Privacy Policy

  1. DEFINITIONS

    1. Controller – shall mean the Bright MTÜ based based based in Tallinn, Estonia. A company established under the laws of Estonia with its registered seat in the Estonian Register of Non-Profit Associations and Foundations kept by the Tartu District Court, under the registry no: 80593310 Address: Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 3 / 5 / 7, 10145
    2. Personal Data – shall mean information a natural person identified or identifiable by one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, Internet identifier and information collected through cookies and other similar technology.
    3. Policy – this Privacy Policy.
    4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data and repealing Directive 95/46/ EC.
    5. Website – the website operated by the Controller at: https://brightpool.finance/.
    6. User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.

  2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE

    1. In connection with the use of the Website by the User, the Controller collects data to the extent necessary to provide the services offered on the Website, as well as information on the User's activity on the Website. The detailed principles and purposes of the processing of the Personal Data collected during the use of the Website by the User are described in the subsequent provisions of the Policy.

  3. PURPOSES AND LEGAL BASIS OF DATA PROCESSING ON THE WEBSITE

      [USE OF THE WEBSITE]

    1. Personal Data of all persons using the Platform (including IP address or other identifiers and information collected through cookies or other similar technologies), are processed by the Controller:
      1. for the purpose of rendering electronic services within the scope of providing Users with access to the contents collected on the Website – the legal basis for such processing is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR);
      2. for analytical and statistical purposes – the legal basis for such processing is the Controlle's legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of User activity, as well as of User preferences in order to improve functionalities and services provided;
      3. if necessary, in order to establish and assert claims or to defend against claims – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of the protection of the Controller's rights;
      4. for the marketing purposes of the Controller and other entities, specifically related to the presentation of behavioral advertising – the rules of processing Personal Data for marketing purposes have been described in the “MARKETING” section.
    2. User activity on the Platform, including their Personal Data, is recorded in system logs (special computer program used for storing a chronological record containing information about events and actions related to the IT system used for rendering services by the Controller). The information collected in the system logs is processed mainly for the purposes related to the provision of services. The Controller also processes them for technical and administrative purposes, to ensure the security of the IT system and to manage the system, as well as for analytical and statistical purposes – in this regard the legal basis of the processing is the Controller's legitimate interest (Article 6(1)(f) GDPR).

  4. MARKETING

    1. The Controller processes the Personal Data of Users for the purposes of conducting marketing activities, which may involve:
      1. presenting the User with marketing content that is adjusted to such User's preferences (contextual advertising);
      2. presenting the User with marketing content corresponding to such User's interests (behavioral advertising),
      3. sending e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service);
      4. in order to carry out marketing activities, the Controller in some cases uses profiling. This means that thanks to automatic data processing the Controller evaluates selected factors concerning the Users in order to analyze their behavior or to create a forecast for the future. This allows for better adjustment of the displayed content to the individual preferences and interests of the Users.

      2. [CONTEXTUAL ADVERTISING]

    2. he Controller processes users' Personal Data for marketing purposes in connection with presenting Users with contextual advertising (i.e., advertising that is not adjusted to User preferences). In such cases, Personal Data is processed for the purposes of the legitimate interests of the Controller (Article 6(1)(f) of the GDPR).

      3. [BEHAVIORAL ADVERTISING]

    3. The Controller and its trusted partners process the User’s Personal Data, including the Personal Data collected through cookies and other similar technologies, for marketing purposes in connection with presenting Users with behavioral advertising (i.e. advertising adjusted to User preferences).
    4. For a list of trusted partners of the Controller, please see the following.

        [NEWSLETTER]

      1. Subscribing to a newsletter by the Users involves processing their Personal Data, such as the Users’ e-mail addresses. Providing the e-mail address is required in order to provide the newsletter service, and its failure results in the inability to send the newsletter. This form of communication with the User may include profiling.

      2. Personal data shall be processed:

        1. for the purpose of providing the newsletter service – the legal basis for such processing is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR);
        2. in the case of sending marketing content to the User within the newsletter – the legal basis for such processing, including the use of profiling, is the Controller's legitimate interest (Article 6(1)(f) GDPR) in connection with the expressed consent to receive the newsletter;
        3. for analytical and statistical purposes – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of User activity, as well as of User preferences in order to improve functionalities and services provided;
        4. if necessary, in order to establish and assert claims or to defend against claims – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of the protection of the Controller's rights.

