BrightTALK Privacy Policy
Last Updated May 1, 2024
1. This Policy
This Policy is issued by BrightTALK Inc. (“BrightTALK”) and is addressed to individuals outside our organization with whom we interact, including visitors to our website and other users of our services (together, “you”). BrightTALK is a wholly owned subsidiary of TechTarget, Inc. Defined terms used in this Policy are explained in Section (14) below. For the purposes of this Policy, BrightTALK is acting solely as the Controller of Personal Data. Contact details are provided in Section (13) below. This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.
2. Processing Your Personal Data
Collection of Personal Data: We may collect Personal Data about you as provided in this Policy. Examples of sources from which we may collect Personal Data include the following:
Creation of Personal Data: We may also create Personal Data about you, such as records of your interactions using our website, and details of your account history.
Categories of Personal Data: The categories of Personal Data about you that we may Process include:
Lawful basis for Processing Personal Data: In Processing your Personal Data in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases, depending on the circumstances:
Processing your Sensitive Personal Data: We do not seek to collect or otherwise Process your Sensitive Personal Data, except where:
Purposes for which we may Process your Personal Data: The purposes for which we may Process Personal Data, subject to applicable law, include:
3. Disclosure of Personal Data to Third Parties
We may disclose your Personal Data to other entities within the BrightTALK group, in accordance with applicable law. In addition, we may disclose your Personal Data to:
If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.
4. Transfer of Personal Data
We may disclose your Personal Data to other entities within the BrightTALK group, in accordance with applicable law. In addition, we may disclose your Personal Data to:
If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to:
(i) only Process the Personal Data in accordance with our prior written instructions; and
(ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.
In accordance with applicable laws, your Personal Data may be transferred to, stored at and processed by us and our third party providers outside the country in which you reside, including the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. We have adopted Standard Contractual Clauses and/or another appropriate legal basis for transfers of Personal Data, as applicable.
5. Data Security
We have implemented appropriate technical and organizational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with applicable law. These measures include, but are not limited to, the implementation of current security technologies and processes to protect your Personal Data from loss, misuse and unauthorized access, disclosure, alteration or destruction. Our security systems include authenticated access to internal databases, regular audits of processes and procedures, scheduled reviews of overall web security, and the use of restrictions of access to Personal Data in our possession. Additionally, we use encryption (HTTPS/TLS) to protect data transmitted to and from our website. While BrightTALK maintains secure methods of transferring Personal Data, we are not responsible for other methods that you may choose to send data, and you shall ensure that any Personal Data you send to us is securely sent.
6. Data Privacy Framework / Notice
BrightTALK complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. BrightTALK has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. BrightTALK has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
BrightTALK receives Personal Data about individuals in the EU, UK and Switzerland, including website visitors, members, service providers, contractors, and other third parties. The Personal Data collected, its purposes, its uses, and the third parties to whom we disclose such data are described in Sections 2, 3, and 4 above. BrightTALK remains responsible for all onward transfers of Personal Data from the EU, UK, and Switzerland to third parties who process Personal Data in a manner inconsistent with the DPF, unless BrightTALK can provide that we are not responsible for the event giving rise to the damage.
The U.S. Federal Trade Commission has jurisdiction over our compliance with the DPF. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the DPF or otherwise wishing to access their Personal Data, limit its use and disclosure, or exercise other applicable data privacy rights should first contact us using one of the contact methods provided in section 13 “Contact Us” below.
In compliance with the DPF, BrightTALK commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF-related complaint from us, or if we have not addressed your DPF-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. For more information regarding your right to binding arbitration please see Annex I of the DPF, available on the DPF website.
This policy may be amended or modified from time to time consistent with the DPF.
7. Data Retention
We will retain copies of your Personal Data in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Policy, unless applicable law requires a longer retention period. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, potential risk of harm from unauthorized use or disclosure of your Personal Data, purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and applicable legal requirements. We will retain users of our services’ Personal Data for so long as a user’s account remains in existence or as needed to provide our services, to comply with our legal obligations, to resolve disputes, and to enforce our agreements.
8. Legal Rights For EEA, Swiss, and UK Residents
Subject to applicable law, you may have a number of rights regarding the Processing of your Personal Data as a resident of the European Economic Area (“EEA”), Switzerland (“Swiss”), or United Kingdom (“UK”), including:
This does not affect your statutory rights.
To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please use this form or the contact details provided in Section (13) below.
Information for Authorized Agents – Authorized Agents who have the regulatory authority to submit a request may use our Authorized Agent Portal available here to submit rights requests on behalf of individuals from whom they have received prior authorization to act on their behalf.
In order to ensure the security of an individual’s Personal Information, we ask that all requests from Authorized Agents be submitted via this method. Evidence of a signed authorization to act on the behalf of the individual that is the subject of the request, should be submitted as a PDF as part of this process. Authorized Agents must also attest to their legal authority to submit information on the behalf of each individual they represent. Please note, if an authorized agent is unable to provide proof of authorization, their request may be rejected.
Providing missing or inaccurate Personal Information on behalf of the individual you are representing may also result in the request being denied, unless that information is promptly corrected by the Authorized Agent.
9. Legal Rights for California Residents
California consumers may have additional rights as described in the California Consumer Privacy Notice found here, which is hereby incorporated into this Policy by reference.
10. Cookies and other Tracking Technologies
We use cookies and other tracking technologies or other similar solutions (“Tracking Technologies”) to collect or receive certain information when you visit or use the BrightTALK website, read an email, newsletter, or otherwise interact with content from us.
Cookies are small data files which are placed on your computer or mobile device when you visit a website or use an online service. For example, cookies enable us to identify and authenticate you and remember your preferences so we can enhance your experience on our websites. They also help us serve you ads relevant to your professional interests, understand and improve our service, and know when content has been shown to you. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent.
We strongly recommend that you leave the cookies activated, however, because cookies enable you to take advantage of some of the website features and if you decline or delete them then parts of our website and services may not work properly.
BrightTALK uses several different types of cookies on our website, including the following.
Although our website currently does not respond to “do not track” browser headers, you can limit tracking through third-party programs and by taking the other steps discussed in this section. You may opt-out of internet-based advertising by removing cookies or by setting your web browser settings to refuse cookies and similar Tracking Technologies. Please note that web browsers operate using different identifiers. As such, you must adjust your settings in each web browser and for each computer or device that you would like to opt-out on. Further, if you simply delete your cookies, you will need to remove cookies from your device after every visit to the website. You may download a browser plugin that will help you maintain your opt-out choices by visiting www.aboutads.info/pmc. You may block cookies entirely by disabling cookie use in your browser or by setting your browser to ask for your permission before setting a cookie. Blocking cookies entirely may cause some websites to work incorrectly.
Please note that the use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy. You may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of companies participating in the Digital Advertising Alliance program by opting out here, the Digital Advertising Alliance of Canada (DAAC) (for Canadian users) by opting out here; or the European Interactive Digital Advertising Alliance (EDAA) (for users in the EU) by opting out here.
In addition to the foregoing, in order to protect our registration forms and other website features, we may use Google reCAPTCHA provided by Google Inc. (“reCAPTCHA”). We employ reCAPTCHA to check whether data is entered into our forms by a person or by an automated program, script or bot. reCAPTCHA analyzes the behavior of the person entering the data using various features. This analysis starts automatically as soon as the website is accessed. For analysis, reCAPTCHA evaluates various information (e.g., IP address, browser type, settings, and plugins, URL of the referring website, time spent on the respective website, mouse movements, input characteristics of the data entry, including speed, sequence and selection of inputs, etc.). The data collected during the analysis is forwarded to a Google server in the USA, where it is stored and evaluated. We carry this processing out based on our legitimate interest in preventing the misuse of our websites through automated means. You can find Google’s current privacy policy at: https://policies.google.com/privacy. Detailed information about Google reCAPTCHA can be found at the following address: https://www.google.com/recaptcha.
11. Minors
Our products, services, events and offerings are directed to professionals. Our business is not directed at children, and we do not solicit or knowingly collect any Personal Data from children under the age of 16. If you are not 18 or older, you are not authorized to use our website or services. Parents should be aware that there are parental control tools available online that you can use to prevent children from submitting information online without parental permission or from accessing material that is harmful to minors. If you learn that a child under 16 has provided us with Personal Data without consent, please contact us via the information provided in Section 13 below.
12. User Agreement
All use of our website is subject to our User Agreement.
13. Contact Details and Data Subject Requests
If you have any comments, questions or concerns about any of the information in this Policy, or any other issues relating to the Processing of Personal Data by BrightTALK, please contact:
BrightTALK, Inc.
275 Grove Street
Newton, MA 02466
Email: [email protected]
Phone: (617) 431-9200
General Privacy Rights Request Form
EU and UK GDPR Rights Request Form
California CCPA Rights Request Form
14. Definitions
15. EU Representative
In accordance with Article 27 of the GDPR, we have appointed a representative within the European Union.
The contact details of our EU representative are below.
Postal Address: E-Magine Medias SAS, 29 rue du Colisée, 7th Floor, 750008 Paris Email address: [email protected]
Telephone: +33 (0)1 77 32 13 00.
E-Magine Medias role in this respect is limited solely to being a contact point for questions from European residents and data protection supervisory authorities regarding data protection. E-Magine Medias cannot respond to other communications or legal processes on BrightTALK’s behalf. This designation does not alter BrightTALK’s role with respect to the personal data in its control nor does it affect BrightTALK’s responsibility or obligations under GDPR.