Bright Network Privacy Policy

We at Bright Network value your membership and understand just how important it is to protect your Personal Data (defined herein). Please take the time to review our privacy policy (the “Privacy Policy”) carefully in conjunction with our terms and conditions (the “Terms and Conditions”), as you agree to be unconditionally bound by both the Privacy Policy and the Terms and Conditions when you use www.brightnetwork.co.uk (the "Website").
  
What does this policy cover?
  
We take your Personal Data seriously at Bright Network. This Privacy Policy explains in detail the types of Personal Data we may collect about you when you interact with us. It also explains how we store and handle that data, and keep it safe.

We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how Bright Network uses your data.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.

Who is Bright Network?
 
Here at Bright Network (UK) Limited, we're committed to creating a network of students who have the potential to become the UK's future leaders across all sectors and industries. Our aim is to help them develop crucial connections with leading employers and personalised support so that they can make great career choices. 

For simplicity throughout this notice, ‘we’ and ‘us’ means Bright Network (UK) Limited.

What is Personal Data?
 
Personal data is data that can identify you as a living individual. There is general Personal Data such as name and address. Personal data may also include information on physical and mental health, sexual orientation, race or ethnic origin, religious beliefs, trade union membership and criminal records (known as “Sensitive Personal Data“). Sensitive Personal Data must be protected to a higher level.
 
Who does Bright Network collect Personal Data from?
 
We collect Personal Data from the following types of people to allow us to undertake our business:

  • Members and Candidates - prospective and placed candidates for roles and events
  • Clients - prospective and live client contacts;
  • Website users; 
  • Supplier contacts to support our services;
  • Universities - prospective and confirmed university partner contacts; and
  • Employees, consultants, temporary workers and contractors.

Why does Bright Network collect Personal Data?

Members & Candidates: 

We want to connect you with the best career opportunities. One way to achieve this is to get the clearest picture of who you are, by combining the data we have about you. 

For prospective candidates, we may use your Personal Data to:

  • inform you about roles and events that are most likely to interest you;
  • send you advice and information regarding Bright Network and its service;
  • send you surveys and feedback requests to help improve our services;
  • carry out market research and analysis (including equal opportunities monitoring);
  • help a university you’ve attended (or will attend) meet their Graduate Outcomes Survey (or a similar or replacement survey) obligations; and
  • send you important information regarding changes to our policies and other terms and conditions.

If you have applied for a role or event, we may collect and use your Personal Data to:

  • assess your eligibility through different stages of the recruitment process;
  • share it with third party employers who are advertising roles or events via Bright Network; 
  • send you survey and feedback requests to help improve our services;
  • carry out market research and analysis (including equal opportunities monitoring);
  • inform you about roles and events that are most likely to interest you; and
  • send you important information regarding changes to our policies and other terms and conditions. 

Please do remember that if you choose not to share your Personal Data with us, or refuse certain contact permissions, we might not be able to provide some of the services you’ve asked for. 

Clients

We want to connect you with the brightest graduate talent.  We may use your Personal Data to:

  • offer you products and services that are most likely to interest you;
  • send you survey and feedback requests to help improve our services; and
  • send you important information regarding changes to our policies and other terms and conditions. 

What Personal Data does Bright Network collect?

Members & Candidates: 
 
We may collect and process the following Personal Data you will have given us:  

  • Your username; 
  • Your password;
  • Name;
  • Email address;
  • Post code;
  • Telephone number;
  • Home address;
  • Employment history;
  • Education & professional qualifications;
  • Educational background (including type of school);
  • Parents' educational background;
  • Eligibility for free school meals;
  • University;
  • Cover letter;
  • Whether you require a visa;  
  • Degree subject;
  • Degree grade;
  • Graduation year;
  • A-Level results; 
  • Your CV; 
  • Video interview; 
  • Telephone interview;
  • IP address; 
  • Marketing preferences;
  • Photographs; 
  • Videos; 
  • Voice recordings;
  • Bank details; and
  • If you contact us, we may keep a record of that correspondence.

Where you have given your explicit consent, sensitive Personal Data you may give us includes: 

  • Gender; 
  • Health Data; 
  • Sexual Orientation; and 
  • Ethnicity

Clients

Personal data you may give us includes: 

  • Name; 
  • Email address;
  • Telephone number; 
  • Job role; 
  • Your statements and opinions about candidates and/or other personnel, e.g. a referee; 
  • Information relating to our relationship with you or the party for whom you work including records of any meetings or discussions; 
  • Your marketing preferences; and 
  • A record of our correspondence (if applicable).

How does Bright Network collect Personal Data? 

Members & Candidates
 
Directly from you, when:

  • you visit our website; 
  • you register as a member;
  • you apply to an event via our website;
  • you apply for a role via our website;
  • you complete a video interview with Bright Network;
  • you complete a telephone interview with Bright Network; 
  • you take part in a face-to-face interview with Bright Network;
  • you complete any surveys we send you;
  • you engage with us on social media; or
  • you correspond with us (for example, by email, telephone or video conferencing). 

Through publicly available sources:

  • We may source employment data about you on Linkedin.

We also collect from:

  • our website; 
  • cookies; and
  • other tools and applications. 

 
Clients

Directly from you, when:

  • you visit our website; 
  • you complete any surveys we send you; or
  • you correspond with us (for example, by email, telephone or video conferencing). 

Through publicly available sources:

  • We may source employment data about you on Linkedin.

We also collect from:

  • our website; 
  • cookies; or
  • other tools and applications. 

What legal basis do we rely on to process your Personal Data?

UK Data Protection laws set out a number of different reasons for which a company may collect and process your Personal Data, including:

Legitimate Interest

In certain situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. 

Members & Candidates:

UK Data Protection laws allow the following as part of our legitimate interest in understanding our candidates and providing the most relevant and highest levels of service:

  • to contact you about events or jobs that we think might be of interest to you; 
  • to assess your eligibility for an event or role; 
  • to communicate with you;
  • for marketing purposes; or
  • to analyse your behaviour, activities, preferences and needs in order to send relevant and tailored promotional communications both to you and to our clients.

Clients:

UK Data Protection laws allow the following as part of our legitimate interest in understanding our clients and providing the most relevant and highest levels of service:

  • to contact you about products and services that are most likely to interest you;
  • for marketing purposes; or
  • to communicate with you.

Consent 

In certain situations, we can collect and process your Personal Data with your consent.

Members & Candidates:

On certain occasions, we may ask you to consent to disclose Sensitive Personal Data such as your gender, ethnicity and educational background. 

Please note that you have the right to withdraw your consent at any time. Where consent is the only legal basis for processing, we will cease to process your Personal Data after your consent is withdrawn.

Contractual Obligations

In certain circumstances, we need your Personal Data to comply with our contractual obligations.

Clients

Bright Network may process your personal data when we need to do this to fulfil a contract with you. 

Legal Compliance

Members, Candidates & Clients

Bright Network may be compelled to process your Personal Data to comply with our legal and regulatory obligations under UK law, e.g. to prevent and investigate fraud or anti-social behaviour and to work with law enforcement agencies:

  • handling customer contacts, queries, complaints and disputes; and
  • fulfilling our duties to our customers, colleagues, shareholders and other stakeholders; 

 
Public Interest

Members & Candidates 

Bright Network may process your personal data for the performance of a task carried out in the public interest. 

Who do we share your Personal Data with?

We sometimes share your Personal Data with third parties. We require third parties to respect the security of your data and to treat it in accordance with the law. 
 
Members & Candidates

Bright Network may make Personal Data available to:

  • Clients
    • Your Personal Data may be shared with the client who initiates a search for employees (job and event applicants); 
  • Our service providers
    • Your data may be shared with parties who process data on our behalf. We are happy to provide a list of these third-party suppliers on request
  • Government authorities and third parties involved in court
    • Any regulatory authority or statutory body pursuant to a request for information or any legal obligation which applies to us. 
  • Other third parties
    • Occasionally, we may share Personal Data with other third parties such as legal and professional advisors or insurers. 
    • We may share your contact details with a university you’ve attended for the purpose of assisting that university in meeting or exceeding its required response rate for the Graduate Outcomes Survey (or such similar survey as is in place from time to time).

