BRIGHTEDGE PRIVACY POLICY

6. Sharing Your Information with Third Parties

BrightEdge may share information, including personal information, in the following circumstances:

• With a third party if we have your consent to do so;
• With our service providers to permit them to provide services that help us with our business activities, which may include assisting us with marketing, advertising our product/service offerings, events, fulfillment of orders/deliverables, data research and analytics, customer support and account management, or providing, maintaining and improving the features and functionality of the Site or use of our Service. For example:
  • We may provide Personal Information to our service providers for direct emailing of our newsletters or notifications of our product/service offerings.  We take reasonable steps to require that these service providers agree to process such information on our behalf and in accordance with our written instructions and appropriate security protections.  These third parties are authorized to use your personal information only as necessary to provide services to us or as required by law.
  • Our service providers may also provide artificial intelligence and generative artificial intelligence capabilities to analyze data, determine trends, make predictions, and create AI-generated responses or other content for lawful purposes described herein and pursuant to the features and functionality associated with the use of our Site and/or use of our Services.
• With our parent companies, subsidiaries and affiliates (and they may use your information in the same way we can under this Privacy Policy) to the extent such sharing of data is necessary to fulfill a request you have submitted via our Site or for customer support, marketing, technical operations, event registration and account management purposes;
• When we have a good faith belief that access, use, preservation, or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, including lawful requests by public authorities, for example to meet national security or law enforcement requirements, (b) enforce our Terms of Use or other applicable policies or agreements governing your use of the Site, including investigation of potential violations thereof, or (c) protect against imminent harm to the rights, property or safety of BrightEdge, its users or the public as required or permitted by law;
• With third parties (including our service providers and government entities) to detect, prevent, or otherwise address fraud, security or technical issues; and
• As we continue to develop our business, we may also sell all or part of our business. In such transactions, Personal Information you have shared with us is generally one of the business assets that will be transferred.

We may also share aggregated information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information we collected through our technology. If we are required under applicable law to treat such information as Personal Information, then we will only disclose it as described above. Otherwise we may disclose aggregated, non-identifiable information for any reason.

If you post comments on the Site, any Personal Information you post is publicly available, can be read, collected, or used by other visitors to the Site.  Please be mindful of the information that you may choose to post in open forums or other similar mechanisms on the Site.  See our Terms of Use for more information and the guidelines for posting content on the Site.

7. International Data Transfer

We may from time to time transfer or disclose your Personal Information to recipients in other countries outside the United States and make it accessible to our parents, subsidiaries, affiliates and third party service providers internationally in the circumstances described in “Sharing Your Information with Third Parties” above. By using the Site or otherwise providing Personal Information to us, you are consenting to have your Personal Information transferred to and processed in the United States or any other country in which BrightEdge or its parents, subsidiaries, affiliates and service providers maintain facilities.

EU - U.S. and Swiss-US Data Privacy Framework. BrightEdge participates in and has certified its compliance with the EU-U.S. Data Privacy Framework (the “EU DPF”) and Swiss-US Data Privacy Framework (the “Swiss DPF”) (together, the EU DPF and the Swiss DPF are the “DPF” or the “Framework”), administered by the U.S. Department of Commerce. Pursuant to its certification (the “DPF Certification”), BrightEdge is committed to handling all personal information that is receives from EU member states and Switzerland in reliance on its DPF Certification, in accordance with the applicable DPF Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability (the “Principles”). With respect to personal information received or transferred pursuant to the DP Framework, BrightEdge is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

If there is any conflict between this Privacy Policy and the Principles, the Principles shall govern.  You can find BrightEdge’s DPF Certification here. You can also learn more about the DP Frameworks at www.dataprivacyframework.gov.

Transfer and Enforcement Mechanisms for EU - U.S. and Swiss – U.S. DPF. BrightEdge may be accountable for the processing of personal information it receives, under the DP Framework, and may subsequently transfer data to a third party acting as an agent on its behalf in the circumstances described in “Sharing Your Information with Third Parties” above.  If the agent processes personal information in a manner inconsistent with the DPF Principles, we are responsible if it does so and for the harm caused. BrightEdge complies with the DPF Principles for all onward transfers of personal information from the EU or Switzerland, including the onward transfer liability provisions. With respect to personal information received or transferred pursuant to the DP Framework, BrightEdge is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

In compliance with the DPF Principles, BrightEdge commits to resolve complaints about our processing of your personal information. EU and Swiss individuals with inquiries or complaints regarding our DPF policy should first contact BrightEdge as indicated in “Contact Information” below.  When you contact us with a complaint, please include contact information and clearly describe your complaint.  We will respond to your request or complaint within a reasonable time and will let you know next steps in resolving your complaint.

As part of our participation in the DP Framework, BrightEdge will resolve your dispute regarding our privacy policies and practices through JAMS, an alternative dispute resolution provider located in the United States. If you still have privacy or data use concerns that we have not addressed satisfactorily, please contact JAMS (free of charge) directly at https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. If your complaint is not resolved through these channels, under certain circumstances a binding arbitration option may be available before a DPF Panel, as described in Annex I to the DPF Principles (please visit: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction). Additionally, as part of the DP Framework, the U.S. State Department Senior Coordinator serves as the Ombudsperson to facilitate the processing of requests relating to national security access to data transferred from the EU to the U.S. or Switzerland to the U.S.

