Brightly Privacy Notice

Date: 22. September 2023

  1. What is this Privacy Notice about?

This Privacy Notice explains how we process personal data in relation with our business and our website. If you wish to receive more information about our data processing, feel free to contact us (sec. 2).

  1. Who is the controller for your data?

The following company is the «controller», i.e., the party that is primarily responsible to ensure compliance with data protection laws (hereinafter: «Brightly», «we» or «us») in relation to this Privacy Notice:

Brightly (Swiss) AG
Schulhausstrasse 73
8704 Herrliberg

If you have any questions regarding data protection, please feel free to contact us at the following address:

  1. How do we process data in connection with our services?

If you use our services, we may process the following categories of data:

  • if you sign up as a full member of Brightly, your name, e-mail address, residential address and mobile phone number and potentially additional profile information;
  • your e-mail address and name if you register on our blog and/or in our forum;
  • data about the nature of the services requested and the performance of the agreement, as well as data on payments, contacts with customer service, claims, complaints, termination of the contract and – in the event of disputes – also in relation with dispute resolution;
  • additional data that you may share with us.

We collect this data listed above directly from you but also from third parties, such as our B2B customers, the company for which you work for, from address providers (if we obtain third-party data to keep our data accurate and current), from public and private registers (e.g., for sanctions checks or the commercial register) and from other public sources (e.g., the internet or the media).

If you share data with us that relates to other individuals (e.g., representatives, co-workers, family members etc.) it is assumed that this data is accurate and that you are permitted to share this data with us. However, we do ask that you to inform these individuals about our data processing.

We process the data set out above to evaluate, prepare, conclude, manage and enforce agreements, as well as for statistical purposes to improve and develop products and services.

  1. How do we process data related to marketing?

We also process personal data in order to promote our services:

  • Newsletter: We send out electronic information and newsletters. We ask for your consent unless we advertise certain offers to existing customers (who can object to us using their data for newsletters at any time). We may collect information about links clicked and e-mails opened. You can avoid this by setting your e-mail client accordingly (e.g., by switching off automatic loading of images).
  • Events: If you participate in an event we will process registration data to organize and hold the event and potentially be in contact with you after the event. We can also take photos at the event to share on social networks. In this case, we will let you know you separately.
  • Market research: We process data in order to improve services and develop new products, e.g., information about services used, responses to newsletters, information from customer surveys and surveys or from social media, and information from public sources.
  1. How do we process data in relation with our website?

When you use our website some data is collected and temporarily stored in log files. This data is typically anonymous. We use it to provide access to our website, to ensure its security and stability, to optimize our website and for statistical purposes.

We also use cookies, small files that your browser stores on your device. This allows us to distinguish individual visitors but usually without personally identifying any visitor. Cookies may also include information about content accessed and the duration of the visit. We may also use other technologies such as pixels or browser fingerprints. Pixels are invisible images that are called from a server and transmit certain information through a coded link. Fingerprints are information about the configuration of your device that make your device distinguishable from others].

You can set your browser to blocks certain cookies or deletes them as well as other stored data. You can find out more in the help pages of your browser.

Cookies and other technologies may also be used by third parties that provide services to us. These may be located outside of Switzerland and the EEA (for more information, see sec. 7). For example, we use analytics services so that we can optimize our website. Cookies and similar technologies from third-party providers also enable them to target you with individualized advertising on our websites or on other websites as well as on social networks that also work with this third party and to measure how effective advertisements are (e.g., whether you arrived at our website via an advertisement and what actions you then take on our website). The relevant third-party vendors may record website usage for this purpose and combine their records with other information from other websites. They can record user behavior across multiple websites and devices in order to provide us with statistical data. The providers may also use this information for their own purposes, e.g., for personalized advertising on their own website or other websites. If a user is registered with the provider, the provider can assign the usage data to the relevant person.

Two of the most important third-party providers are Google and Facebook. You can find more information about them below. Other third parties generally process personal and other data in a similar way.

We use Google Analytics on our website, an analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd (Google Building Gordon House, Barrow St, Dublin 4, Ireland). Google collects certain information about the behavior of users on the website and about the terminal device used. The IP addresses of visitors are shortened in Europe before being forwarded to the USA. Google provides us with evaluations based on the recorded data, but also processes certain data for its own purposes. Information on the data protection of Google Analytics can be found here , and if you have a Google account yourself, you can find further details here.

We may use YouTube video player to embed videos uploaded to YouTube within our website. This service is provided by Google Ireland Ltd (Google Building Gordon House, Barrow St, Dublin 4, Ireland). When accessing a subpage of our website with an embedded YouTube video, the information that you have accessed this subpage will be transmitted to Google. Additionally, Google collects data such as log files, your IP address and information related to your Google or YouTube user account, if you are logged in at that moment. Further details can be found here.

We may provide Facebook with user information, such as email addresses, for the purpose of advertising on Facebook. Facebook matches these with corresponding details of its members in order to be able to play advertising specifically to our users («Custom Audiences»)]. You can object to this matching at any time (see sec. 10). Our websites may use the so-called «Facebook Pixel» and similar technologies of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland («Facebook»). We use these technologies to display the Facebook ads placed by us only to users on Facebook and on partners cooperating with Facebook who have shown an interest in us. We can further use these technologies to track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called «conversion measurement»). Further details can be found here. We share responsibility (but not further processing) with Facebook for displaying advertising information that matches users’ interests, improving ad delivery, and personalizing features and content. We have therefore concluded a corresponding a supplementary agreement with Facebook. Users can therefore address requests for information and other data subject requests in relation with shared responsibility directly to Facebook.

  1. Are there other processing purposes?

Yes – these are the most common (though not necessarily frequent) purposes:

  • Communication: When we are in contact with you, we process information about the content of the communication and the nature, time and place of the communication. We may also process information for proof of identity. If you contact us through a form on our website, we will process the data provided to us as mandatory or voluntarily. Telephone conversations with us may be recorded; we will inform you about this at the beginning of each interview. If you do not want us to record such conversations, you have the option at any time to break off the conversation and contact us in another way (e.g., by e-mail).
  • Job applications: When you apply for a job, internship or as a volunteer with us, we process key personal information such as name, contact details as well as information related to the position, your application and previous employments/experiences to assess your suitability for the role. We may also collect personal data that you have published, e.g., in job-related online profiles, and from third parties giving a reference, with your separate consent.
  • Compliance with law: We may process data and disclose data to authorities as required under applicable law and internal regulations.
  • Legal proceedings: If we are involved in legal proceedings (e.g., before a court or administrative body), we process data for example about parties to the proceedings and other persons involved, such as witnesses or respondents, and disclose data to these parties as well as courts and authorities, possibly abroad.
  • Prevention: We process data to detect and prevent criminal data and other misuses, e.g., in the context of fraud prevention or an internal investigation.
  • IT security: We process data to monitor our IT assets and keep backups and archives of data.
  • Competition: We process data about competitors and the market environment in general (e.g., the political landscape, relevant industry associates etc.), including data about key people such as their name, contact details, role or function and public statements.
  • Transactions: If we sell or acquire assets, we may process data to some extent in order to prepare for and carry out transactions, such as data about key customers or their contact persons or employees and share such data with prospective buyers or sellers.
  • Other purposes: We process data for other purposes such as training and education, administration (e.g., contract management, accounting, enforcement and defense of claims, evaluation and improvement of internal procedures, and aggregated statistics.
  1. How do we share data with others?

We may disclose personal data if we participate in legal proceedings and generally where we are under a legal obligation to disclose data. We also use various services from third-party providers, in particular IT services (for example hosting or data analysis services or cloud storage), as well as services provided by banks, postal services, event organizers and consultants etc.

These recipients are not all located in Switzerland, in particular service providers, who can process personal data or use sub-processors abroad. Recipients may be in EU or EEA countries, but also in other countries worldwide. Not all countries provide an adequate level of data protection. We use appropriate safeguards in these cases, in particular EU Standard Contractual Clauses, which can be viewed here. In some cases we may also transmit data without such safeguards, e.g., if you provide separate consent or if disclosure is necessary for the a contract or for the establishment, exercise or enforcement of legal claims or overriding public interests.

  1. How long do we keep your personal data?

We keep your personal data as long as it is necessary for the processing purpose(s), or as long as we have a legitimate interest in keep data and under statutory retention obligations (for some data, for example, a ten-year retention period applies). When these periods have expired, we delete or anonymize your personal data.

  1. Anything else to consider?

Depending on the law applicable to our processing, processing is only permitted if it relies on specific legal grounds, such as under the EU General Data Protection Regulation (GDPR) (where it applies). In this case, we process personal data based on one or more of the following legal grounds:

  • Article 6 (1)(b) GDPR for processing that is necessary for the performance of a agreement with you, as well as for measures taken in order to prepare for or enter into an agreement (see section 3);
  • Article 6 (1)(f) GDPR for processing that is necessary to protect the legitimate interests of us or others, except where these interests are overridden by the interests or fundamental rights and freedoms of the data subject. This applies to our interest in carrying out our activities in a sustainable, customer-friendly, secure and reliable manner and communicating about them (including marketing; see section 4); statistics; ensuring information security; protecting against misuses; enforcing legal claims; complying with Swiss law; operating our website (see section 5).
  • Article 6 (1)(a) and article 9(2)(a) GDPR for processing that we carry out with your separate consent.

You are not under an obligation to disclose any data to us, except in some individual cases (e.g. where you cannot comply with a contractual obligation without disclosing data to us). However, we need to process some data for legal and other reasons when we conclude and execute agreements.

  1. What are your rights?

In accordance with and subject to some restrictions under applicable law, you have certain rights in relation with your personal data:

  • You can request a copy of your personal data and information about our data processing;
  • You can object to our data processing. Where the GDPR applies you have the right to object at any time to the processing of personal data relating to you in accordance with article 6(1)(f) GDPR, for reasons arising from your particular situation; this also applies to profiling based on these provisions. If we process personal data for direct marketing you can object at any time to that processing of personal data.
  • You can have inaccurate or incomplete personal data updated or completed;
  • You have the right to receive personal data that you have provided to us in a structured, common and machine-readable format, where the processing is based on your consent or is necessary for the performance of the contract;
  • If we process data on the basis of your consent, you can withdraw consent at any time, with effect going forward, and we may have a right to continue to process some data on other legal grounds.

You are also free to file a complaint against our processing with the competent supervisory authority, in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC).