Privacy policy

v. January 3, 2025

1. Introduction

This privacy statement (the “Privacy Statement”) concerns the www.brightlights.house website (the “Website”), owned by Bright Lights, and is intended to inform you as a customer, prospect, supplier, and visitor of the Website about how we care for your personal data and what we do with your information.

Bright Lights considers the protection of your privacy to be extremely important and aims to inform you as a user of the Website about how we process your personal data, allowing you to retain full control over your data.

Bright Lights respects your privacy and is committed to protecting your personal data in accordance with Belgian and European data protection legislation, including the General Data Protection Regulation (EU) 2016/679 (“GDPR“) (together referred to as the applicable “Data Protection Legislation“).

Please read this privacy statement carefully. It not only describes your rights but also how you can exercise those rights. By using the Website, sharing your personal data, and/or agreeing to this privacy statement, you acknowledge the way in which Bright Lights collects and processes your personal data as described here.

2. Who are we and how can you contact us?

For the purpose of this privacy statement, Bright Lights refers to Bright Lights BV, located at Schaliënhoevedreef 20-T, 2800 Mechelen, Belgium, and registered in the Crossroads Bank for Enterprises with company number 1015.457.663 (hereinafter “Bright Lights”, “we” or “us”).

Bright Lights is responsible for processing your personal data that you provide on the Website.

Bright Lights has appointed a data protection officer, who you can contact for any questions regarding your privacy and the processing of your personal data. The data protection officer can be reached at:

Name Vivian Roks
Email dpo@brightlights.house

3. Which personal data do we process?

Bright Lights processes various categories of personal data; this depends on your use of (the interactive features available on) the Website and the data you share with us.

When Bright Lights processes personal data, it may concern the following information:

Contact data
  • First and last name;
  • Phone number/mobile number;
  • Email address;
  • Address;
  • Information shared during/any accompanying message and/or information shared during communication between you and Bright Lights;
  • Etc.
Personal data
  • Attendance at events;
  • Forwarded CVs;
  • Etc.
Professional data
  • Occupation;
  • Job title;
  • Etc.
Customer data
  • Occupation;
  • Job title;
  • Company number and/or VAT number;
  • Company name;
  • Etc.
Technical information
  • IP address;
  • Etc.
Cookies For more information, we refer to our cookie policy.

4. For what purposes are these data used, on what basis, and for how long?

Bright Lights processes personal data for the purposes outlined below. This list may evolve and will be updated if necessary.

Contact data Purpose(s) We collect your contact details in order to respond to your questions asked on the website, provide you with requested information, keep you informed about platform developments, Bright Lights events or news updates, etc., and to use your contact details for direct marketing.
Legal basis Legitimate interest, performance of a contract, and consent.
Retention period Until such time as your consent is withdrawn.
Personal data Purpose(s) We collect your personal data to register your attendance at our events, to process your application for an internal vacancy, etc.
Legal basis Performance of a contract & consent.
Retention period Until such time as your consent is withdrawn.
Professional data Purpose(s) We collect your professional data to process your application for an internal vacancy, etc.
Legal basis Performance of a contract & consent.
Retention period Until the respective vacancy is filled.
Customer data Purpose(s) We collect your professional data for prospecting, to assist you better as a prospect or client, etc.
Legal basis Performance of a contract & consent.
Retention period Until your consent is withdrawn.
Technical information Purpose(s) We collect technical information, analytical, and statistical insights to improve the website and the organization's services.
Legal basis Up to 1 year after the data is collected.
Retention period Legitimate interest and consent.

5. Cookies

Our website uses cookies and similar technologies. For more information, we refer to our cookie policy.

6. Sharing of personal data

Bright Lights receives your personal information when you:

  • contact us via the contact form;
  • respond to a survey;
  • subscribe to our newsletter;
  • apply for a job opening;
  • register for an event or workshop;
  • accept the use of cookies that provide us with data.

Bright Lights may share your data with third parties for purposes such as sending newsletters, storing and processing your personal data, responding to your inquiries, sending relevant content and updates, and optimizing our website.

Bright Lights will never share or sell your personal data to commercial companies.

Our processors and sub-processors always act under our responsibility. If we involve sub-processors, this will always be done in accordance with a data processing agreement that meets the requirements of the GDPR and protects your personal data to the best possible extent.

All your personal data will only be accessed and made available to processors, sub-processors, employees, and other third parties on a “need-to-know” basis, limited to the extent necessary to perform their services. Additionally, your personal data will, where possible, be provided to the aforementioned parties only after applying pseudonymization techniques and/or in anonymized form.

7. International transfers to countries outside the European Economic Area

In principle, we do not transfer your personal data to third countries outside the European Economic Area (“EEA“), unless you are located outside the EEA and visit our website from outside the EEA. It is also possible that we, through our processors or sub-processors, transfer your personal data to countries outside the EEA. In such cases, we will only transfer your personal data outside the EEA in accordance with applicable data protection laws and with appropriate safeguards.

Please contact us if you would like more information about the specific mechanisms we use for transferring personal data to countries outside the EEA.

8. Direct marketing

Bright Lights will also use your personal data for direct marketing purposes. This allows us to keep you informed. You give explicit consent for this, but you can withdraw it at any time.

9. Data security

We have implemented appropriate technical and organizational measures, safeguards, and guarantees to process your personal data in compliance with applicable data protection laws, particularly to protect your personal data from loss, misuse, or unauthorized alteration or destruction.

To provide adequate protection for your personal data, Bright Lights ensures the security of its back office, employs a team of technicians, automated systems, and advanced technologies in line with industry best practices, and makes every necessary effort to protect the confidentiality of your personal data. Your personal data is stored on secure servers, and the information security of our servers is regularly evaluated by our IT team.

Please contact us if you would like more information about the specific measures we take.

Despite the above measures we have taken, please be aware that there are always risks associated with transmitting personal data over the internet. The security and protection of your personal data can never be fully guaranteed, nor can we guarantee that unauthorized third parties will never be able to bypass these measures or use your personal data for improper purposes.

10. Retention period

We will only retain your personal data for as long as is reasonably necessary to achieve the purposes for which we collected them, as outlined in section 4 of this privacy statement (including to comply with any legal, regulatory, fiscal, accounting, or reporting requirements). We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe that there may be a potential lawsuit related to our relationship with you.

The applicable retention periods are outlined above in the table in section 4.

11. Your rights

As provided by applicable data protection laws, you have the right (where applicable and possible):

  • To receive confirmation of whether we are processing your personal data and, if so, to access this data;
  • To have inaccurate or incomplete personal data corrected without undue delay;
  • To request the deletion of your personal data under certain circumstances, namely when any of the following apply:
    1. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
    2. You withdraw your consent on which the processing is based, and there is no other legal ground for the processing;
    3. You object to the processing where it is for direct marketing purposes;
    4. The personal data has been processed unlawfully; or
    5. The personal data must be deleted to comply with a legal obligation under applicable data protection laws;
  • To obtain a restriction on the processing of your personal data, to the extent possible and in accordance with applicable data protection laws, when any of the following situations apply:
    1. You dispute the accuracy of the personal data, for a period that allows Bright Lights to verify the accuracy of the data;
    2. If the processing is unlawful, and you oppose the deletion of the data and instead request a restriction on its use; or
    3. If Bright Lights no longer needs the personal data for processing purposes, but you need it for the establishment, exercise, or defense of legal claims;
  • To receive your personal data in a structured, commonly used, and machine-readable format;
  • To object to the processing of your personal data for direct marketing purposes;
  • When the processing of your personal data is based on points (e) and (f) of Article 6(1) of the GDPR, to object to the processing of your personal data.

If you request a copy of your personal data processed by us, your data will be provided to you as soon as possible. We may, if the request for a copy is clearly unfounded or excessive, (i) ask for a reasonable fee, taking into account the administrative costs of providing such a copy, or (ii) refuse to comply with such a request. We will inform you of the applicable fee before it is charged.

You can exercise these rights by contacting our Data Protection Officer via email at dpo@brightlights.house.

We may ask you to verify your identity to ensure that you have the legitimate right to submit a request and to confirm that we are responding to the person who has the legitimate right to make one of the aforementioned requests. For this reason, we reserve the right to request a copy of your ID card if we are unable to identify you or if we have reason to doubt your identity. We ask that you make any information unnecessary for identification purposes unreadable (e.g., your national registry number).

You also have the right to lodge a complaint with the relevant supervisory authority if you believe that the processing of your personal data is in violation of applicable regulations. In Belgium, this is the Data Protection Authority:

www.gegevensbeschermingsautoriteit.be 
Drukpersstraat 35, 1000 Brussels, Belgium
+32 (0)2 274 48 00
contact@apd-gba.be.

However, we would appreciate the opportunity to address your concerns before you contact the Data Protection Authority. We kindly ask you to first contact us.

12. Links to third parties

Our website may contain links to third-party applications and websites (such as assessment providers, companies, and recruiters). When you are redirected to another website, platform, or application from our website, other terms, privacy policies, and cookie statements may apply. Bright Lights is not responsible for the content of these applications and websites and is not responsible for the privacy standards and practices of these third parties. We recommend that you read the relevant privacy statement of these third parties before accepting their cookies and visiting their applications and/or websites, to ensure that your personal data is sufficiently protected. Nevertheless, we strive to protect the integrity of our website and welcome any feedback on these third-party applications and websites.

13. Consent for disclosure

You acknowledge, confirm, and explicitly consent to us disclosing your personal data if required by law or if we believe in good faith that such disclosure is necessary to:

  1. Comply with an ongoing judicial investigation, court order, or legal process related to our agreement and/or our website;
  2. Respond to claims against us related to personal data (that violates the rights of third parties);
  3. Protect the rights, property, and safety of Bright Lights, its employees, visitors to the website, and the public.

14. Liability

If Bright Lights lawfully discloses your personal data to a third party (other than a processor or sub-processor), Bright Lights is not liable for unlawful processing or improper use by that third party.

In no event will Bright Lights be responsible or liable for direct or indirect damages resulting from errors or unlawful use of personal data by a third party (who is not a processor or sub-processor).

Bright Lights is also not liable if third parties unlawfully process or use your personal data, provided that Bright Lights has implemented appropriate technical and organizational measures to prevent such unlawful processing or use.

In any case, Bright Lights is only liable for damages caused by the processing of personal data if it failed to meet the specific obligations of the GDPR. Bright Lights will under no circumstances be liable for any special, incidental, indirect, or consequential damages or losses.

Liability limitations apply to the extent permitted by applicable law.

15. Changes to this privacy statement

We may change this privacy statement at any time. The date of the most recent version is shown in the top right corner of this privacy statement. Please check our privacy statement regularly to stay informed about any changes that may affect you.

16. Applicable law and jurisdiction

This privacy statement is governed, interpreted, and enforced in accordance with Belgian law, which exclusively applies in the event of any dispute.

The courts of Antwerp (Antwerp section) have exclusive jurisdiction to rule on any dispute that may arise from the interpretation or execution of this privacy statement, without prejudice to the consumer’s right to submit a dispute to a competent court under mandatory legal provisions.

Last updated: January 3, 2025