8. Your Controls and Choices

Opt-Outs. We may provide you with the opportunity to “opt-out” of (a) disclosing your personal information to third parties, except to a third party that is acting as an agent to perform tasks on our behalf and under our instructions as described in “Sharing Your Information with Third Parties” above; (b) using your personal information for a purpose that is materially different from the purpose for which it was originally collected or that you authorized. If you decide to opt-out, we may not be able to provide certain features of the Site to you.

Communication Preferences. If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included in such communications or on the Site. Please note, however, that even if you opt-out of promotional communications, we may still send you certain service-related communications.

Blocking Cookies. You can remove or block certain cookies using the settings in your browser but the Site may cease to function properly if you do so.

Controlling Flash Cookies. To manage the Flash cookie settings and preferences for your computer, please click here and you will be directed to the Settings Manager on Adobe's website. You may also be able to manage Flash cookies from your browser, depending on the version of your browser.

Deleting Other Browser Information.  Many Internet browsers allow you to disable HTML5 local storage or delete information contained in HTML5 local storage using browser controls.

9. Your Personal Information Rights

Pursuant to the DPF Principles, the EU GDPR, and other applicable privacy laws, you have the right to:

• Know what Personal Information BrightEdge has about you;
• Ensure your Personal Information is accurate and relevant for the purposes for which BrightEdge collected it;
• Make your Personal Information portable to another data controller;
• Withdraw your consent to BrightEdge processing your Personal Information; and
• Have your Personal Information erased.

If you would like to review, correct, receive a copy of, or erase the Personal Information we have about you or withdraw your processing consent, please send us your request using the “Contact Information” below.  Unless a legal exemption applies, we will respond to all such requests within thirty (30) days.  If we refuse your request, we will notify you of our reasons for the refusal to the extent required and how you may complain about the refusal.

We ask individual users to identify themselves and to specify the information requested to be accessed, corrected, or erased before processing such requests, and we may decline to process requests that are unreasonably repetitive and vexatious, require disproportionate technical effort (for instance, requests concerning information residing on backup tapes), jeopardize the privacy of others, or would be extremely impractical, or for which access is not otherwise required. In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.  However, we will not charge you for the making of the request or to correct, update, or erase your Personal Information.

10. Data Retention, Storage, and Security

We hold your Personal Information in a combination of hard copy and electronic files for the period necessary to support the Site, comply with our legal obligations, resolve disputes, or otherwise fulfill the purposes outlined in this Privacy Policy.  Even after you cancel your account, copies of some information from your account may remain viewable in some circumstances where, for example, you have shared information with social media or other services.  We may also retain backup information related to your account on our servers for some time after cancelation for fraud detection or to comply with applicable law or our internal security policies.  We do not always remove or delete all of your non-personally identifiable account information for a number of reasons including due to technical and systems constraints, contractual, financial or legal requirements.

The security of your Personal Information is important to us.  We use physical, electronic, and procedural safeguards to protect your Personal Information.  We have implemented information security best practices throughout our organization, and we are ISO 27001 certified.  When you enter confidential information (such as your password), we may encrypt that information using secure socket layer technology (SSL-encryption).  To learn more about such technology, go to http://en.wikipedia.org/wiki/Secure_Sockets_Layer.  However, no method of transmission over the Internet, method of electronic storage, or other data security methods are one hundred percent secure and we cannot guarantee the security of the information you provide.

If BrightEdge learns of a security breach that may affect your data, we will notify you electronically so that you can take appropriate protective steps.  We may communicate with you electronically regarding security, privacy, and administrative issues related to your use of the Site.  Depending on where you live, you may have a legal right to receive notice of a security breach in writing.  If you are a EU resident, you will receive, without undue delay, a Personal Information breach notification if such breach is likely to result in a high risk to the rights and freedoms of natural persons, or as otherwise required under EU GDPR.  To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice) please email privacy@brightedge.com.

11. Children’s Information

This Site is not intended for use by anyone under the age of 13 nor does BrightEdge knowingly collect or solicit Personal Information from anyone under the age of 13.  In the event we confirm that we have collected Personal Information from someone under the age of 13, we will delete that information.  If you believe we have any information from a child under 13, please contact us using the contact details in “Contact Information” below.

12. Third Party Sites

The Site may also contain links to third party websites.  This Privacy Policy applies solely to information collected by BrightEdge.  Even if the third party is affiliated with us through a business partnership or otherwise, we are not responsible for the privacy practices of other websites.  If you submit Personal Information to any third party site, your information is governed by that site’s privacy policy.  We encourage you to familiarize yourself with the privacy policies of such websites to determine how they handle any information separately collected from you.  Please be aware that we do not warn you when you have chosen to click through to another website or property when using the Site.