BrightTALK Privacy Policy

BrightTALK Privacy Policy

Last Updated May 1, 2024

1. This Policy

This Policy is issued by BrightTALK Inc. (“BrightTALK”) and is addressed to individuals outside our organization with whom we interact, including visitors to our website and other users of our services (together, “you”). BrightTALK is a wholly owned subsidiary of TechTarget, Inc. Defined terms used in this Policy are explained in Section (14) below. For the purposes of this Policy, BrightTALK is acting solely as the Controller of Personal Data. Contact details are provided in Section (13) below. This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.

2. Processing Your Personal Data

Collection of Personal Data: We may collect Personal Data about you as provided in this Policy. Examples of sources from which we may collect Personal Data include the following:

  1. We may obtain your Personal Data when you provide it to us (e.g., where you contact us via email, chatbot interactions, or telephone, or by any other means).
  2. We may collect your Personal Data in the ordinary course of our relationship with you (e.g., in the course of administering your BrightTALK account).
  3. We may collect Personal Data that you manifestly choose to make public, including via our website.
  4. We may receive your Personal Data from third parties who provide it to us (e.g., social media platforms via plugins).
  5. We may collect or obtain Personal Data when you visit our website or use any features or resources available on or through our website or services, including chatbots or other service features. When you visit our website or use our services, your device and browser will automatically disclose certain information, some of which may constitute Personal Data (see below). When you voluntarily share Personal Data with us through our chatbots, you are giving us permission to monitor, collect, and record the Personal Data. We will have a disclaimer that your chat will be recorded and monitored within the chat before you share any personal data. By using tools and technologies, you consent to your conversations being monitored and recorded.

Creation of Personal Data: We may also create Personal Data about you, such as records of your interactions using our website, and details of your account history.

Categories of Personal Data: The categories of Personal Data about you that we may Process include:

  1. Personal details: given name(s); preferred name; gender; nationality; photograph; preferences; personal photo/image; and account settings.
  2. Contact details: telephone number; email address; mailing address; and social media profile details.
  3. Professional details: professional profile details; association memberships; qualifications and company insight data.
  4. Device details: device type, operating system, browser type, browser settings, browsing information, IP address, language settings, dates and times of connecting to our website and other technical communications information.
  5. Payment details: billing address; bank account number or credit card number; cardholder or accountholder name; card or account security details; card ‘valid from’ date; card expiry date.
  6. Usage details: records of your use of our website and other services, including registrations; details of content with which you interact; votes; questions; downloads; ratings; feedback; profile views; search queries; anonymous viewings; page views; player clickstream; chapters; and favorite moments.
  7. Analysis data: keywords, communities, trends, content quality and content importance.
  8. Views, opinions and interests: any comments, ratings, views or opinions that you choose to send to us, post via our website or through the services, via a survey, or publicly post via social media platforms; your community interests and solution interests.

Lawful basis for Processing Personal Data: In Processing your Personal Data in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases, depending on the circumstances:

  1. we have obtained your prior express consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way);
  2. the Processing is necessary in connection with any contract that you may enter into with us;
  3. the Processing is required by applicable law;
  4. the Processing is necessary to protect the vital interests of any individual; or
  5. we have a legitimate interest in carrying out the Processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.

Processing your Sensitive Personal Data: We do not seek to collect or otherwise Process your Sensitive Personal Data, except where:

  1. the Processing is required or permitted by applicable law (e.g., to comply with our diversity reporting obligations);
  2. the Processing is necessary for the detection or prevention of crime (including the prevention of fraud);
  3. the Processing is necessary for the establishment, exercise or defense of legal rights; or we have, in accordance with applicable law, obtained your prior explicit consent prior to Processing your Sensitive Personal Data (as above, this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).

Purposes for which we may Process your Personal Data: The purposes for which we may Process Personal Data, subject to applicable law, include:

  1. Our website: operating and managing our website; providing content to you; displaying advertising and other information to you; and communicating and interacting with you via our website.
  2. Provision of services to you: providing our website and other services to you (including suggesting content that may be of interest to you, based on your past activity); communicating with you in relation to those services; recommending content that may be of interest to you; and recommending your content to others.
  3. Marketing communications: communicating with you via any means (including via email, telephone, text message, social media, post or in person) news items and other information in which you may be interested, subject to ensuring that such communications are provided to you in compliance with applicable law.
  4. Disclosing Personal Data to our clients: in accordance with the provisions of this Policy and applicable law, we may disclose certain Personal Data to our clients. Our clients may contact you with information that may be of interest to you, provided that such communication is not otherwise in breach of applicable laws.
  5. Communications and IT operations: management of our communications systems; operation of IT security; and IT security audits.
  6. Health and safety: health and safety assessments and record keeping; and compliance with related legal obligations.
  7. Financial management: sales; finance; corporate audit; and vendor management.
  8. Surveys: engaging with you for the purposes of obtaining your views on our website or our services.
  9. Improving our website and our services: identifying issues with existing website and our services; planning improvements to existing website and our services; creating new website and our services.

3. Disclosure of Personal Data to Third Parties

We may disclose your Personal Data to other entities within the BrightTALK group, in accordance with applicable law. In addition, we may disclose your Personal Data to:

  1. our clients, subject always to compliance with the terms of this Policy and the requirements of applicable law;
  2. other users, pursuant to our User Agreement, who may see your profile details in your public profile setting, such as name, job title, organization, country, photos, website activity and history, and comments, unless you choose to hide yourself from other users upon viewing a particular webcast;
  3. legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
  4. accountants, auditors, lawyers and other outside professional advisors to BrightTALK, subject to binding contractual obligations of confidentiality.
  5. third party Processors (such as IT service providers or other third party service providers we use for operational purposes), located anywhere in the world, subject to the requirements noted below in this Section (3);
  6. any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights;
  7. any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security; and
  8. any relevant third-party acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation)

‍If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to  binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior  written instructions; and (ii) use measures to protect the confidentiality and security of the Personal  Data; together with any additional requirements under applicable law.

4. Transfer of Personal Data

We may disclose your Personal Data to other entities within the BrightTALK group, in accordance with applicable law. In addition, we may disclose your Personal Data to:

  1. our clients, subject always to compliance with the terms of this Policy and the requirements of applicable law;
  2. other users, pursuant to our User Agreement, who may see your profile details in your public profile setting, such as name, job title, organization, country, photos, website activity and history, and comments, unless you choose to hide yourself from other users upon viewing a particular webcast;
  3. legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
  4. accountants, auditors, lawyers and other outside professional advisors to BrightTALK, subject to binding contractual obligations of confidentiality;
  5. third party Processors (such as IT service providers or other third-party service providers we use for operational purposes), located anywhere in the world, subject to the requirements noted below in this Section (4);
  6. any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights;
  7. any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security; and
  8. any relevant third-party acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation)

If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to:

(i) only Process the Personal Data in accordance with our prior written instructions; and

(ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.

In accordance with applicable laws, your Personal Data may be transferred to, stored at and processed  by us and our third party providers outside the country in which you reside, including the United  States, where data protection and privacy regulations may not offer the same level of protection as in  other parts of the world. We have adopted Standard Contractual Clauses and/or another appropriate legal basis for transfers of Personal Data, as applicable.  

5. Data Security

We have implemented appropriate technical and organizational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with applicable law. These measures include, but are not limited to, the implementation of current security technologies and processes to protect your Personal Data from loss, misuse and unauthorized access, disclosure, alteration or destruction. Our security systems include authenticated access to internal databases, regular audits of processes and procedures, scheduled reviews of overall web security, and the use of restrictions of access to Personal Data in our possession. Additionally, we use encryption (HTTPS/TLS) to protect data transmitted to and from our website. While BrightTALK maintains secure methods of transferring Personal Data, we are not responsible for other methods that you may choose to send data, and you shall ensure that any Personal Data you send to us is securely sent.

6. Data Privacy Framework / Notice

BrightTALK complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  BrightTALK has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  BrightTALK has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

BrightTALK receives Personal Data about individuals in the EU, UK and Switzerland, including website visitors, members, service providers, contractors, and other third parties. The Personal Data collected, its purposes, its uses, and the third parties to whom we disclose such data are described in Sections 2, 3, and 4 above. BrightTALK remains responsible for all onward transfers of Personal Data from the EU, UK, and Switzerland to third parties who process Personal Data in a manner inconsistent with the DPF, unless BrightTALK can provide that we are not responsible for the event giving rise to the damage.

The U.S. Federal Trade Commission has jurisdiction over our compliance with the DPF. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the DPF or otherwise wishing to access their Personal Data, limit its use and disclosure, or exercise other applicable data privacy rights should first contact us using one of the contact methods provided in section 13 “Contact Us” below.

In compliance with the DPF, BrightTALK commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF-related complaint from us, or if we have not addressed your DPF-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. For more information regarding your right to binding arbitration please see Annex I of the DPF, available on the DPF website.

This policy may be amended or modified from time to time consistent with the DPF.

