This agreement is between:
(b) The Provider may disclose information to other companies in the Peninsula group of companies, its contractors, and other organisations including, without limitation;
(c) If the User provides The Provider with information which contains personal data the Provider will process, and the User agrees and authorises it to process that data, in accordance with the General Data Protection Regulation 2018, if the User is a user of BrightHR in the United Kingdom (“Data Protection Laws”). Where the Provider use the terms “personal data”, “data processor” and “data controller” in this agreement the Provider means those terms which are defined in the Data Protection Laws.
(d) If at any time the User does not want the Provider to use its personal data, the User must notify it by email using Support@brighthr.com
(a) The User owns its Customer Data and has sole responsibility for the legality, reliability, integrity, accuracy and quality of that Customer Data.
(b) To the extent that personal data is included in any Customer Data the Provider will process that data on the User’s behalf as a data processor. The Provider will only process such personal data in accordance with the User’s instructions (and the User hereby authorises the Provider to take such steps in the processing of personal data on its behalf as are necessary for the performance of the Provider’s obligations under this agreement).
(c) The Provider will use any Customer Data that the User transfers to it pursuant to this agreement to:
(d) The User warrants and represents that:
(e) The Provider warrants and represents that during the term of this agreement the Provider will:
(g) The Provider may, provide Customer Data that the User transfers to the Provider pursuant to this agreement to:
(h) The Provider may aggregate Customer Data for the purposes of improvement of the service development of new features or for another reason. Where Customer Data is aggregated the Provider warrants that none of the data is personally identifiable.
(i) The Provider may use the Customer Data and contact employees for the purposes of improving the system by seeking feedback about the system from the user.
15. Obligations on BrightHR;
(a) Whilst the Provider aims to provide uninterrupted use of BrightHR, this cannot be guaranteed. The Provider will not be responsible for any failure to perform its obligations under this agreement, in the event that it is prevented from providing a continuous service due to circumstances beyond its control. Wherever possible, the Provider will provide an advance warning notification on BrightHR or by email of any known or planned interruptions and the Provider will use its best endeavours to keep any interruption to as short as possible.
(b) The Provider gives no warranties to the User in respect of the following matters:
(c) The User cannot rely on any statement or representation made by any party prior to the registration of the User as a user of BrightHR.
(d) The Provider agrees that it will use its reasonable skill and care to provide the Services to the User under this agreement.
16. Providers Responsibilities;
(a) The Providers liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise arising under or in connection with this agreement will be limited to an amount equal to the total of all fees paid or payable by the User for its use of BrightHR in the 1-month period in which the claim arose.
(b) The Provider will not be responsible, whether in contract, tort (including negligence or breach of statutory duty), misrepresentation, and restitution or otherwise for any of the following (even if the Provider knew or should have known there was a possibility the User could suffer or incur such loss or damage):
(c) Nothing in this agreement will exclude or limit the liability of either the User or the Provider in respect of:
17. Force Majeure;
Neither party shall be liable for any default arising due to act of God, war, any industrial action including strike and lockout, fire, flood, drought, tempest or other natural disaster, or any other event beyond either party's reasonable control.
(a) Termination of an agreement based on a monthly subscription service;
(b) Termination of an agreement based on a fixed term contract.
20. Which laws govern this agreement?
What information do we collect about you?
We collect information about you when you; visit our website; subscribe to our services; apply for employment with us; attend one of our events; and/or engage in business dealings with us.
How will we use the information about you?
When you visit our website, a record of your visit is made. That data is used anonymously, in order to determine the number of people who visit our website and the most frequently used sections of the site. This enables us to continually update and refine the site. If you use any forms on the website to send an email to us, a record will also be made of any information you enter into these forms which may include your email address and telephone number.
We may collect, hold, use and disclose the information collected to compile statistical data and to; maintain our database; develop/improve our website; respond to any email enquiries; notify you of any upcoming marketing, training or other events; provide you with publications; manage quality control; manage systems administration; attend to compliance issues; provide you or your organisation with advice; determine suitability for employment and for other marketing purposes.
We will not use or disclose your personal information for any other purpose which is not related (or in the case of sensitive information, directly related) to the above purposes without your consent, unless otherwise authorised, required or permitted under the laws of England and Wales. If you no longer wish to receive information about our services, please send an email to firstname.lastname@example.org advising that you do not wish to receive further information.
