This policy describes how BrightHive will handle individual’s private information.
The policy aims to provide clear information for users and/or customers, to provide clear direction to BrightHive employees, and to keep BrightHive compliant with all applicable local, state, federal, and international data privacy regulations.
The policy includes both a section specifically around website policies and more general information about maintaining appropriate controls around privacy that apply to both the website and any applications we may build.
This policy is intended to align to NIST800-53:PL-5.
At BrightHive we work hard not to collect information we don’t explicitly need and avoid integrating tools that collect data in unsolicited ways.
During the course of online interactions with our website (Site), it is customary to collect information that your web browser provides including:
- IP Address
- Web Browser
- Time Zone / Locale
Additionally, as you browse the Site, we collect information about the individual web pages that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site.
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
Additionally when you purchase Services or attempt to purchase Services through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. We refer to this information as “Order Information.”
Sharing and Transferring Your Information
In no case do we sell or rent Personal Data to marketers or unaffiliated third parties. We share your Personal Data with trusted entities, as outlined below.
We share Personal Data internally to provide our Services and for internal administration purposes.
We share Personal Data with a limited number of our service providers. We have service providers that provide services on our behalf, such as website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing services. These service providers may need to access Personal Data to perform their services. We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the United States of America.
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we may use Google Analytics to help us understand how our customers use the Site–you can read more about how Google uses your Personal Information here. You can also opt-out of Google Analytics here.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Do Not Track
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
Use By Minors
The Site is not intended for use by individuals under the age of thirteen (13), and we request that they not provide Personal Data through the Site.
You have choices regarding our use and disclosure of your Personal Data:
- Opting out of receiving electronic communications from us. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.
- How you can see or change your account Personal Data. If You would like to review, correct, or update Personal Data that You have previously disclosed to us, You may do so by signing in to your account or by contacting us.
- Your data protection rights. Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:
- The right to request confirmation of whether BrightHive processes Personal Data relating to you, and if so, to request a copy of that Personal Data;
- The right to request that BrightHive rectifies or updates your Personal Data that is inaccurate, incomplete or outdated; The right to request that BrightHive erase your Personal Data in certain circumstances provided by law;
- The right to request that BrightHive restrict the use of your Personal Data in certain circumstances, such as while BrightHive considers another request that you have submitted (including a request that BrightHive make an update to your Personal Data);
- The right to request that we export to another company, where technically feasible, your Personal Data that we hold in order to provide Services to you. Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.
- Process for exercising data protection rights. In order to exercise your data protection rights, you may contact BrightHive as described in the Contact Us section below. We take each request seriously. We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.
For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.
If you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you subscribe to service through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
Handling Private Data
Private data including PII (name and email for example), must be handled in accordance with our Data Classification Policy. At a minimum, any such data must be encrypted at rest and in transit. It must also have appropriate authorization and auditing so that we are sure that the people accessing the data have the right to do so and that any access is trackable.