Privacy & GDPR Policy

1. Introduction

Brightworld BV ("we", "us", "Brightworld.ai") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we handle personal data that we collect or that you provide to us when using our services.

Contact details:
Brightworld BV
Rosandeweg 7
6862 XP Oosterbeek
The Netherlands
Email: [email protected]
Phone: +31 26 2340340

2. What data do we collect?

We may collect the following categories of personal data:

  • Contact data: name, email address, phone number, company name
  • Technical data: IP address, browser type, device information (for analytics only)
  • Project data: information you share with us in the context of a project or intake
  • Communication data: correspondence via email, phone or contact forms

3. How do we use your data?

We process your personal data for the following purposes:

  • Delivering our services (AI agents, software development, due diligence processes)
  • Communication about projects, quotes and service delivery
  • Improving our website and services
  • Complying with legal obligations
  • Protecting our legitimate business interests

4. Legal basis for processing

We process your personal data on the basis of:

  • Performance of a contract: when you use our services
  • Consent: when you give explicit consent (e.g. for marketing)
  • Legitimate interest: for business operations and service improvement
  • Legal obligation: when we are legally required to process data

5. Data security

We take appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access control and authentication
  • Regular security audits and updates
  • Data storage within the EU (unless otherwise agreed)
  • Data processing agreements with all sub-processors

6. Sharing data with third parties

We only share your personal data with third parties when necessary for our service delivery or legally required. This may include:

  • Cloud service providers: for hosting and infrastructure (within EU)
  • LLM providers: for AI functionality (with data processing agreements)
  • Analytics services: for website analytics (anonymised where possible)
  • Legal authorities: when we are legally required to do so

All third parties are contractually required to treat your data confidentially and use it only for the agreed purposes.

7. Retention periods

We do not retain your personal data longer than necessary for the purposes for which it was collected:

  • Project data: for the duration of the project + 7 years (statutory retention obligation)
  • Communication data: up to 2 years after last contact
  • Analytics data: up to 14 months (anonymised)
  • Marketing data: until you unsubscribe or 3 years after last interaction

8. Your rights under the GDPR

You have the following rights regarding your personal data:

  • Right of access: you can request which data we process about you
  • Right to rectification: you can have incorrect data corrected
  • Right to erasure: you can request deletion of your data
  • Right to restriction: you can request restriction of processing
  • Right to data portability: you can request your data in a structured format
  • Right to object: you can object to certain processing activities
  • Right to withdraw consent: when processing is based on consent

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

9. Cookies

Our website uses only essential cookies necessary for the operation of the website. We do not use tracking cookies or marketing cookies without your explicit consent.

For analytics we use privacy-friendly analytics (without personal identification) to improve our website.

10. Changes to this policy

We may update this privacy policy from time to time. The most recent version is always available on our website. We will notify you of any significant changes.

Last updated: 18 February 2026

11. Contact and complaints

For questions about this privacy policy or how we handle your personal data, please contact us:

Email: [email protected]
Phone: +31 26 2340340
Address: Rosandeweg 7, 6862 XP Oosterbeek, The Netherlands

If you are not satisfied with how we handle your complaint, you have the right to lodge a complaint with the Dutch Data Protection Authority (www.autoriteitpersoonsgegevens.nl).