BRIGHT Privacy Policy

We take the privacy of your personal information very seriously. We understand how important your privacy and the protection of your personal data is to you. The following Privacy Policy explains how we protect personal data that we collect, store, use, transfer, and otherwise process.

If you have any questions regarding this Privacy Policy or do not feel that your concerns have been addressed, please direct your questions through the “How to Contact Us” section at the end of this Privacy Policy.


Personal Data means any data that relates to an identified or identifiable natural person.

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

You means any individual person identified or identifiable by personal data, as relevant for the context in which it is used in this Privacy Policy.

Responsibility for Your Personal Data

Bright is responsible for the processing of your personal data under this Privacy Policy. Bright consists of the following legal entities: Charity number: 1064857

You may contact the company regarding any questions or complaints as specified in the “How to Contact Us” section below.

Categories of Individuals About Whom We Process Personal Data

We process personal data from or about the following categories of individuals:

  • applicants to work or volunteer with Bright (whether as an employee, Trustee, contractor, or consultant (Job Applicant Data);
  • Users of the Bright websites (Website Data);
  • Individuals who are donors to Bright or other business contacts with whom we interact or seek to establish a relationship with (Contact Data);

Categories and Sources of Personal Data Processed

  • We may collect and store various types of personal data about you, depending on the category in which you fall and the reason for which the personal data is processed. The following is a general summary of the personal data about you that we may process in each category, the sources of such personal data, and the purposes for processing:

Job Applicant Data

  • When you apply for employment or to volunteer with Bright (whether as an employee, contractor, volunteer or consultant).
  • Categories of Job Applicant Data: The Job Applicant Data we collect and process varies by the roles and responsibilities for the position you are applying for with Bright, and our needs.  Such personal data may include:
    • Individual Data:  Your name, address, telephone and/or mobile telephone number, e-mail address, gender, marital status, date of birth/age, citizenship, relevant tax identification number(s), passport number, prior employers, education, prior employment history, including salary information, results of criminal background screening, visa information, emergency contact information, name change information,  CVs, etc.; and
    • Other Data About You: Any additional personal data that may be included on documents you submit or we obtain as part of your application, such as information contained on any employment application or cover letter, curriculum vitae or resume, diploma, transcript, license, statement of good behaviour, background screening, employment contract, any related documents, reference check, identification card, request for leave, benefits, etc., and information collected from publicly available resources, professional license databases, and credit agencies, where applicable, or data that you voluntarily submit concerning your sexual orientation.
  • Sources of Job Applicant Data: We obtain Job Applicant Data about you (i) directly from you, (ii) from our other employees, Trustees and volunteers, and (iii) from third parties, such as government agencies and references that you provide to us, as well as from publicly available sources, such as websites.
  • Purposes and Legal Basis for the Processing: Your Job Applicant Data is processed for the purpose of establishing and maintaining your relationship with us (whether as a Trustee, volunteer, employee, contractor or consultant). The legal basis for such processing is that it is: (i) necessary for entering into and/or performing your employment relationship with Bright, (ii) necessary for compliance with one or more legal obligations to which Bright is subject (e.g., reporting to governmental or taxing authorities), and/or (iii) necessary for the purposes of the legitimate charitable interests pursued by Bright.

Website Data

  • You do not have to submit any personal data in order to use our Website.
  • Categories of Website Data: When you visit Bright’s Website, we may collect two types of data: (1) personal data about you that you voluntarily choose to provide to us, and (2) information related to your activities on Bright’s Website that we automatically collect as you interact with the Website (Website Usage Information).
  • Information You Voluntarily Provide:  We collect personal data that you voluntarily provide in response to requests we may make at various places and through various mechanisms on Bright’s Website. The personal data we collect is business-oriented data and is usually limited to contact information necessary for the relationship, such as name, company name, job title, and email address. We may collect such information, for example, when you fill out and submit a form, such as if you register for an event, register to receive a newsletter or email communications, when you submit an inquiry or request to us using a form or e-mail address link on the Website, and when you send an email to a Bright’s address or Bright’s mail list that is listed on our Websites. In such case, we will collect whatever personal data you voluntarily provide in response to our request.
  • Special Categories of Personal Data: In connection with the registration for and provision of access to an event or fund raising activity, we may ask for specific information. Any use of such information is based on your consent.
  • Website Usage Information and Cookies: Our Websites uses cookies for analytical and functionality purposes that allow us to improve our website based on visitor experience. Cookies are small text files placed on a computer hard drive to record a visitor’s information such as user ID and browsing behaviour. Our cookies do not collect any personal data such as your name or email address.

