Protecting (and Respecting) Your Privacy
Last revised and effective: March 18, 2024
Hi, and welcome. We've written this page to help you understand your rights and our privacy responsibilities under this agreement ("Privacy Statement", "policy", "user agreement", or "agreement") between Brightest, Inc. (collectively, "Brightest," "we", "our," and "us") and you. These documents tend to get wordy, complex, and, frankly, a bit dull - so we want to clarify a few things up front.
For starters, we don't sell your personal data. That's our pledge - it will not happpen. Yes, we do collect and gather data (as we outline below if you keep reading, as well as in our terms of service), but our mission is to operate an ethical and sustainable technology company, which we simply can't do if we violate your privacy or betray your trust. We've thought about the pros, cons, benefits, and tradeoffs - and it may even hurt us competitively against other companies who lack the same compass - but it's the decision we've made and are committed to. What matters to us the most is helping you and doing the right thing.
With that said, this agreement sets the terms of your use of the Brightest website and services ("Service" or "Services") that include, as applicable, brightest.io, brightest.life, our API, and all related domains and subdomains, our messaging platforms, mobile applications, social media pages, marketing activities, and all other current and planned components of the Service. This agreement is meant to encourage a fair and tolerant place for ideas, people, events, and discussion that also protects your personal rights, and describes our privacy practices when we process personal information as necessary to manage, run, improve, and develop our business and personalize your experience while interacting with the Service, depending on your settings and preferences.
Our privacy approach
Brightest collects personal information about you when you use our Service and through other interactions and communications you have with us. We have to collect data by definition, or the site wouldn't work very well and you'd probably go somewhere else. The Services are provided by (and this Privacy Statement applies to) information collected and used by, Brightest, Inc.
Brightest determines the purposes and means of the processing of your personal information as described in this Privacy Statement, and therefore acts as a 'data controller' (or equivalent/similar terms under applicable data privacy laws) of such information. In certain circumstances, there may be more than one data controller processing your personal information. For example, if you have a Brightest account provided to you by your employer, that entity may also act as a data controller. In these situations, Brightest acts as an independent data controller over our processing activities. This means we determine how your personal information will be processed independently from the other data controllers. The other data controllers have their own obligations under applicable data privacy laws. Brightest is not responsible for other data controllers’ processing activities, and you should contact them directly for questions about how they process your personal information and about how to exercise your privacy rights in relation to such processing.
Scope and application
This Privacy Statement applies to persons and organizations who use our Service to locate, discover, learn about and support organizations working toward social impact (which includes but is not limited to full-time, contract, gig, aide, or volunteer work, charitable donations, or other forms of support), and to people and organizations who use the Service to engage workers, volunteers, supporters, donors, or helpers in any other capacity. It also extends to any additional social impact management and measurement, environmental sustainability management and measurement, organizing, event promotion, and information management via Brightest, as well as any related services provide, such as donation opportunities, fundraising tools, relevant ethical and sustainable products, and other contributions that (a) we think you'd like and find useful, and (b) help us operate a financially and socially sustainable Service.
Information collection
We collect information you provide directly to us, such as when you create or modify your account, take actions through the Service, add photos, comments, or other content regarding your interaction with the Service, or otherwise communicate with us. This information may include but is not limited to your name, email, phone number, postal address, profile picture, gender, date of birth, and other information you choose to provide.
Additionally, when you use our Service, we collect information about you in the following general categories:
Account profile data: We collect information when you (or your organization) create an account, activate a subscription, and/or upload information to Brightest. Personal information may include your name, previous name(s) and/or nicknames, title and honorifics, professional title and company name, education, billing and mailing addresses, phone number and email address, profile photo, billing information (your payment information), purchase history, demographic information, preferences, subscription data, and your username and account credentials.
Contact information: If you provide the Service with your email and/or telephone number, it is provided to us by your employer, or you permit the Service to access the address book on your device through the permission system used by your mobile platform, we may access and store names and contact information from your address book to facilitate social interactions through our Service and for other purposes described in this Privacy Statement or at the time of consent or collection.