Clients

  • Our service providers
    • Your data may be shared with parties who process data on our behalf. We are happy to provide a list of these third-party suppliers on request. 
  • Government authorities and third parties involved in court
    • Any regulatory authority or statutory body pursuant to a request for information or any legal obligation which applies to us. 
  • Other third parties
    • Occasionally, we may share Personal Data with other third parties such as legal and professional advisors or insurers. 

Other than the disclosures referred to in this policy, we will not disclose any Personal Data without your permission unless we are legally entitled or obliged to do so.
  
Where we store your Personal Data
 
Your Personal Data is generally transferred to, and stored at, a destination within the European Economic Area (EEA). It is processed by staff operating inside the EEA. We will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this privacy policy.
 
However, due to the nature of our global business and the technologies required, your Personal Data may be transferred to third-party service providers outside the EEA, in countries where privacy laws may be different from those in the UK. In such situations, we transfer the minimum amount of Personal Data necessary, anonymise it (where possible) and enter legal contracts to ensure these third parties handle your Personal Data in accordance with this Privacy Policy and the European levels of data protection.

Security
 
Bright Network is committed to keeping your Personal Data safe and secure from unauthorised access to or unauthorised alterations, disclosure or destruction of information that we hold. Our security measures include: 

  • encryption of our services and data;
  • reviewing our information collection, storage and processing practices, including physical security measures;
  • restricting access to Personal Data to Bright Network employees, contractors and agents who need to know that information in order to process it for us and who are subject to contractual confidentiality and processing obligations.  They may be disciplined or their contract terminated if they fail to meet these obligations; and
  • Internal policies setting out our data security approach and training for employees.

How long do we keep your Personal Data for?
 
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us. 
 
Your rights
 
In accordance with applicable UK Data Protection Laws, you have a number of rights when it comes to your Personal Data.

  • The right to be informed
    • You have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Data and your rights. This is why we’re providing you with the information in this policy.
  • The right of access
    • You have the right to obtain access to your Personal Data (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law.
  • The right to rectification
    • You are entitled to have your Personal Data corrected if it’s inaccurate or incomplete.
  • The right to erasure
    • This is also known as the ‘right to be forgotten’, and, in simple terms, enables you to request the deletion or removal of your Personal Data where there is no compelling reason for us to keep using it. It is not a general right to erasure, there are exceptions.
  • The right to restrict processing
    • You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities);
    • In cases where we are processing your Personal Data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your Personal Data.
  • The right to data portability
    • You have rights to obtain and reuse your Personal Data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
  • The right to lodge a complaint
    • You have the right to lodge a complaint about the way we handle or process your Personal Data with your national data protection regulator.
  • The right to withdraw consent
    • If you have given your consent to anything we do with your Personal Data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your Personal Data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your Personal Data for marketing purposes.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

  • baseless or excessive/repeated requests; or
  • further copies of the same information.

Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response. 
 
If you would like to exercise any of your rights, please send an email to gdpr@brightnetwork.co.uk. Please do not forget to tell us who you are. 
  
Third Party Privacy Policies

Our website and some emails contain links to and from the websites of our partner networks, third-party employers, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies, or for any Personal Data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any Personal Data to these websites or use these services.
 
Changes to Privacy Policy
 
Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. 
 
Contact
 
The data controller responsible for your information is Bright Network.
 
If you have any questions, comments or requests regarding this privacy policy or our use of your Personal Data, you can email gdpr@brightnetwork.co.uk. If you do not think we are handling your Personal Data adequately, you have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, are available at https://ico.org.uk

Bright Network (UK) Limited is registered with the ICO as entry Z1258381.
 
Unauthorised Access

If a Bright Network member (a “Member”) thinks an unauthorised person has become aware of any Bright Network password, they should contact Bright Network immediately. We cannot be responsible for any unauthorised use of a Member's profile or unauthorised activity on the Website.

Transfer of Ownership 

If we sell or transfer Bright Network to another company, this may transfer all of our rights and obligations under these terms and conditions without any further consent and may disclose or transfer all information we hold about Members or prospective Members to a prospective or actual new owner. Such a disclosure or transfer will not alter the rights of such Members in respect of the use that can be made of such information by such other company.