v. January 3, 2025
This privacy statement (the “Privacy Statement”) concerns the www.brightlights.house website (the “Website”), owned by Bright Lights, and is intended to inform you as a customer, prospect, supplier, and visitor of the Website about how we care for your personal data and what we do with your information.
Bright Lights considers the protection of your privacy to be extremely important and aims to inform you as a user of the Website about how we process your personal data, allowing you to retain full control over your data.
Bright Lights respects your privacy and is committed to protecting your personal data in accordance with Belgian and European data protection legislation, including the General Data Protection Regulation (EU) 2016/679 (“GDPR“) (together referred to as the applicable “Data Protection Legislation“).
Please read this privacy statement carefully. It not only describes your rights but also how you can exercise those rights. By using the Website, sharing your personal data, and/or agreeing to this privacy statement, you acknowledge the way in which Bright Lights collects and processes your personal data as described here.
For the purpose of this privacy statement, Bright Lights refers to Bright Lights BV, located at Schaliënhoevedreef 20-T, 2800 Mechelen, Belgium, and registered in the Crossroads Bank for Enterprises with company number 1015.457.663 (hereinafter “Bright Lights”, “we” or “us”).
Bright Lights is responsible for processing your personal data that you provide on the Website.
Bright Lights has appointed a data protection officer, who you can contact for any questions regarding your privacy and the processing of your personal data. The data protection officer can be reached at:
| Name | Vivian Roks |
| dpo@brightlights.house |
Bright Lights processes various categories of personal data; this depends on your use of (the interactive features available on) the Website and the data you share with us.
When Bright Lights processes personal data, it may concern the following information:
| Contact data |
|
| Personal data |
|
| Professional data |
|
| Customer data |
|
| Technical information |
|
| Cookies | For more information, we refer to our cookie policy. |
Bright Lights processes personal data for the purposes outlined below. This list may evolve and will be updated if necessary.
| Contact data | Purpose(s) | We collect your contact details in order to respond to your questions asked on the website, provide you with requested information, keep you informed about platform developments, Bright Lights events or news updates, etc., and to use your contact details for direct marketing. |
| Legal basis | Legitimate interest, performance of a contract, and consent. | |
| Retention period | Until such time as your consent is withdrawn. | |
| Personal data | Purpose(s) | We collect your personal data to register your attendance at our events, to process your application for an internal vacancy, etc. |
| Legal basis | Performance of a contract & consent. | |
| Retention period | Until such time as your consent is withdrawn. | |
| Professional data | Purpose(s) | We collect your professional data to process your application for an internal vacancy, etc. |
| Legal basis | Performance of a contract & consent. | |
| Retention period | Until the respective vacancy is filled. | |
| Customer data | Purpose(s) | We collect your professional data for prospecting, to assist you better as a prospect or client, etc. |
| Legal basis | Performance of a contract & consent. | |
| Retention period | Until your consent is withdrawn. | |
| Technical information | Purpose(s) | We collect technical information, analytical, and statistical insights to improve the website and the organization's services. |
| Legal basis | Up to 1 year after the data is collected. | |
| Retention period | Legitimate interest and consent. |
Our website uses cookies and similar technologies. For more information, we refer to our cookie policy.
Bright Lights receives your personal information when you:
Bright Lights may share your data with third parties for purposes such as sending newsletters, storing and processing your personal data, responding to your inquiries, sending relevant content and updates, and optimizing our website.
Bright Lights will never share or sell your personal data to commercial companies.
Our processors and sub-processors always act under our responsibility. If we involve sub-processors, this will always be done in accordance with a data processing agreement that meets the requirements of the GDPR and protects your personal data to the best possible extent.
All your personal data will only be accessed and made available to processors, sub-processors, employees, and other third parties on a “need-to-know” basis, limited to the extent necessary to perform their services. Additionally, your personal data will, where possible, be provided to the aforementioned parties only after applying pseudonymization techniques and/or in anonymized form.
In principle, we do not transfer your personal data to third countries outside the European Economic Area (“EEA“), unless you are located outside the EEA and visit our website from outside the EEA. It is also possible that we, through our processors or sub-processors, transfer your personal data to countries outside the EEA. In such cases, we will only transfer your personal data outside the EEA in accordance with applicable data protection laws and with appropriate safeguards.
Please contact us if you would like more information about the specific mechanisms we use for transferring personal data to countries outside the EEA.
Bright Lights will also use your personal data for direct marketing purposes. This allows us to keep you informed. You give explicit consent for this, but you can withdraw it at any time.
