Staff Privacy Notice (CCPA Addendum)

Owner:  Privacy Department
Approver:  Global Privacy Officer
Version:  December 2021
Last Review:  December 2021


We are disclosing information about our data processing practices as required by the California Consumer Privacy Act of 2018 (CCPA) and its Regulations.   This CCPA Addendum supplements the information contained in the Bright Horizons Global Consumer Privacy Notice and the Bright Horizons Global Staff and Supplier Privacy NoticeThis CCPA Addendum applies exclusively to California residents.

Information Subject to this CCPA Policy

California residents are protected by the CCPA with respect to personal information. A number of statutory exceptions apply under the CCPA. As a result, this CCPA Privacy Notice does not apply to personal information that is:

  • collected by an employer about an employee (except for the section “Information We Collect” which does apply to employee personal information);
  • during a business relationship between businesses;
  • ‘aggregate consumer information’ defined as data ‘not linked or reasonably linkable to any consumer or household, including via a device;’
  • publicly available from federal, state, or local government records;
  • covered by the Health Insurance Portability and Accountability Act of 1996, the California Confidentiality of Medical Information Act or clinical trial data; and
  • covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or California Financial Information Privacy Act, and the Driver's Privacy Protection Act 1994.

Information We Collect

The Global Privacy Notices provide information on the categories of sources from which we collect personal data. For consumers click here and for staff/suppliers click here.

In addition, the Global Privacy Notices provide information on the business/commercial purposes for which we collect personal data.  For consumers click here and for staff/suppliers click here.

Below we have set out for California residents the categories of personal information we collect about them and the categories of third parties with whom we share this personal information with.  The table covers the last twelve months.  The services you provided, websites and application you visited/used or requests you made together determine which categories and types of personal information are applicable to you.

Categories of Personal Information we Collected

Categories of Third Parties with whom we Shared (including Service Providers and Exempt Third Parties)

Identifiers such as name, alias, postal address, email address, driver’s license number, unique personal identifiers including Social Security Number / passport and visa information / immigration status and documentation, online identifier, Internet Protocol address, or other similar identifiers.

Operating systems and platforms, IT developers, internet service providers, credit card/payment providers/financial institutions, insurers and professional advisers, government entities, and/or our business partners.

Personal information categories such as name, signature, physical characteristics or description, address, telephone number, driver’s license or state identification card number, education, employment, bank account number, credit card number, debit card number, or medical information.


Commercial information - products or services purchased, obtained, considered, or other purchasing or consuming histories.

Protected classification characteristics under California/federal law being age, ethnicity, hair/eye color, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, pregnancy or childbirth and related medical conditions).

Operating systems and platforms, IT developers, insurers and professional advisers, government entities, and/or our business partners.

Internet or other similar network activity such as browsing history, search history, information on a consumer's interaction with our website, application, or advertisement.

Advertising networks, internet service providers, data analytics providers,

operating systems and platforms, IT developers and social networks. Information in this category may be shared with these categories of third parties by cookies placed on your device when you interact with our websites and applications. Learn more about how we use cookies and similar technologies by clicking here.

Geolocation data - physical location (when you have given permission to do so).

Internet service providers, IT developers, data analytics providers, operating systems and platforms.

Professional or employment-related information such as current job role, job history or performance evaluations, disciplinary records, leave records, background check information such as references and / or criminal record information as applicable.

Operating systems and platforms, IT developers, insurers and professional advisers, government entities, and / or our business partners.

Education records such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

Operating systems and platforms, IT developers, insurers and professional advisers, government entities and/or our business partners.

Inferences drawn from other personal information (profile reflecting a person's preferences, characteristics, behavior, attitudes, intelligence, abilities, and aptitudes.)

Operating systems and platforms, IT developers, insurers and/or professional advisers, government entities.

Thermal information such as temperature records.

Operating systems and platforms, IT developers, professional advisors, and/or government entities.

Biometric data such as fingerprints (for staff only)  

Operating systems and platforms, IT developers, professional advisors, and/or government entities.

 Audio information such as call recordings.  

Operating systems and platforms, IT developers, professional advisors, and/or government entities.

Sale of Your Personal Information

Bright Horizons does not sell your personal information.

Your Rights and Choices

1. Right to Know: You have the right to request that we disclose the following personal information we have collected over the past 12 months:

  • categories of personal information we collected about you;
  • categories of sources for the personal information we collected about you;
  • ·our business/commercial purpose for collecting that personal information;
  • categories of third parties with whom we share that personal information;
  • where we disclosed personal information for a business purpose, the categories of personal information that each category of recipient obtained from us; and
  • specific pieces of personal information we collected about you.

2. Right to Data Portability: The right to data portability applies when we collect personal information from you in an electronic format we must provide it to you in a portable, technically feasible, and ready-to-use format.

3. Right to Request Deletion: You have the right to request that we delete your personal information. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • complete the transaction for which we collected the personal information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • exercise freedom of speech and ensuring the right of another consumer to exercise their right to free speech or exercise another right provided for by federal or state laws;
  • comply with the California Electronic Communications Privacy Act;
  • engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
  • enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
  • comply with a legal obligation under federal or California state or local laws; or
  • make other internal and lawful uses of that personal information that are compatible with the context in which you provided that information.

4. Exercising Your Access, Data Portability and Deletion Rights:To exercise the access, data portability, and deletion rights as outlined above, you must submit your request by either:

  • Webform: {hyper link}
  • Toll free: +1 855-687-7640 (Pacific Standard Time 8:00 AM -5:00 PM, Monday-Friday).

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to your personal information. You may also make a verifiable request on behalf of your child under the age of 16 years old.

You may only make a verifiable request for access or data portability twice within a 12 month period. For the request to be verifiable it must:

  • provide sufficient information that allows us to reasonably verify you are the person about whom we processed personal information or a legally authorized representative; and
  • describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We will not be able to respond to your request if we cannot verify your identity or legal authority to make the request and confirm the personal information relates to you or the subject of the request.

5. Response Timing and Format

We will endeavor to respond to your verified request within 45 days. If we require more time (up to 90 days) or are unable to comply with your request, we will inform you in writing of the reason and extension period. 

We will only provide disclosures for the 12 month period preceding receipt of your verified request. For data portability requests, we will select a format to provide your personal information that’s readily useable.

We do not charge a fee to respond to your verifiable request unless in exceptional circumstances we deem it to be excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will advise you in writing why we made that decision and provide you with a cost estimate before completing your request.


We will not discriminate against you for exercising any of your CCPA rights.

Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Websites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact our Global Privacy Officer at