  5. SOCIAL MEDIA

    1. The Controller processes Personal Data of Users who visit the Controller's profiles held on social media (Telegram, Medium, Twitter, LinkedIn). The data is processed solely in connection with running the profile, including for the purpose of informing the Users about the Controller's activity and promoting various events, services and products. The legal basis for the processing the Personal Data by the Controller for this purpose is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting in promoting its own brand.
    2. The information indicated in Point 5.1 above does not apply to processing Personal Data by respective Controllers of the above-mentioned social media platforms (Telegram, Medium, Twitter, LinkedIn). For detailed information on the purpose and scope of collecting data by social media platforms, please see the following:
      1. Telegram: https://telegram.org/privacy
      2. Medium: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
      3. Twitter: https://twitter.com/en/privacy
      4. LinkedIn: https://www.linkedin.com/legal/privacy-policy

  6. COOKIES AND SIMILAR TECHNOLOGY

    1. The Website uses necessary cookies managed by Cloudflare to ensure an optimal user experience. The Cloudflare cookies are vital in maintaining the Website’s security, integrity, and availability, managing network traffic, and detecting any unusual or malicious activities.
    2. The Website uses cookies predominantly to ensure efficient operation of the website, remember the choices made by the User on the website, and also analyze and track movement on the Website and adjusting advertising content to User interests.
    3. The legal basis for data processing in connection with the application of the required cookies is the necessity of processing for the purposes of performance of a contract (Article 6(1)(b) of the GDPR).
    4. If the User wishes to obtain detailed information on the purpose and scope of the used cookies, please find the following:https://www.cloudflare.com/privacypolicy/

  7. MARKETING TOOLS USED BY THE CONTROLLER'S PARTNERS

    1. The Controller and its partners use various solutions and tools used for analytical and marketing purposes. Below you will find basic information about these tools. Detailed information in this regard can be found in the Privacy Policy of the respective partner.

      2. [GOOGLE ANALYTICS]

    2. Google Analytics cookies are cookies used by Google to analyze the use of the Platform by the Users, as well as to compile statistics and reports on the functioning of the Platform. Google does not use the collected data to identify the User or does it combine this information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found under the following link: https://www.google.com/intl/pl/policies/privacy/partners

  8. MANAGING COOKIE SETTINGS

    1. Any use of cookies for the purpose of collecting data via such cookies, including obtaining access to data recorded on the User’s device, requires the User’s prior consent. The Controller secures the User’s consent in the Service through the cookies consent management platform.
    2. Consent is not required only in the case of cookies which must be applied to render any telecommunication services (data transmission for the purposes of displaying content)

  9. DURATION OF PERSONAL DATA PROCESSING

    1. The duration of data processing by the Controller depends on the type of service provided and the purpose of processing. As a rule, the data is processed for the duration of the service provision or order processing until the withdrawal of the expressed consent or filing an effective objection to data processing in cases where the legal basis of data processing is the Controller's legitimate interest.
    2. The duration of data processing may be extended if the processing is necessary to establish and assert possible claims or to defend against claims, and thereafter only in the case and to the extent required by law. After the processing time span ends, the data is irreversibly deleted or anonymized.

  10. RIGHTS OF THE USER

    1. The User shall have the right to access the content of the data and to request rectification, erasure, restriction of processing, the right to data portability and the right to object to the processing of the data, as well as the right to lodge a complaint with the supervisory authority dealing with the protection of Personal Data.
    2. To the extent that the User's data are processed on the basis of consent, this consent may be withdrawn at any time by contacting the Controller by email at [email protected]
    3. The User has the right to object to the processing of data for marketing purposes if the processing is carried out in connection with the legitimate interest of the Controller, as well as – for reasons connected with the User's special situation – in other cases where the legal basis of the data processing is the legitimate interest of the Controller (e.g. in connection with the analytical and statistical activities).

  11. DATA RECIPIENTS

    1. In connection with the provision of services, Personal Data will be disclosed to external entities, including in particular providers responsible for the operation of IT systems and entities such as marketing agencies (within the scope of marketing services).
    2. The Controller reserves the right to disclose selected information concerning the User to competent authorities or third parties, who will submit a request for such information on the basis of an appropriate legal basis and in accordance with the provisions of the law in force.

  12. TRANSFER OF DATA OUTSIDE THE EEA

    1. The level of protection for Personal Data outside the European Economic Area (EEA) differs from that provided by the EU law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily by:
      1. cooperating with processors of Personal Data in countries for which there has been a relevant European Commission decision finding an adequate level of protection for Personal Data;
      2. use of standard contractual clauses issued by the European Commission;
      3. application of binding corporate rules approved by the relevant supervisory authority.
    2. The Controller shall always give notice of its intention to transfer Personal Data outside the EEA at the stage of its collection.

  13. CONTACT DETAILS

    1. Contact with the Controller is possible through the e-mail address [email protected]
    2. Contact with the Estonian Data Protection Authority is possible through the e-mail address [email protected] or at the contact details indicated at https://www.aki.ee/et

  14. CHANGES TO THE PRIVACY POLICY

    1. The Policy shall be reviewed on an ongoing basis and updated as necessary.
    2. The current version of the Policy has been adopted and is effective as of 22.7.2021