This policy, together with any other document referred to within it, is incorporated into and governed by the Terms and Conditions of Service (“Customer Terms”) located at: https://www.brightbox.com/legal/terms.
This Policy applies only to Personal Data of users of the Services (“Customers”) and visitors to our Website.
This Policy does not apply to:
All definitions set out in the Customer Terms shall also apply in this document.
Capitalised terms, unless defined within this document, shall have the meaning given to them in the Customer Terms.
“Personal Data”, “Data Subject”, “Processing”, “Processor”, “Controller”, “Supervisory Authority” where used within this DPA have the meanings given to them in the Applicable Data Protection Legislation.
We collect Personal Data in the following ways:
Personal Data that you provide to us through your use of the Services or our Website or otherwise communicate with us may include:
When you use the Services or our Website, we may automatically collect information including:
We may receive information from other sources, including:
We may use Personal Data for the following purposes:
We may use Personal Data to:
We may create anonymous data from your Personal Data and other individuals whose Personal Data we collect. In such a case, we will make Personal Data anonymous by excluding information that makes the data personally identifiable to you, and use that anonymous data only for lawful business purposes.
If you request information from us, sign up for the Services or participate in our surveys or promotions, we may send you marketing communications as permitted by Applicable Data Protection Regulations. When we send you marketing communications, we will always provide you with the ability to opt-out immediately so you will not receive marketing communications in future. You may still, however, receive Service-related communications such as security or maintenance notifications and billing emails.
We may also use Personal Data to show you personalised adverts about our Services on other websites or social media platforms and to improve the effectiveness of our online advertising. You can opt-out of personalised advertising here.
We may use your Personal Data as we believe necessary or appropriate to:
(a) enforce the Customer Terms that govern the use of the Services;
(b) protect our rights, privacy, safety or property, and/or that of you or others; and
(c) protect, investigate and deter against fraudulent, harmful, unauthorised, unethical or illegal activity.
We may use your Personal Data as we believe necessary or appropriate to comply with applicable law, lawful requests and legal process.
We may use your Personal Data with your consent, such as when you consent to us posting your testimonials or endorsements on the Website or when you choose to opt-in to our marketing communications.
We will only use your Personal Data as permitted by Applicable Data Protection Regulations. The following table explains the purposes and lawful bases upon which we rely to process your Personal Data.
|Purpose of processing||Lawful basis|
|(4.1) To provide the Service||This processing is necessary for the performance of the contract which governs our provision of, and your use of, the Services or in order to take steps at your request prior to signing up to the Services.|
(4.2) To create anonymous data for analytics;
(4.3) For marketing and advertising;
(4.4) For protection, enforcement and fraud prevention;
|These processing activities constitute our legitimate interests. Where we process your Personal Data in pursuit of our legitimate interests we will assess and balance any potential negative impact on your interests and rights. We will not use your Personal Data where our legitimate interests are overridden by your rights and interests. You have the right to object to our processing where we rely on our legitimate interests as the lawful basis for processing. Please see (11.5) for more information.|
|(4.5) To comply with applicable law||Processing is necessary for compliance with our legal obligations.|
|(4.6) With your consent||Processing is based on your consent. Where we rely on your consent as the lawful basis for processing you have the right to withdraw it anytime by unsubscribing or contacting us as appropriate.|
We neither rent nor sell your Personal Data to anyone. However, in accordance with Applicable Data Protection Regulation, we may share Personal Data as described below:
We may share information about you with trusted third party partners and service providers such as subcontractors, payment processing services, analytics services, fraud analysis services and credit reference agencies.
In the event of a proposed merger, acquisition, financing, sale of assets or in the event of insolvency, bankruptcy, receivership or other change of control, your Personal Data may be disclosed to a potential acquirer, successor or assignee as part of our business assets. In such a case, you will be notified about the change of ownership or control and will be able to exercise your rights regarding your Personal Data.
We may use third party advertising networks to show you adverts about our Services, which we believe may be of interest to you.
We may share Personal Data that we reasonably believe is necessary to comply with applicable law, legal process, court order or government agency request or to enforce the Customer Terms.
We may share Personal Data if we reasonably it is necessary or appropriate to:
We may disclose Personal Data to professional advisors, such as lawyers, accountants, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
Except as described above, we may share your information with your explicit consent.
We will only retain Personal Data for as long as necessary to fulfil the purposes for which it was collected unless a longer retention period is required for legal, tax or regulatory reasons, or for any other lawful legitimate business purpose.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data and whether we can achieve those purposes through other means and applicable legal requirements.
In some circumstances we may anonymise Personal Data so that it can no longer be associated with an identifiable person, in which case we may use this information indefinitely without further notice.
Brightbox is committed to keeping your Personal Data secure. We employ a number of organisational, technical and physical measures to protect the Personal Data we collect.
You must also help prevent unauthorised access to your Personal Data by choosing strong passwords where appropriate and protecting your password and other access credentials from unauthorised access or use.
If you have any questions about our security practices, or advice on keeping your account secure please contact us.
We do not knowingly collect sensitive Personal Data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, criminal convictions and offences, genetic data, biometric data, health data or data concerning a person’s sex life or sexual orientation.
We do not knowingly collect or receive Personal Data from children. The Customer Terms require that customers must be at least 18 years of age to use the Services.
If we are made aware that a user of the Services is under 16 years old we will take appropriate steps to remove that individual’s information from our systems and restrict that individual from future access to the Services.
If you are an EU resident, you have certain rights regarding your Personal Data:
You can access, update or correct any of the Personal Data you have provided to us by logging into your account. Please contact us if you experience any problems or have any questions about our processing of your Personal Data.
You can request your Personal Data is deleted and we will comply without undue delay unless we are required to retain such data for legal, tax or regulatory reasons, or for any other lawful legitimate business purpose. Please contact us if you wish to request that we delete your Personal Data.
You can request that we provide a machine-readable copy of the Personal Data you have provided to us. You can contact us if you wish to arrange this.
Where our processing of Personal Data is based on consent, you may withdraw your consent at any time. To opt out of receiving marketing communications, please click the “unsubscribe” link at the bottom of any recent marketing email, or log into your account and change your email preferences.
You can also opt out of receiving personalised online advertising here.
You can contact us if you wish to withdraw your consent to any other use of your Personal Data which you may have previously consented to.
Withdrawing consent will not affect other data processing where we rely on other lawful bases for processing, such as those described in (5.1).
You have the right to object to our processing of Personal Data where we rely on our legitimate interests as the lawful basis for processing. Please contact us if you wish to object to processing in such cases.
We will only transfer Personal Data of EU residents to trusted third parties in countries outside of the EEA, where:
The “appropriate safeguards” referred to in the previous paragraph will be one of the following safeguards recognised by the European Commission as providing adequate protection for Personal Data:
If you have any complaints about our use of your Personal Data please contact us as described below.
You can also contact The Information Commissioner’s Office (ICO) which is the Supervisory Authority for data protection in the UK.
Telephone: 0303 123 1113
Our physical office address is:
Brightbox Systems Ltd
Last updated: 24 May 2018 at 12:35 UTC