Last Updated: July 17, 2020
BrightKey, Inc. ("BrightKey"/”Our”) is committed to protecting consumer privacy. This policy explains how BrightKey collects, processes, uses, and discloses information about you when you use our services and/or interact with our website.
Your use of BrightKey’s website, and/or receipt of Our services, constitute acceptance of this Policy.
This Policy explains our practices in the following areas:
- The types of information we collect about you;
- The way your information is used;
- The nature, frequency, and purpose of any disclosure of information that we may make, including the types of persons or entities to whom the disclosure may be made;
- Your rights under the Communications Act, 47 U.S.C. § 338(i); and
- If you are a California resident, your rights under the California Consumer Privacy Act.
If you have questions about this Policy or other matters, you may contact us by phone at (301) 604-3305, email us at email@example.com, or mail to 60 West Street, Third Floor, Annapolis, MD 21401.
I. Types of Information we collect and how we collect it
The following are specific types of information we collect from customers and visitors to our websites.
"Account Information" means information about your BrightKey customer account (if you have one). This information includes, but is not limited to, your name, address, e-mail address, telephone number, and login information. We collect Account Information directly from you during our customer onboarding ‘discovery’ phase, and when you make changes to your account, or purchases services from us. We may combine information we obtain from the public arena with Account Information we collect.
"Commerce Information" means personally identifiable information (“PII”) about you that enables Our commerce partner(s) to fulfill your request to participate in a business transaction. This information can include, but is not limited to, your name, address, phone number, inquiry information, email address, order information, order history, and business/association affiliation and membership. Commerce Information is only collected directly from you. We only disclose to third parties the information necessary to complete the transaction. For example, we share your telephone information with our telephone provider, Mitel. We share your order information, name, and address with common carrier (i.e. fulfillment partners, such as USPS, FedEx, and UPS), and we share your payment card information (“PCI”) with payment processors like PayPal. In addition to fulfilling your business transaction, commerce partners given your information may also use your Commerce Information to send you other information in which you might be interested, consistent with its own privacy policies (e.g. order tracking information). BrightKey does not sell or otherwise market any PII or PCI.
“Contact Information” means PII that may be used to contact you. This information includes, but is not limited to, your name, address, phone number, email address, business/association affiliation, and initial inquiry information. This information is collected when you call BrightKey, use the ‘contact us’ form on Our website, or us the chat function on Our website. In some bases, we also obtain PII from third parties, such as through search engine searches that return results that include BrightKey webpages.
II. Use of Customer Information
We use Customer Information to contact you, tailor your experience, address your inquiry, process your application or business transaction, deliver Our services, and to understand your needs so we can offer and provide you the most suitable services. For example, we may use your name, phone number, address, and/or e-mail address to:
- Inform you of the different shipping costs of our fulfillment partners;
- Provide order tracking information and updates;
- Provide customer support; and
- Solicit your feedback from your customer experience or improvement suggestions for our clients.
III. When we share your information with third parties
We do not share your PII with third parties, except as outlined below.
Industry Affiliates: We may share your information, including but not limited to PII and PCI, with other entities (and their affiliates) in the association, professional services, order fulfillment, and/or mail industry with whom we have a contractual relationship related to BrightKey’s business, specifically including but not limited to, our telephone provider (Mitel), common carriers (i.e. USPS, FedEx, and UPS), payment processors (e.g. PayPal). Information shared with these "Industry Affiliates" may be used only to support your use of BrightKey’s services, and Our Industry Affiliates' products and services needed to support BrightKey’s services.
Legal Requirements & Professional Services: BrightKey may share your information if it believes in good faith that such disclosure is: a) necessary to comply with legal process, b) in response to legal claims, suits, or demands, c) necessary to protect personal safety, property, or other your/third party rights/Our rights and/or the rights of our service providers, or d) as part of a sale or assignment of all or a part of our business. BrightKey may also disclose your to any person performing audit, legal, accounting, operational or other similar services for BrightKey. Whenever reasonably possible we will require any recipient of your information for these purposes to agree in writing to hold the information in confidence, to use the information only for the permitted purpose, and to return or destroy the information when the services are completed.
We may share with third parties certain pieces of non-personally identifiable information and aggregated non-personally identifiable information, for example, the number of customers located in a certain geographic area that visit Our website. Such information will not identify you, or be capable of identifying you, individually.
IV. Opting Out of Marketing Communications
BrightKey may periodically send you messages via e-mail, telephone or traditional postal mail about services or information that we think may be of interest to you (e.g. order tracking information). In addition, as provided above, BrightKey may make your information available to third parties for the purpose of marketing such products or services.
You can choose not to receive marketing messages promoting BrightKey or third party products or services from us and third parties in the future by:
- e-mailing us at firstname.lastname@example.org (please put "Opt-Out" in the subject line); or
- writing us at BrightKey, Inc. Attn: Data Security Officer, 60 West Street, Third Floor, Annapolis, MD 21401.
