Privacy Policy

BRIGHTINSIGHT'S USE OF PERSONAL DATA

 

1.  THIS PRIVACY NOTICE

1.1  Our Privacy & Cookies Notice

BrightInsight takes its obligations to protect privacy and personal information very seriously. Please read this Privacy & Cookies Notice ("the Notice") carefully as it sets out important information relating to how we handle your personal information. 

1.2  BrightInsight Notice

This Notice sets out how we, as data controller, will collect and use personal information, and the choices and rights available to you in connection with our use of your personal information. BrightInsight as the data controller is responsible for responding to requests to exercise data subject rights. In all cases, any complaints and requests to exercise data subject rights should be addressed to the Data Privacy Officer listed below and at privacy@flexdigitalhealth.com

1.3  To whose personal information does this Notice apply?

This Notice describes our practices when using:

  • the personal information of the business contacts, suppliers and employees of clients (including customers of our clients); and
  • other persons who (1) may visit our website ("website users") or (2) who may visit our BrightInsight pages on social media sites.

This Notice will apply whether you have provided the information directly to us or we have obtained it from a different source, such as a third party.

 

2.  BUSINESS CONTACTS

2.1  Sources of business contact information

We collect personal information from our business contacts directly or from the following sources:

  • Third party referrals;
  • Client checking and verification processes such as due diligence checks;
  • Social media sites such as LinkedIn and other public internet sites;
  • Credit reference agencies, insurance information bureaus and government or financial institutions; and
  • Other public resources such as telephone directories, newspapers, internet sites, commercially available marketing lists, registries or public records.

2.2  What personal information we collect about business contacts

The categories of information we collect about business contacts includes:

  • Personal details including name, home address, employer, office address, personal and work telephone numbers and home and work email addresses;
  • Financial details including payments made and received and VAT/sales tax;
  • Goods or services provided or purchased;
  • Communications with our business contacts;
  • Where business contacts have online accounts, log-in and similar credentials and information about use of these services;
  • Image capturing, such as photos taken at events, videos, and CCTV footage; law.

2.3  How we use the personal information we collect about business contacts

We use this information for certain activities, including:

  • Facilitating smooth running of the business through communication with customers and suppliers;
  • Maintaining and building upon customer and supplier relationships;
  • Business planning;
  • To fulfill a transaction initiated by a business contact;
  • To fulfill a transaction initiated by BrightInsight such as the engagement of suppliers;
  • To fulfill a transaction with, or for, BrightInsight customers;
  • Keeping accounts related to any business or other activity carried on by BrightInsight;
  • Deciding whether to accept any person as a customer or supplier;
  • Keeping records of purchases, sales or other transactions for the purpose of ensuring that the required payments and/or deliveries are made or services provided;
  • Completion of customer satisfaction surveys;
  • Development services;
  • Business development;
  • Event management including inviting our business contacts to events and exhibitions;
  • Database management;
  • Running competitions;
  • Security and crime prevention;
  • For fraud and theft prevention or investigation, or other risk management purposes;
  • Compliance with contractual, legal and regulatory obligations;
  • Enabling business contacts to access their online accounts;
  • For internal analysis and research to help us improve our services;

2.4  Why we use the personal information of business contacts

We use this information because:

  • It is necessary for performing our obligations, or exercising our rights, under our contracts with customers or suppliers;
  • It is necessary for compliance with any legal or regulatory obligations that we are subject to;
  • We have a legitimate business interest to:
  • Manage our business and brand;
  • Provide and improve our services;
  • Operate our business;

A legitimate interest above will only apply where we consider that it is not outweighed by a business contact's interests or rights which require protection of their personal data.  In limited circumstances, such as in the case of marketing, a business contact's consent maybe required under applicable law. Where we rely upon a business contact's consent, they will have the right to withdraw their consent by contacting the Data Privacy Officer.

If a business contact requires further information regarding our legitimate interests as applied to their personal information, they may contact the Data Privacy Officer.

In certain circumstances, where a business contact does not provide personal information which is required, we will not be able to perform our obligations under the contract with them or may not be able to provide them with products and services. We will make it clear if and when this situation arises and what the consequences of not providing the information will be for the business contact.

