We collect personal information you choose to share with us and our partners so we can provide you with a more customized experience. Your information is kept secure through industry norms, but security can be breached, especially if you are not careful with protecting your username and password. You can modify your information through your account settings, but we may retain your information on an aggregate, non-personally identifiable basis for bona fide business purposes even if you are no longer a registered user or customer.
- Company websites, pages, sites, systems, accounts accessible through any internet connected device.
- Website, co-store, bright sites, bright orders, bright stores billing, simple stores and or any website, system or service created, hosted or powered by Company
By visiting or using the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Agreement.
What Information We Collect
Information You Provide to Us
We obtain personal information from various sources. You provide some of it directly (such as by registering for an Account). Or your Account data may be pre- loaded to our sites by our client (Promotional Products Distributors or Supplier) or the company you associate with. Data may be added via Single Sign On, API, CSV Upload, or by individual adding of accounts and user data.
You don't have to create an account to use some of our Services. The configuration of your site will determine the information collected. These configurations are determined by our clients and end user clients. If you do choose to create an account and sign up for a Service, we may collect a variety of information from you for that Service based on what you provide to us, such as: name and email or physical address. If you are paying for the Service, standard payment and billing information is required. We do not require users to provide their race, ethnicity, medical information, SSN, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual orientation or criminal record in their account. Please do not post or add personal data to your account that you would not want to be publicly available. Depending on which Services you choose to use, additional information may be collected and stored, if necessary in order for us to provide a particular Service. Such information includes:
- Biographical and professional information, association affiliation, demographic data, and financial information.
- Information responsive to polls or surveys, or requested in order to provide information about our business, employment, products, or services.
- Transactional information based on your activities on the website.
- Shipping, ordering, billing, and other similar information you provide to purchase or ship an item or service.
- Community discussions, chats, dispute resolution, correspondence through the Website and correspondence sent to us.
- Computer sign-on data, time and date data, statistics on page views, your IP address, the type of computing environment you use, and traffic to and from the Website (including data about you whenever you interact with the Website, such as when you search, click on links, send messages, make comments, replies or queries, and select best replies).
- Other technical information or data collected from Website traffic, including IP address and standard web log information and information gathered from cookies, beacons, and other mechanisms.
- Supplemental or additional information we may request from you in the event previous information you’ve provided cannot be verified.
- Your content and any other information that you choose to make available via the Website or that other users of the Website share about you.
- Other information that you voluntarily provide to us.
Information Collected Automatically by Us
Whenever you interact with our Service, we automatically receive and record technical information such as your device, IP address, "cookie" information, the version of your operating system ("OS"), and the page you requested. When you use the Service on a mobile platform, we may also collect and record your unique device ID (persistent / non-persistent), hardware type, media access control ("MAC") address, international mobile equipment identity ("IMEI"), your device name, and your location (based on your IP address). We may also collect information regarding your activity on the Service (both individually and on an aggregate basis) and your interactions with other users of the Service.
Using Other Sites to Log Into our Websites or Services
Some users may choose to connect to our Websites or Services using third-party account credentials (for example, Single Sign On services or provider, purchasing service provider using PunchOut Integrations). If you choose to connect your account using a third-party account, you understand some of your Information may be shared with us or the respective third-party platform. Your information may also be subject to separate policies of such third-party platform. You should review those policies before providing consent. Connecting your account to third-party applications or services is optional.
Why We Collect and How We Use Your Information
How we use your Information will depend on which Services you use, how you use those Services and the choices you make in your settings. The primary reason we collect information is to provide and improve our Services, manage your account and subscription to our Service, and to provide you with a more customized experience on our Services.
The following is a summary of more specific ways we may use your personal information:
- To provide payment processing and account management, operate, measure and improve our Services, keep our Services safe, secure, and operational, and customize Website content
- To contact you regarding your account, to respond to your requests or questions, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed or as otherwise necessary to provide you customer service.
- To send you transactional communications. For example, we might send you emails about your purchase. We might also contact you about this policy or our website terms.
- To provide other services requested by you as described when we collect the Information.
- To improve our Services, for example by reviewing information associated with stalled or crashed pages experienced by users allowing us to identify and fix problems and give you a better experience.
- For security purposes. To prevent, detect, mitigate, and investigate fraud, security breaches o other potentially prohibited or illegal activities and/or attempts to harm our users.
