Privacy Policy

1. Introduction

brightcosmionis Ltd ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website at brightcosmionis.top or use our e-learning engagement optimization services. We are the data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller Information

The data controller responsible for your personal data is:

3. Data We Collect

The data we collect depends on how you interact with our services. We collect and process the following categories of personal data:

3.1 Information You Provide Directly

• Contact Information: Name, email address, phone number, and postal address when you contact us or request our services
• Professional Information: Organisation name, job title, and business requirements when you enquire about our services
• Communication Data: Messages, enquiries, and correspondence you send to us through our contact forms or email
• Service Data: Information related to the e-learning optimization services you request or receive from us

3.2 Information We Collect Automatically

• Website Usage Data: Pages visited, time spent on pages, click-through rates, and navigation patterns
• Technical Data: IP address, browser type and version, operating system, device information, and screen resolution
• Cookie Data: Information collected through cookies and similar tracking technologies as described in our Cookie Policy
• Analytics Data: Website performance metrics and user interaction data to improve our services

4. How We Use Your Information

We use your personal data for the following purposes, based on legitimate legal grounds under GDPR:

4.1 Service Provision (Contract Performance)

• Responding to your enquiries and providing customer support
• Delivering e-learning engagement optimization services
• Managing our business relationship and contract obligations
• Processing payments and managing billing

4.2 Legitimate Business Interests

• Improving our website functionality and user experience
• Conducting business analysis and market research
• Preventing fraud and ensuring security
• Maintaining and improving our services

4.3 Legal Compliance

• Complying with legal obligations and regulatory requirements
• Responding to legal requests and court orders
• Protecting our legal rights and interests

5. Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, their purposes, and how to control them, please refer to our Cookie Policy.

6. Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information in the following circumstances:

• Service Providers: Trusted third-party providers who assist us in delivering our services, such as hosting providers, email services, and analytics platforms
• Legal Requirements: When required by law, regulation, or legal process
• Business Transfers: In the event of a merger, acquisition, or sale of assets
• Protection of Rights: To protect our rights, property, or safety, or that of our users or others

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations:

• Contact Enquiries: 3 years from last contact
• Service Contracts: 7 years after contract completion for legal and tax purposes
• Website Analytics: 26 months (Google Analytics default retention)
• Marketing Data: Until you withdraw consent or 3 years of inactivity

8. Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data to another organisation
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

9. International Data Transfers

As we are based in Ireland (EU), your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

10. Security Measures

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure hosting, access controls, and regular security assessments.

11. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us:

12. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC) or your local supervisory authority. Contact details for the DPC are available at www.dataprotection.ie.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. We encourage you to review this policy periodically.

14. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.