Online Privacy Notice
Bright Consulting respects your privacy and is committed to protecting it to the extent possible, subject to applicable state law and European General Data Protection Regulation, through our compliance with our privacy policies and this Privacy Notice.
This Notice applies to the information that we collect when you visit the Bright Consulting website https://www.bright.consulting and other websites that we own or control, and on which we have linked or referred to this Notice (together, the “Sites”). This Notice describes how this information is collected, processed, maintained, protected, and disclosed and to whom it is shared. Unless otherwise indicated on a specific Site, Bright Consulting is the data controller for all information collected under this Notice. Contact information for the Bright consulting is listed at the end of this Notice.
This Notice does not apply to information collected from or about current or former employees, contractors, volunteers, and other workers at Bright Consulting as part of their employment or working relationship with Bright Consulting.
Except as specifically described, our Sites are operated in accordance with Bulgarian laws. Please read this Notice carefully to understand our policies and practices regarding your information and how we will treat it. This Notice reflects the Company’s current practices and may change from time to time, so please check the Notice periodically for updates.
Personal information we collect and process
In this Notice, “personal information” means any information that identifies or describes an individual user of the Sites, including, but not limited to, the user’s name, social security number, physical description, address, telephone number, education, financial matters, medical or employment history, password, email address, individual’s photo, and information that reveals any network location or identity. If you are located in the European Economic Area (EEA), “personal information” includes all personal data as defined under EEA laws (including “sensitive personal information” which is provided enhanced protections under those laws).
We collect personal information about users only as allowed by law and limit the collection of personal information to what is relevant and necessary to accomplish a lawful purpose of the Company. We collect personal that you send to Bright Consulting, or permit us to obtain from third parties, for purposes relevant to Bright Consulting operations in pursuit of our mission. Examples include information needed for employment, event registration and website functionality enablement. Our legal basis for processing most of this information is to perform a task in the company interest or in fulfillment of Bright Consulting official functions or under applicable state law. Other legal bases for processing information include processing necessary for contract (e.g., employment), for legitimate interests (e.g., to send requested information) or consent (e.g., to process certain personal information).
User-Provided Information: You may be required to provide personal information to access or use certain parts of our Sites, or features of our Sites or services, including without limitation, when you apply for or enroll at one of our job advertisements, subscribe to a newsletter or email list, fill out a form, special events or promotions, contact us with a comment, question or complaint, etc. If you do not provide the requested personal information, you may not be able to access or use the features of our Sites or service where such information is requested.
Depending upon the nature of the transaction, the personal information that you may provide may include: contact information (name, home or mailing address, telephone number, social media username/handle, mobile phone and/or email address, etc.); professional interests; social security number and/or uniform civil number (EGN), etc.); demographic information (age, birthdate, marital status etc.);
Emails and Social Media Sites: If you correspond with us by email, mail or via social media, we may retain the content of your communication or social media posting, the email or social media account address from which it is sent, and our response. We collect information automatically using technology when you visit our Sites or social media pages or when you open one of our emails as described in this Notice.
The specific personal information we collect, why we collect it, and our legal basis for processing it, is periodically reassessed in applicable data process flow assessments or Data Protection Impact Assessments, as relevant.
It is the policy of the Bright Consulting to limit the collection and safeguard the privacy of personal information collected or maintained by the Company. The Company’s information management practices conform to the requirements of the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT and in conjunction with applicable Bulgarian laws pertaining to information privacy. In the event of a conflict between this Notice and the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT, or other law governing the disclosure of Company records, the applicable law will control.
Any information acquired by the Company through the Sites is subject to the limitations set forth in the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT. Bright Consulting will not distribute or share electronically collected personal information about users to any third party without the permission of the user, except in narrow circumstances set forth in this Notice. The Company will not sell any electronically collected personal information to any third party.
How we use the information we collect
We use information that we collect about you or that you provide to us (or through third-party vendors), including any personal information:
- To provide you with information that you request from us.
- To process application, registration and when you apply to our open positions, events or otherwise administer your participation in our events
- To process contact requests from customers
- To process registration for other company events.
- To respond to your questions, requests, comments or complaints and determine your satisfaction with our events and services.
- To operate, maintain, and provide to you the features, services, and functionality of the Sites and its contents, and to monitor and improve our site and the user experience.
- To provide information about our Company and send you related information including brochures and other Company materials, confirmations, and support and administrative messages.
- To notify you about changes to our Sites or any services we offer or provide through it.
- To compare and review your personal information for errors, omissions and accuracy.
- To prevent, detect or investigate any fraudulent, abusive or illegal act.
- To allow you to participate in interactive features on our Sites.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
- We may also use your personal information for operational and other lawful purposes such as security, analytics, operations, fraud detection and prevention, reporting, making back-ups and legal compliance.
At the time we collect personal information, we strive to tell users about the purpose for which the information is collected as well as the general or specific uses that we will make of that information.
International transfer of personal information: Personal information provided to us by users will not be transferred to other countries. By providing us with your information, you acknowledge that your personal information will not be transferred to other countries and processed on servers outside the European Union. However, all reasonable steps will be taken to protect your privacy in accordance with applicable data protection laws.
User Content: Any personal information or content you voluntarily disclose for posting to the Sites (for instance, any content you post) (“User Content”) becomes available to the public via the Sites. User Content includes, but is not limited to, comments, photos, videos, etc. If you remove User Content, copies may remain viewable in cached and archived pages or if other users have copied or stored your User Content.
We reserve the right to monitor the User Content you post on the Sites and to remove any User Content for any reason or no reason including, without limitation, if in our sole opinion, such material violates, or may violate, any applicable law, or to protect or defend our rights or those of any third party. We also reserve the right to remove User Content upon the request of any third party.
Cookies Information: When you visit the Sites, we may send one or more cookies – a small text file containing a string of alphanumeric characters – to your computer that uniquely identifies your browser and lets us help you log in faster and enhance your navigation through the Sites. A cookie does not collect personal information about you. We use both session cookies and persistent cookies. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the Sites. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Sites or services may not function properly if the ability to accept cookies is disabled.
Clear Gifs Information: When you use the Sites, we may employ clear gifs (also known as web beacons) which are used to track the online usage patterns of our users anonymously. No personal information is collected using these clear gifs. In addition, we may also use clear gifs in HTML-based emails sent to our users to track which emails are opened by recipients.
We do not engage in the collection of personally identifiable information about users’ online activities over time and across third party websites when an individual uses our Sites.
Log File Collection Policy
Log File Information: Log file information is automatically reported by your browser each time you access a web page. When you register with or view our Sites, our servers automatically record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol addresses or other device identifiers, browser information, Internet Service Provider, operating system, location, date/time stamp, clickstream data, referring/exit pages and URLs, domain names, landing pages, pages viewed, and other such information.
How we share your information
We fully cooperate with law enforcement agencies in identifying those who use our Sites or services for illegal activities. We may report to law enforcement agencies any activities that we in good faith believe to be unlawful. Release of your personal information for security purposes, as described in this Notice to any person or entity, including, without limitation, in connection with any government investigation or litigation, shall be based on a determination made solely by us, as permitted by law or, for those not in the EEA, exercising our discretion for which you expressly grant permission to us in accordance with this Notice.
How we protect your information
We take reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your personal information against loss, unauthorized access, and illegal use or disclosure. Such personal information is stored by Bright Consulting in secure locations and Company staff is trained on procedures for the management of personal information, including limitations on the release of information. Access to personal information is limited to those members of the Company’s staff whose work requires such access (e.g., HR, Accountancy, Payroll, Team Leaders employees). Confidential information is destroyed according to the Company’s records retention schedule. Bright Consulting conducts periodic reviews to ensure that proper information management policies and procedures are understood and followed.
The security of your personal information is important to us, but please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot ensure or warrant the absolute security of any information you transmit to the Sites, and you do so at your own risk. Once we receive your transmission of information, we make commercially reasonable efforts to ensure the security of our systems. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. While we strive to protect your personal information and privacy, we cannot guarantee the security of any information you disclose online.
We encourage all individuals to use appropriate safeguards to secure their computers and the information on those computers.
In the event that personal information is compromised as a result of a breach of security, we will promptly investigate and notify those persons whose personal information has been compromised in accordance with the notification procedures set forth in the Bright Consulting Information Security Policy, or as otherwise required by applicable law.