- To monitor and improve the information security of our Websites.
- To enforce our Terms of Service, this Policy, or other policies, and to monitor for violations of our policies or applicable laws.
We also use Information as otherwise described in this Policy, permitted by law, or as we may notify you.
How Your Information is Shared
We share your information with third parties as listed below and as otherwise described elsewhere in this policy.
- Service Providers
We employ and allow third parties to perform tasks on our behalf, including, but not limited to, email send and services, data center hosting, security monitoring and compliance, and we need to share your Information with them in order for them to provide such products and services. Unless we tell you differently or you consent otherwise, these third parties will remain governed by security and confidentiality obligations consistent with this Policy and applicable law. All other service providers such as shipping, sales tax, forms, order processing, payments and notifications, system access and all other integrations are elected by Client and such Client assumes responsibility for Information shared with these service providers
- Company Affiliates
Subject to applicable laws, we may share your Information with companies with whom the Company is affiliated or related to (e.g., parent company or subsidiaries), and will require such affiliated or related companies to use the Information solely in accordance with this Policy
- Business Transfers
We may choose to buy or sell BSI’s assets. In these types of transactions, customer Information is typically one of the business assets that would be transferred. Also, if we (or our assets) are acquired or merged, or if we go out of business, enter bankruptcy, or go through some other change of control, Information would be one of the assets transferred to or acquired by a third party.
- Protection of Company and Others
We reserve the right to access, read, preserve, and disclose any Information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements;
- BrightStores Direct Sites
- Aggregated and Anonymized Information
We may also share (within our affiliated entities or with third parties) aggregated or anonymized information that does not explicitly identify you or any individual user of our Services. This disclosure will not share any personal information of individual users but is intended to give a broad overview of Service’s membership.
The Security and Storage of Your Information
All systems are hosted on the Google Cloud Platform. Google Cloud offers unsurpassed security, reliability, and redundancy ensuring that all store, user, order, and account data is protected. This is done in part with Google’s end-to-end security model and multi-layered infrastructure Data is encrypted in transit and at rest using HTTPS protocol. BrightStores maintains firewalls, a full threat management suite, and a security team delivering true defense in depth and at scale. When it comes to preventing the threat of distributed denial of services (DDoS) attacks, we utilize Google Cloud Armor. Google Cloud Armor provides defense at scale using Google’s global infrastructure and security systems. When you launch your Company Store with BrightStores, you are taking advantage of Google’s worldwide network providing reliability, redundancy, and uptime. With multiple points of presence across the globe, we provide strong redundancy, low latency, and high responsiveness, keeping your stores online and running fast.
PCI DSS (Payment Card Industry Data Security Standard) is a set of network security and business guidelines adopted by the PCI Security Standards Council to protect customer’s payment card information and personal data. All Company Stores in Bright Sites are PCI Compliant. To keep our PCI Compliance status, we regularly maintain a highly secure system environment. For Network Security, all systems at BrightStores, including Bright Sites, are built with security as a core design and development requirement. Our secure architecture includes access control, multi-factor authentication, encryption, and state-of-the-art defenses against cyber attacks. For secure Credit Card Processing, all Bright Sites Company Stores that accept credit cards as payments follow strict security guidelines. Credit card data never reaches the Bright Sites systems and is securely redirected via iframe and tokenization. BrightStores proactively regularly tests and improves networks and systems. Vulnerability scans, internal and external penetration tests are completed regularly. Test results are analyzed and adjustments are made to continually improve security.
Our main goal is to protect all customer data and allowing our customers to conduct business. We have a variety of safeguards and policies in place to make sure our systems are secure, regularly backed up, and that your order and customer details are always kept confidential. To protect against malicious activities, automatic backups are completed every night of the week in the Google Cloud Platform, with at least 7 days retention (up to 14). In case of a Disaster, we utilize sophisticated monitoring and deferrence systems that immediately alerts our Disaster Recovery Team of a complete or partial system failure. We have multi-step process in place to safely restore IT Functionality in Mission Critical Systems as soon as possible. Our Disaster Recovery plan is tested and updated annually or as needed. Our Business Continuity plan is reviewed and optimized annually as a proactive plan to avoid and mitigate risks to business operations. Our plans identify mission critical systems, data backup and recovery, and include basic steps to maintain operations in the event of an unforeseen disaster. Security Policy Systems and data security is at the forefront of every industry and is critical to the success of all clients, large and small. Our Security Policy is a vital part of our overall security plan. Our policies are continually updated with the ever changing security needs and requirements and provide clear guidance for encryption, use, passwords and more.
You may find the above security information and more here.
Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Information by selecting and protecting your password and/or other sign-on mechanism appropriately. To help protect your Information, you should not share your account information or password, reuse your password on other sites, or use a password you have used on other sites.
What Information You Can Access
Through your account settings for the Service, you may access or edit Information you’ve provided and your record of interactions with the Service. Such Information and interactions, and your ability to update them, will vary based on the Service.
- Right to Access and Control Your Information
We provide many choices about the collection, use, sharing, and deletion or anonymization of your Information. Individuals located in certain countries, including the European Economic Area, and certain States, including California, have certain rights related to their personal Information. Subject to any exemptions provided by law, you may have the right to request the following for personal data that we have about you:
- Delete Information: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide Services to you).
- Change or Correct Information: You can edit some of your Information through your account. You can also ask us to change, update, or fix your Information in certain cases, particularly if it’s inaccurate.
- Object to, or Limit or Restrict, Use of Information: You can ask us to stop using all or some of your information (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your Information is inaccurate or unlawfully held).
- Right to Access and/or Take Your Information: You can ask us for a copy of your Information and can ask for a copy of Information you provided in machine-readable form.
- We never sell your Information As such, it is not necessary that a user opts out of the sale of personal information.
You may contact us using the contact information in Section 9 below, and we will consider your request in accordance with applicable laws and in the applicable time frame.
- What Choices You Have
You can always opt not to disclose Information or to disable certain tools on your browser or device. However, this may limit your ability to fully utilize the Service.
You may be able to add, update, or delete Information as explained above. When you update Information, however, we may maintain a copy of the unrevised Information in our records. Please note that some anonymized Information may remain in our records for legitimate business reasons even after your deletion of such Information, such as our analyzing aggregated data regarding past usage of the Service, but not in a manner that would identify you personally.
- Account Closure
If you wish to delete your account, you can do so by logging into your account or by emailing us using the contact details provided in Section 9 below. After it is no longer necessary for us to retain your Information, we will dispose of it in a secure manner according to our data retention and deletion policies, except as noted in Section 7 below.
If at any time you choose to opt out from allowing us to use your Information in the future, contact us directly via email to firstname.lastname@example.org. Upon receipt and process of an opt-out request, we will, within a legal and commercially reasonable period of time, remove your Information from any applicable listings.
How Long We Retain Your Information
We generally retain your Information as long as reasonably necessary to provide you the Services or to comply with applicable law. However, even after you deactivate your account, we can retain copies of Information about you and any transaction or Services in which you may have participated for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce our Terms of Service or other applicable agreements or policies, or to take any other actions consistent with applicable law. If a user deletion request has been received and processed, we will no longer retain personal information.
Information you have shared with others (e.g., through comments or other posts) will remain visible after you close your account or delete the information from your own account, and we do not control data that other users copied out of our Services.
We may modify this Policy and our Terms of Service from time to time. If we make material changes to it, we will provide you notice through the Service, the Website, via email or by other means, to provide you the opportunity to review the changes before they become effective. You shall be responsible for reviewing and becoming familiar with any such modifications. If you object to any changes, you may close your account or discontinue use of the Services. Your continued use of our Services after we publish or send a notice about our changes to these terms means you are consenting to the updated terms.
Questions or Concerns
If you have any questions or concerns regarding our Policy, please send us a detailed message at the address below, and we will try to resolve your concerns.
1430 Larimer Street, Suite 200
Denver, CO 80202
Attn: Privacy/Legal Department
It is possible that we will need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to:
- Investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies.
- Enforce our agreements with you.
- Investigate and defend ourselves against any third party claims or allegations.
- Protect the security or integrity of our Service (such as by sharing with companies facing similar threats).
- Exercise or protect the rights and safety of the Company, our users, personnel, or others. We attempt to notify users about legal demands for their personal data when appropriate in our judgement, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague, or lack proper authority, but we do not promise to challenge every demand.