BrightSentinel Privacy Statement
Effective as of September 20, 2019
At BrightSentinel B.V. ("BrightSentinel"), your privacy is important to us. This privacy statement explains the personal information we collect, how we process it and for what purposes.
This privacy statement describes the general privacy practices of BrightSentinel (collectively, "BrightSentinel," "we," "us," or "our") on the collection, use, disclosure and protection of personal information that applies to our Service, and your choices about the collection and use of your personal information through our websites, mobile applications, hardware and SaaS, collectively referred as the "Service".
In this privacy statement, reference to "personal information"; means information related to an identified or identifiable natural person. Examples of personal information include: first and last name, mailing address, email address, billing information, IP address, other online contact information, or telephone number.
Scope of this privacy statement
This privacy statement is divided into two parts:
Part I – Information BrightSentinel collects and its use
BrightSentinel collects data from you, through our interactions with you and through our Service. In some cases, you provide data to us directly and in other cases,
we collect data about your interactions, use, and experiences with our Service. We also obtain information provided to us by associated third parties.
Part II – General
This part deals with other general topics such as BrightSentinel's security commitments and how we communicate changes of this privacy statement.
Part I - Information BrightSentinel collects and its use
We collect information about you only if we need the information for some legitimate purpose. BrightSentinel will have information about you only if (a) you have provided the information yourself, (b) BrightSentinel has automatically collected the information, or (c) BrightSentinel has obtained the information from a third party.
Information you provide
Account signup: When you sign up for an account to access our Service, you will need to provide information to register for the account.
You may view or edit your information online by signing into your account.
Submissions via forms: We record personal information that you submit through forms when you (i) register for any event,
(ii) subscribe to any of our mailing lists, (iii) download any product, whitepaper, or other materials, (iv) respond to surveys, or
(v) request customer support or contact with BrightSentinel for any other purpose.
You may opt out of receiving newsletters and other non-essential messages by using the ‘unsubscribe’ function included in all such messages.
Nevertheless, you will continue to receive notices and essential transactional emails.
Payment processing: When you make a purchase via our website, you may share your payment information with the third-party service provider
that processes payment transactions or other financial services, for fraud prevention and credit risk reduction on our behalf. The third-party service
provider may be permitted to store, retain, or use your personally identifiable information or your billing information, subject to your permission and the terms of the third-party service provider.
Testimonials: When you authorise us to post testimonials about our Service on our website, we may include your name and other personal information in the testimonial.
You will be given an opportunity to review and approve the testimonial before we post it. If you wish to update or delete your testimonial, contact us at firstname.lastname@example.org.
Service data: By using our Service, you may provide personal information to BrightSentinel about your employees or customers, that you or your organisation control.
We recognise that you own your service data and enable you to control this data by providing you the ability to access, share and request export or deletion of your service data.
Interactions with BrightSentinel: We may record, analyse and use your interactions with us, including email, telephone, and chat conversations with our sales and
customer support professionals, for improving our interactions.
Information we collect automatically
To help us improve our Service, we keep information about how you use our Service. We may directly collect analytics data, or use third-party analytics tools,
to help us measure traffic and usage trends of the Service.
Information from browsers, devices and servers: When you visit our websites, we collect information provided by the web browsers,
mobile devices and servers; such as: internet protocol address, browser type, language preference, time zone, referring URL, date and time of access,
operating system, mobile device manufacturer and mobile network information. We collect these to gain a better understanding of visitors to our websites.
Information from cookies and tracking technologies: We use temporary and permanent cookies to identify users of our Services and to enhance user experience.
to identify visitors, track website navigation, gather demographic information about visitors and users, understand email campaign effectiveness and for targeted
visitor and user engagement by tracking your activities on our websites.
You may disable browser cookies from our websites. Please note that this action may impact on your ability to use certain features of the websites properly.
Information from application logs and mobile analytics: We collect information about your use of our Service from application logs and usage analytics
tools for insights on how you use our Service and your needs to improve our Service. This information includes clicks, scrolls, features accessed, access time
and frequency, errors generated, performance data, storage utilized, user settings and configurations, devices used and their locations.