7. Data Retention

We will retain copies of your Personal Data in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Policy, unless applicable law requires a longer retention period. To determine the appropriate retention period for Personal Data, we consider  the amount, nature, and sensitivity of the Personal Data, potential risk of harm from unauthorized use  or disclosure of your Personal Data, purposes for which we process your Personal Data and whether  we can achieve those purposes through other means, and applicable legal requirements. We will retain users of our services’ Personal Data for so long as a user’s account remains in existence or as needed to provide our services, to comply with our legal obligations, to resolve disputes, and to enforce our agreements.  

8. Legal Rights For EEA, Swiss, and UK Residents

Subject to applicable law, you may have a number of rights regarding the Processing of your Personal Data as a resident of the European Economic Area (“EEA”), Switzerland (“Swiss”), or United Kingdom (“UK”), including:

  1. the right to be informed of the processing of your Personal Data;  
  2. the right to request access to, or copies of, your Personal Data that we Process or control;
  3. the right to request rectification of any inaccuracies in your Personal Data that we Process or  control;
  4. the right to request, on legitimate grounds:
  5. erasure of your Personal Data that we Process or control; or
  6. restriction of Processing of your Personal Data that we Process or control;
  7. the right to object, on legitimate grounds, to the Processing of your Personal Data by us or on our behalf;
  8. the right to have your Personal Data that we Process or control transferred to another Controller, to the extent applicable;
  9. where we Process your Personal Data on the basis of your consent, the right to withdraw that consent; and
  10. the right to lodge complaints with a Data Protection Authority regarding the Processing of your Personal Data by us or on our behalf

This does not affect your statutory rights.

To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please use this form or the contact details provided in Section (13) below.

Information for Authorized Agents – Authorized Agents who have the regulatory authority to submit a request may use our Authorized Agent Portal available here to submit rights requests on behalf of individuals from whom they have received prior authorization to act on their behalf.

In order to ensure the security of an individual’s Personal Information, we ask that all requests from Authorized Agents be submitted via this method. Evidence of a signed authorization to act on the behalf of the individual that is the subject of the request, should be submitted as a PDF as part of this process. Authorized Agents must also attest to their legal authority to submit information on the behalf of each individual they represent. Please note, if an authorized agent is unable to provide proof of authorization, their request may be rejected.

Providing missing or inaccurate Personal Information on behalf of the individual you are representing may also result in the request being denied, unless that information is promptly corrected by the Authorized Agent.

9. Legal Rights for California Residents

California consumers may have additional rights as described in the California Consumer Privacy Notice found here, which is hereby incorporated into this Policy by reference.

10. Cookies and other Tracking Technologies

We use cookies and other tracking technologies or other similar solutions (“Tracking Technologies”) to collect or receive certain information when you visit or use the BrightTALK website, read an email, newsletter, or otherwise interact with content from us.  

Cookies are small data files which are placed on your computer or mobile device when you visit a website or use an online service. For example, cookies enable us to identify and authenticate you and remember your preferences so we can enhance your experience on our websites. They also help us serve you ads relevant to your professional interests, understand and improve our service, and know when content has been shown to you. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent.

We strongly recommend that you leave the cookies activated, however, because cookies enable you to take advantage of some of the website features and if you decline or delete them then parts of our website and services may not work properly.

BrightTALK uses several different types of cookies on our website, including the following.

  1. Strictly Necessary Cookies. Strictly necessary cookies facilitate the operation of our website.  Without the use of these cookies, portions of our websites would not function properly. For example, we use essential cookies to help us identify which of our visitors have previously registered in order to access our services.  
  2. Performance Cookies. Performance cookies help us monitor the performance of our website and how users interact with them. These cookies collect information such as how often users visit our website, what pages they visit when they do so, and what other websites they used prior to coming to our website and provide us with information that allows us to improve our website and  services.
  3. Functional Cookies. Functional cookies are used to remember your preferences on our website and to authenticate your identity. For example, we use functional cookies to recognize and save your name and password on our website.
  4. Behavioral Advertising Cookies. BrightTALK may use behavioral advertising cookies in order to provide you with advertising which is tailored to your interests when you visit websites on and off our network. Behavioral advertising cookies analyze information about your interests and your browsing history and provide you with advertisements on and off our network that match these interests. Behavioral advertising is a type of advertising that is based upon your web browsing activity over a period of time – so it’s different than advertising you may see when  you’re looking for something online using a search engine (e.g., Google, Yahoo, or Bing) or on a website you may be visiting at a particular time. As an example, you may be doing research on products and services related to data center virtualization. If a data center virtualization provider is conducting an advertising campaign on our network, as you browse the relevant portions of our website, then we may serve you with an advertisement of one of their solutions.
  5. Global Privacy Control. BrightTALK may also sell or share personal information with third parties on our website for marketing and advertising purposes. Individuals may opt-out of the sale or sharing of their personal information if you have a Global Privacy Control (GPC) setting enabled on your browser. In those states where it is required, if you have enabled the Global Privacy Control signal, we will treat this as a request to opt out of sales, sharing, and targeted advertising for device and browser information. Note that we do not associate your browser or device information with your direct identifiers such as name or email. Please visit the GPC website for more information.