Will we disclose your data?
Your personal information will only be disclosed to third parties if BrightHR:
Sell or purchase any business or assets it may be the case that we authorise disclosure of selected personal data to prospective sellers or buyers of such business or assets.
If the substantial majority of the assets are sold to a third party. In instances such as this your personal data may be one of the transferred assets.
If BrightHR are required to disclose personal data as a legal obligation to: enforce our Terms and Conditions, protect the property, rights or safety of BrightHR, users of our services or others. In such case information may be exchanged with third party companies or organisations in order to prevent fraud or reduce credit risk.
We set cookies on the BrightHR domain and use third party cookies for example Google Analytics and Marketo.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
This website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses information about your visit in order to compile reports for us on activity on the website and our service. Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate any personal identifiable data with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
We engage in online advertising to keep you aware of what we plan and to help you see and find our services. Like many companies, we target BrightHR banners and adverts to you when you are on other websites and apps. We do this using a variety of digital marketing networks and ad exchanges, and we use a range of advertising technologies like web beacons, pixels, ad tags, cookies, and mobile identifiers, as well as specific services offered by some sites and social networks, such as Facebook’s Custom Audience service and Google’s Customer Match service. The banners and ads you see may be based on information we hold about you, or your previous interaction with BrightHR (for example, the content you read on BrightHR.com) or on BrightHR banners or ads you have previously clicked on.
How to contact us
We will use the personal data provided to us only for its intended purpose, and in accordance with the requirements of the General Data Protection Regulation 2018.
BrightHR will only process personal data in accordance with the User’s instructions, the User retains the responsibilities of the data controller and determines the purposes and means of processing personal data.
The General Data Protection Regulation 2018 defines the rights of the individuals. The User has the responsibility for delivering those rights as the data controller.
Right to be Informed
This statement sets out how the information on BrightHR is to be used. The information provided by which employees can be identified, will only be used in accordance for its intended purpose in accordance with this statement.
What information will be collected?
The following information about employees may be collected:
What is the information used for?
Clients of BrightHR will use the information to maintain current and accurate employee records, which can be used for such purposes as staff administration, payroll, equal opportunities monitoring, absence monitoring, annual leave records, and other employment related matters.
Personal Data will not be used for any other purpose outside of the scope of your employment.
Right to rectification
Should an employee, whose details appear on BrightHR, find any information held about them is incorrect they should notify their line manager at the earliest available opportunity, so that they can address the matter.
Right to Erasure
Should an employee, whose details appear on BrightHR, request the right to erasure, the User must determine whether they have that right. If so they should remove the users record from the system ensuring they delete rather than terminate the user records.
Right of Access
Should an employee, whose details appear on BrightHR, request access to their information they should be granted access to the system or Line Manager should user the ‘User Information’ Report.
Retention of BrightHR records
If a client of BrightHR terminates their service agreement with BrightHR, and remaining data will be retained for a period of 6 years after their service agreement ends before being deleted. This does not affect an individuals right to erasure. The data during the 6 year period will be held securely as described under the Security section below.
We are committed to ensuring that employee information is kept secure at all times, and we will implement appropriate technical and organisational measures against the unauthorised or unlawful disclosure of such information, and so as to prevent its accidental loss, destruction or damage.
Personal access to BrightHR will only be via a secure username and password. The username and password for each individual is unique and only allows access to their own personal information. Only certain authorised staff, who are required to have access to the personal information of other employees for the purposes of their job role, will be authorised and will have the necessary access rights to do so. They will receive relevant training and will be asked to agree to abide by the terms of this Data Protection Statement.
All users of BrightHR should keep their unique user and password strictly confidential. Users of BrightHR must notify us if they become aware of any unauthorised access, and we will notify clients of BrightHR should we become aware of any security breach involving loss, corruption or theft of employee information.
Storage and Encryption
By leveraging the benefits of Cloud Computing all BrightHR Data is stored on highly secure systems. These utilise the latest encryption and security technologies which are ISO/IEC 27001:2013, ISO/IEC 27017:2015 and ISO/IEC 27018 compliant. To maintain our PCI compliance, approved independent security vendors are used by BrightHR to ensure all our systems are scanned for any vulnerabilities.
No personal information held on BrightHR will be passed to third parties, without the consent of the individual employee concerned, unless such disclosure is legally required in accordance with provisions of the General Data Protection Regulation 2018.