Privacy Policy

Introduction and Scope

At BrightGrowably, we believe transparency about data collection and usage builds the foundation for trust. This comprehensive privacy policy explains how we collect, process, store, and protect your personal information when you interact with our platform at brightgrowably.com, engage with our business leadership programmes, or communicate with our team based in Northampton, United Kingdom.

Our commitment extends beyond mere compliance with data protection regulations. We've designed our data practices around the principle that your information belongs to you, and we're simply custodians helping deliver the educational resources and business insights you're seeking. This policy applies to all users, whether you're browsing our content, participating in our learning programmes, or engaging with our business leadership resources.

Information We Collect

Understanding what information we collect helps you make informed decisions about your interaction with our platform. We've categorised the data we collect to provide clarity about our practices and the purposes behind each type of information gathering.

We collect this information through various means: directly from you when you voluntarily provide it, automatically through your use of our website, and occasionally from third-party services that help us deliver our educational content. We never purchase personal data from data brokers or engage in practices that would compromise your privacy expectations.

How We Use Your Information

Every piece of information we collect serves specific purposes aligned with delivering valuable business leadership education and maintaining our platform's security and functionality. We don't engage in practices that would surprise or mislead you about how your data supports our educational mission.

• Delivering personalised learning experiences and programme recommendations based on your interests and previous interactions
• Communicating important updates about programmes, schedules, and educational opportunities relevant to your interests
• Providing technical support and responding to your enquiries about our services and educational content
• Improving our website functionality, content quality, and user experience through analysis of usage patterns
• Ensuring platform security by monitoring for suspicious activity and preventing unauthorised access
• Meeting our legal obligations and protecting our legitimate business interests while respecting your privacy rights

Our use of your information always aligns with the original purpose for which it was collected or compatible purposes that you would reasonably expect. We don't repurpose your data in ways that would be surprising or inconsistent with your relationship with BrightGrowably.

Data Sharing and Third Parties

We maintain strict control over your personal information and only share it in specific circumstances that support our educational services or meet legal requirements. Our approach prioritises data minimisation, meaning we only share what's necessary for the specific purpose.

We may share your information with carefully selected service providers who help us deliver our educational programmes, including email service providers for communications, learning management systems for programme delivery, and payment processors for secure transactions. These partners operate under strict data processing agreements that limit their use of your information to the specific services they provide for us.

We never sell, rent, or trade your personal information to third parties for their marketing purposes. Any sharing occurs only when necessary to provide services you've requested, when required by law, or when necessary to protect our rights or the safety of our users. In cases where legal disclosure is required, we make reasonable efforts to notify affected users unless prohibited by law.

Your Privacy Rights

We believe you should have meaningful control over your personal information. These rights ensure you can make informed decisions about your data and take action when needed. We've designed straightforward processes to help you exercise these rights without unnecessary barriers.

To exercise any of these rights, contact us using the information provided at the end of this policy. We respond to most requests within one month, though complex requests may require additional time. We may need to verify your identity before processing requests that involve access to or changes to your personal information.

Data Security and Protection

Protecting your personal information requires multiple layers of security measures, regular monitoring, and continuous improvement of our protective systems. We understand that data security isn't just about technology—it's about creating a culture of privacy protection throughout our organisation.

Despite our comprehensive security measures, no system is completely immune to security risks. In the unlikely event of a data breach that could affect your personal information, we'll notify you and relevant authorities within the timeframes required by applicable data protection laws, along with information about the incident and steps we're taking to address it.

Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, meet our legal obligations, and protect our legitimate interests. Our retention practices balance your privacy interests with our need to provide ongoing services and meet regulatory requirements.

When retention periods expire or when you request deletion of your information, we securely delete or anonymise your personal data using industry-standard methods. Some information may be retained in anonymised form for statistical analysis and service improvement, but this information cannot be used to identify you personally.

International Data Transfers

While our primary operations are based in the United Kingdom, some of our service providers may process your information in other countries as part of delivering our educational services. We ensure that any international transfers of your personal data receive appropriate protection through recognised safeguards.

When we transfer personal data outside the UK, we rely on adequacy decisions from the UK government, standard contractual clauses approved by data protection authorities, or other legally recognised transfer mechanisms. These safeguards ensure your information receives protection equivalent to UK data protection standards, regardless of where it's processed.

We regularly review our international data transfer practices to ensure they remain compliant with evolving data protection requirements and provide appropriate protection for your personal information throughout its processing lifecycle.

Changes to This Policy

Our privacy practices evolve as we enhance our services and respond to changing regulatory requirements. We review this privacy policy regularly and update it when necessary to reflect changes in our data processing activities or legal obligations.

When we make significant changes to this privacy policy, we'll notify active users through email or prominent notices on our website before the changes take effect. For minor updates that don't materially affect your rights or our data processing activities, we'll update the "last modified" date at the top of this policy.

We encourage you to review this privacy policy periodically to stay informed about how we protect your personal information and your privacy rights. Your continued use of our services after policy updates indicates your acceptance of the revised terms.