We use the following types of cookies:

(a) Necessary cookies. These are cookies that are required for the operation of our Website. They include, for example, cookies that enable the website to perform as intended and to access secure areas of our Website.

(b) Analytical/performance cookies. They allow us to recognize and count the number of visitors and repeat visitors, to see how visitors move around our Website when they are using it, to see which search engine is being used to access our website, the region a visitor is browsing from, and the type of device a user is visiting from. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily. We may use third-party services, currently Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. This information is only processed in a way that does not identify anyone. To opt out of being tracked by Google Analytics across all websites, visit

  • If you do not wish to receive cookies, most browsers allow you to change your cookie settings. Please note that if you choose to change cookie settings you may not be able to use the full functionality of our Website. These settings will typically be found in the “options” or “preferences” menu of your browser. Further, most browsers permit individuals to decline cookies. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit or
  • Links to Third Party Websites.  The Websites may contain links to other third party websites (including but not limited to publications containing articles written about Bright, all of which are separate legal entities whose information practices may be different from ours. This Privacy Policy does not cover any such third party websites. If you provide personal data to such third party websites all information you disclose will be subject to the Privacy Policy and practices of such third parties. We are not responsible for the privacy policies and practices of such third parties and, therefore, you should review the specific privacy policies posted on those websites prior to submitting personal data to them.
  • Information about Children. Neither our Website nor any of our fundraising activities are directed to children younger than age sixteen (16). We do not knowingly collect personal data from children under the age of sixteen (16) via the Website and we will delete any such information later determined to be from a person younger than age sixteen (16).
  • Sources of Website Data: We obtain Website Data about you (i) directly from you if you voluntarily choose to enter personal data on our Website, and (ii) from the data analytics software, cookies, and web beacons that we may use on our Website.
  • Purposes and Legal Basis for the Processing: We process Website Data for the purposes of building relationships with existing and potential donors and other interested parties, communicating with such parties, and analyzing and improving our Website. This includes keeping such people informed of the latest updates of our activities. Such processing is done in furtherance of and is necessary for the legitimate interests pursued by Bright.

Contact Data

  • As any Charity, we collect, receive, and process Contact Data regarding our donors, potential donors, and other third parties (e.g., vendors and other business and professional contacts) with whom we may interact from time to time.
  • Categories of Contact Data: The Contact Data that we collect and process typically consists of information such as name, title, position, employer, email address, other business contact data (e.g., business card data), and similar relationship type data. Such Contact Data may also include details of your visits to our offices.
  • Sources of Contact Data: We obtain Contact Data about you (i) directly from you, such as when you seek to interact with us as a volunteer or a donor, attend an event or sign up to receive newsletters, emails, or other information from us, or when you or your organization offer to provide or provide services to us (ii) from others (iii) from third parties, such as government agencies, and (iv) from publicly available sources, such as websites (e.g., LinkedIn, your business’ website, etc.).
  • Purposes and Legal Basis for the Processing: We process Contact Data for the purposes of fundraising and other charitable initiatives of Bright, building and managing relationships with existing donors and other interested parties, communicating with such parties, and generally operating our charity. Such processing is done in furtherance of and is necessary for the legitimate charitable interests pursued by Bright. It may also be done to comply with our legal obligations (such as record-keeping obligations), compliance screening or recording obligations, and financial and credit check and fraud crime prevention and detection purposes.

Sharing of Personal Data

  • We may share selected personal data about you with the following parties or in the following circumstances.
  • Third Party Service Providers.  We may share personal data about you with third parties who perform services for us or on our or our clients’ behalf, for the limited purpose of carrying out such services. This includes, without limitation, third parties that assist in managing our organization, hosting or administering our Website or other systems, sending communications on our or our donor’s or Trustee’s behalf, maintaining or analyzing our data, providing marketing assistance, or in providing other services to us or our donors. It also includes third parties providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared.
  • Clients and Other Parties. We may share selected personal data about you with experts, consultants and other persons or entities to the extent reasonably necessary or appropriate for the proper management of our charity.
  • Corporate Change. We reserve the right to disclose and transfer personal data about you in connection with a charity merger, consolidation, restructuring, financing, sale of substantially all assets, or other organizational change.
  • Legal Requirements and Law Enforcement. We may disclose personal data about you when we believe in good faith that the law requires it; at the request of governmental authorities conducting an audit or investigation; pursuant to a court order, subpoena, or discovery request in litigation; to verify or enforce compliance with our agreements or policies and applicable laws, rules, and regulations; or whenever we believe disclosure is necessary to limit our legal liability or to protect or enforce the rights, interests, or safety of our website, its users, or other third parties. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful.
  • We may also share personal data about you in accordance with any express consent you or your authorized agent give us which is specific to the purposes of the processing which you will be informed about at the time we request such consent. You do not have to give such consent.  If you do give consent, you may withdraw it at any time by contacting us (see “How to Contact Us” section below), however please be aware that such withdrawal will not affect the lawfulness of personal data collected and processed prior to the date of your withdrawal of consent.

Cross-Border Transfers of Personal Data

  • Some of our offices are located in different countries.  Whenever we transfer personal data from one country to another, it will do so in compliance with applicable privacy and data protection law.

Data Retention Period

  • All personal data retained by the us will be deleted when such personal data are no longer necessary for the purposes for which it was processed, unless applicable law requires a longer retention period.

Your Rights as a Data Subject

  • To the extent provided by applicable law, you have the following rights:
    • To request access to the personal data that we hold about you and to request that we rectify or erase it;
    • To request a copy of the personal data that we hold about you;
    • To request a transfer of your personal data from us to another data controller;
    • To request restriction of processing of your personal data or object to its processing.
  • We do not impose any charge for these requests.  For any such request, you can contact us by e-mail, postal mail, or phone as specified in the “How to Contact Us” section below. We will endeavour to respond to all reasonable requests in a timely manner, but in no event longer than the amount of time required by applicable law.
  • To the extent we not the controller of your data, we will notify the controller of your request if required by applicable law.

Updating personal data about you

  • If any of the personal data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, please contact us as specified in the “How to Contact Us” section below. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.

Withdrawing consent

  • Where the lawful basis of our processing under the EU General Data Protection Regulation (GDPR) is that you have consented to it for a particular identified purpose, you have the right to withdraw that consent at any time. To do so, please contact us as specified in the “How to Contact Us” section below. If you do withdraw consent, this will not affect the lawfulness of any processing that was based on your consent before its withdrawal.

Filing a Complaint

  • In addition to the foregoing, you have the right to lodge a complaint in respect of your data protection rights with the applicable supervisory authority for data protection in your jurisdiction.  If you are in the United Kingdom, that supervisory authority is the UK’s Information Commissioner’s Office:

Security of Personal Data

  • We have implemented appropriate technical and organizational measures (i) to ensure a level of security appropriate to the risks that are presented by BRIGHT’S processing of personal data, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed, and (ii) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services for the personal data.

Personal Data About Others that You Provide to Us

  • If you provide personal data to us about someone else, such as next of kin or an emergency contact you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Policy. In particular, you must ensure the individual concerned is aware of the various matters detailed in this Privacy Policy, as those matters relate to that individual, including our identity, how to contact us, our purposes for collection, our personal data disclosure practices (including disclosure to overseas recipients), the individual’s right to obtain access to their personal data and make complaints about the handling of their personal data, and the consequences if the personal data is not provided (such as our inability to provide services).

Changes to this Privacy Policy

  • We reserve the right to modify or amend this Privacy Policy at any time. The current version of this Privacy Policy will be published on our Website.

How to Contact Us

  • For any questions about this Privacy Policy, to exercise any of your rights listed above, or for any questions or complaints regarding the manner in which we handle or protect personal data, we can be contacted as follows: