Privacy Policy
This privacy notice is a public declaration of how Brightwave Group (part of Capita plc) applies the principles & rights afforded to individuals by the General Data Protection Regulation (GDPR), to the personal data that we store and process.
WHAT INFORMATION DO WE COLLECT, WHO IS COLLECTING IT AND WHY?
Data is being collected by the Brightwave Group of companies (Brightwave Ltd, Brightwave Holdings Ltd and Brightwave Enterprises Ltd), which are wholly owned subsidiaries of Capita Plc, whose registered address is 30 Berners Street, London W1T 3LR. Registered in England No. 0229974.
Brightwave is committed to complying to the 6 principles relating to the processing of personal data under the GDPR in all that we do. These principles are:
- Lawfulness, fairness & transparency.
- Purpose limitation.
- Data minimisation.
- Accuracy.
- Storage limitation.
- Integrity and confidentiality.
We may collect, store and use personal information for the following uses:
- Subscribing to website services, email notifications (including requesting a demo, subscribing to either email notifications or newsletters, requesting a proposal or submitting details of your tender).
- Once submitted via the Brightwave website, information that you provide for these purposes are stored on Brightwave servers, where follow up actions and responses can be best orchestrated.
- If consented (i.e. the check box has been ticked on the form), we may additionally use the information that you supply to us to tell you about new Brightwave products and services. An option to unsubscribe appears at the bottom of each such communication.
- Unless an active customer, we will retain such information for a period of no longer than 5 years, when it will automatically be deleted.
- For tender / RFP based activities we will retain such information for a period of no longer than 6 years, when it will be automatically deleted.
- Responding to voluntarily customer surveys, end of project reviews or providing other types of form-based feedback.
- On submission, we store completed survey responses on Brightwave servers. Provided information is disseminated across related Brightwave business areas as part of continuous improvement activities. Where appropriate, and if used for ongoing reporting, the information will be anonymised.
- The IP address of your browser is automatically captured by default as a function of SurveyMonkey (our current survey tool). This information is surplus to our needs and is permanently removed, upon receipt.
- Unless a current and active customer, personal data within such responses is stored for no longer than 3 years, when it will be automatically deleted.
- If consented (i.e. the check box has been ticked on the form), we may additionally use personal data that you supply to us to tell you about new Brightwave products and services.
- On-boarding of new customers / suppliers.
- A subset of personal data (name, address, key contact details), supplied during customer or supplier on-boarding activities, may be shared to teams situated elsewhere in the Capita Group, these may be located outside of the UK/EEA. Such teams undertake basic administration activities for and on behalf of Brightwave.
- Brightwave Group captures and uses such data for legitimate business purposes only, to the extent of carrying out agreed, contracted service(s).
- Servers used to store data are located within the UK/EEA.
- Unless a current and active customer, personal data will be retained for no longer than 5 years or longer (up to 7 years) when related to UK tax law requirements. After which time the data will be automatically be deleted.
- Information captured as part of course hosting (i.e. customer supplied content).
- Clients upload text, imagery and videos to the Tessello service in order to create E-learning courses (uploaded content).
- Brightwave Group holds such data for legitimate purposes only, as a service provider and sub-processor, on behalf of customer.
- These assets are stored on Brightwave servers, and not used for any purpose other than allowing you to edit your courses and ensuring the continuity of your service.
- We back up this data to encrypted media stored in the cloud (located within the EEA/UK).
- We do not store copies of your uploaded content on any form of removable media.
- We do not recreate any of your uploaded content or show your uploaded content to anyone outside of your own organisation.
- We may view your uploaded content in the course of helping you to complete work on your courses, but we will not access your uploaded content outside of that.
- Personal information is archived to encrypted media in the cloud for a period of 1 year after contract close, then automatically deleted.
- Information derived through using Tessello, Launch and Track or TesselloGo products.
- When Learners view the courses you have created, we collect a variety of data to support allow the reporting functionality of these systems.
- We collect usage data, including pages accessed, answers to questions, and overall results of courses.
- Brightwave Group holds such data for legitimate purposes only, as a service provider and sub-processor, on behalf of customer.
- When purchased and configured, Tessello communities (optional functionality) allows the identities of individual Learners to be seen by other Learners within the same organisation. Configuration can be refined further to restrict visibility to a smaller, more targeted subset of users.
- We do not use or access your learner data, except to provide general usage statistics, and to allow you access to download your own data.
- We will never share this data, or use it for our own purposes, outside of what is detailed above.
- Personal information is archived to encrypted media in the cloud for a period of 1 year after contract close, then automatically deleted.
- Information derived through the creation. organisation, reporting, and resolution of trouble tickets is stored securely on the servers of the respective service.
- Trouble tickets are predominantly created from an e-mail exchange, instigated by the requestor.
- Personal data that forms part of a trouble ticket is not shared outside of Brightwave Group.
- Ticket, user data and any associated attachments are hosted within the European Economic Area (EEA)
- Personal information is archived to encrypted media in the cloud for a period of 1 year after contract close, then automatically deleted.
- Information derived from creating learning courses on your behalf.
- We may share your personal data (i.e. name, contact details) with 3rd parties in the creation and delivery of learning content, such parties provide specialist services on behalf of Brightwave Group.
- Brightwave Group captures and uses such data for legitimate business purposes only, to the extent of carrying out agreed, contracted service(s).