Upon receipt of your opt-out request, BrightKey will take the required actions within a reasonable period of time; however, we cannot guarantee that such removal will be immediately effective.
V. How long we keep Customer Information
Depending on the type of information collected and its purpose, BrightKey retains your information for:
- A minimum of 90-days; and
- A maximum of 7 years.
This retention period is subject to contractual requirements and the ‘Right to be Forgotten’ as provided by the GDPR (EU and Member States), and similar, applicable legislation.
VI. How we protect the security of Customer Information
BrightKey maintain technical, administrative, and physical security measures designed to protect your information. We take reasonable steps to protect your information by using security technologies and procedures that limit access to our databases. Servers that store sensitive information are also physically and logically separated from production servers. However, no system is completely secure or error-free. We do not, and cannot, guarantee the complete security of any stored or in-transit information.
VII. Online credit card transactions
BrightKey protect the security of credit card transactions on the Internet by using a secure and encrypted technologies. As a PCI-DSS Level 2 Service provider, we maintain credit card information collected during transactions in a secure database for fraud prevention and accounting and billing purposes. Stored information from credit card transactions is not released to third parties except i) to process the business transaction for which the information was provided; or ii) in response to legal process.
VIII. A Note for Parents Concerning Privacy
BrightKey’s website is not directed to children and we do not encourage children to participate in providing us with any PII. If we learn that we have collected personal information from any person under 16 years, we will delete that information as quickly as possible. If you believe that we might have any information from a person under age 16, please contact us at email@example.com. We strongly recommend that persons under age 16 use our services only under the approval and supervision of their parents or legal guardian(s). We support the guidelines and regulatory requirements provided in the Children's Online Privacy Protection Act of 1998 (COPPA).
IX. International Transfers of Information
BrightKey occasionally receive information from international sources. Unless proscribed by applicable legislation, information about you may be transferred to, or accessed by, entities located in countries outside of your home country. To protect your information, any such international transfers will be made in accordance with applicable law, and only if required to perform the services and/or to meet contractual obligations.
XI. Information for Residents of California
- The California Consumer Privacy Act (“CCPA”)
- Personal Information We May Collect
The table below shows the types of personal information that BrightKey has collected during the past twelve (12) months, the sources of the information, and the business or commercial purposes for which we may use that information. For all types of personal information collected, we disclose data to our service providers and other third parties to help us accomplish the business purposes described below. The examples given in each category are illustrative only, and are not exhaustive.
Types of Personal Information Collected
Sources of Personal Information
Business and Commercial Purposes
Identifiers (e.g., name, address, e-mail address, account login details)
Commercial Information (e.g., orders/products/services inquired about, obtained, or purchased)
Internet or Network Activity (e.g., IP address, browser and operating system, referral URL, pages viewed, date/time of visit, and search criteria)
Geolocation (physical location of device)
Inferences drawn from any type of collected personal information (e.g., interest in services)
Financial Information (e.g., credit card information, bank account information)
iii) Your CCPA Rights
No more than twice (2 times) per every twelve (12) months, and upon appropriate verification, you may request access to any personal information we have collected and maintained about you over the preceding twelve (12) month period. You may also request information regarding the use and disclosure of any personal information we have collected and maintained about you. You may only make such requests twice (2) per every twelve (12) months.
Subject to certain exceptions, you have the right to request that we delete personal information collected and maintained about you. We will delete your personal information once your request has been verified and we have determined that applicable law requires us to delete that information. Your request to delete your personal information may be denied if it is necessary for us to retain your information under one or more of the exceptions listed in the CCPA. A record of your deletion request may be kept to comply with legal obligations.
iv) Exercising Your Rights
To exercise your rights to access and deletion, please submit a request to us by either:
- Emailing us at firstname.lastname@example.org; or
- Calling us at 301-604-3305.
Consumers have a right to receive non-discriminatory treatment in the exercise of their CCPA rights.
v) Verifying Your Request
Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In exercising your rights of access to and/or deletion of your personal information, your request must be verified before we can respond to the exercise.
Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information or a person authorized to act on your behalf (e.g., previous transactions of person to whom request relates).
The personal information you provide in order to verify your request will only be used to verify the request, and not for any other purpose. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority.
BrightKey reserves the right to charge a reasonable fee or refuse to act on a request if the request is excessive, repetitive, or manifestly unfounded.
vi) Your California Privacy Rights under the "Shine the Light" Law
Section 1798.83 of the California Civil Code (a separate law from the CCPA) provides that residents of California have the right to obtain certain information about the types of personal information that companies with whom they have an established business relationship (that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. If you would like to submit a request pursuant to this law, please contact us via email at email@example.com with the subject line “CA Civil Code”.
vii) Do Not Track
We currently do not respond to any Do Not Track signals or similar signals.
viii) Contacting Us
If you have any questions regarding our CCPA privacy practices, please contact us via email at firstname.lastname@example.org with the subject line, "CCPA Policy".