Last Updated April 22, 2022
At BrightWork, we take privacy, and the security of personal data, very seriously. We are committed to protecting your personal data and your fundamental privacy rights.
This Privacy Statement covers how BrightWork handles all personal data you provide to us whether you visit and/or interact with our website, contact us via email, phone or social media (such as LinkedIn or Facebook), through use any of our products and services, or in person at BrightWork events. By using this website and submitting any personal data, you agree to the use by BrightWork of such data in accordance with this Privacy Statement.
Please read the following to learn more about:
- who we are;
- what personal information we collect about you and how we store, use and share your personal data;
- for how long we retain your personal data;
- how we secure your personal data;
- your rights under data protection legislation; and
- how to contact us or the relevant authority should you have a complaint.
Who We Are
The website to which this policy relates is operated by us. We are Aimware Ltd. doing business as BrightWork (“BrightWork”, “we” or “us”) with company number 241910 and whose registered address is Galway Business Park, Dangan, Galway, H91 P2DK, Ireland.
We are the ‘data controller’ for the information that we collect when you visit our website. That means that we are responsible for looking after your personal data in accordance with data protection legislation.
External Links to Other Websites
Please note that we operate another website [www.projectcentral.com] which has its own Privacy Statement, and you should review and understand this in relation to your use of that website.
Some of the pages on our websites provide links to other third-party websites and applications, which are not within our control. Clicking on those links, or enabling those connections, may allow third parties to collect or share data about you. BrightWork is not responsible or liable for the content of other third-party websites, or the protection and privacy of any information that you may provide to those websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies which we encourage you to read and understand prior to the submission of any personal data.
Collection and Use of Personal Data
The term ‘personal data’ means any information about an individual from which that individual may be identified. It does not, therefore, include data where the identity has been removed (anonymized data).
Personal data is collected either directly (for example when you purchase our products) or indirectly (for example where you are browsing our website) to help us better understand and enhance the experience of our customers and website users.
Data You Provide to Us
When you contact us via email, telephone, social media, or otherwise, or use and purchase any of our products or services, we may ask you to provide certain personal data. We ask you to provide information voluntarily, including, but not limited to:
- Your name and contact information including your telephone number and email address;
- Business / Company details include job title and address;
- Payment details and financial details;
- Your account details such as usernames and passwords; and
- Details of any feedback you give us, and this may be by phone, email, post or social media.
We will normally not seek to obtain personal data from you that is referred to as ‘Special Category’ personal data. Special category personal data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data.
Data We Automatically Collect
When you use our website, we collect personal data in order to monitor website usage and website traffic trends, such as:
- Your Internet Protocol (IP) address;
- The usage of our website including specific webpage(s) you visited, page response times, any download errors, the length of time you were on a particular page, how you interacted with the page (such as scrolling, clicks and mouse-overs), and how you browsed away from the page;
- Your geographic location (country and city);
- the type and version of the browser and the operating system you are using, including browser plug-in types and versions, to access our website;
- The date and time of your visit including your time zone;
- The referrer (the previous website you were using or whether you came to our website via an email link); and
- The type of internet connection you are using; platform and mobile network information.
How We Use Your Data
We will only use your personal data when the law allows us to do so, and where we have a proper reason for doing so. Our legal basis for processing your personal data will depend on the type of personal data and manner in which we collected it. Generally, BrightWork will collect and process your personal data only where we have your consent to do so, where we need the personal data to perform our contractual obligations to you, or where the processing is in our legitimate interests for the purpose of managing, operating or promoting our business, and that legitimate interest in not overridden by your data protection interests or fundamental rights and freedoms.
Most often, we will use your personal data in the following circumstances:
- Where you have given consent for one or more purposes for which it was provided to us, as stated at the point of collection, for example, to provide you with a BrightWork publication; register for a BrightWork Free Trial; request a demo; download a SharePoint Project Management Template; register for BrightWork webinars and/or events; or to create a BrightWork Customer Success Community Account.
- To operate and manage the website; providing content and other information to you; and communicating and interacting with you via our website.
- To provide you with the products and services that you may purchase; communicating with you in relation to those purchases and recommending content that may be of interest to you.
- To manage our communications and IT systems.
- To identify issues with, and plan improvements to the website. This may include taking such security measures as are appropriate, backing up the data we hold, and contacting you.
- To process transactions and send you related information, such as, order confirmations and invoices.
- In connection with credit control and credit reference checks in relation to the services we perform or the products we supply.
- To contact you with information about BrightWork products, services and events, and other information which may be of interest to you.
- To respond to your specific inquiries and comments.
- Where the use is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.
- Where the use is necessary for compliance with a legal obligation that we are subject to, or in order to protect your, or our, vital interests, or the vital interests of another natural person.
- Where the use is necessary for the purposes of our legitimate interests or those of a third party, except where those interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
Note that it may be necessary for us to process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
We will only send you marketing communications regarding our products and services if you provide us with your consent to do so. Our email communications may contain tracking technology that tells us if you opened the email and if you clicked on any of the hyperlinks within the email. This tracking technology helps us to analyze, review and improve the effectiveness of our marketing campaigns. If you decide, at any time, that you no longer wish to receive marketing emails from BrightWork you can opt-out by using the Unsubscribe link in our marketing emails. Or, you can email us at firstname.lastname@example.org. If you choose to unsubscribe, BrightWork will not process your personal data unless legally required to do so. BrightWork may need to share your contact information with third parties for the limited purpose of ensuring that you no longer receive marketing communications from them on our behalf.
Sharing of Personal Data
BrightWork does not, and will not sell or rent your personal data to any third parties. However, BrightWork does employ third-party service providers (such as, IT service providers) as an essential part of being able to provide our website, products and services to you. For example, facilitating marketing campaigns and events, analyzing data and statistics, and facilitating website improvements. Some third-party service providers may be located outside the European Union or the European Economic Area (EEA). Where a business partner third-party service providers processes data on our behalf, they are subject to binding contractual agreements based on our written instructions. We require that all our third-party service providers employ necessary security measures to protect the confidentiality and security of your personal data; together with any additional requirements under applicable law.
Additionally, we may share your personal data with any other person with your consent. We may share your personal data with law enforcement agencies, legal and regulatory authorities where BrightWork is required to comply with any legal obligation or applicable law, to enforce this Privacy Statement or any BrightWork agreements, or to protect the rights, property, or safety of BrightWork, our customers and employees.
Transfer of Personal Data Between Countries
From time to time, it may be necessary for us to transfer your personal data out of Ireland where, for example, those with whom we need to make contact on your behalf have offices outside of Ireland, where electronic services and resources are based outside of Ireland, or where there is an international element to your matter. Many of our servers and computer systems are currently based in the United States meaning personal data will be transferred, stored and processed in countries outside the European Economic Area (“EEA”). For example, if you complete an online form on our website, the contact information will be stored on BrightWork servers located in Ireland and the U.S., and may be shared with some of our third-party service providers who are located in countries outside the EEA.
Where this is the case, special rules apply to the protection of your data. Some countries have been assessed by the European Commission as providing adequate level of protection for personal data such as Canada, Japan, Argentina, the United Kingdom, and New Zealand. For countries that have not been assessed by the European Commission as providing adequate protection, we will always take steps to ensure that, wherever possible, the transfer complies with data protection law, and that your personal data will be secure. Transfer of personal data to countries outside the EEA is typically done on the basis of binding contractual agreements.
The personal data you submit to us will only be retained for as long as legally permitted and necessary for the purposes for which it was collected, or where we have a current legitimate interest to retain it. The retention period depends on the type of the personal data and the purposes of processing. For example, contact information about visitors, such as, mailing list information is kept until a user unsubscribes or requests that we delete that information.
Where we do not have a legitimate interest to process your personal data, or where you have withdrawn your consent, we will either securely destroy, delete or anonymize your personal data, or where this is not possible (for example, your personal data has been stored in backup archives), then we will securely store your personal data and segregate it from any further processing until deletion is possible.
BrightWork takes the security and protection of your personal data seriously. We have implemented reasonable physical, administrative, technical, and organizational security measures to protect all personal data from loss, misuse, unauthorized access or disclosure, alteration or destruction. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We acknowledge there is no method of transmitting, or storing personal data that is completely safe. BrightWork encourages you to use appropriate safeguards to secure your computers and the information contained on them in order to prevent unauthorized access to your personal data. If you have been given or have created account details which provide you with access to certain parts of the website (e.g. Customer Success Community), you are responsible for keeping those details confidential in order to prevent unauthorised access to your accounts. If you suspect that your password has been stolen or your data is compromised, then please let us know by emailing us at email@example.com.
Data protection legislation gives you, the data subject, various rights in relation to your personal data that we hold and process. You are entitled to the following data protection rights:
- Right of Access – The right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to that personal data and various other information, including the purpose for the processing, with whom the data is shared, how long the data will be retained, and the existence of various other rights (see below).
- Right to Rectification – The right to obtain from us, without undue delay, the correction or rectification of your personal data.
- Right to Erasure – sometimes referred to as the ‘right to be forgotten’, this is the right for you to request that, in certain circumstances, we delete data relating to you.
- Right to Restrict Processing – the right to request that, in certain circumstances, we restrict the processing of your data.
- Right to Object – The right, in certain circumstances, to object to personal data being processed by us where it is in relation to direct marketing or where the legal basis of the processing is legitimate interests. You have the right to opt-out of marketing communication we send you at any time. You can do this right by clicking on the “Unsubscribe” or “Opt-out” link in the marketing emails we send you. Or, you can contact us directly using the contact details provided under the “Contact Us” section below.
- Right to Data Portability – the right, in certain circumstances, to receive that personal data which you have provided to us in a structured, commonly used and machine-readable format, and the right to have that personal data transmitted to another controller.
- Right not to be subject to automated decision making – the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly affects you.
- Right to Withdraw Consent – Where we rely on your consent to process your personal data, you may withdraw consent at any time and you do not have to provide a reason for your withdrawal.
- Right to Lodge a Complaint – You have the right to lodge a complaint to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority as provided below.
If you wish to exercise any of the above rights, you may do so by contacting BrightWork by email at firstname.lastname@example.org or by post to Data Protection Officer, BrightWork, Galway Business Park, Dangan, Galway, H91 P2DK, Ireland. In making any request in this regard, please provide us with adequate information to allow us to identify you and to facilitate your request. We will respond to your query as quickly as possible, and within 30 days of receipt of your request.
You also have the right to make a complaint to the Data Protection Commission (DPC) at 21 Fitzwilliam Square South, Dublin 2, Ireland D02 RD28 or by phone at 01 765 0100 between 9:30 a.m. to 5:30 p.m. Monday to Friday. You can also engage with the DPC through other contact methods as set out on their website: forms.dataprotection.ie/contact.
Privacy Statement Updates
One International Place,
Galway Business Park,