Although our website currently does not respond to “do not track” browser headers, you can limit tracking through third-party programs and by taking the other steps discussed in this section. You may opt-out of internet-based advertising by removing cookies or by setting your web browser settings to refuse cookies and similar Tracking Technologies. Please note that web browsers operate using different identifiers. As such, you must adjust your settings in each web browser and for each computer or device that you would like to opt-out on. Further, if you simply delete your cookies, you will need to remove cookies from your device after every visit to the website. You may download a browser plugin that will help you maintain your opt-out choices by visiting www.aboutads.info/pmc.  You may block cookies entirely by disabling cookie use in your browser or by setting your browser to ask for your permission before setting a cookie. Blocking cookies entirely may cause some websites to work incorrectly.

Please note that the use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy. You may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of  companies participating in the Digital Advertising Alliance program by opting out here, the Digital  Advertising Alliance of Canada (DAAC) (for Canadian users) by opting out here; or the European  Interactive Digital Advertising Alliance (EDAA) (for users in the EU) by opting out here.

In addition to the foregoing, in order to protect our registration forms and other website features, we may use Google reCAPTCHA provided by Google Inc. (“reCAPTCHA”). We employ reCAPTCHA to check whether data is entered into our forms by a person or by an automated program, script or bot. reCAPTCHA analyzes the behavior of the person entering the data using various features. This analysis starts automatically as soon as the website is accessed. For analysis, reCAPTCHA evaluates various information (e.g., IP address, browser type, settings, and plugins, URL of the referring website, time spent on the respective website, mouse movements, input characteristics of the data entry, including speed, sequence and selection of inputs, etc.). The data collected during the analysis is forwarded to a Google server in the USA, where it is stored and evaluated. We carry this processing out based on our legitimate interest in preventing the misuse of our websites through automated means. You can find Google’s current privacy policy at: https://policies.google.com/privacy. Detailed information about Google reCAPTCHA can be found at the following address: https://www.google.com/recaptcha.

11. Minors

Our products, services, events and offerings are directed to professionals. Our business is not directed at children, and we do not solicit or knowingly collect any Personal Data from children under the age of 16. If you are not 18 or older, you are not authorized to use our website or services. Parents should be aware that there are parental control tools available online that you can use to prevent children from submitting information online without parental permission or from accessing material that is harmful to minors. If you learn that a child under 16 has provided us with Personal Data without consent, please contact us via the information provided in Section 13 below.

12. User Agreement

All use of our website is subject to our User Agreement.

13. Contact Details and Data Subject Requests

If you have any comments, questions or concerns about any of the information in this Policy, or any other issues relating to the Processing of Personal Data by BrightTALK, please contact:

BrightTALK, Inc.
275 Grove Street
Newton, MA  02466
Email: [email protected]
Phone: (617) 431-9200

General Privacy Rights Request Form

EU and UK GDPR Rights Request Form

California CCPA Rights Request Form

14. Definitions

  • ‘BrightTALK group’ means BrightTALK and its affiliates and parent company.
  • ‘Controller’ means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
  • ‘Data Protection Authority’ means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
  • ‘Personal Data’ means information that is about any individual, or from which any individual is identifiable. Examples of Personal Data that we may Process are provided in Section (2)
  • ‘Process’, ‘Processing’ or ‘Processed’ means anything that is done with any Personal Data,  whether or not by automated means, such as collection, recording, organization, structuring,  storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,  dissemination or otherwise making available, alignment or combination, restriction, erasure  or destruction.
  • ‘Processor’ means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
  • ‘Sensitive Personal Data’ means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or  any other information that may be deemed to be sensitive under applicable law.

15. EU Representative  

In accordance with Article 27 of the GDPR, we have appointed a representative within the European Union.

The contact details of our EU representative are below.

Postal Address: E-Magine Medias SAS, 29 rue du Colisée, 7th Floor, 750008 Paris Email address: [email protected]

Telephone: +33 (0)1 77 32 13 00.

E-Magine Medias role in this respect is limited solely to being a contact point for questions from European residents and data protection supervisory authorities regarding data protection. E-Magine Medias cannot respond to other communications or legal processes on BrightTALK’s behalf. This designation does not alter BrightTALK’s role with respect to the personal data in its control nor does it affect BrightTALK’s responsibility or obligations under GDPR.