Identity verification information: We may collect information to verify your identity and employment, particularly if you are accessing Brightest on behalf of another organization, including your name, Linkedin profile, place of employment, business email, and employee directory information.
Location information: When you use the Service, we collect location data about your location from sources like your web IP address or your mobile phone's location services. If you permit us to access location services through the permission system used by your mobile operating system, we may collect the precise location of your device when the app is running in the foreground or background. Importantly, we do not do this with the intention of tracking you, violating your privacy or selling your data to third parties: we make this tracking a part of our service in order to provide you with a more helpful and relevant user experience.
Communications, feedback and survey data, and related data: We may collect personal information such as your name, email address, telephone number and any other personal information you choose to share when you reach out to us for support, give us feedback, participate in optional surveys, attend our events, participate in product research or training, or otherwise interact or communicate with us. This information may include: emails, call center recordings and call monitoring records, chat and text records, voicemails, photographs, and video images.
Business information: If you are using the Service on behalf of or as part of an organization, we may receive information from you, other account users, and/or your employer about your organization's business, environmental social governance (ESG) data, sustainability data, operations, financial data, HR data, details about your customers, suppliers, vendors, or employees, and other information provided to us for the purposes of collecting, measuring, managing, analyzing, and/or reporting compliance, environmental, sustainability, and/or ESG data.
Third party information: We may also receive personal information about you from other third parties where you have provided consent or where permitted by applicable law. We protect and process the personal information obtained from those third parties as described in this Privacy Statement, consistent with any additional restrictions imposed by the source of the information. Our third-party sources may vary over time and depend upon how you use Brightest. For example, we may receive information from supplemental information and identity verification providers, risk management, cybersecurity & anti-fraud providers, data providers, government agencies, and public information specifically related to our ability to provide you with the highest quality, relevant, and insightful Services.
We also collect information about when and how you and other site visitors interact with our Service, in order to learn more about your needs and preferences so we can continue to build a better more helpful product for you. In some cases we do this through the use of cookies, pixel tags, and similar technologies that create and maintain unique identifiers, such as Google Analytics. For clarity, cookies are small data files stored on your hard drive by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience throughout the Service. Through our applications and third-party analytics tools we rely on, we may collect information about your mobile or desktop device, including, for example, the hardware model, operating system and version, software and file names and versions, preferred language, unique device identifier, advertising identifiers, serial number, device motion information, and other network information.
For the purposes of providing audit logs, activity histories, volunteer, donation, and/or event signup information, and other aspects of the Service, we, our service providers, and our business partners may automatically log personal information about you, your computer or mobile device, and your interaction over time with the Services, such as:
Device information: We may collect information about your device(s) such as IP addresses, log information, error messages, device type, and unique device identifiers. For example, we may collect IP addresses from you as part of our sign in and security features.
Usage information: We may collect information about your use of Brightest, such as the pages you viewed, the Services and features you used or interacted with, your browser type, and details about any links or communications with which you interacted.
Location information: Certain features in Brightest may collect your precise location information, device motion information, or both, if you or your organization grant(s) us permission to do so through your device settings.
Communication interaction data: We or our third-party service providers may collect information from email providers, communication providers and social networks, such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.
Again, none of this is intended to spy on you, monetize your data, or share it with third parties without your knowledge or consent. But in order to, for example, tell you what social impact opportunities are nearby, we need to know the zip code or neighborhood where you're located. The same principle applies if we need to calculate or estimate the carbon associated with a building or office your organization controls or rents in a specific geographic location (since different electricity grids have different utility providers and emissions intensities). In order to make recommendations, we need to try and infer what you like from your website and app interactions. It's a delicate balance and we appreciate your trust that we'll strike the right one to protect you, keep you safe, and minimize any potential risks or negative externalities.
Cookies and similar technologies
Brightest and our service providers may use commonly used tools such as cookies, web beacons, pixels, local shared objects and similar technologies (collectively “cookies”) to collect information about you (“Cookie Information”) so we can provide the experiences you request, recognize your visit, track your interactions, and improve your and other customers’ experiences. You have control over some of the information we collect from Cookies and how we use it. Please see the "Your data privacy and protection rights" section for more information.
