Effective Date: January 2024
BrightPlan LLC, its subsidiaries, and its affiliates (collectively, "BrightPlan", "Firm", "we," "our" or "us") is committed to protecting the privacy rights of its employees and customers. This Privacy Notice provides information regarding the personal data we collect, how we manage personal data, and the rights of our employees and customers. This Privacy Notice applies to the personal data governed under the General Data Protection Regulation (GDPR), United Kingdom (UK) GDPR, and as well as other privacy regulations and laws applicable to our business.
"Data subjects": BrightPlan’s employees and customers
"Personal data": any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The definition of personal data under this Privacy Notice includes any information that is subject to privacy laws and regulations applicable to our business.
"Process": any operation which is performed on personal data, whether or not by automated means, such as collection, recording, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, erasing, destructing, disseminating, or otherwise making available.
III. CATEGORIES OF PERSONAL DATA WE COLLECT
BrightPlan may process the following categories of personal data:
- First & Last Names
- Job Titles
- Birth Dates
- Home Addresses
- Email Addresses (Personal & Business)
- Phone Numbers (Personal & Business)
- Employer Identification Number
- Tax Returns or Forms
- Financial Account Numbers
- Compensation & Benefits Data
- Dependent or Beneficiary Data
- Usernames & Passwords
- IP Addresses
- Cookie or other Analytical Data from our Website
- Audio, electronic, visual, and similar data, such as call recordings
- Any other personal data that you may disclose to us
IV. HOW WE COLLECT YOUR PERSONAL DATA
PERSONAL DATA RECEIVED FROM YOU
You may provide BrightPlan with your personal data by filling out forms that we request from you; sending us documents; through our website; through our hosted online portals; or through our correspondence with you via mail, email, phone, or otherwise.
PERSONAL DATA RECEIVED FROM THIRD-PARTY SOURCES
BrightPlan may collect your personal data from other sources such as, but not limited to, publicly available databases, credit bureaus, banks, know-your-client checking agencies, background checking agencies, healthcare or insurance providers, payroll providers, third-party hosted online portals, or our website.
V. PURPOSE FOR COLLECTING YOUR PERSONAL DATA
BrightPlan collects your personal data for the purpose of providing you with BrightPlan services (to the extent they are offered in your country) such as:
- Financial Wellness Tools;
- Financial Planning Guidance;
- Budgeting Tools;
- Equity Compensation Tools;
- Educational Content;
- Investment Advice (if offered in your country only through the properly licensed entities);
- All purposes related to any of the above listed purposes and any other services that may be provided by BrightPlan.
BrightPlan also collects your personal data to provide you with material about BrightPlan services and other services or products you might find beneficial or to handle your inquiries or complaints.
VI. PROCESSING YOUR PERSONAL DATA
LEGAL BASES FOR PROCESSING
BrightPlan must have one of the following legal bases to process your personal data:
- Consent: the data subjects have given consent to process their personal data for one or more specific purposes
- Contract: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- Legal Obligation: processing is necessary for compliance with BrightPlan’s legal obligation
- Legitimate Interest: processing is necessary for the purposes of the legitimate interests pursued by BrightPlan or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child
- Vital Interest: processing is necessary in order to protect the vital interests of the data subject or of another natural person
- Public Interest: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in BrightPlan
Where consent is required, BrightPlan will obtain consent in a manner that is consistent with applicable privacy laws or regulations, such as the GDPR or UK GDPR. When enrolling in the BrightPlan service, you will provide consent by agreeing to the Terms of Service. Your consent will be required prior to the processing of your personal data and your consent can be withdrawn at any time by sending us an email request at email@example.com
CHANGE OF PURPOSE
We will only process your personal data for the purpose it was originally collected for or for another reason that relates to the original purpose. If you wish to get an explanation on how another reason can relate to the original purpose, please contact us at firstname.lastname@example.org
If we need to process your personal data for a new purpose, we will notify you prior to processing your personal data for the new purpose and explain the legal basis that allows us to do so. If consent is required to process your personal data for a new purpose, we will contact you to obtain your consent prior to processing your personal data.
VII. SHARING YOUR PERSONAL DATA WITH OTHERS
Privacy is an integral part of our organization and we will never sell any of your personal data to third parties. We may share your personal data with third parties for the below stated purposes. We may generate or extract anonymized and aggregated data out of any databases containing your personal data and we may make use of any such anonymized and aggregated data for our purposes as we see fit.
