Privacy Policy

Introduction

BrightFront SARL ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website brightfront.world or use our services.

This policy applies to all personal data we process in connection with our strategic planning framework services for enterprises.

Data Controller Information

The data controller responsible for your personal data is:

Data Collection

We collect and process the following types of personal data:

• Contact Information: Name, email address, phone number, company details, and postal address when you contact us or use our services
• Communication Data: Records of correspondence and communications with us, including enquiry forms and consultation requests
• Website Usage Data: Information about how you use our website, including IP address, browser type, pages visited, and time spent on our site
• Technical Data: Device information, operating system, and other technical identifiers
• Marketing Data: Your preferences regarding marketing communications and promotional materials

How We Use Your Information

We process your personal data for the following purposes and under the following legal bases:

• Service Delivery: To provide our strategic planning framework services and respond to your enquiries (Legal basis: Contract performance and legitimate interests)
• Communication: To communicate with you about our services, respond to your questions, and provide customer support (Legal basis: Contract performance and legitimate interests)
• Website Improvement: To analyse website usage and improve our online services (Legal basis: Legitimate interests)
• Marketing: To send you information about our services that may be of interest to you, where you have consented or where we have legitimate interests (Legal basis: Consent or legitimate interests)
• Legal Compliance: To comply with legal obligations and protect our legal rights (Legal basis: Legal obligation and legitimate interests)

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our use of cookies, please see our Cookie Policy.

Data Sharing and Disclosure

We may share your personal data in the following circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our business, such as website hosting, analytics, and communication tools
• Legal Requirements: When required by law, regulation, or legal process, or to protect our rights and interests
• Business Transfers: In connection with any merger, acquisition, or sale of business assets

We do not sell, trade, or otherwise transfer your personal data to third parties for their marketing purposes without your explicit consent.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Contact and enquiry data: Retained for up to 7 years for business and legal purposes
• Website analytics data: Retained for up to 26 months in line with Google Analytics retention settings
• Marketing data: Retained until you withdraw consent or for up to 3 years if based on legitimate interests
• Legal compliance data: Retained as required by applicable laws and regulations

Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of processing in certain circumstances
• Right to Data Portability: Request transfer of your personal data to another organisation
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us using the details provided below.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Secure data transmission using encryption protocols
• Regular security assessments and updates
• Access controls and authentication measures
• Staff training on data protection and security

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or other approved transfer mechanisms under GDPR.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Complaints

If you believe that your data protection rights have been breached, you have the right to lodge a complaint with the relevant supervisory authority. In Luxembourg, this is the Commission Nationale pour la Protection des Données (CNPD).

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date at the top of this page.

Governing Law

This Privacy Policy is governed by Luxembourg law and the General Data Protection Regulation (GDPR). Any disputes arising from this policy will be subject to the jurisdiction of Luxembourg courts.