We have implemented appropriate technical and organizational measures, safeguards, and guarantees to process your personal data in compliance with applicable data protection laws, particularly to protect your personal data from loss, misuse, or unauthorized alteration or destruction.
To provide adequate protection for your personal data, Bright Lights ensures the security of its back office, employs a team of technicians, automated systems, and advanced technologies in line with industry best practices, and makes every necessary effort to protect the confidentiality of your personal data. Your personal data is stored on secure servers, and the information security of our servers is regularly evaluated by our IT team.
Please contact us if you would like more information about the specific measures we take.
Despite the above measures we have taken, please be aware that there are always risks associated with transmitting personal data over the internet. The security and protection of your personal data can never be fully guaranteed, nor can we guarantee that unauthorized third parties will never be able to bypass these measures or use your personal data for improper purposes.
We will only retain your personal data for as long as is reasonably necessary to achieve the purposes for which we collected them, as outlined in section 4 of this privacy statement (including to comply with any legal, regulatory, fiscal, accounting, or reporting requirements). We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe that there may be a potential lawsuit related to our relationship with you.
The applicable retention periods are outlined above in the table in section 4.
As provided by applicable data protection laws, you have the right (where applicable and possible):
If you request a copy of your personal data processed by us, your data will be provided to you as soon as possible. We may, if the request for a copy is clearly unfounded or excessive, (i) ask for a reasonable fee, taking into account the administrative costs of providing such a copy, or (ii) refuse to comply with such a request. We will inform you of the applicable fee before it is charged.
You can exercise these rights by contacting our Data Protection Officer via email at dpo@brightlights.house.
We may ask you to verify your identity to ensure that you have the legitimate right to submit a request and to confirm that we are responding to the person who has the legitimate right to make one of the aforementioned requests. For this reason, we reserve the right to request a copy of your ID card if we are unable to identify you or if we have reason to doubt your identity. We ask that you make any information unnecessary for identification purposes unreadable (e.g., your national registry number).
You also have the right to lodge a complaint with the relevant supervisory authority if you believe that the processing of your personal data is in violation of applicable regulations. In Belgium, this is the Data Protection Authority:
www.gegevensbeschermingsautoriteit.be
Drukpersstraat 35, 1000 Brussels, Belgium
+32 (0)2 274 48 00
contact@apd-gba.be.
However, we would appreciate the opportunity to address your concerns before you contact the Data Protection Authority. We kindly ask you to first contact us.
Our website may contain links to third-party applications and websites (such as assessment providers, companies, and recruiters). When you are redirected to another website, platform, or application from our website, other terms, privacy policies, and cookie statements may apply. Bright Lights is not responsible for the content of these applications and websites and is not responsible for the privacy standards and practices of these third parties. We recommend that you read the relevant privacy statement of these third parties before accepting their cookies and visiting their applications and/or websites, to ensure that your personal data is sufficiently protected. Nevertheless, we strive to protect the integrity of our website and welcome any feedback on these third-party applications and websites.
You acknowledge, confirm, and explicitly consent to us disclosing your personal data if required by law or if we believe in good faith that such disclosure is necessary to:
If Bright Lights lawfully discloses your personal data to a third party (other than a processor or sub-processor), Bright Lights is not liable for unlawful processing or improper use by that third party.
In no event will Bright Lights be responsible or liable for direct or indirect damages resulting from errors or unlawful use of personal data by a third party (who is not a processor or sub-processor).
Bright Lights is also not liable if third parties unlawfully process or use your personal data, provided that Bright Lights has implemented appropriate technical and organizational measures to prevent such unlawful processing or use.
In any case, Bright Lights is only liable for damages caused by the processing of personal data if it failed to meet the specific obligations of the GDPR. Bright Lights will under no circumstances be liable for any special, incidental, indirect, or consequential damages or losses.
Liability limitations apply to the extent permitted by applicable law.
We may change this privacy statement at any time. The date of the most recent version is shown in the top right corner of this privacy statement. Please check our privacy statement regularly to stay informed about any changes that may affect you.
This privacy statement is governed, interpreted, and enforced in accordance with Belgian law, which exclusively applies in the event of any dispute.
The courts of Antwerp (Antwerp section) have exclusive jurisdiction to rule on any dispute that may arise from the interpretation or execution of this privacy statement, without prejudice to the consumer’s right to submit a dispute to a competent court under mandatory legal provisions.
Last updated: January 3, 2025