2.5  Recipients of business contact information

We may disclose personal information of business contacts to third parties as follows:

  • Business associates and other professional advisers;
  • Third parties including for the purpose of event management;
  • Claimants, beneficiaries, assignees and payees;
  • To suppliers and/or providers of goods and services and other third parties who work on our behalf to service or maintain business contact databases and other IT systems, such as suppliers of the IT systems which we use to process personal information, or who provide other technical services;
  • to third parties providing services to us, such as our professional advisors (e.g. auditors and lawyers);
  • to competent authorities such as tax authorities, courts, regulators and security or police authorities where required or requested by law or where we consider it necessary; and
  • subject to applicable law, in the event that BrightInsight is merged, sold, or in the event of a transfer of some or all of our assets (including in bankruptcy), or in the event of another corporate change, in connection with such transaction.

2.6  Further Information

Please see sections 4 to 8 below for further information concerning our use of personal data.

 

3.  WEBSITE USERS AND WEB-RELATED PRIVACY ISSUES

3.1  What personal information we collect about website users and visitors to BrightInsight social media pages

The categories of information we collect about users of our website and BrightInsight webpages on social media sites such as Facebook, Instagram, LinkedIn and Twitter include:

  • Information users provide when they enter information on our website, such as when they provide contact details, answer online questionnaires, feedback, forms or applications for employment or submit CVs;
  • Information provided when users subscribe to email newsletters such as name, email address, job title;
  • Information users provide when registering for an online account through our website;
  • Information users provide when posting content on social media sites.

We also collect personal information about the use of our website from users, including:

  • Information captured in our web logs such as device information (e.g. device brand and model, screen dimensions), unique identification numbers (e.g. IP address and device ID), and browser information (e.g URL, browser type, pages visited, date/time of access);
  • Advertising information (such as size/type of ad, ad impressions, location/format of ad, data about interactions with ad);
  • Behavioural information (such as information on the behaviour or presumed interests of individuals which are linked to those individuals and may be used to create a user profile); and
  • Information captured by our cookies (see Cookies section below).

If a website user does submit their data via one of our forms and they have cookies installed on their browser, all behavioural and web log data will be associated back to them. The website user will be informed of this when completing our forms.

BrightInsight also uses cookie technologies (e.g. VWO) which fully anonymise your personal information (such as IP address or keystrokes) therefore the information cannot be traced back to a website user.

3.2  How we use the personal information of website users and visitors to BrightInsight social media pages:

We use personal information of users of our website and BrightInsight webpages on social media sites such as Facebook, Instagram, LinkedIn and Twitter for certain activities, including:

  • Personalizing the experience of our website;
  • Providing products and services that website users have requested;
  • Administering the website, investigating any complaints and providing customer services;
  • Providing website users and individuals accessing our web pages on social media sites with information and offers on products or services that may be of interest to them; and
  • Monitoring social media content to manage relations with our customers and promote our business and brand.

 We use personal information about the use of our website for certain activities, including:

  • Administering the website; and
  • Performing statistical and trend analysis to improve the user experience and performance of our website.

3.3  Why we use the personal information of website users and visitors to BrightInsight social media pages:

We use personal information of users of our website and BrightInsight webpages on social media sites such as Facebook, Instagram, LinkedIn and Twitter because:

  • It is necessary for compliance with any legal or regulatory obligations we are subject to;
  • We have a legitimate business interest to:
  1. Promote our brand and business through our website and through social media tools; and
  2. Monitor, investigate and report any attempts to breach the security of our websites.

A legitimate business interest will only apply where we consider that it is not outweighed by a website or social media user's interests or rights which require protection of their personal data.  In the case of marketing, a user's consent maybe required under applicable law. Where we rely upon a user's consent, they will have an option to "Unsubscribe" and will also have the right to withdraw their consent by contacting the Data Privacy Officer.

We use personal information about the use of our website because:

  • It is necessary for compliance with any legal or regulatory obligations that we are subject to;
  • We have a legitimate business interest to:
  1. Monitor, investigate and report any attempts to breach the security of our websites;
  2. Improve the performance and user experience of our websites;

A legitimate business interest will only apply where we consider that it is not outweighed by a website or social media user's interests or rights which require protection of their personal data. If a website user or individual accessing our web pages on social media sites requires further information regarding our legitimate interests as applied to their personal information, they may contact the Data Privacy Officer.

In certain circumstances, where a website user does not provide personal information which is required (for example, in relation to our online services), we will not be able to perform our obligations under the contract with them or may not be able to provide them with products and services. We will make it clear if and when this situation arises and what the consequences of not providing the information will be for the website user.