- We do not use or access your learner data, except to provide the contracted content and services.
- The personal data is stored on Brightwave Group servers and will not be transferred outside of the UK or EEA.
- We will never share this data, or use it for our own purposes, outside of what is detailed above.
- Unless otherwise agreed, course content is archived to encrypted media in the cloud (within EEA/UK) for a period of 5 years after contract close.
- Website usage information is collected using cookies.
- We forward completely anonymous usage data to 3rd party services to assist us in providing continuity and improve user experience. This includes but is not limited to Google Analytics (Traffic statistics).
- You can stop or limit (including the retention period) information that is captured while visiting Brightwave Group websites by changing the configuration / settings of your web browser.
- Information derived from job candidate / CV submissions.
- Job candidates upload their CV’s and contact details to Breezy HR, a CV management and aggregator service, where shortlisting is then manually undertaken by Brightwave hiring managers.
- In case a candidate may be relevant to another new role, the CV’s and details of unsuccessful applicants are retained for a period of no less than 12 months, then at which point they are automatically deleted.
- Information derived from work seeking services for associates – this can include:
- Personal information such as name, contact details, work history, education, skills, training, and other onboarding compliance requirements.
- We may use this information to provide work-seeking services, to assess your suitability to work as well as administrative and management purposes in connection with providing work seeking services.
We may use the information you supply us to tell you about new Brightwave (Capita plc companies) products and services. If you would like to opt out from receiving such information, either click on the link provided in each such communication or please email us at privacy@brightwavegroup.com.
LAWFUL BASIS FOR PROCESSING
We process your personal data for our legitimate business interests for operating our business and to fulfil contractual obligations with our clients. We may also process your data to comply with legal obligations we have with HMRC and other government bodies. For all other processing we will obtain your consent before using any of your personal data.
The information collected will be used for:
- sending you general (non-marketing) commercial communications;
- administering the website including improve your browsing experience and enable your use of the services available on the website;
- send you email notifications which you have specifically requested;
- sending to you our newsletter and other marketing communications relating to our business which we think may be of interest to you by email or similar technology where you have specifically agreed to this (you can inform us at any time if you no longer require marketing communications);
- dealing with enquiries and complaints made by or about you relating to the website, and services or other correspondence;
- creating learning content on your behalf;
- orchestrating support services for both our software products and also learning content;
- providing sourced consultancy and work opportunities services which includes holding information provided by associates including contact details, work history, skills and information required by HMRC for processing and retaining associates;
We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.
SHARING OF YOUR INFORMATION
We will not give, sell, rent or lease any personally identifiable information you choose to give us, to any other company. Unless we have your permission, or are required by law, we will only share data you provide, or in working with us, with employees and/or our suppliers, where appropriate.
We may share limited information with other Capita Businesses for legitimate purposes as part of our necessary obligations for internal reporting, processing of invoices and payments and to update existing customers of service and product updates or opportunities available within Capita plc Group.
Your information will not be shared outside of the Capita plc group of companies or any specialist suppliers of content services, related to your specific project, unless required by law.
In addition, we may disclose your personal information:
- to the extent that we are required to do so by law;
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
- to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling; and
- to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
Except as provided in this privacy statement, we will not provide your information to third parties.
INTERNATIONAL TRANSFERS
Information that we collect may be stored, processed and transferred between any of the countries in which we operate in or supply from order to enable us to use the information in accordance with this privacy statement. International transfers outside of the EU, e.g. Capita India and the US will be managed under Privacy Shield agreed terms or via other adequate security assessments and data protection controls (including EU model clauses) to enable us to carry out our service obligations to our clients, suppliers and business partners.
All personal data stored and processed by us is securely stored within the European Union. There is no systematic transfer of data outside of the EU for any other purpose than outlined above.
SECURITY OF YOUR PERSONAL INFORMATION AND RETENTION
Brightwave Group takes information security extremely seriously.
We take all reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information.
We will store all the personal information you provide on our secure (password- and firewall- protected) servers. All electronic transactions you make to or receive from us will be encrypted, where possible.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
Brightwave Group retains your personal information for as long as is necessary or as stipulated within client contracts and does not seek to retain data for any longer than necessary to carry out our service and fulfil our statutory and contractual obligations and comply with laws such as tax.
Once the data has reached the end of its retention period the data is deleted. For further details on the Data Retention, please contact us using the details at the end of this document.
STATEMENT AMENDMENTS
We may update this privacy statement from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.
YOUR RIGHTS
Brightwave Group recognises the further rights of data subjects under the GDPR which include;
- The right to be informed
- The right to erasure
- The right to restrict processing
- The right to portability
- The right to object
- The right to withdraw consent
- The right to complain to the Supervisory Authority
You can read more about these rights here:
https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
HOW TO CONTACT US
You have the right to access the personal information we have registered about you and to request that this information is corrected or deleted if it is inaccurate, incomplete or irrelevant or to complain by contacting us using the details below:
Digital Learning Contact Us (capita.com)
Should we receive an instruction from you about any personal information we hold about you, provision of such information will be subject to the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
If you are unhappy with our response, you have the right to complain to the Supervisory Authority, the details of which are below:
Supervisory Authority: Information Commissioner’s Office (ICO)
Website: https://ico.org.uk/concerns/
Email: casework@ico.org.uk