We may share your personal data to authorized service providers in order to provide you with BrightPlan services or for customer relationship management, risk management, IT, data backup, payroll, insurance, tax, accounting, audit, legal, background checking, secretarial, or other related purposes.
We require all service providers to respect the security of your personal data and to treat it in accordance with their legal or regulatory requirements. We only permit our service providers to process your personal data for specified purposes and in accordance with our instructions. We maintain an updated list of all third parties that process your data and can provide it to you upon request by contacting us at email@example.com.
Where BrightPlan is provided to you as an employee benefit, we may share your name with your employer as having enrolled in BrightPlan or engaged with BrightPlan communications or content for accounting, business management, payroll or other related purposes.
SALE OF BUSINESS
We may share your personal data to a third party in the event of any contemplated or actual reorganization; merger; sale; joint venture; assignment; transfer; or other disposition of all or any portion of our business, assets, or stocks.
We may share your personal data as we deem necessary or as appropriate under applicable laws; to respond to requests from public, governmental, and regulatory authorities; to comply with court orders, litigation procedures, and other legal processes; to obtain legal remedies or limit our damages; to protect the operations of our group entities; and to protect the rights, safety, or property of our employees, you, or others.
VIII. INTERNATIONAL TRANSFERS AND PROCESSING OF YOUR PERSONAL DATA
If you are located outside the United States, your personal data may be transferred and processed outside of your country pursuant to appropriate measures taken by BrightPlan to protect your personal data, as outlined in this notice. Please contact us at firstname.lastname@example.org to request further information on the specific mechanisms used by BrightPlan when transferring your personal data outside of your country or to exercise your rights under applicable laws.
Your consent to the international transfer and processing of your data by BrightPlan, its affiliates and its subprocessors, as outlined in the Terms of Service, include the transfer and processing of data to the United States.
We may send your information overseas, including to:
- BrightPlan which is located in the United States
- Service providers or third parties who store data or operate outside Australia
- Comply with laws, and assist government or law enforcement agencies
EU or UK
BrightPlan has implemented appropriate cross-border transfer solutions to protect your personal data when it is transferred outside of the UK or European Union (EU). Transfers may be necessary to perform the services you have engaged us for or consented to when engaging with us.
Your personal data may be transferred outside the UK or EU only where one of the following safeguards are in effect:
- Transfers to countries which have been deemed to have an adequate level of protection by the applicable authorities, or
- Transfers pursuant to standard contractual clauses or binding corporate rules
Please contact us at email@example.com to request further information on the specific mechanisms used by BrightPlan when transferring your personal data out of the UK or EU.
BrightPlan maintains a named representative in the EU and the UK as follows:
EU: Instant EU GDPR Representative Ltd, Office2, 12A Lower Main Street, Lucan Co., Dublin, K78X5P8, Ireland, Email: firstname.lastname@example.org
UK: GDPRLocal Ltd., 1st Floor Front Suite, 27-29 North Street, Brighton, England BN11EB, Email: email@example.com
BrightPlan privacy policies and data security measures are considered reasonable security practices and procedures as stipulated under India law.
You are not obliged by law to provide us with Personal Data; however, the disclosure of certain Personal Data is necessary to provide the services and the related engagement between you and us, and we will not be able to provide the service without being provided with such information.
If you are located in Mexico, please note that the services for which data is collected are rendered by BrightPlan LLC, a company based in the United States; (ii) the information collected is stored and processed in servers located in the United States; and (iii) the data processing is subject to the data privacy laws of the United States.
BrightPlan has put in place adequate measures to protect your Personal Data in compliance with the Switzerland Federal Act on Data Protection (revFADP).
IX. SECURING YOUR PERSONAL DATA
BrightPlan has technical, administrative, and physical safeguards in place to protect your personal data from unauthorized access, disclosure, alteration, or destruction. Please contact us at firstname.lastname@example.org for more information on the Firm’s security practices and procedures.
X. RETENTION OF YOUR PERSONAL DATA
We will retain your personal data for the period necessary to fulfill our services to you, and pursuant to applicable regulatory obligations. After such time, BrightPlan will delete such personal data.