3.4  Recipients of personal information of website users and visitors to BrightInsight social media pages

We may disclose website and social media users' personal information to third party recipients, as follows:

  • to third parties who work on our behalf to service or maintain our business and website, including suppliers of the IT system which we use to process personal information, or third parties who provide other technical services;
  • to third parties providing services to us, such as our professional advisors (e.g. auditors and lawyers);
  • to competent authorities such as tax authorities, courts, regulators and security or police authorities where required or requested by law or where we consider it necessary;
  • subject to applicable law, in the event that BrightInsight is merged, sold, or in the event of a transfer of some or all of our assets (including in bankruptcy), or in the event of another corporate change, in connection with such transaction.

3.5  Further Information

Our websites and online services are for individuals who are at least 18 years of age. Our online services are not designed to be used by children under the age of 18.

Please see sections 4 to 8 below for further information concerning our use of personal data.

 

4.  INTERNATIONAL TRANSFERS

BrightInsight is a global company and, as such, we may transfer personal information to suppliers outside your home jurisdiction. BrightInsight will take all reasonable steps to ensure that personal information is protected and any such transfers comply with applicable law.

BrightInsight may transfer and maintain the personal information of individuals covered by this Notice on servers or databases outside the European Economic Area (EEA). Some of these countries may not have the equivalent level of protection under their data protection laws as in the EEA.

If we need to transfer personal data outside the EEA, we will take steps to make sure your personal data is protected and safeguarded once it leaves the EEA, in particular:

  • the use of the EU-US Privacy Shield
  • the use of the Swiss-US Privacy Shield

If you would like to obtain the details of such safeguards, you can request these from the Data Privacy Officer. 

 

5.  RETENTION PERIODS

We will retain your personal information for as long as required to perform the purposes for which the data was collected, depending on the legal basis for which that data was obtained and/or whether additional legal/regulatory obligations mandate that we retain your personal information.  We may also retain personal information for the period during which a claim may be made in relation to our dealings with you.  

In general terms, this will mean that your personal data will be kept for the duration of our relationship with you and:

  •  the period required by tax and company laws and regulations; and
  •  as long as it is necessary for you to be able to bring a claim against us and for us to be able to defend ourselves against any legal claims. This will generally be the length of the relationship plus the length of any applicable statutory limitation period under local laws

In certain circumstances, data may need to be retained for a longer period of time, for example, where we are in ongoing correspondence or there is a continuing claim or investigation.

If you wish to obtain further information about the retention periods as applied to your personal information, you may find this in the retention schedule maintained by BrightInsight or can contact the Data Privacy Officer.

 

6.  DATA SUBJECT RIGHTS

Individuals have the following rights, in certain circumstances, in relation to their personal information:

  • Right to access personal information;
  • Right to rectify personal information;
  • Right to restrict the use of personal information;
  • Right to request that personal information is erased;
  • Right to object to processing of personal information;
  • Right to data portability (in certain specific circumstances); and
  • Right to lodge a complaint with a supervisory authority.

If you wish to exercise any of the above rights, please contact the BrightInsight Data Privacy Officer.  Such requests should include appropriate identity verification information (such as your name, address, email address or other information reasonably required).

Where we receive a request to exercise one of these rights, we shall provide information on the action we take on the request without undue delay and in any event within one month of receipt of the request. This may be extended by a further two months in certain circumstances, for example where requests are complex or numerous.

The information will be provided free of charge, except where requests are manifestly unfounded or excessive, in particular because of their repetitive character. In these circumstances we may charge a reasonable fee or may refuse to act on the request. We will advise an individual of any fees prior to proceeding with a request.

We may ask for additional information to verify an individual's identity before carrying out a request.

Where we do not carry out a request, we shall inform the individual without delay and within one month of receipt of the request, providing our reasons for not taking the action requested.

6.1   Right to access personal data

Individuals have the right to confirm the following with us:

  • Whether or not we process personal data about them
  • Certain specified information about the processing

Individuals also have a right to access the personal data and be provided with a copy.

6.2   Right to restrict processing of personal data

Individuals have the right to request that we restrict processing of their personal data where one of the following applies:

  •  An individual contests the accuracy of the personal data. The restriction will apply until we have taken steps to verify the accuracy of the personal data;
  • The processing is unlawful but an individual does not want the personal data to be erased and  requests restriction instead;
  • We no longer require the personal data for the purposes of processing, but it is still required by an individual in connection with a legal claim;
  • An individual has exercised their right to object to the processing. The restriction will apply until we have taken steps to verify whether we have compelling legitimate grounds to continue processing.