We may use your personal information in a number of ways or as otherwise described at the time of collection. We may use your personal information to operate and provide you with our Services, including provide you access to Brightest, creating your account, managing our relationship with you, running and managing our business, including resolving customer support issues, or billing and financial disputes, communicate with you, such as sending you electronic notifications concerning your financial privacy, authenticate your identity, comply with legal and regulatory requirements, protect against abuse or misuse of the Service, protect the rights, property, safety or security of Brightest, our customers, employees or others and prevent fraudulent or illegal activity, and other ways required to provide Services to you.
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies.
Cookies we use at Brightest
Name | Source | Purpose | Storage Days |
---|---|---|---|
csrftoken | Brightest | Necessary | 365 |
__stripe_mid | Brightest | Stripe | Necessary | 365 |
__stripe_sid | Brightest | Stripe | Necessary | 1 |
m | Brightest | Stripe | Necessary | 3650 |
JSESSIONID | Brightest | Necessary | Session |
SESS# | Brightest | Necessary | Session |
ugid | Unsplash | Necessary | 365 |
_ga | Google Analytics | Analytics | 730 |
_gat | Google Analytics | Analytics | 1 |
_gid | Google Analytics | Analytics | 1 |
collect | Google Analytics | Analytics | Session |
rl_anonymous_id | Rudderstack | Analytics | 730 |
rl_user_id | Rudderstack | Analytics | 1 |
fr | Marketing | 90 | |
tr | Marketing | Session |
We also want to call out and clarify a related aspect of our service that's hopefully clear already, but we want to be extra-sure you understand. Non-profits, charities, B-corps, and other types of organizations can, with our permission, promote events, actions, fundraisers, and other opportunities on Brightest. When they do, if you opt into an activity (i.e., you select to volunteer and get involved with a local non-profit), make a donation, or approach an organization for a partnership, you give us permission to share your basic contact information (such as your email address) to that organization so they can communicate and coordinate with you or share additional information about their work and mission. Again, from a communication and logistics standpoint, we have to do this for Brightest to work (for you, us, and them). While we hold partners to a high standard of conduct, we cannot completely control when and how they might contact you if you opt in. If you do have any issues with an organization or its conduct on Brightest, please contact us and report it immediately.
Similarly, if you register as a supplier, vendor, or partner of another organization on Brightest for the purposes of ESG, sustainability, human rights, or social impact collaboration, assessments, disclosure, reporting, and other purposes, you consent to sharing your organization's contact information - as well as any information your organization voluntarily discloses - with your third party partners. As an organization, you have control over what information you share with third party organizations via Brightest.
Service and permissions
Most web browsers and mobile devices (such as Google Android or Apple iOS) define certain types of data that apps cannot access without your consent. These platforms have different permission systems for obtaining your consent. If you do not wish to share specific elements or areas of your data with us, please configure your device and/or browser settings accordingly, and/or do not opt into providing it to us, if we request it via a settings option or mobile push notification.
Information collected from third party sources
We may receive information from other sources and combine that with information we collect through our Services. For example:
If you choose to link, create, or log into Brightest with a social media service (i.e., Facebook), or if you engage with a separate app or website that uses our API (or whose API we use), we may receive information about you or your connections from that site or app.
When you contact or provide work, gig or volunteer services to other individuals or organizations listed on the site, you are then sharing whatever information or data about your account, inquiry or desired scope of work with that third party that you provide them. Brightest takes no responsibility for what a third party may or may not do with any personal data you provide them, or their standards for data privacy and protection, which is entirely outside our control.
Use of information
We may use the information we collect about you to:
Provide, maintain, and improve our Service, including, for example, to provide products and services you request (and send related information), develop new features, provide customer support to Users, authenticate users, and send product updates and administrative messages;
Perform internal operations, including, for example, to prevent fraud and abuse of our Service; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyze usage and activity trends;
Send or facilitate communications;
Send you communications we think will be of interest to you, including information about products, services, promotions, news, and events from Brightest and other companies or organizations, where permissible and according to local applicable laws; and
Personalize and improve the Service, including to provide or recommend features, content, social connections, referrals, and advertisements.
