Last modified: March 2020
Privacy is paramount to us. This privacy statement explains the personal data Shine Analytics Limited and its affiliates (“Brightflag”) process, how Brightflag processes it, and for what purposes. Brightflag offers a cloud-based software platform used by companies worldwide to understand and manage legal spend. References to Brightflag products in this statement include Brightflag services, websites, apps and software. Please refer to the product-specific details in this privacy statement for additional information on how the tools process data. This statement applies to Brightflag’s interactions with you and the Brightflag products listed below, as well as other Brightflag products that display this statement.
As a responsible organisation, we have implemented numerous technical and organisational measures to ensure the most complete protection of any personal data (e.g. name, email, phone number) processed through our website or directly on our application, in order to meet the General Data Protection Regulation (“GDPR”), and in accordance with any country-specific data protection regulations.
This Privacy Notice explains:
- What information we collect and why we collect it.
- How we use that information.
- The choices we offer, including how to access and update information.
We’ve tried to keep it as simple as possible, but if you’re not familiar with terms, such as cookies, IP addresses, pixel tags and browsers, then read about these key terms first. Your privacy matters to us, so whether you are new to us or a long-time user, please do take the time to get to know our practices – and if you have any questions, contact us.
Personal Data We Collect
Brightflag collects data from you, through our interactions with you and through our products. You provide some of this data directly, and we get some of it by collecting data about your interactions, use and experiences with our products. The data we collect depends on the context of your interactions with Brightflag and the choices you make, including your privacy settings and the products and features you use. We also obtain data about you from third party applications running on this website.
You have choices when it comes to the technology you use and the data you share. We collect information to provide better services to all of our users – from figuring out basic stuff like which language you speak, to more complex things like which information from our website was most relevant to you. We collect information in the following ways:
- Information you give us. For example, any information you submit to us by way of contract or your interaction with the Intercom web chat feature on the website
- Information we get from your use of our services. We collect information about the services that you use and how you use them, like when you interact with our online platform. This information includes:
- Device information. We collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information).
- Log information. When you use the Services our servers automatically record information, including information that your browser sends whenever you visit a website or your mobile app sends when you are using it. This includes:
- details of how you used our service, such as your search queries;
- telephony log information, such as your phone number;
- Internet protocol address;
- device event information, such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL; and
- cookies that may uniquely identify your browser or your Acme Account.
- Information collected from third party installations. We have a number of third party applications and plugins embedded on our website. We and our partners periodically collect data on your user activity, for analytics and better user interaction as well as to provide valuable information to enhance our products for better use. This includes:
- Location information. When you use Brightflag website or our services, the plugins may collect and process information about your actual location.
- Unique application numbers. Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to us as well our partners when you access our website or use our services.
- Cookies and similar technologies. We and our partners use various technologies to collect and store information when you visit a Brightflag website or service, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services we offer to our partners, such as advertising services or Brightflag features or advertisements that may appear on other sites. If you wish to know more about how our partners manage the data collected, we encourage you to visit them at https://policies.google.com/privacy, https://aws.amazon.com/privacy/, and https://www.intercom.com/terms-and-policies.
We treat information that we collect when you are signed in to Brightflag or visit our website as a guest as personal information.
When we ask you to provide personal data, you can decline. If you choose not to provide data necessary to provide you with a product or feature, you cannot use that product or feature. Likewise, where we need to collect personal data by law or to enter into or carry out a contract with you, and you do not provide the data, we will not be able to enter into the contract; or if this relates to an existing product you’re using, we may have to suspend or cancel it. We will notify you if this is the case at the time. Where providing the data is optional, and you choose not to share personal data, features like personalization that use such data will not work for you.
How We Use Personal Data
Brightflag uses the data we collect to provide you rich, interactive experiences. In particular, we use data to:
- provide our products, which includes updating, securing, and troubleshooting, as well as providing support. It also includes sharing data, when it is required to provide the service or carry out the transactions you request;
- improve and develop our products;
- fulfill your request for content, more information, or a demonstration of Brightflag when you submit a form or live chat on our website(s);
- personalize our products and make recommendations; and
- advertise and market to you, which includes sending promotional communications, targeting advertising, and presenting you with relevant offers.
We also use the data to operate our business, which includes analysing our performance, meeting our legal obligations, developing our workforce, and doing research.
In carrying out these purposes, we combine data we collect from different contexts (for example, from your use of two Brightflag products) or obtain from third parties to give you a more seamless, consistent, and personalized experience, to make informed business decisions, and for other legitimate purposes.
Reasons We Share Personal Data
We share your personal data with your consent or to complete any transaction or provide any product you have requested or authorized.
We also share personal data with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we have hired to assist in protecting and securing our systems and services may need access to personal data to provide those functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. We may also disclose personal data as part of a corporate transaction such as a merger, acquisition or sale of assets.
Finally, we will retain, access, transfer, disclose, and preserve personal data, including your content, when we have a good faith belief that doing so is necessary to:
- comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
- protect our customers, for example to prevent spam or attempts to defraud users of our products, or to help prevent the loss of life or serious injury of anyone;
- operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks; or
- protect the rights or property of Brightflag, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Brightflag, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.
Please note that some of our products include links to products of third parties whose privacy practices differ from Brightflag’s. If you provide personal data to any of those products, your data is governed by their privacy policies.
How to Access & Control Your Personal Data
You can also make choices about Brightflag’s collection and use of your data. You can control your personal data that Brightflag has obtained, and exercise your data protection rights, by contacting Brightflag or using various tools we provide. How you can access or control your personal data will depend on which products you use. For example, you can:
- Control the use of your data for interest-based advertising from Brightflag by replying to e-mails sent to you asking to be removed.
- Choose whether you wish to receive promotional emails, SMS messages, telephone calls, and postal mail from Brightflag.
- Access, change and clear your data by requesting so at DPO@brightflag.com.
You can access and control your personal data that Brightflag has obtained with tools Brightflag provides to you, described below, or by contacting Brightflag. For instance:
- if Brightflag obtained your consent to use your personal data, you can withdraw that consent at any time;
- you can request access to, erasure of, and updates to your personal data; and
- if you’d like to port your data elsewhere, you can use tools Brightflag provides to do so, or if none are available, you can contact Brightflag for assistance.
You can also object to or restrict Brightflag’s use of your personal data. For example, you can object at any time to our use of your personal data:
- for direct marketing purposes; or
- where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party.
You may have these rights under applicable laws, including the EU General Data Protection Regulation (GDPR), but we offer them regardless of your location.
If your organization, such as your employer, partner or service provider, provides you access to and is administering your use of Brightflag products, contact your organization to learn more about how to access and control your personal data.
If you cannot access and control certain personal data collected by Brightflag via the tools above or directly through the Brightflag products you use, you can always contact Brightflag at DPO@brightflag.com or by using our web form. We will respond to requests to control your personal data within 28 days.
Your Communications Preferences
You can choose whether you wish to receive promotional communications from Brightflag by email and telephone. If you receive promotional email and would like to opt out, you can do so by following the directions in that message. You can manage your Brightflag email contact preferences by using this web form. These choices do not apply to mandatory service communications that are part of certain Brightflag products, programs, activities, or to surveys or other informational communications that have their own unsubscribe method.
Your Advertising Choices
To opt out of receiving interest-based advertising from Brightflag, please reply to the relevant advertising email requesting so. When you opt out, your preference is stored in a cookie that is specific to the web browser you are using. The opt-out cookie has an expiration date of five years. If you delete the cookies on your device, you need to opt out again.
Because the data used for interest-based advertising is also used for other necessary purposes (including providing our products, analytics, and fraud detection), opting out of interest-based advertising does not stop that data collection. You will continue to get ads, although they may be less relevant to you.
You can opt out of receiving interest-based advertising from third parties we partner with by visiting their websites.
When you use a browser, you can control your personal data using certain features. For example:
- Cookie Controls. You can control the data stored by cookies and withdraw consent to cookies by using the browser-based cookie controls described in the Cookies section of this privacy statement.
- Tracking Protection. You can control the data third-party sites can collect about you using Tracking Protection provided on your web browsers. This feature will block third-party content, including cookies, from any site that is listed in a Tracking Protection List you add.
- Browser Controls for “Do Not Track”. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, Brightflag services do not currently respond to browser DNT signals. We continue to work with the online industry to define a common understanding of how to treat DNT signals. In the meantime, you can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving interest-based advertising from Brightflag as described above.
Cookies & Similar Technologies
With a Brightflag account, you can sign into Brightflag products, as well as those of select Brightflag partners. Personal data associated with your Brightflag account includes credentials, name and contact data, payment data, device and usage data, your contacts, information about your activities, and your interests and favourites. Signing into your Brightflag account enables personalization and consistent experiences across products and devices, permits you to use cloud data storage, and enables other features.
Other Important Privacy Information
Below you will find additional privacy information, such as how we secure your data, where we process your data, and how long we retain your data.
In the event of a conflict between this Brightflag privacy statement and the terms of any agreement(s) between a customer and Brightflag for any Brightflag product or services, the terms of those agreement(s) will control.
When a customer tries, purchases, uses, or subscribes to Brightflag products, or obtains support for or professional services with such products, Brightflag collects data to provide the service, including uses compatible with providing the service, provide the best experiences with our products, operate our business, and communicate with the customer. For example:
- When a customer engages with a Brightflag sales representative, we collect the customer’s name and contact data, along with information about the customer’s organization, to support that engagement.
- When a customer interacts with a Brightflag support professional, we collect device and usage data or error reports to diagnose and resolve problems.
- When a customer pays for products, we collect contact and payment data to process the payment.
- When we send a customer communications from Brightflag, we use data to personalize the content of the communication.
- When a customer engages with Brightflag for professional services, we collect the name and contact data of the customer’s designated point of contact and use information provided by the customer to perform the services that the customer has requested.
Your right to address your issues:
Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority or Brightflag’s supervisory authority, the Irish Data Protection Commissioner (Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland, email@example.com). However, we would ask that you contact us first so that we can try to address your concerns.