OUR PRIVACY POLICY

1. INTRODUCTION

About this notice

This privacy notice applies to Bright Partnerships Worldwide Limited, a company incorporated in England and Wales whose registered office is at Albany House, Claremont Lane, Esher, Surrey, KT10 9FQ (Company number: 08828386), and its affiliated group companies, including:

• Bright Partnerships Worldwide Inc, incorporated in USA with its principal place of business at 55 Water Street, Brooklyn, NY 11201
• Bright Partnerships Worldwide Pty Ltd, incorporated in Australia with its registered office at Level 5, 63 Pirie Street, Adelaide, SA 5000

These companies are referred to collectively in this notice as “we”, “us” or “our”.

We collect and use personal data about our clients, suppliers, website visitors, and other individuals (“you”) for a variety of business purposes. We are committed to protecting your personal data and to being transparent about how and why we use it, in compliance with applicable data protection laws.

It is important to us to be transparent and provide accessible information about how we will use your personal data. We are committed to respecting your privacy and to complying with applicable data protection and privacy laws.

In this notice, we use the term “personal data” to mean any information relating to an identified or identifiable individual.  Such individuals may include our clients, customers of our clients, suppliers, marketing contacts, and others.

This notice sets out the basis on which we will collect and use personal data about you. It applies to all products and services provided by us. Where we process personal data on behalf of our client, information about how your personal data is processed will be contained in the privacy notice of that client.

Our privacy and cookie notice will be reviewed and enhanced from time to time.  Please check our website or contact us for a copy of the current privacy and cookie notice.  If you have any questions in relation to this privacy and cookie notice, please contact us.

This policy was last updated on 29 April 2025.

2. DATA CONTROLLERS AND RESPONSIBILITIES

Data Controller

The controller of your personal data will depend on your relationship with us and your location. In most cases, the local group company you interact with will be the controller of your data. In other cases, two or more group companies may act as joint controllers, particularly where services, IT systems, or personnel are shared across the group.

We have entered into arrangements among our group companies to determine respective roles and responsibilities regarding personal data, including ensuring your rights are upheld.

Responsibilities

Our group has appointed a shared Data Protection Officer (DPO) responsible for privacy compliance across our companies.

If you have questions about this notice, your data, or wish to exercise your rights, please contact our Data Protection Officer (details below):

Post:                 8 Boundary Row, London, SE1 8HP

Email:               enquiries@brightpartnerships.com

Telephone:       +44 (0)203 714 3850

3. THE INFORMATION WE COLLECT

Depending on your relationship with us, we may collect the following data about you:

• Full name and job title
• IP address and other data associated with your computer
• Demographic information e.g. postcode
• Additional information provided by you may include:
  • Preferences and reminders
  • Home address
  • Telephone number
  • Mobile phone number
  • Date of birth
• Automatically generated information created while you use this website may include:
  • Transactional information
  • Clickstream information
  • Cookies

Information about the personal data we collect and use about our employees and job applicants is set out on a separate privacy notice.

We do not regularly collect any ‘special categories of personal data’ about you (this means information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data) and we do not collect any information about criminal convictions and offences.

If we do need to collect any of these types of data, for example to ask you about any medical conditions prior to attending one of our events, we will generally seek your consent at that time.

4. HOW WE COLLECT YOUR DATA

We may collect personal data:

• When we meet you in person;
• When we speak to you by telephone;
• When you correspond with us by email;
• When you participate in any activities or promotions administered by us;
• When you contract with us for services we provide;
• When you fill in forms and questionnaires; or
• When you visit our website.

5. HOW WE USE YOUR DATA

We will use your personal data for our legitimate business purposes, to provide our services to our clients and to run our business.

Specific uses of your data depend on our relationship with you, but may include:

• To process and deliver services to you or to pay for services we use including:
  • management of payments, fees and charges
  • the collection and recovery of money owed to us
• To improve our products and services; provide relevant offers and fulfil transactions
• Internal record keeping.
• Compliance with our legal, regulatory and corporate governance obligations and good practice.
• Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests.
• Operational reasons, such as training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting, credit scoring.
• Investigating complaints.
• Marketing our business, including but not limited to:
  • Promotional emails and updates about new products, special offers or other information we may think is of interest to you
  • Market research purposes, by email, phone or mail

In accordance with data protection law, we must always have a valid lawful basis for collecting and using your personal data. Where we are relying on your consent in order to collect and use your personal data, we will ask you to give your consent. You can withdraw your consent at any time by contacting us.