We may transfer some of the information described in this Privacy Statement to (as well as process and store it) in the United States and other countries, some of which may have less protective data protection laws than the region in which you reside. Where this is the case, we'll take appropriate measures to protect your personal information in accordance with this Privacy Statement.
Sharing of information
We may share the information we collect about you as described in this policy or as described at the time of collection or sharing, including as follows:
Between you and organizations to enable each to efficiently connect and collaborate through the Service. For example, we share your name, photo (if you provide one), and any other information you have submitted to the Services;
With other Users; and with other people, as directed by you, such as when you want to share your Brightest experience with a friend or on a social network, or message another user using the Service;
With third parties to provide you a service you requested through a partnership or promotional offering made by a third party or us;
With the general public if you submit content in a public forum, such as blog comments, social media posts, or other features of our Services that are viewable by the general public;
With third parties with whom you choose to let us share information, for example other apps or websites that integrate with our API or Service, or those with an API or Service with which we integrate;
With Brightest subsidiaries and affiliated entities that provide services or conduct data processing on our behalf, or for data centralization and/or logistics purposes (note: we will always do our best to transparently disclose these relationships to you, whenever and wherever possible);
With vendors, consultants, marketing partners, and other service providers who need access to such information to carry out work on our behalf;
In response to a request for information by a competent authority if we believe disclosure is in accordance with, or is otherwise required by, any applicable law, regulation, or legal process;
With law enforcement officials, government authorities, or other third parties if we believe your actions are inconsistent with our Terms of Use (which can be found at brightest.io/terms) or other policies, or to protect the rights, property, or safety of Brightest or others;
In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
If we otherwise notify you and you consent to the sharing; and
In an aggregated and/or anonymized form which cannot reasonably be used to identify you.
Social sharing
The Service integrates with third party social networks to provide sharing features and other related tools which let you share actions you take on our Service with other apps, sites, or media, and vice versa. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the social sharing service. Please refer to the privacy policies of those social sharing services for more information about how they handle the data you provide to or share through them.
Your information and information choices
You may correct or otherwise update or modify your account information at any time by logging into your online or in-app account. If you have a Brightest account and wish to cancel your account and delete all data stored by our Service, please visit this link this link or email us at [email protected]. Please note that in some cases we may retain certain information about you as required by law, or for legitimate business purposes to the extent permitted by law. For instance, if we believe you have committed fraud or violated our Terms of Use, we may seek to resolve the issue before deleting your information.
Your data privacy and protection rights
At Brightest, we'd like to make sure you're fully aware of all of your data protection rights. Every individual or organizational user of the Service is entitled to the following:
The right to access: You have the right to contact Brightest to request a copy of your personal data. We may charge you a fee for this service, depending on the scope of the request, particularly if you are an organization subscribing to Brightest as a customer or partner.
The right to update and manage settings and information: We provide all Brightest users and customers with options to manage the privacy of their personal information and account settings, including editing and correcting certain personal information at any time by changing it directly in our Service.
The right to rectification: You have the right to contact Brightest to request that we correct any information you believe is inaccurate. You also have the right to contact Brightest to request to complete the information you believe is incomplete. Based on the volume of inquiries and requests we receive, we may or may not be able to accommodate your request in a timely manner, but we'll do our best.
The right to erasure: You have the right to contact Brightest to request that we erase personal information stored or accessible to Brightest, under certain conditions.
The right to restrict processing: You have the right to contact Brightest to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing: You have the right to contact Brightest to request to object to Brightest’s processing of your personal data, under certain conditions.
The right to data portability: You have the right to request that Brightest transfers the data that we have collected to another organization, or directly to you, under certain conditions. For organizations we offer self-serve data export capabilities throughout our Service to access or back up your data. For organizations, certain data portability or export requests may incur additional Service fees.
Depending on where you live, you may also have certain state- or country-specific rights with respect to your personal information. Please see region and state-specific rights and agreement terms for your region, state, or country, below.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please email us at: [email protected]
To help protect privacy and the security of your personal information (or another person, entity, or organization's), you may be asked to provide additional information to verify your identity and/or ownership rights before we can fulfill your data rights request. If we cannot verify your identity or your ownership rights to the data, we may not be able to service your request until you provide proper documentation.
