Privacy policy

Privacy statement BrightAnalytics

The registration and use of the application BrightAnalytics implies the collection and processing of personal data. The concept of personal data consists of data that permit us to identify a natural person, either directly or indirectly and regardless whether this is done.

The applicable privacy legislation, and more particular the Belgian law of 8 december 1992 on the protection of privacy (Privacy Act), considers strict conditions on to the collection and processing of personal data. This privacy statement constitutes an implementation of the information obligations of article 9 Privacy Act.

We assume that each Licensee is aware of and explicitly accepts the application of this Privacy Statement upon his use of the Application and our services.

Our Privacy Policy may be subject to future adjustments and changes, which will be made clear via the Privacy Statement. It is up to the Licensee to take account of this document. Every substantial change will always be clearly communicated.

1 Who is responsible for the data processing?

The Privacy Act draws a distinction between a ‘data controller’ and a ‘data processor’. The distinction is fairly important in order to avoid some ambiguity about responsibilities.

1.1 The Data controller.

The data controller is every natural person and/or legal entity that determines the purposes and the means (legal and technical) of the processing of personal data. This determination can be done alone or jointly with others. We determine two data controllers:

BRIGHTANALYTICS BV (Referred to as “BRIGHTANALYTICS”)
Bruggesteenweg 311A / 2.2
8830 HOOGLEDE
Belgium
Enterprise number BTW BE-0555.899.773.
Tel.: +32 (0)51 43 74 70
Email: hello@brightanalytics.eu

BRIGHTANALYTICS bears only a responsibility as data controller with regard to the personal data that is discussed in article 2 of the privacy statement.

THE LICENSEE: The Licensee is eligible as a Data Controller in accordance with the privacy act because he (indirectly) processes personal data of his clients and third parties by means of our Application. The Licensee determines the data that will be processed via our Application and this data may include third party personal data. The Licensee is, consequently, responsible for the lawful processing of the personal data.

The co-existence of several data controllers does not prevent the exclusive responsibility of only one data controller for an accountable deficiency. In this case, the responsible data controller is obliged to indemnify the other data controller(s) against all claims of third parties that may be set because of a violation of the law on protection of personal data and/or other legislation concerning the processing of personal data which is not attributable to this data controller.

1.2 The Data processor.

The data processor is a natural person or legal entities that processes the personal data on behalf of the data controller. The persons who, under the direct authority of the party responsible for the processing, are authorized to process the data do not fall within this category.

The data controller has carefully selected these data processors. The selected processors offer notably all the adequate guarantees with regard to technical and organizational security measures regarding the processing of your personal data. They also satisfy all the other requirements of Article 16, §1 Privacy Act.

The controller is not responsible for any loss or corruption of personal data, identity theft, data theft, viruses or Trojans, SQL injections or other attacks on computer systems or online cloud portals. The processors have gained professional expertise in their domain and decide therefore in an autonomous manner over the most technically appropriate application to process the data. The data controller is not expected to have the same expertise and speciality.

BRIGHTANALYTICS is only designated as a data processor for the data processing under the responsibility of the Licensee as the data controller via our Application.

2 For what purposes do we process the data?

processes your personal information for one overarching goal: we want to offer the end-user a safe, efficient and personal user experience of our application and its related services. The collection of personal data shall be more extensive as the end-user makes active use of the Application and his use of certain services.

BRIGHTANALYTICS will only process your personal data for the next (internal) purposes:

Provide the user access to his user-account.
Provide and improve our personalized and general services; such as the provision of information, newsletters and offers that are useful or necessary for the end-user; the provision of support and the acquisition and processing of user reviews.
The detection of and protection against fraud, errors and criminal behavior
The personal data are processed for internal use within BRIGHTANALYTICS. The data are not used for external analysis without anonymization. The data will not be passed or disclosed to third parties, unless;

An explicit consent of the data subject is acquired;
The transfer is necessary for the execution of the agreement. This will be the case with employees, employees, agents, subcontractors, suppliers, etc. ;
The transfer is necessary for the conclusion or performance of the interests of the Licensee between the controller and a third party concluded or to be concluded. For example, in the context of fraud;
BRIGHTANALYTICS collects the personal data via:

2.1 Via the User Registration.

The use of the application requires the registration of a unique user-account. BRIGHTANALYTICS will collect all the data needed for the personalized services such as sex, age, professional jobs and activities, demographics like some essential contact information such as address, email address, telephone and fax number, job title (if necessary) upon registration.

BRIGHTANALYTICS collects in no case sensitive personal data of the end-user, such as information about your race, political opinions, health, religious and other beliefs, sexual orientation, and the like.

