Brighty is fully committed to securely collect, process and retain user data during the onboarding process and beyond.
This article provides an in-depth look at the types of personal data collected, the purposes and legal basis for the processing of the data, and our data retention policies. Furthermore, it highlights our company's dedication to ensuring user data safety and security, as well as compliance with the General Data Protection Regulation (GDPR) and other applicable laws and regulations. It also includes a short list of our partner companies and basic information of what types of data we share with them.
Types of Personal Data Processed
During the onboarding process and throughout the business relationship with Brighty, various types of personal data are collected and processed:
Registration and Operational Data: Collected during account registration and use, this data includes legal name, surname, email address, active phone number, password, transactional data (e.g., IBAN and other bank details), cryptocurrency wallet addresses, and any other information prompted by the Brighty app or registration forms. This data is collected to ensure the smooth, error-free and, most importantly, legally compliant provision of our services.
Know Your Customer Data (KYC): Acquired during the business relationship, this data encompasses government-issued proof of identity documents, proof of address documents (issued within the last six months), source of funds information, and any additional mandatory information as required by applicable Anti-Money Laundering and Counter-Terrorist Financing laws and regulations. Additional KYC data may be collected depending on the circumstances of the relationship (this includes and is not limited to additional information related to the specific jurisdiction or jurisdictions involved).
Other Personal Data: This includes any data directly provided by users during their interactions with Brighty.
Purposes and Legal Basis for Data Processing
Personal data is processed for various purposes, based on different legal grounds:
Fulfilling obligations under the Terms and Conditions, which involves the administration and development of the app and services, ongoing improvement of user experience, and verifying compliance with the aforementioned terms and conditions.
Complying with legal obligations, such as the detection of money laundering, terrorist financing, fraud, and other financial crimes or illicit activities.
Pursuing legitimate interests in promoting services and developing the business, which includes commercial communication, rewards, promotional programs and the like.
Obtaining lawful consent for general marketing and promotion.
Users have the right to withdraw consent at any time by contacting Brighty in writing. The withdrawal of consent does not affect the lawfulness of prior data processing.
Retention of Personal Data
Brighty retains personal data for the lifetime of a user's account and five years after account closure, in line with the data minimisation and storage limitation principles.
Additional retention may occur under certain circumstances, such as legal obligations to retain data or the need to defend the company against potential legal claims.
Upon the end of the retention period, personal data is erased from Brighty's databases and systems. For further information on data retention terms related to specific personal data, users can contact Brighty directly at privacy@brighty.app.
Data Storage and Security
Brighty takes the security of user data seriously. All collected data is stored safely and securely within the European Union, in full compliance with GDPR and other relevant regulations.
The company follows a strict set of data processing principles to ensure user data is handled with the utmost care and respect.
Brighty's Principles of Data Processing
Lawful and fair processing: Brighty is committed to processing user data in a lawful and fair manner, while maintaining complete transparency regarding its handling.
Specific, explicit, and legitimate purposes: User data is collected and processed solely for the purposes outlined in the company's Privacy Notice, with no further processing in a manner incompatible with these purposes.
Data minimization: Brighty processes user data only to the extent necessary and appropriate for the intended purposes.
Data accuracy: Brighty takes all reasonable steps to ensure user data is accurate and updated, promptly correcting or deleting inaccurate information.
Data security: Brighty employs appropriate technical and organizational measures to guarantee the security of user data during processing.
Legal compliance: As a data controller, Brighty adheres to all applicable laws and statutory obligations related to user data processing.
External Service Providers
To offer a seamless onboarding experience and to ensure maximum security, Brighty directly works with various external service providers, each playing a specific role in the processing of collected user data.
Brighty underscores its commitment to ensuring the highest level of safety and security for user data. By adhering to strict data processing principles, collaborating with trusted external service providers, and following comprehensive data retention policies, the company guarantees compliance with GDPR and other applicable regulations, safeguarding users' personal information at all times.
Additional detailed information, including specific legal notices and data about the different Brighty entities involved in the collecting, processing and storing of data can be found here.
A separate overview of your specific rights in relation to the collecting, processing and storing of the data can be found here (under "Your Rights").