We will also use your personal information because it is in our legitimate interests in order to run our business, and we do not believe that your interests and fundamental rights override those interests.

We may use your personal information where we need to do so in order to comply with our legal or regulatory obligations. For example, this will apply where we need to keep information for a specific period to comply with our legal obligations.

We will only process any special categories of personal data with your explicit consent unless exceptional circumstances apply or we are required to do this by law (e.g. to comply with legal obligations to ensure health and safety at work). Any such consent will clearly identify what the relevant data is, why it is being processed, and to whom it will be disclosed.

6. WHO WILL YOUR INFORMATION BE SHARED WITH?

Your personal data is an important part of our business.  We do not sell your information to third parties.  We will only share your information as set out below. All information sharing is only done on the basis of being necessary and to fulfil legitimate business purposes.  For example:

• Information may be shared with third parties to enable us to provide our services to our clients. If your consent is required to pass your personal data to third parties, you may be contacted in order to give your positive consent for this purpose.

We may disclose your personal information to third parties in limited circumstances as follows:

• Where we engage the business services of a third party to provide services directly to us. We will carry out the necessary due diligence on any third party that we use to ensure that they fully comply with data protection regulations. Any third party will be engaged for a specific purpose and they will be strictly prohibited from using your personal data for any other purposes. 
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use on this website and other agreements.

7. DATA SECURITY AND RETENTION

We keep personal data secure against loss or misuse.  We are committed to protecting the confidentiality of your information and will take all reasonable measures to secure your information including, encryption, third party audits, access controls and security testing.

Where other organisations process personal data as a service on our behalf, our Data Protection Officer will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third-party organisations.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

International Data Transfers

As we operate as a group of companies with shared systems, personal data may be transferred between entities located in the UK, United States, and Australia.

These transfers may involve access to your data from outside the UK. In such cases, we ensure appropriate safeguards are in place as required by applicable laws, including:

• Using International Data Transfer Agreements (IDTAs) or UK Addendums to Standard Contractual Clauses (SCCs), where appropriate
• Ensuring that data recipients are subject to data protection obligations equivalent to those required under the UK GDPR
• Only transferring data to countries deemed to provide an adequate level of protection by the UK Government

If you would like more details about the mechanisms we use for international data transfers, please contact our Data Protection Officer.

8. RIGHTS TO YOUR DATA

• • You have the right to access information held about you.
  • Upon request, you will have the right to receive a copy of your data.
  • You can ask us to correct any inaccurate information held about you.
  • You may also request that your data is transferred directly to another system.
  • You may request that any information held on you is deleted or removed, where there is no good reason for us to continue to process. This includes any third parties who process or use that data. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you (if applicable) at the time of your request.

  Jurisdiction-Specific Rights
  This notice is designed to meet the requirements of the UK General Data Protection Regulation (UK GDPR). However, individuals located in other jurisdictions may have additional rights under local privacy laws, such as California Consumer Privacy Act (CCPA) or Australian Privacy Act 1988.

  Where required by law, we provide jurisdiction-specific privacy notices, which supplement this general notice. Please contact us if you would like to receive a local version applicable to your country.

  If we can help with any of these, please email us at enquiries@brightpartnerships.com.

  These requests will be processed within one month, provided there is no undue burden and it does not compromise the privacy of other individuals.

  Making a Complaint

  If you are unhappy with the way we have responded to your request or how we have otherwise used your personal data, please contact us to give us an opportunity to resolve your issues.

  You also have the right to make a complaint to the following bodies:

  United Kingdom

  • Information Commissioner’s Office (ICO)
    • ico.org.uk/make-a-complaint.

  United States of America (New York)

  • New York State Attorney General’s Office (NYAG)
    • https://ag.ny.gov/file-complaint/consumer

  Australia

  • Office of the Australian Information Commissioner (OAIC)
    • oaic.gov.au/consumer-data-right/consumer-data-right-complaints

9. LINKS TO OTHER WEBSITES

Links on this website may take you to a third-party website.  At the point you enter the third-party website, the privacy and cookie policy of the third party will apply to any and all information that you provide. It is important to read the third party’s privacy and cookie policy.

10. COOKIES

A cookie is a small file, which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use analytics cookies provided by Google and Leadfeeder to identify which pages are being used. This helps us analyse data about web page traffic and improve our website. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies when you first visit our website.