6.3   Right to object to processing of personal data

Where personal data is used to target marketing to an individual, they have the right to object to this at any stage.

An individual also has the right to object to processing of their personal data where the legal basis of the processing is our legitimate interests. We will have to stop processing until we are able to verify that we have compelling legitimate grounds for processing which override the individual's interests, rights and freedoms, or alternatively that we need to continue processing for the establishment, exercise or defense of legal claims. 

6.4   Right to rectification of personal data

If an individual believes that the personal data we hold on them is inaccurate, they may request that it be amended. They may also request that incomplete personal data be completed, including by providing a supplementary statement.

6.5   Right to request erasure of personal data ("right to be forgotten")

An individual may also request the erasure of their personal data in certain circumstances, including the following (this is not an exhaustive list):

  • The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  •  The processing was based on consent which has been withdrawn and there is no other legal basis for processing;
  • There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required to comply with a legal obligation or for the establishment, exercise or defense of legal claims.

If an individual does request erasure of their personal data, this will potentially remove records which we hold for their benefit, such as their presence on a suppression list and they will have to contact us to provide personal information if they wish for us to hold this in future.

6.6    Right to Data Portability

Where we are relying upon the legal basis either of consent or that the processing is necessary for the performance of a contract to which an individual  is  a party, and that personal data is processed by automatic means (e.g. electronically), an individual  has the right to receive all the personal data which they have provided to us in a structured, commonly used and machine-readable format and to transmit this to another controller directly, where this is technically feasible.

6.7    Supervisory Authority

An individual also has a right to lodge a complaint with a supervisory authority, in particular in the Member State in the European Union where they are habitually resident, where they work or where an alleged infringement of data protection laws has taken place.

 

7.   MISCELLANEOUS

7.1  Security

We have put in place technical and organisational security measures to prevent the loss or unauthorised access of your personal information. We train our employees in the proper handling of personal information. However, whilst we have used our best efforts to ensure the security of your data, please be aware that we cannot guarantee the security of information transmitted over the Internet. If you have reasons to believe that your interaction with us is no longer secure, please immediately notify us of the problem by contacting us as set out below.

7.2  Links

Our Website may contain links to other "non-BrightInsight" websites. We do not control and assume no responsibility for the content, security or the privacy policies and practices on those websites.  BrightInsight encourages all users to read the privacy policies of those sites to determine how they protect and use personal information.

7.3  Changes to this Notice

From time to time, we may change and/or update this Notice. If this Notice changes in any way, we will post an updated version on this website. We recommend you regularly review this website to ensure that you are always aware of our information practices and any changes to such. Any changes to this Notice will go into effect on posting to this page.

 

8.  COOKIES AND SIMILAR TECHNOLOGIES

A cookie is a small text file which includes a unique identifier that is sent by a web server to the browser on your computer, mobile phone or any other internet enabled device when you visit an on-line site. Cookies and similar technologies are widely used to make websites work efficiently and to collect information about your online preferences.  For simplicity, we refer to all these technologies as "cookies".

Some of our website pages may contain electronic images known as web beacons (also known as clear gifs, tags or pixels) that allow us to count users who have visited our pages. Web beacons collect only limited information, e.g. a cookie number, time and date of a page view, and a description of the page on which the web beacon resides. We may also carry web beacons placed by third party advertisers. These beacons do not carry any information that could directly identify you.

8.1   How do we use cookies?

We use cookies and other tracking technologies to customize content and advertising, provide social media features and to see how our visitors move through our website. We use this information to make decisions about ways to improve the services we offer you.

We may engage third party tracking and advertising providers such as those named below to act on our behalf to track and analyse your usage of our website through the use of cookies. These third parties collect, and share with us, usage information about visits to our website and, sometimes by correlating this information with other information (e.g. your IP address), measure and research the effectiveness of our advertisements, track page usage, help us target our recommendations and advertising, and track use of our recommendations and advertisements. You can find more information about cookies, behavioural advertising and online privacy at www.allaboutcookies.org or www.youronlinechoices.eu. 

8.2  How do I reject cookies?

If you do not want to be tracked by Google Analytics cookies you can opt-out by installing a browser plug-in here: https://tools.google.com/dlpage/gaoptout/

At any time, you can prevent cookies from being set on your browser. For instructions on how to block, delete or disable any cookies, please consult your browser's 'Help' or 'Support' section. Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our website.

Please consult the following links for information on cookie management and blocking according to your browser:

You can also find more information and manage cookie storage at: www.youronlinechoices.eu

 

BRIGHTINSIGHT RECRUITMENT NOTICE

 

9.   PROCESSING OF PERSONAL DATA

BrightInsight, Inc., of 6201 America Center, San Jose, CA, USA, takes its obligations to protect privacy and personal information very seriously.

9.1  Contact details: Your personal information is collected by BrightInsight ("we"/"us"/"our"). If you have any questions or complaints in relation to the use of your personal information or this Recruitment Notice, you can contact our Data Privacy Officer at: privacy@flexdigitalhealth.com.

9.2  Personal Information Collected: We collect, the information below about you during the recruitment process. If you fail to provide certain information when requested, we will not be able to progress your application.

  • Information provided in your curriculum vitae, application form, covering letter and during the interview process including: your name, date of birth, age, gender, home address, personal email address, education, qualification and work experience details, and references.
  • Information collected or created by us during the recruitment process including: interview notes, test scores and correspondence between us.
  • Information about criminal convictions: we carry out background checks as part of the recruitment process.

9.3  Sources of Information: This information is either (a) provided by you; (b) obtained from third parties through the application and recruitment process; (c) obtained from public sources, such as LinkedIn, or (d) created by us in the course of the recruitment process.

9.4  How we use personal information: We use your personal information to progress the recruitment process, assess and make a decision about your suitability for a role, to communicate with you and to carry out reference checks. We will also use your information to comply with legal and regulatory requirements.

9.5   Why we use personal information: We will use the information collected from you because:

  • it is necessary for us to do so before entering into a contract with you;
  • we need to process your information in order to comply with a legal or regulatory obligation;
  • because we or a third party have a legitimate interest to: (a) ensure the effective administration and management of the recruitment process; (b) ensure we hire a suitable individual for a role; (c) deal with disputes and accidents and take legal or other professional advice; and (d) ascertain your fitness to work.

9.6  How we use special category personal information: We will process your special categories of personal data to consider whether we need to provide appropriate adjustments for any disabilities during the recruitment process; (2) for equal monitoring purposes; (3) comply with any legal or regulatory obligation.

9.7   Why we use special category personal information: We will use special categories of personal information collected about you because:

  • you have provided your explicit written consent;
  • we need to do so to carry out our legal obligations;
  • it is necessary for the establishment, exercise or defense or legal claims on in relation to court cases;
  • there is a substantial public interest; or
  • it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent.

9.8   Information about criminal convictions: As part of the recruitment process we carry out criminal background checks. We use these checks (1) to assess your suitability for a regulated role; (2) to protect your interests, our interests and third party interests; (3) because it is necessary in relation to legal claims. We are allowed to use your personal information in this way where it is necessary to carry out our employment rights and obligations and we will always process your data in accordance with applicable local law.

9.9   Automated decision making: Following a background check/ psychometric test an automated decision will be reached on whether to progress your application or offer you employment based on whether yours satisfy our benchmark criteria. If you disagree with the decision you are entitled to contest this by contacting us at following email address: privacy@flexdigitalhealth.com.

9.10  Information that we share: We will only share your personal information with the following third parties for the purposes of processing your application: (1) employment agencies, (2) background check and online test providers, and (3) regulators and competent authorities. We will also share personal data within our group for the purposes of administration, accounting and reporting purposes.

9.11  Retention of your information: We will retain your personal information for the duration of the recruitment process and for the length of any applicable limitation period for claims which might be brought against us later.

9.12  Where your information will be held: We may hold the personal information we collect about you in the US.

9.13  Your rights: You have the following rights in connection to your data: the rights of access, correction, erasure, objection, restriction, transfer, and the right to withdraw consent and to complain to a Supervisory Authority.

9.14  Applicable Law: While this global policy is designed to deliver consistent and efficient information to candidates on global basis , all information will always be processed in accordance with applicable local law

 

HOW TO CONTACT US

Our Data Privacy Officer is the Data Protection Officer for the purposes of the General Data Protection Regulation (GDPR).

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to Data Privacy Officer through the following means:

Email Address: privacy@flexdigitalhealth.com

Address: BrightInsight, Inc., Data Privacy Officer, 6201 America Center Drive, San Jose, CA 95002, USA

Telephone: 1-408-577-2458