XI. COOKIES & SIMILAR TECHNOLOGIES
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies do not typically contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.
Cookies may be either "persistent" cookies or "session" cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date. A session cookie will expire at the end of the user session when the web browser is closed.
COOKIES THAT WE USE
- Authentication: to identify you when you visit our website and as you navigate our website
- Status: to help us to determine if you are logged into our website
- Personalization: to store information about your preferences and to personalize the website for you
- Security: to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally
- Advertising: to help us to display advertisements that will be relevant to you
- Analysis: to help us to analyze the use and performance of our website and services
Most browsers allow you to refuse to accept cookies and to delete cookies. Disabling all cookies may have a negative impact upon the usability of many websites. If you disable cookies, you may not be able to use all the features on our website. For information on how to disable cookies, please visit the Help section of your web browser.
XII. THIRD-PARTY WEBSITES & SERVICES
This Privacy Notice does not apply to the websites of our service providers, subcontractors, or any other third parties, even if their websites are linked to our website. We have no control over third-party websites, and your use of third-party websites and features are subject to privacy policies posted on those websites. We are not responsible or liable for the privacy or business practices of any third-party websites that are linked to our website. We encourage you to read the privacy policies located on each third party’s website.
XIII. AUTOMATED DECISION-MAKING
BrightPlan may utilize automated decision making and profiling techniques to process personal data and BrightPlan shall obtain explicit consent for such processing. Data subjects may have the right to obtain from BrightPlan, on request, a copy of all personal data, which the data subject has provided to BrightPlan where the processing is carried out by automated means.
XIV. CHILDREN’S PRIVACY
BrightPlan does not collect, process, or store the personal data of children under the age of sixteen (16), unless a parent or guardian has provided the appropriate consent. If you are a parent who consents to the collection of personal data of your child, you agree that your child may use all our services and that we may collect and use your child's personal data consistent with this Privacy Notice.
XV. YOUR RIGHTS & REQUESTS
Under applicable privacy laws or regulations, you may have the following rights in relation to your personal data:
- Right to access your personal data or request information regarding your personal data
- Right to withdraw your consent to the processing of your personal data
- Right to object to processing of your personal data for any purpose
- Right to request correction of your personal data
- Right to restrict processing your personal data
- Right to request transfer of your personal data
- Right to request erasure of your personal data
- Right to lodge a complaint with a supervisory authority
- Right to data portability/receive the personal data that you provided to us in a structured, commonly used, and machine-readable format, and have the right to transmit such data to another controller without hindrance from us
You may choose to receive or not receive marketing communications from BrightPlan by:
- Contacting us at email@example.com, or
- Replying to any marketing email communication you receive from us and requesting to be unsubscribed from future marketing email communications
We will try to comply with your request as soon as reasonably practical and as required by law. If you have questions regarding your communication preferences or our marketing activities, please contact us at firstname.lastname@example.org
EXERCISING YOUR RIGHTS
If you would like to request information about our processing activities with respect to your personal data or would like to exercise your rights, as described in the Rights section, you may contact us email@example.com. BrightPlan does not charge for this service. For your protection, we will need to verify your identity prior to complying with your request.
BrightPlan will make a good faith effort to provide you with the requested information without undue delay, but no later than required by law. BrightPlan reserves the right to limit or deny access to the requested information where providing such information would be unreasonably burdensome or expensive, or as otherwise permitted under relevant laws or regulations. If BrightPlan determines that the requested information cannot be provided in any particular instance, BrightPlan will provide the requestor with an explanation for why the information cannot be provided.
XVI. AMENDMENTS TO THIS PRIVACY NOTICE
BrightPlan reserves the right to makes changes to this Privacy Notice, where deemed necessary, or permitted under law or regulation. If there are any material changes in our privacy practices, or changes in applicable privacy laws or regulations, we will revise this Privacy Notice to reflect such changes. To the extent practical, we will provide advance notice of any changes, however, we may be unable to do so if the revisions are in response to legal or regulatory changes or guidance.
XVII. HOW YOU CAN ACCESS THIS PRIVACY NOTICE
This Privacy Notice is accessible through:
- Our website
- Upon request at firstname.lastname@example.org
XVIII. CONTACT US
If you have questions, concerns, or suggestions relating to our Privacy Notice or our privacy practices, please contact us at: