Last modified June 20, 2023
1.1 Our Privacy & Cookies Notice
BrightInsight, Inc. (BrightInsight) takes its obligations to protect privacy and personal data very seriously. Please read this Privacy & Cookies Notice ("the Notice") carefully as it sets out important information relating to how we handle your personal data.
1.2 BrightInsight Notice
This Notice sets out how we, as data controller, will collect and use personal data, and the choices and rights available to you in connection with our use of your personal data. BrightInsight as the data controller is responsible for responding to requests to exercise data subject rights. In all cases, any complaints and requests to exercise data subject rights should be addressed to the Data Privacy Officer listed below and at firstname.lastname@example.org.
1.3 To whose personal data does this Notice apply?
This Notice describes our practices when using the personal data of:
This Notice will apply whether you have provided the information directly to us or we have obtained it from a different source, such as a third party.
2.1 Sources of business contact information
We collect personal data from our business contacts directly or from the following sources:
2.2 What personal data we collect about business contacts
The categories of information we collect about business contacts includes:
We may collect this information directly from you, automatically from you or your device, or from third-party sources.
2.3 How we use the personal data we collect about business contacts
We use this information for certain activities, including:
2.4 Why we use the personal data of business contacts
We use this information because:
A legitimate interest above will only apply where we consider that it is not outweighed by a business contact's interests or rights which require protection of their personal data. In limited circumstances, such as in the case of marketing, a business contact's consent may be required under applicable law. Where we rely upon a business contact's consent, they will have the right to withdraw their consent by contacting the Data Privacy Officer.
If a business contact requires further information regarding our legitimate interests as applied to their personal data, they may contact the Data Privacy Officer.
In certain circumstances, where a business contact does not provide personal data which is required, we will not be able to perform our obligations under the contract with them or may not be able to provide them with products and services. We will make it clear if and when this situation arises and what the consequences of not providing the information will be for the business contact.
2.5 Recipients of business contact information
We may disclose personal data of business contacts to third parties as follows:
2.6 Further Information
Please see sections 4 to 8 below for further information concerning our use of personal data.
3.1 What personal data we collect about website users and visitors to BrightInsight social media pages
The categories of information we collect about users of our website and BrightInsight webpages on social media sites such as Facebook, Instagram, LinkedIn and Twitter include:
We also automatically collect personal data about the use of our website from users, including:
If a website user does submit their data via one of our forms and they have cookies installed on their browser, all behavioural and web log data will be associated back to them. The website user will be informed of this when completing our forms.
3.2 How we use the personal data of website users and visitors to BrightInsight social media pages:
We use personal data of users of our website and BrightInsight webpages on social media sites such as Facebook, Instagram, LinkedIn and Twitter for certain activities, including:
We use personal data about the use of our website for certain activities, including:
3.3 Why we use the personal data of website users and visitors to BrightInsight social media pages:
We use personal data of users of our website and BrightInsight webpages on social media sites such as Facebook, Instagram, LinkedIn and Twitter because:
In the case of marketing, a user's consent maybe required under applicable law. Where we rely upon a user's consent, they will have an option to "Unsubscribe" and will also have the right to withdraw their consent by contacting the Data Privacy Officer.
We use personal data about the use of our website because:
In certain circumstances, where a website user does not provide personal data which is required (for example, in relation to our online services), we will not be able to perform our obligations under the contract with them or may not be able to provide them with products and services. We will make it clear if and when this situation arises and what the consequences of not providing the information will be for the website user.
3.4 Recipients of personal data of website users and visitors to BrightInsight social media pages
We may disclose website and social media users' personal data to third party recipients, as follows:
3.5 Further Information
Our websites and online services are for individuals who are at least 18 years of age. Our online services are not designed to be used by children under the age of 18.
Please see sections 4 to 8 below for further information concerning our use of personal data.
BrightInsight is a global company and, as such, we may transfer personal data to suppliers outside your home jurisdiction. BrightInsight will take all reasonable steps to ensure that personal data is protected and any such transfers comply with applicable law.
BrightInsight may transfer and maintain the personal data of individuals covered by this Notice on servers or databases outside the European Economic Area (EEA). Some of these countries may not have the equivalent level of protection under their data protection laws as in the EEA. BrightInsight, acting as controller, is liable for onward data transfers to third parties.
BrightInsight has compensating controls and complies with transfer mechanisms regarding the collection, use, and retention of personal data transferred from the European Union, Switzerland, and the United Kingdom to the United States. BrightInsight has certified to and adheres to Privacy Principles and Security Requirements through HITRUST and ISO certifications.
If you would like to obtain the details of such safeguards, you can request these from the Data Privacy Officer at email@example.com.
For EU Citizens: How to Contact BrightInsight via our Data Protection Representative
Brightlnsight, Inc,may process the personal data of individuals in the European Union, European Economic Area and/or UK as data controller or data processor and has appointed DataRep as its Data Protection Representative for the purposes of GDPR*
If Brightlnsight, Inc has processed or is processing your personal data, you may be entitled to exercise your rights under GDPR in respect of that personal data. For more details on the rights you have in respect of your personal data, please refer to the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en) or the national Data Protection Authority in your country.
Brightlnsight, Inc takes the protection of personal data seriously. And has appointed DataRep as their Data Protection Representative in the European Union so that you can contact them directly in your home country. DataRep has locations in each of the 27 EU countries, the UK, and Norway & Iceland in the European Economic Area (EEO), so that Brightlnsight, Inc’s customers can always raise the questions they want with them.
It you want to raise a question to Brightnsight, Inc, or otherwise exercise your rights in respect of your personal data, you may do so by:
PLEASE NOTE: when mailing inquiries, it is ESSENTIAL that you mark your letters for ‘DataRep’ and not ‘Brightlnsight, Inc, or your inquiry may not reach us. Please refer clearly to Brightlnsight, Inc in your correspondence. On receiving your correspondence, Brightlnsight,Inc is likely to request evidence of your identity to ensure your personal data and information connected with it is not provided to anyone other than you.
If you have any concerns over how DataRep will handle the personal data we will require to undertake our services. please refer to our privacy notice at www.datarep.com/privacy-policy.
We will retain your personal data for as long as required to perform the purposes for which the data was collected, depending on the legal basis for which that data was obtained and/or whether additional legal/regulatory obligations mandate that we retain your personal data. We may also retain personal data for the period during which a claim may be made in relation to our dealings with you.
In general terms, this will mean that your personal data will be kept for the duration of our relationship with you and:
In certain circumstances, data may need to be retained for a longer period of time, for example, where we are in ongoing correspondence or there is a continuing claim or investigation.
If you wish to obtain further information about the retention periods as applied to your personal data, you may find this in the retention schedule maintained by BrightInsight or can contact the Data Privacy Officer.
Individuals have the following rights, in certain circumstances, in relation to their personal data:
If you wish to exercise any of the above rights, please contact the BrightInsight Data Privacy Officer at firstname.lastname@example.org. Such requests should include appropriate identity verification information (such as your name, address, email address or other information reasonably required).
Where we receive a request to exercise one of these rights, we shall provide information on the action we take on the request without undue delay and in any event within one month of receipt of the request. This may be extended by a further two months in certain circumstances, for example where requests are complex or numerous.
The information will be provided free of charge, except where requests are manifestly unfounded or excessive, in particular because of their repetitive character. In these circumstances we may charge a reasonable fee or may refuse to act on the request. We will advise an individual of any fees prior to proceeding with a request.
We may ask for additional information to verify an individual's identity before carrying out a request.
Where we do not carry out a request, we shall inform the individual without delay and within one month of receipt of the request, providing our reasons for not taking the action requested.
6.1 Right to access personal data
Individuals have the right to confirm the following with us:
Individuals also have a right to access the personal data and be provided with a copy.
6.2 Right to restrict processing of personal data
Individuals have the right to request that we restrict processing of their personal data where one of the following applies:
6.3 Right to object to processing of personal data
Where personal data is used to target marketing to an individual, they have the right to object to this at any stage.
An individual also has the right to object to processing of their personal data where the legal basis of the processing is our legitimate interests. We will have to stop processing until we are able to verify that we have compelling legitimate grounds for processing which override the individual's interests, rights and freedoms, or alternatively that we need to continue processing for the establishment, exercise or defense of legal claims.
6.4 Right to rectification of personal data
If an individual believes that the personal data we hold on them is inaccurate, they may request that it be amended. They may also request that incomplete personal data be completed, including by providing a supplementary statement.
6.5 Right to request erasure of personal data ("right to be forgotten")
An individual may also request the erasure of their personal data in certain circumstances, including the following (this is not an exhaustive list):
If an individual does request erasure of their personal data, this will potentially remove records which we hold for their benefit, such as their presence on a suppression list and they will have to contact us to provide personal data if they wish for us to hold this in future.
6.6 Right to Data Portability
Where we are relying upon the legal basis either of consent or that the processing is necessary for the performance of a contract to which an individual is a party, and that personal data is processed by automatic means (e.g. electronically), an individual has the right to receive all the personal data which they have provided to us in a structured, commonly used and machine-readable format and to transmit this to another controller directly, where this is technically feasible.
6.7 Supervisory Authority
An individual also has a right to lodge a complaint with a supervisory authority, in particular in the Member State in the European Union where they are habitually resident, where they work or where an alleged infringement of data protection laws has taken place.
We have put in place reasonable technical and organizational security measures designed to prevent the loss or unauthorised access of your personal data. We train our employees in the proper handling of personal data. However, whilst we have used our best efforts to ensure the security of your data, please be aware that we cannot guarantee the security of information transmitted over the Internet. If you have reasons to believe that your interaction with us is no longer secure, please immediately notify us of the problem by contacting us as set out below.
Our Website may contain links to other "non-BrightInsight" websites. We do not control and assume no responsibility for the content, security or the privacy policies and practices on those websites. BrightInsight encourages all users to read the privacy policies of those sites to determine how they protect and use personal data.