2.2 Via various technical means.

We, furthermore, collect and process personal data in order to guarantee the end-user the proper technical operation of the application. The Application uses various means to optimize the user experience and to detect any (technical) errors;

  • Cookies
    This information allows us to recognize the end-user and thus make efficient use of the application functions. For further clarification about our cookies, we refer you to our Cookie Policy;
  • Log information;
    This information allows us to recognize the IP address and various communications data;
  • Information with regard to the utilized hardware, software and network;
  • Local storage information.

The application also collects anonymous data; those are technical data used for internal purposes only in order to analyse the end-user’s navigation on the application. Such data falls outside the scope of the Privacy Statement as this does not allow identification of a natural person.

2.3 Do we process personal data outside the EU ?

BRIGHTANALYTICS is a Belgian company. It is, nevertheless, possible that personal data is processed or transferred to countries outside the European Union. Under Article 21 of the Privacy Act, personal data may only be transferred to countries which ensure the same adequate level of protection, and where the same or similar provisions are complied with the Privacy Act. This includes a case-by-case examination of criteria such as country, duration of the transfer and storage, type of data and objectives.

BRIGHTANALYTICS guarantees that no data transfer to third countries will proceed without having taken the necessary measures to satisfy the protection requirements of the Belgian Privacy. This transfer will only occur on the basis of one of the grounds listed in Article 2.

3 Do we store any location data?

The analytical data of our Application indeed show location data. BRIGHTANALYTICS is able to determine and display a (presumed) location on a map, based on this information. These indications (based on an IP address) are, however, anything but precise, and far from sufficient to identify your precise location.

BRIGHTANALYTICS does not use this location data to identify users, but only to ensure the smooth technical operation of our Application.

4 My rights as a data subject?

4.1 The warranty of a legitimate and reliable processing of the personal data

Each data subject can rest assured that his personal data will be processed in a fair and lawfully manner. This means that the data will only be processed for the above explicit and legitimate purposes. BRIGHTANALYTICS also ensures that the personal data are always adequate, relevant and not excessive in relation to the purposes for which they are processed. We do not store your personal information longer than absolutely necessary. However, we keep a record of your data, as long as your account is active or when your personal data is necessary to offer you a service.

BRIGHTANALYTICS has taken all adequate technical and organizational security measures that guarantee the data subject a safe processing of personal data. These security measures are commensurate with the nature of the data and the potential risks.

BRIGHTANALYTICS has reduced the risks of accidental or unauthorized destruction or accidental loss, alteration of, access to and any other unauthorized processing to a minimum. This does not mean that all risk is excluded. BRIGHTANALYTICS will immediately take all possible measures to limit damage or theft to a minimum in case of a security breach.

4.2 Right to object

Each data subject can oppose the processing of his personal data. This right to object exists only if there are sufficient legitimate and weighty grounds relating to his particular situation. The exceptions provided in the Privacy Act are also applicable to this right of objection.

The data subject may at any time, free of charge and without further ado oppose the proposed processing of your personal data if those data were obtained for the purpose of direct marketing.

The data subject is also entitled to obtain the removal and/or the ban on the use of all your personal data which have been obtained and which are incomplete or irrelevant, regarded from the view of the purpose of the processing. This is also applicable to any personal data of which the registration, disclosure, and retention are prohibited, or personal data preserved after expiry of the authorized period. This right can be used at any time, free of charge and without further justification.

The data subject shall exercise this right through a signed, written request to BRIGHTANALYTICS, by post or e-mail to hello@brightanalytics.eu. BRIGHTANALYTICS undertakes the appropriate action following a request within 15 days.

4.3 Right to access

Each data subject who proves his identity has a right of access to all information regarding the processing of his personal data by BRIGHTANALYTICS, as defined in the Privacy Act. This includes information on the purposes of the processing, the categories of information processed and relate the categories of recipients to whom the data are provided. This Privacy Policy is a first indication.

The data subject shall exercise this right through a signed, written request to BRIGHTANALYTICS, by post or e-mail to hello@brightanalytics.eu. BRIGHTANALYTICS undertakes the appropriate action following a request within 15 days.

4.4 Right to correct

BRIGHTANALYTICS attaches a great importance to an accurate data collection. Inaccurate or incomplete personal data can therefore always be improved or even obliterated.

For it is impossible for us to be on a continuous basis aware of any mistakes, incompleteness or falseness of your personal data, it is up to you as a user to report inaccuracies or omissions and to perform the necessary adjustments regarding ones registration details.

If your personal actions seem not enough, feel free to contact us using a signed, written request directed via hello@brightanalytics.eu. BRIGHTANALYTICS performs the necessary actions within 15 days by making additions, correcting or deleting the personal data. The removal is mainly related to the visibility, so it is possible that the deleted personal data remains temporarily stored.