Links to Other Websites: We are not responsible for the practices employed by websites linked to or from our Sites nor the information or content contained in them, and we make no warranty, either express or implied, concerning the content of any such site, including the accuracy, completeness, reliability, or suitability of them for any particular purpose, nor do we warrant that any such site or content is free from any claims of copyright, trademark, or other infringement of the rights of third parties, or that any such site or content is devoid of viruses or other contamination. We may provide links to other websites to you solely as a convenience, and the inclusion of linked sites does not imply endorsement by Bright Consulting of any of the linked sites. Please remember that when you use a link to go from our Sites to another website, our Notice is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our Sites, is subject to that website’s own rules and policies. Please read over those rules and policies before proceeding. We do not ensure the security of your personal information if you visit websites not belonging to Bright Consulting, nor are we the data controller for any information collected on those sites unless we specifically state so. We further reserve the right to terminate a link to a third-party site at any time.
We comply with all applicable regulations regarding data retention and deletion of personal data and retain personal information only for as long as necessary to fulfill the purpose for which it was collected (including for business operations), for strategic planning, and to comply with applicable laws and retention requirements. You can ask to review, update or make changes to the personal information we maintain about you, or exercise your option of having your personal information discarded without reuse or distribution, by sending a written request to the postal or email address set out below. We may take a reasonable period of time to respond. If you request the deactivation or change of information on our system, such information may be retained in our backup systems for a period of time subject to technology restrictions, or as a precaution against systems failures. Some information may be retained for longer periods as required by law, contract or auditing requirements or as otherwise described in this Notice.
You have the option to decline providing information about yourself online and may use other methods, such as mail, to respond to requests for information or to communicate with us. You may use the contact information listed below to ask about additional alternatives to providing or obtaining information through use of our Sites.
By providing us your email address, you consent to our use of your email address to send you Site and service-related notices, including any notices required by law, in lieu of communication by postal mail. We may also use your email address to send you other messages, including, but not limited to, newsletters, events, legal updates, and changes to features of our Sites or services, or other account information. Where required by law or regulation, we will obtain your consent before sending you specific types of email or other communications.
You can choose not to receive such emails from us by “unsubscribing” using the instructions in any email you receive from us, or by sending a written request to the postal or email address set out below. It may take up to thirty (30) days for us to process your request. This will not stop us from sending emails about your account or your transactions with us, or any other service-related email. Opting out does not affect our communications with you via telephone or mail nor does it affect our use of your non-personally identifiable information as described in this Notice.
European Economic Area (EEA) Data Subject Rights
If you are an individual located in the EEA only, you have certain rights with regard to your personal data collected while you are in the EEA. These rights may include right of access, right of correction, right to be forgotten, right to restrict processing of your identifiable personal information, right to notice related to changes/deletion/processing limits, right to data portability, right to objection, right not to be subject to decisions based solely on automated processing, and right to withdraw consent. Some of these rights are restricted by law to information that was collected on the basis of explicit consent, or are restricted by other conditions (such as necessity for contract or to comply with the law). You have the right to contact us in connection with the exercise of your rights under applicable Data Protection Regulation, which you can do through the contact information below, or by sending an email to firstname.lastname@example.org. We will respond to your written request without unreasonable delay and in accordance with any deadlines imposed by law. Unless we notify you at the time of your request, we will not charge you any fee in connection with the exercise of your rights. However Bright Consulting reserves the right to apply charges for any duplicates of requests by your side. If you are not satisfied with our response, you have the right to complain to or seek advice from a supervisory authority and/or bring a claim against us in any competent jurisdiction.
We reserve the right to modify this Notice at any time. It is our right to provide notifications, whether such notifications are required by law or are for other operational purposes, to you via email notice, written or hard copy notice, or through conspicuous posting of such notice on our Sites page, as determined by Bright Consulting in its sole discretion. We reserve the right to determine the form and means of providing notifications to you, provided that you may opt out of certain means of notification as described in this Notice. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Sites and this Notice to check for any changes.
For changes to our Privacy Notice, it is our policy to post any changes we make on this page. The date the Notice was last revised is identified at the top of the page. Your continued use of the Sites after any change in this Notice will constitute your acceptance of such change.
If you have any questions about this Notice or the practices of our Sites, you may contact us via:
Mail: Bright Consulting JSc;
1407 Sofia, Bulgaria; 2B Srebarna str.
Data Controller’s contact information:
Bright Consulting JSc.
Address:1407 Sofia, Bulgaria; 2B Srebarna str.
Company representative: Angel Kanchev
E-mail address: office-at-bright.consulting