Access rights
Brightest will comply with individual’s requests regarding access, correction, and/or deletion of the personal data it stores in accordance with applicable law.
We may request permission for our app’s collection of precise location from your device per the permission system used by your mobile operating system. If you initially permit the collection of this information, you can later disable it by changing the location settings on your mobile device. However, this will limit your ability to use certain features of our Services. Additionally, disabling our app’s collection of precise location from your device will not limit our ability to determine your approximate location from your IP address.
We may also seek permission for our app’s collection and syncing of contact information from your device per the permission system used by your mobile operating system. If you initially permit the collection of this information, you can later disable it by changing the contacts settings on your mobile device.
You may opt out of receiving promotional messages from us by following the instructions in those messages and/or by updating your account settings. If you opt out, we may still send you non-promotional communications, such as those about your account, about Service you have requested, or our ongoing business relations.
As a reminder, we are not responsible for the practices employed by any websites or services linked to or from our Service, including the information or content contained within them. Please remember that when you use a link to go from our Service to another website or service, our Privacy Statement does not apply to those third-party websites or services. Your browsing and interaction on any third-party website or service, including those that have a link on our Service, are subject to that third party’s own rules and policies. In addition, you agree that we are not responsible and do not have control over any third-parties that you authorize to access your user content. If you are using a third-party website or service and you allow them to access your user content, you do so at your own risk.
Data retention
Unless you specifically ask us to delete your personal information, we retain your personal information as long as it is necessary to comply with our data retention requirements and provide you with Services and the benefits of Brightest and successfully run our business. Even if you submit a deletion request, we may be required to maintain your personal information for as long as necessary to comply with our legal or regulatory compliance needs (e.g., maintaining records of transactions you have made with us), exercise, establish or defend legal claims, and/or protect against fraudulent or abusive activity on our Service.
This means we may keep different information for different periods. If your account is canceled because you haven’t used it for a long time, we may delete this information immediately.
There may be occasions where we are unable to fully delete, anonymize, or de-identify your personal information due to technical, legal, regulatory compliance, or other operational reasons. Where this is the case, we will take reasonable measures to securely isolate your personal information from any further processing until such time as we are able to delete, anonymize, or de-identify it.
International data
Brightest has voluntarily elected to participate in and operate in accordance with the principles of the EU-U.S. Data Privacy Framework (the "EU-U.S. DPF"), as set forth by the U.S. Department of Commerce, and, as applicable the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (the "Swiss-U.S. DPF"). As an organization, we are committed to these DPF Principles related to all personal data received from the European Union and, as applicable, the United Kingdom (and Gibraltar) and Switzerland in reliance on the relevant part(s) of the DPF program. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more, visit www.dataprivacyframework.gov
For any questions, inquiries, or complaints related to Brightest's participation in or adherence to these DPF Principles, please contact [email protected]. In the event of a valid, substantive complaint or issue, there are independent dispute resolution bodies designated to address complaints and provide appropriate recourse free of charge to an individual, such as: (1) the panel established by the EU DPAs and, as applicable, the UK Information Commissioner’s Office (ICO) (and the Gibraltar Regulatory Authority (GRA)), and/or the Swiss Federal Data Protection and Information Commissioner (FDPIC). Our adherence to the EU-U.S. DPF may also be subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) or any other U.S. authorized statutory body. There may be the possibility, under certain conditions, for an individual to invoke binding arbitration related to the EU-U.S. DPF.
When you use Brightest, by default, your data and personal information is processed and stored in the United States in a secure Amazon Web Services (AWS) data center. AWS data center and cloud hosting infrastructure is GDPR compliant.
To read more about AWS GDPR compliance, please see https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/ and AWS' GDPR data processing addendum.
However, if you are an organization using Brightest, you may have the right to order or purchase a different hosting option, which may include (1) hosting your data in a local data center, such as a data center in Australia, Ireland, Germany, or another supported region, (2) creating a dedicated, single-tenant hosting solution, or (3) other data processing, management, and/or storage Services and solutions.
With that said, Brightest reserves the right to store and process your personal information in the United States and in any other country where Brightest or its affiliates, subsidiaries, or service providers operate facilities in accordance with and as permitted by applicable laws and regulations. Some of these countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).
When we transfer, store or process personal information outside of your jurisdiction (including to or in the United States, as described above), we take appropriate safeguards to require that your personal information remain protected in accordance with this Privacy Statement and applicable law.
Some of these recipients of your personal information are located in countries for which the European Commission and/or UK Government (as and where applicable) have issued adequacy decisions, which means that these countries are recognized as providing an adequate level of data protection under applicable UK and/or European data protection laws and the transfer is therefore permitted under Article 45 of the GDPR.
Other recipients of your personal information are located in countries outside the EEA and/or the UK that are not the subject of an adequacy decision (for example, the United States). In these cases, we may use the Standard Contractual Clauses approved by the European Commission or, as may be applicable, the International Data Transfer Agreement approved by the UK Government, to help ensure your personal information is protected. For more information on the transfer safeguards we rely on, please contact us by using the details in the “How to contact us” section below.
Security of your personal information
We use reasonable physical, technical and organizational safeguards that are designed to protect your personal information. However, despite these controls, we cannot completely ensure or warrant the security of your personal information. You can find out more about how we protect your personal information here.
Children’s privacy and safety
Brightest does not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to register for the Services. The Service and its content are not directed at children under the age of 13. In the event that we learn that we have collected personal information from a child under age 13 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at [email protected].
Supplemental privacy notice for California residents
Scope: This section applies only to California residents. It describes how we collect, use, and share Personal Information of California residents in our capacity as a “business” under the California Consumer Privacy Act (“CCPA”) and your rights with respect to that Personal Information. For purposes of this section, the term “personal information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA. Please note that we may claim legal exemptions for certain types of personal information from all or certain parts of the CCPA. In some cases, we may provide a different privacy notice to certain categories of California residents, such as employees and job applicants, in which case that notice will apply instead of this section.
As we said earlier, as defined by the CCPA, we do not “sell” or “share” any personal information collected by the service related to (1) contact information, (2) government-issued identification information numbers, (3) account profile data, (4) payment data, (5) marketing data, (6) user-generated content, (7) demographic data, (8) transaction data, (9) corporate operational or financial data, (10) data about others, (11) device information, (12) precise location data, or (13) other California customer records or data considered sensitive or protected under the CCPA or other California laws. If you fill out communications and survey data via the Service in response to another organization (a third party data controller and processor), that organization (and that organization only) may have shared access to that data, otherwise we will hold any survey response personal information in strict confidence and not sell or share it.
California law now makes a distinction between organizations that process personal data for their own purposes (known as "businesses") and organizations that process personal data on behalf of other organizations (known as "service providers"). Depending on the circumstances of your use of Brightest, our Service may act as either a business OR service provider with respect to your personal data and information. If you have a question or a complaint about how your personal data is handled, please direct them to the relevant organization using Brightest since they are the ones with primary responsibility for your personal data.
For example, if you create an account with us to manage sustainability, organize employee engagement events, or communicate and engage supporters for your school, non-profit, business, campaign, or other type of organization, Brightest will be a service provider with respect to the personal data you provide as part of your account. We'll be a business regarding the personal data we've obtained from your use of our Service, which could relate to organizers and organization managers or individual people. We may use this to conduct research and analysis to help better understand and serve you and other partners of our Service, as well as to improve our products and provide you with a better Service.
By comparison, if you sign up for an event or action as an individual, Brightest processes your personal data to help administer that event, action, or campaign on behalf of the organizer (for example, sending signup confirmation messages, event reminders, processing payments, etc.) and to help the organizer target, and understand the success of, their event and event planning (for example, providing event reports, using analytics to gain insights into the effectiveness of various campaign channels, etc.). In these circumstances, Brightest merely provides software tools for organizers; we do not decide what personal data to request on registration or signups forms, nor are we responsible for the continued accuracy of any personal data provided. Any questions you have relating to your personal data and your rights under California law should therefore be directed to the organizer as the business, not to Brightest.
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the CCPA).
We or our service providers may collect the below categories of information for the following business or commercial purposes (as those terms are defined in applicable law):
• Our Service or our service provider's operational purposes
• Auditing consumer interactions on our site (e.g., measuring ad impressions)
• Detecting, protecting against, and prosecuting security incidents and fraudulent or illegal activity
• Bug detection and error reporting
• Customizing content we or our service providers include in the Service
• Providing the Services (e.g., account servicing and maintenance, order processing and fulfillment, customer service, analytics, and communication about the Service)
• Improving our existing Services and developing new services (e.g., by conducting research to develop new products or features)
Compliance with applicable, just laws and regulations. In this case we may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any particular user or device
• Other uses about which we notify you
As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law. California law may permit you to request that we:
• Provide you the categories of personal data we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal data; and the categories of third parties with whom we shared personal data
• Share information related to the sources from which that information was collected
• Provide access to and/or a copy of certain personal information we hold about you
• Provide the business or commercial purpose for collecting, selling, and/or sharing your personal information (if applicable, to the extent applicable)
• Provide the categories of third parties to whom we disclosed personal information about you for a business purpose
• Correct certain information we have about you. You can edit and correct your personal information at any time by changing it directly in our products and Services
• Delete certain information we have about you. You may have the right, under certain circumstances, to request that we delete the personal information you have provided to us. To the extent permitted, you may delete your personal information by emailing [email protected].
• Opt-out of personal information sales and/or sharing. As we've already said, we do not "sell" data and operate take thoughtful steps to limit data "sharing" (as defined by CCPA) to only uses that are necessary to operate our Service and make it available to you. However, that said, CCPA may classify our use of some aspects of our Services as “sharing” your personal information. To the extent permissable, you can opt-out of the “sharing” of your personal information by emailing [email protected]. In addition, if you are a visitor from California, you may also enable a recognized opt-out mechanism on your browser, device, or platform.
• Limit processing of sensitive personal information. We only use sensitive personal information as necessary for our (1) Service delivery and operations, (2) compliance and protection, (3) research and development, or (4) Service improvement and analytics purposes in accordance with CCPA. If we use sensitive personal information outside the permitted purposes of CCPA, we will provide you with the right to limit processing of sensitive personal information.
You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide the Services to you. If you ask us to delete it, you may no longer be able to access or use the Services.
You may request a copy of the personal information in your Brightest account by emailing [email protected].
In order to protect your personal information from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request as a California resident. If you do not have an account with us, or if we suspect your account has been accessed without your authorization, we may ask you to provide additional personal information for verification. You may use an authorized agent to submit a rights request. If you do so, the authorized agent must present signed written authorization to act on your behalf, and you will also be required to independently verify your own identity directly with us and confirm with us that you provided the authorized agent permission to submit the rights request. This verification process is not necessary if your authorized agent provides documentation showing that the authorized agent has power of attorney to act on your behalf under Cal. Prob. Code §§ 4121 to 4130.
Supplemental privacy notice for Colorado residents
Scope: This section applies only to Colorado residents. It describes how we collect, use, and share personal data of Colorado residents in our capacity as a business under the Colorado Privacy Rights Act (“CPA”) and your rights with respect to that personal data. For purposes of this section, the term “personal data” has the meaning given in the CPA but does not include information exempted from the scope of the CPA. Please note that we may claim legal exemptions for certain types of personal information and certain Intuit companies from all or certain parts of the CPA.
As a Colorado resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law. Colorado law may permit you to request that we:
• Provide access to and/or a copy of certain personal data we hold about you
• Correct certain information we have about you. You can edit and correct your personal data at any time by changing it directly in our products and Services
• Delete certain personal data we have about you. You may have the right, under certain circumstances, to request that we delete the personal data you have provided to us. To the extent permitted, you may delete your personal data by emailing [email protected].