7.3 Changes to this Notice
From time to time, we may change and/or update this Notice. If this Notice changes in any way, we will post an updated version on this website. We recommend you regularly review this website to ensure that you are always aware of our information practices and any changes to such. Any changes to this Notice will go into effect on posting to this page.
A cookie is a small text file which includes a unique identifier that is sent by a web server to the browser on your computer, mobile phone or any other internet enabled device when you visit an on-line site. Cookies and similar technologies are widely used to make websites work efficiently and to collect information about your online preferences. For simplicity, we refer to all these technologies as "cookies".
Some of our website pages may contain electronic images known as web beacons (also known as clear gifs, tags or pixels) that allow us to count users who have visited our pages. Web beacons collect only limited information, e.g. a cookie number, time and date of a page view, and a description of the page on which the web beacon resides. We may also carry web beacons placed by third party advertisers. These beacons do not carry any information that could directly identify you.
8.2 How do I reject cookies?
If you do not want to be tracked by Google Analytics cookies you can opt-out by installing a browser plug-in here: https://tools.google.com/dlpage/gaoptout/
At any time, you can prevent cookies from being set on your browser. For instructions on how to block, delete or disable any cookies, please consult your browser's 'Help' or 'Support' section. Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our website.
Please consult the following links for information on cookie management and blocking according to your browser:
You can also find more information and manage cookie storage at: www.youronlinechoices.eu
BrightInsight, Inc., of 6201 America Center, San Jose, CA, USA, takes its obligations to protect privacy and personal data very seriously.
9.1 Contact details: Your personal data is collected by BrightInsight ("we"/"us"/"our"). If you have any questions or complaints in relation to the use of your personal data or this Recruitment Notice, you can contact our Data Privacy Officer at: email@example.com.
9.2 Personal data Collected: We collect the information below about you during the recruitment process. If you fail to provide certain information when requested, we will not be able to progress your application.
9.3 Sources of Information: This information is either (a) provided by you; (b) obtained from third parties through the application and recruitment process; (c) obtained from public sources, such as LinkedIn, or (d) created by us in the course of the recruitment process.
9.4 How we use personal data: We use your personal data to progress the recruitment process, assess and make a decision about your suitability for a role, to communicate with you and to carry out reference checks. We will also use your information to comply with legal and regulatory requirements.
9.5 Why we use personal data: We will use the information collected from you because:
9.6 How we use special category personal data: We will process your special categories of personal data to consider whether we need to provide appropriate adjustments (1) for any disabilities during the recruitment process to the extent permitted by applicable law; (2) for equal monitoring purposes to the extent permitted by applicable law; (3) to comply with any legal or regulatory obligation.
9.7 Why we use special category personal data: We will use special categories of personal data collected about you because:
9.8 Information about criminal convictions: As part of the recruitment process we carry out criminal background checks, as permitted by applicable law. We use these checks (1) to assess your suitability for a regulated role; (2) to protect your interests, our interests and third party interests; (3) because it is necessary in relation to legal claims. Subject to applicable local law, we may use your personal data in this way where it is necessary to carry out our employment rights and obligations.
9.9 Automated decision making: Following a background check/ psychometric test an automated decision will be reached on whether to progress your application or offer you employment based on whether yours satisfy our benchmark criteria. If you disagree with the decision you are entitled to contest this by contacting us at following email address: firstname.lastname@example.org.
9.10 Information that we share: We will only share your personal data with the following third parties for the purposes of processing your application: (1) employment agencies, (2) background check and online test providers, and (3) regulators and competent authorities. We will also share personal data within our group for the purposes of administration, accounting and reporting purposes.
9.11 Retention of your information: We will retain your personal data for the duration of the recruitment process and for the length of any applicable limitation period for claims which might be brought against us later.
9.12 Where your information will be held: We may hold the personal data we collect about you in the United States. Your personal data may be transferred to, stored, and processed in a country (such as the United States) as described above under International Transfers.
9.13 Your rights: You have the following rights in connection to your data: the rights of access, correction, erasure, objection, restriction, transfer, and the right to withdraw consent and to complain to a Supervisory Authority.
9.14 Applicable Law: While this global policy is designed to deliver consistent and efficient information to candidates on global basis, all information will always be processed in accordance with applicable local law.
Our Data Privacy Officer is the Data Protection Officer for the purposes of the General Data Protection Regulation (GDPR).
BrightInsight has further committed to refer unresolved Privacy Shield complaints to the Panel of EU data protection authorities (DPA Panel), an alternative dispute resolution provider located in the EU. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the DPA Panel for more information or to file a complaint. The services of the DPA Panel are provided at no cost to you. Additionally, you may under certain conditions invoke binding arbitration.
BrightInsight commits to cooperate with DPAs and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Furthermore, BrightInsight is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
In compliance with the Privacy Shield Principles, BrightInsight commits to resolve complaints about our collection or use of your personal data. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact BrightInsight at:
Email Address: email@example.com
Address: BrightInsight, Inc., Data Privacy Officer, 6201 America Center Drive, San Jose, CA 95002, USA