Information we collect through third-parties
Signups using federated authentication service providers: To access our Service, you may sign in using supported federated authentication service providers;
such as: LinkedIn, Microsoft, Apple and Google. These services will authenticate your identity and give you the option to share certain personal information with us,
such as your name and email address.
Reselling partners, service providers and referrals: When you are referred to our Service through our reselling partners or referral programs, it is likely
that your name, email address and other personal information with be provided to us. We only use the information for the specific reason for which it was provided to us.
BrightSentinel may also receive information about you from review sites if you comment on our Service, and from other third-party service providers that we engage
for marketing and shipping of our products.
Information from social media sites and other publicly available sources: When you interact or engage with us on social media sites, we may collect such
publicly available profile information to allow us to connect with you, improve our products, or better understand user reactions and issues to our Service.
Please note that once collected, this information may remain with us even if you delete it from the social media websites.
Legal bases for collecting and using information under GDPR
For users in the European Economic Area (EEA), our legal basis for information collection and use depends on the personal information concerned and the context of its collection. Most of our information collection and processing activities are based on:
- Contractual necessity;
- legitimate interest(s) of BrightSentinel or a third party that are not overridden by your data protection interests; or
- your consent.
Sometimes, we may be legally required to collect your information, or may need your personal information to protect your vital interests or those of another person.
Withdrawal of consent: Where we rely on your consent as the legal basis, you have the right to withdraw your consent at any time, without affecting any processing
that has already occurred.
Legitimate interests notice: Where we rely on legitimate interests as the legal basis and those legitimate interests are not specified above, we will clearly
explain to you what those legitimate interests are when we collect your information.
Rights to information
You have the following rights with respect to personal information that BrightSentinel holds about you:
- Request a copy of your information;
- Request that we correct inaccuracies relating to your information;
- Request that your information be deleted or that we restrict access to it;
- Request a structured electronic version of your information in a commonly used and machine-readable format; and
- Object to our use of your information.
In some circumstances, BrightSentinel may be unable to comply with a request that you make with respect to your personal information.
For example, we may not be able to provide a copy of your information where it infringes on the rights of another user. We may also be
required to retain certain information that you ask us to delete for various reasons; such as where there is a legal requirement to do so.
In some cases, you may have shared your information with third parties outside of our control and you will need to contact that third party directly.
If we are unable to resolve your request, or if you are concerned about a potential violation, you may be entitled to report the issue or make a
complaint to the data protection authority in your jurisdiction.
Should you wish to make a request regarding your personal information, please contact us at email@example.com.
Use of information
In addition to the purposes mentioned above, BrightSentinel may use your information for the following purposes:
Comply with our legal obligations, resolve disputes, enforce our agreements, and fulfill our business objective
To operate and improve the Service by analyzing how the Service is used, diagnosing technical problems, maintaining security,
remember information to help you efficiently access your account and to monitor aggregate metrics such as total number of visitors,
traffic and track content as necessary to provide an efficient and quality Service.
To send you Service-related notices, including any notices required by law, in lieu of communication by postal mail.
To send you notices regarding your registered interest in our Service, a survey about your experience and offerings. If you correspond
with us by email, we may retain the content of your email messages, your email address and our responses. You may opt-out of receiving communications
from us by selecting the options specified in the delivered correspondence.
With whom we share your information
We share your information only in the ways that are described in this privacy statement and in the following cases:
Employees and independent contractors: Employees and independent contractors have access to the information covered in Part I on a need-to-know basis.
Third-party service providers: We may need to share your personal information with third-party service providers; such as marketing and advertising
partners, event organizers, web analytics providers, hosting and storage providers, communication services providers, shipping agents and payment processors.
They are authorised to use your personal information only as necessary to fulfill their services to us.
Reselling partners: We may share your personal information with our authorised reselling partners located in your region, following your expressed interest in our Service.
Other cases: Other scenarios in which we may share the same information covered under Parts I are described in Part II.
Retention of information
We hold the data in your account as long as you choose to use our Service. Once you terminate your user account, BrightSentinel may retain your profile information and
user content for a commercially reasonable time, and for as long as we have a valid purpose to do so; in particular, to comply with its legal and audit obligations, and for backup and archival purposes.
Part II – General
We do not knowingly seek or collect personal information from users under the age of 13 (a "Child" or "Children"), except to the extent that BrightSentinel may collect limited personal
information, excluding email address, from Children, where that Child's service provider, has contracted with BrightSentinel to collect the personal information from the Children for the
service context authorised by the service provider. Children are not allowed to create an account without a parent’s or guardian's express consent.
In the event that we learn that we have collected personal information from a Child without parental or guardian consent being obtained by his or her service provider, or if we learn
a Child has provided us personal information beyond what we request when he or she signs up for our Service, we will delete that information as quickly as possible. If you believe that a
Child may have provided us personal information beyond what is requested when signing up for our Service, or that the service provider has not obtained parental or guardian consent for Children,
please contact us at firstname.lastname@example.org.
Notwithstanding anything to the contrary contained in this privacy statement, if you are a Child and your parent or guardian signed up for our Service with a password or access ID
provided by your service provider, you understand that your parent or guardian may be able to view all information within or associated with your account.
Compliance with laws and law enforcement requests
BrightSentinel may be required by law to preserve or disclose your personal information and service data to comply with any applicable law, regulation, legal process or governmental
request, including to meet national security requirements.
If we are required by law to disclose the information that you have submitted, we will attempt to provide you with prior notice (unless we are prohibited or it would be futile)
that a request for your information has been made in order to provide you with the opportunity to object to the disclosure. We will attempt to provide this notice by email, if you
have provided us with an email address, or by postal mail if you have recorded a postal address in the Service. If you choose not to challenge the disclosure request, we may be
legally required to disclose your information.
Enforcement of BrightSentinel’s Rights: We may disclose personal information and service data to a third party if we believe that such disclosure is necessary for preventing
fraud, investigating suspected illegal activity, enforcing our agreements or policies, or protecting the safety of our users.
Business Transfers: BrightSentinel may disclose your personally identifiable information to another entity upon a transfer, merger or sale of assets or stock, or line
of business to which this privacy statement relates, or upon any other corporate reorganisation.
Storage transfer and protection of your information
Your information collected through the Service may be stored and processed in any country in which BrightSentinel or its subsidiaries, affiliates or service providers maintain
facilities. BrightSentinel may transfer information that we collect about you, including personal information, to affiliated entities, or to other third parties across borders and
from your country or jurisdiction to other countries or jurisdictions around the world. As a result, we may transfer information, including personal information, to a country and
jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information about you as described in this privacy statement.
To run our Service, we use computers all over the world. This means your information might be transferred to the United States, Australia, the European Union and Singapore.
Cross-border transfers of information (for users in the EEA)
For Users in the EEA, where we transfer your information to a third-party provider that is not located in the EEA and that is not subject to an adequacy decision by the EU Commission,
we will require those third-party providers to enter into an agreement that provides appropriate safeguards for your information. As required, we may seek your consent to transfer your
information to a third country outside the EEA.
Keeping your information safe
BrightSentinel cares about the security of your information and uses appropriate safeguards to preserve the integrity and security of all information collected through the
Service. To protect your privacy and security, we take reasonable steps (such as requesting a unique password) to verify your identity before granting you access to your account.
It is your responsibility to keep your password confidential; do not share it. You should always log out before leaving a website or service to protect access to your information from other users.
Please understand, however, that no security system is impenetrable. We cannot guarantee security, or that the information that you supply will not be intercepted while being transmitted to
and from us over the Internet.
Please be aware that BrightSentinel reserves the right to block users located in certain countries from using the Service.
In the event that BrightSentinel becomes aware that personally identifiable information is compromised as a result of a breach of security, we will promptly notify those persons whose
personally identifiable information may have been compromised, in accordance with the notification procedures set forth in this privacy statement, or as otherwise required by applicable law.
Notification of changes
We may modify this privacy statement at any time, upon notifying you through a service announcement or by sending an email to your primary email address if you have provided it. Changes
to this privacy statement apply as of the effective date. Your continued use after the effective date of changes to the privacy statement will be deemed to be your agreement to the modified privacy statement.
Please be aware that, to the extent permitted by applicable law, our use of your personally identifiable information is governed by the privacy statement in effect at the time we collect the
information. We encourage you to periodically review the privacy statement for any modifications at
If you have questions about this privacy statement, please contact us at email@example.com.