Privacy Policy

Introduction

brightonix S.A. ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, use our services, or interact with us.

As a Belgian company operating within the European Union, we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy outlines your rights regarding your personal data and how we handle the data we collect from you.

Data Controller

The data controller responsible for your personal data is:

Data Collection

We collect personal data that you voluntarily provide to us when you use our website, request our services, or contact us. The data we collect includes information you provide directly and information we automatically collect through your use of our website and services.

Information You Provide Directly

When you contact us, request a quote, or use our services, we may collect the following personal data:

• Name and contact details (email address, phone number)
• Company name and business information
• Project requirements and service preferences
• Communication records and correspondence
• Payment information (when processing transactions)

Automatically Collected Information

When you visit our website, we automatically collect certain technical information:

• IP address and browser information
• Device type and operating system
• Website usage data and navigation patterns
• Cookies and similar tracking technologies (see our Cookie Policy for details)

How We Use Your Information

We use your personal data for legitimate business purposes and in accordance with applicable data protection laws. The specific purposes for which we use of your data include:

• Service Provision: To deliver software development services, respond to your enquiries, and manage our business relationship
• Communication: To contact you regarding your projects, provide customer support, and send important updates about our services
• Business Operations: To process payments, maintain records, and conduct internal business operations
• Legal Compliance: To comply with applicable laws, regulations, and legal obligations
• Website Improvement: To analyse website usage and improve our online services and user experience

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contractual necessity: To perform our contractual obligations and deliver services
• Legitimate interests: For business operations, communication, and service improvement
• Consent: Where you have provided explicit consent for specific processing activities
• Legal compliance: To fulfil our legal and regulatory obligations

Data Sharing and Disclosure

brightonix does not sell, trade, or rent your personal data to third parties. We may share your information only in the following limited circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our business (e.g., hosting providers, payment processors)
• Legal Requirements: When required by law, regulation, or legal process
• Business Transfers: In connection with a merger, acquisition, or sale of business assets
• Protection of Rights: To protect our rights, property, or safety, or that of others

All third parties with whom we share data are required to maintain appropriate security measures and use your data only for the specified purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations. Our data retention periods are determined based on:

• The nature of the data and the purposes for which it is processed
• Legal and regulatory requirements
• The duration of our business relationship
• Legitimate business needs and interests

Generally, we retain client data for the duration of our business relationship plus seven years for accounting and legal compliance purposes. Website usage data and cookies are typically retained for shorter periods as specified in our Cookie Policy.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: You can request information about the personal data we hold about you
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data in certain circumstances
• Right to Restrict Processing: You can request limitation of how we process your data
• Right to Data Portability: You can request transfer of your data in a structured format
• Right to Object: You can object to certain types of processing
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month of receipt.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Employee training on data protection practices
• Secure backup and recovery procedures

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but commit to maintaining industry-standard security practices.

International Data Transfers

As a European company, we primarily process data within the European Economic Area (EEA). If we need to transfer your personal data outside the EEA, we ensure adequate protection through:

• European Commission adequacy decisions
• Standard contractual clauses approved by the European Commission
• Other appropriate safeguards as recognised under GDPR

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and analyse website usage. For detailed information about our use of cookies, including types of cookies, purposes, and how to manage your preferences, please refer to our Cookie Policy.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please contact us using the following details:

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit) if you believe we have not handled your personal data appropriately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make significant changes, we will notify you by posting the updated policy on our website and updating the "last updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our services after any changes constitutes acceptance of the updated policy.

Governing Law

This Privacy Policy is governed by and construed in accordance with Belgian law and European Union data protection regulations, including the General Data Protection Regulation (GDPR). Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the Belgian courts.