, they can request removal from the system by contacting us described in the “How to contact us” section.
Whilst the purpose of the software is to log enquiries relating to products/services, due to the nature of the support enquiries, it is possible that users can add other information to the support ticket which may end up being or including other personal data. This is not mandatory and should only be for the purposes of resolving that particular support enquiry.
Support ticket information is kept for the purpose of allowing the same organisation who raised the case to be able to review past enquiries and build up a knowledge base or repository so if the same issue reoccurs, the original support case can be referenced, and the resolution identified and acted upon.
Support Staff
To fulfil these enquiries, all our support teams are based in the UK. Additionally, all of these people are directly employed by BrightCloud Group. BrightCloud Group does not outsource its Support staff.
Where is the Support ticket data stored?
All support tickets are stored within our central ticketing system where data is located in Amsterdam (the Netherlands) and Dublin (Ireland).
Information about BrightCloud Group products/services
In General
Our products/services may require users to have a username and a password depending on the product/service being delivered which will allow them access to the software/service. The username may be a unique identifier or an email address.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Our products/services may, depending on agreed configuration, issue system messages, the purpose of which and any applicable text will be set up as part of the initial implementation of the software/services by our contracted customers in conjunction with our Service Delivery Team.
This will enable defined users to act upon processes that are necessary to fulfil the normal practices of the software/service (such as alerting users to incoming calls or actions that may need to be taken). These system messages can appear when you are using the software and will either be delivered live or to pre-configured email addresses.
With our products/services, unless otherwise stated, we will be classed as the data processor, and the organisation who uses our software/service will be the data controller. This will be written into contract with our direct Customers. Other customers, such as those through our Partner Reseller network, the relationship between us and the customers will again be defined in contract.
The UK data regulator, the Information Commissioners’ Office (ICO) explains the terms ‘data controller’, ‘data processor’ on their website here.
A full list and overview of the National Data Protection authorities is available from the EU’s website, here.
To the extent that when we are a data controller in relation to the processing of personal data regarding any of our products, we rely on fulfilling contractual obligations and legitimate interests as the appropriate lawful basis for the purposes of the GDPR.