Privacy & GDPR Policy

1. Introduction

Brightworld BV respects privacy and is committed to protecting personal data. This privacy policy explains how Brightworld handles personal data collected or provided in the context of its services.

Contact details:
Brightworld BV
Rosandeweg 7
6862 XP Oosterbeek
The Netherlands
Email: [email protected]
Phone: +31 26 2340340

2. What data is collected?

Brightworld may collect the following categories of personal data:

  • Contact data: name, email address, phone number, company name
  • Technical data: IP address, browser type, device information (for analytics only)
  • Project data: information shared in the context of a project or intake
  • Communication data: correspondence via email, phone or contact forms

3. How is data used?

Brightworld processes personal data for the following purposes:

  • Delivering Brightworld's services (AI agents, software development, due diligence processes)
  • Communication about projects, quotes and service delivery
  • Improving the website and services
  • Complying with legal obligations
  • Protecting Brightworld's legitimate business interests

4. Legal basis for processing

Brightworld processes personal data on the basis of:

  • Performance of a contract: when the services are used
  • Consent: when explicit consent has been given (e.g. for marketing)
  • Legitimate interest: for business operations and service improvement
  • Legal obligation: when Brightworld is legally required to process data

5. Data security

Brightworld takes appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access control and authentication
  • Regular security audits and updates
  • Data storage within the EU (unless otherwise agreed)
  • Data processing agreements with all sub-processors

6. Sharing data with third parties

Brightworld only shares personal data with third parties when necessary for service delivery or legally required. This may include:

  • Cloud service providers: for hosting and infrastructure (within EU)
  • LLM providers: for AI functionality (with data processing agreements)
  • Analytics services: for website analytics (anonymised where possible)
  • Legal authorities: when Brightworld is legally required to do so

All third parties are contractually required to treat data confidentially and use it only for the agreed purposes.

7. Retention periods

Brightworld does not retain personal data longer than necessary for the purposes for which it was collected:

  • Project data: for the duration of the project + 7 years (statutory retention obligation)
  • Communication data: up to 2 years after last contact
  • Analytics data: up to 14 months (anonymised)
  • Marketing data: until you unsubscribe or 3 years after last interaction

8. Rights under the GDPR

Data subjects have the following rights regarding their personal data:

  • Right of access: request which data Brightworld processes
  • Right to rectification: have incorrect data corrected
  • Right to erasure: request deletion of data
  • Right to restriction: request restriction of processing
  • Right to data portability: request data in a structured format
  • Right to object: object to certain processing activities
  • Right to withdraw consent: when processing is based on consent

To exercise these rights, please contact us at [email protected]. Brightworld will respond within 30 days.

9. Cookies

The Brightworld website uses only essential cookies necessary for the operation of the website. No tracking cookies or marketing cookies are used without explicit consent.

For analytics, privacy-friendly analytics are used (without personal identification) to improve the website.

10. Changes to this policy

Brightworld may update this privacy policy from time to time. The most recent version is always available on the website. Significant changes will be communicated.

Last updated: 11 March 2026

11. Contact and complaints

For questions about this privacy policy or how Brightworld processes personal data:

Email: [email protected]
Phone: +31 26 2340340
Address: Rosandeweg 7, 6862 XP Oosterbeek, The Netherlands

If a complaint is not handled to satisfaction, there is a right to lodge a complaint with the Dutch Data Protection Authority (www.autoriteitpersoonsgegevens.nl).