• Opt-out of tracking for targeted advertising purposes. You can submit requests to opt-out of tracking for targeted advertising purposes by visiting the Osano “Manage Cookies” or “Privacy Preferences” link or cookie widget in the lower left corner of the footer of the Service.
• Opt-out of profiling. You can opt-out of the automated processing of your Personal Data to evaluate, analyze, or predict personal aspects related to your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements, to the extent this results in decisions that produce legal or similarly significant effects.
We will not process your sensitive personal data without your consent.
You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide the Services to you. If you ask us to delete it, you may no longer be able to access or use the Services.
You may request a copy of the personal information in your Brightest account by emailing [email protected].
In order to protect your personal data from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request as a Colorado resident. If you do not have an account with us, or if we suspect your account has been accessed without your authorization, we may ask you to provide additional personal information for verification. You may use an authorized agent to submit a rights request. If you do so, the authorized agent must present signed written authorization to act on your behalf, and you will also be required to independently verify your own identity directly with us and confirm with us that you provided the authorized agent permission to submit the rights request.
Supplemental privacy notice for Nevada residents
Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.
We do not engage in such activity; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by emailing [email protected]. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.
Supplemental privacy notice for United Kingdom (UK) and European Union (EU) & European Economic Area (EEA) residents and organizations
Any references to "personal information" in this Privacy Statement are equivalent to “personal data” governed by EU and UK data protection laws. Essentially, "personal data" is information about an individual, where that individual is either directly identified or can be identified. It does not include 'anonymous data' (i.e., information where the identity of an individual has been permanently removed).
We use your personal information only as permitted by law. Applicable EEA and UK data protection law requires us to have a “legal basis” for each purpose for which we collect your personal information. Our legal basis for collecting and using the personal information described in this Privacy Statement will depend on the type of personal information and the specific context in which we collect it. However, we will normally process personal information from you when (1) We have your consent to do so, (2) We have a contract with you and it is necessary to process your personal information to perform our contract with you, including to provide you with the benefits of the Intuit Platform and operate our business, (3) the processing is in our legitimate business interests, such as operating our businesses, improving and developing the Brightest Services, communicating with you, marketing our offerings and services and personalizing your experience, and to detect illegal activities, and/or (4) to comply with legal requirements, including applicable laws and regulations.
If you are a resident of the UK or EEA, you may have the following rights and choices:
• Provide access to and/or a copy of certain personal data we hold about you
• Update your privacy settings
• Correct certain personal data we have about you. You can edit and correct your personal information at any time by changing it directly in our products and Services
• Delete certain personal data we have about you. You may have the right, under certain circumstances, to request that we delete the personal information you have provided to us. To the extent permitted, you may delete your personal information by emailing [email protected]
• You may object to our processing of your personal data or ask us to restrict processing of your personal information
• You may request portability of your personal information
• If we process your personal data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent
• You have the right to file a complaint with a supervisory authority about our collection and processing of your personal information
• You may be able to opt-out of certain cookies and other similar technologies
You may request a copy of the personal information in your Brightest account by emailing [email protected].
In order to protect your personal information from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request as a UK or EU resident or organization. If you do not have an account with us, or if we suspect your account has been accessed without your authorization, we may ask you to provide additional personal information for verification. You may use an authorized agent to submit a rights request. If you do so, the authorized agent must present signed written authorization to act on your behalf, and you will also be required to independently verify your own identity directly with us and confirm with us that you provided the authorized agent permission to submit the rights request.
Changes to this policy
We may change this Privacy Statement from time to time, at our sole discretion. Your continued use of the Service after such notice constitutes your consent to the changes. We encourage you to periodically review the Privacy Statement for the latest information on our privacy practices.
As we've said before, privacy in this day and age is a delicate balance. Information collection has become very powerful, and can often be helpful for delivering a more engaging, relevant, and customized experience or Service to you. But it can also be mis-used and abused, as we've seen many times from Facebook and other services. We think about these issues and ethics a lot, and will keep challenging ourselves to make the right decisions. You should also challenge us too.
Get in touch - we're listening
If you have any questions about this Privacy Statement, your rights, or would like to discuss it with us more, please contact us at [email protected]