Last Updated June 13, 2023
At Bright Data, we are in the business of data and it’s precisely because of this that we take data privacy so seriously. Our customers entrust us to empower their businesses with clean, compliant, and ethically sourced data whilst retaining the highest standards of privacy. Our products and services operate on a global scale and as such we continuously monitor the dynamic global privacy landscape and adapt accordingly to ensure complete compliance with privacy laws including the European Union’s GDPR and California’s CCPA. If you are a resident of California, we refer you to our CCPA Privacy Notice, found at the end of this policy.
We may collect the following types of data from you when you use the Services (“User Data“):
- Non-Personal Information. this is information that is un-identified and non-identifiable, which is generated by a user’s activity. Such non-personal information may include the following information – browser type, web pages you visit, time spent on those pages, access times and dates.
- Personal Information. Personal information is information that identifies you or may identify you. The Personal Information we collect and retain includes your IP address, your name and email address, identifying documents (driver license/ID/passport), office/home address, screen name, payment and billing information or other information we may ask from time to time as will be required for the on-boarding process and services provisioning. In some cases, we may record audio or video calls with you, in order to comply with User compliance evaluation requirements we are subject to and our internal guidelines. When you create an account on the Services you are able to do so by using your credentials with a designated third party website or service (“Third Party Account“) such as Gmail®. Doing so will enable you to link your account and your Third Party Account. If you choose this option, a Third Party Account pop-up box will appear that you will need to approve in order to proceed, and which will describe the types of information that we will obtain. This information includes your Personal Information stored on your Third Party Account, such as user-name, email address, profile picture, birthday, gender and preferences. Any Anonymous Information that is specifically connected or linked to any Personal Information, is treated by us as Personal Information, as long as such connection or linkage exists.
- Registering through social network account: When you register or sign-in to the Services via your social network account (e.g., Facebook, Google+), we will have access to basic information from your social network account, such as your full name, home address, email address, birthdate, profile picture, friends list, personal description, as well as any other information you made publicly available on such account or agreed to share with us. At all times, we will abide by the terms, conditions and restrictions of the social network platform.
If we combine non-personal information with personal information we will treat the combined information as personal information.
Legal basis for processing
Processing of User Data is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests and to comply with our legal obligations.
We use User Data in order to provide you with the Service and to comply with our legal requirements and internal guidelines. This means that we will use the information to set up your account, provide you with support regarding the Service, communicate with you for updates, marketing offers or concerns you may have and conduct statistical and analytical research to improve the Service.
We do not rent or sell any User Data.
We may disclose Personal Information to other trusted third party service providers or partners for the purposes of providing you with the Services, storage and analytics and to comply with our legal requirements and internal guidelines. We may also transfer or disclose Personal Information to our subsidiaries and affiliated companies.
Notwithstanding the paragraph above, we will not disclose your IP address to other customers. However, when other customers (e.g. other peers in the network) access the web using your IP address, the IP address may be visible to them, for example by way of looking up their current IP address.
Note that we are based in Israel and some of the data recipients listed above may be located outside the European Economic Area (EEA). In such cases we will share your data only with recipients located in such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection.
We use industry-standard information, security tools, and measures, as well as internal procedures and strict guidelines to prevent information misuse and data leakage. Our employees are subject to confidentiality obligations. We use measures and procedures that substantially reduce the risks of data misuse, but we cannot guarantee that our systems will be absolutely safe. If you become aware of any potential data breach or security vulnerability, you are requested to contact us immediately. We will use all measures to investigate the incident, including preventive measures, as required.
We strive to give you ways to update your information quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.
If you are a resident of the European Union, note that the following rights specifically apply regarding your personal information: (1) Receive confirmation as to whether or not personal information concerning you is being processed, and access your stored personal information, together with supplementary information; (2) Receive a copy of personal information you directly volunteer to us in a structured, commonly used and machine-readable format; (3) Request rectification of your personal information that is in our control; (4) Request erasure of your personal information; (5) Object to the processing of personal information by us; (6) Request to restrict processing of your personal information by us; (7) Lodge a complaint with a supervisory authority.
However, note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.
To exercise such right, you may contact us at: [email protected]
We will retain your personal information for as long as necessary to provide the Service, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods shall be determined taking into account the type of information collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
Notwithstanding anything else in this Policy, we are not responsible for the accuracy, correctness, and security of any of the information we gather, store, and disclose to you or to anyone else.
In the event of a change of ownership or control of all or a part of Bright Data, including without limitation through acquisition, merger, or sale, we reserve the right to transfer all or part of the User Data we store in our systems. You acknowledge that in the event of bankruptcy, insolvency, or receivership, we may have no control over the use and transfer of your personal information.
We have also appointed GDPR representatives in the EU and the UK. You can contact the representatives regarding matters pertaining to the GDPR:
GDPR – European Representative
Pursuant to Article 27 of the GDPR, Bright Data has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
-by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
-by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium
UK General Data Protection Regulation (GDPR) – UK Representative
Pursuant to Article 27 of the UK GDPR, Bright Data has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
– by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/
– by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom
Privacy notice for California Residents
This notice addresses the specific disclosure requirements under the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1798.100–1798.199) and the California Consumer Privacy Act Regulations by the Attorney General (collectively, “CCPA“).
In the 12 preceding months, we have collected and disclosed the following categories of Personal Information:
|Category of Personal Information Collected||Personal Information Collected||Categories of service providers to whom Personal Information was disclosed|
Full name, email address, device identifiers, including certain software and hardware information (e.g. IP address, internet service provider, domain server, type of computer, browser type and language and operating system).
Cloud servicesWebsite analysisAffiliated companies
Personal Information Categories listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e))
Address, telephone number, financial information (e.g. credit card number).
Cloud servicesAffiliated companies
Feedback of users.
Cloud servicesAffiliated companies
Internet or Other Electronic Network Activity Information
Information regarding the user’s interaction with the website.
Cloud servicesWebsite analysisAffiliated companies
Geolocation data based on device identifiers.
Cloud servicesAffiliated companies
Professional or Employment-related Information
Current or past job history.
Cloud servicesAffiliated companies
Sources of Personal Information
In the 12 preceding months, we have collected the above-mentioned categories of Personal Information from the following categories of sources:
- Consumers directly, through the Services;
- Operating systems.
- Publicly available information collected from online sources.
Selling Personal Information
In the preceding twelve (12) months, we may have sold the following categories of Personal Information to third parties or businesses for commercial purposes:
User Rights under the CCPA
Access to Personal Information
You may request, up to two times each year, that we disclose to you the categories and specific pieces of Personal Information that we have collected about you, the categories of sources from which your Personal Information is collected, the business or commercial purpose for collecting your Personal Information, the categories of Personal Information that we disclosed for a business purpose, any categories of Personal Information about you that we sold, the categories of third-parties with whom we have shared your Personal Information, and the business or commercial purpose for selling your Personal Information, if applicable.
You have the right to request that we delete any Personal Information collected from you and retained, unless an exception applies.
Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers, subcontractors, and consultants to delete) your Personal Information, unless an exception applies.
Exercising Your Rights
You can exercise your rights (such as access and deletion) by submitting a verifiable consumer request to our email address: [email protected] or by the toll-free number 1-888-538-9204. You can also send us a mail to our physical address specified in this policy.
Only you or a person authorized to act on your behalf may make a consumer request related to your Personal Information.
The request must:
- Provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient details to allow us to properly understand, evaluate, and respond to it.
- We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
You may only request a copy of your data twice within a 12-month period.
If you have any general questions about the Personal Information that we collect about you how we use it, please contact us at [email protected].
Response Timing and Format
Our goal is to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing within the first 45 days period. We will deliver our written response, by mail or electronically, at your option. Any disclosures we provide will cover only the 12-month period preceding the request. If reasonably possible, we will provide your Personal Information in a format that is readily useable and should allow you to transmit the information without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
In case of rejection, the response we provide will explain the reasons for which we cannot comply with your request.
Please note that these CCPA rights are not absolute and requests are subject to any applicable legal requirements, including legal and ethical reporting or document retention obligations.
You can designate an authorized agent to make a request under the CCPA on your behalf if:
- The authorized agent is a natural person or a business entity registered with the Secretary of State of California; and
- You sign a written declaration that you authorize the authorized agent to act on your behalf.
If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please mail a certified copy of your written declaration authorizing the authorized agent to act on your behalf using the contact information below.
If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.
We will not discriminate against you if you exercise any of your privacy rights as a California Consumer. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.