Supplemental California Consumer Privacy Act Policy (CCPA Policy)

Effective from: 1 July 2020
Last updated: 1 July 2020


We are disclosing information about our data processing practices as required by the California Consumer Privacy Act of 2018 (CCPA) and its Regulations.   This CCPA Policy supplements the information contained in the Bright Horizons Global Privacy Notice {hyperlink to BH Global Privacy Notice page} and applies exclusively to California residents.

Information Subject to this CCPA Policy

California residents are protected as “consumers” by the CCPA with respect to personal information. A number of statutory exceptions apply under the CCPA. As a result, this CCPA Privacy Policy does not apply to personal information that is:

  • collected during a business relationship between businesses;
  • ‘aggregate consumer information’ defined as data ‘not linked or reasonably linkable to any consumer or household, including via a device;’
  • publicly available from federal, state, or local government records;
  • covered by the Health Insurance Portability and Accountability Act of 1996, the California Confidentiality of Medical Information Act or clinical trial data; and
  • covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or California Financial Information Privacy Act, and the Driver's Privacy Protection Act 1994.

A separate Global Privacy Notice for Staff applies to prospective, current and former staff and suppliers (including employees, apprentices, agency workers and contractors).

Information We Collect

The Global Privacy Notice provides information on the categories of sources from which we collect personal data {hyperlink to ‘When do we collect your personal data?’ on BH Global Privacy Notice page} and the business/commercial purposes for which we collect personal data. {hyperlink to ‘Why do we collect your personal data?’ on Global Privacy Notice page}. 

Below we have set out for California residents the categories of personal information we collected about them and the categories of third parties with whom we shared this personal information with.  The table covers the last twelve months.  The Services you received, websites and application you visited/used or requests you made together determine which categories and types of personal information are applicable to you.


Categories of Personal Information we Collected

Categories of Third Parties with whom we Shared (including Service Providers and Exempt Third Parties)

Identifiers such as name, alias, postal address, email address, driver’s license number, unique personal identifier, online identifier, Internet Protocol address, or other similar identifiers.


Operating systems and platforms, IT developers, internet service providers, credit card/payment providers/financial institutions, insurers and professional advisers, government entities, employers providing the Services as a benefit to you and/or our business partners who may provide services you have requested.

Personal information categories listed in the California Customer Records statute such as name, signature, physical characteristics or description, address, telephone number, driver’s license or state identification card number, education, employment, bank account number, credit card number, debit card number, or medical information.


Commercial information - products or services purchased, obtained, considered, or other purchasing or consuming histories.


Protected classification characteristics under California/federal law being age, ethnicity, hair/eye color, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, pregnancy or childbirth and related medical conditions).


Operating systems and platforms, IT developers, insurers and professional advisers, government entities, employers providing the Services as a benefit to you and/or our business partners who may provide services you have requested.

Internet or other similar network activity such as browsing history, search history, information on a consumer's interaction with our website, application, or advertisement.

Advertising networks, internet service providers, data analytics providers, operating systems and platforms, IT developers and social networks. Information in this category may be shared with these categories of third parties by cookies placed on your device when you interact with our websites and applications. Learn more about how we use cookies and similar cookies by clicking here.


Geolocation data - physical location (when you have given permission to do so).


Internet service providers, IT developers, data analytics providers, operating systems and platforms.

Professional or employment-related information such as current job role, job history or performance evaluations.

Operating systems and platforms, IT developers, insurers and professional advisers, government entities, employers providing the Services as a benefit to you and / or our business partners who may provide services you have requested.


Education records such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.


Operating systems and platforms, IT developers, insurers and professional advisers, government entities and/or our business partners who may provide services you have requested.

Inferences drawn from other personal information (profile reflecting a person's preferences, characteristics, behavior, attitudes, intelligence, abilities, and aptitudes.)


Operating systems and platforms, IT developers, insurers and/or professional advisers, government entities.

 We do not collect the following categories of personal information in relation to you / your dependent(s):

  • Biometric information;
  • Audio, electronic, visual, thermal, olfactory, or similar information.

Sale of Your Personal Information

Bright Horizons does not sell your or your dependent’s personal information.

Your Rights and Choices

1. Right to Know: You have the right to request that we disclose the following personal information we have collected over the past 12 months: 

  • categories of personal information we collected about you;
  • categories of sources for the personal information we collected about you;
  • our business/commercial purpose for collecting that personal information;
  • categories of third parties with whom we share that personal information;
  • where we disclosed personal information for a business purpose, the categories of personal information that each category of recipient obtained from us; and
  • specific pieces of personal information we collected about you.

2. Right to Data Portability:  The right to data portability applies when we collect personal information from you in an electronic format we must provide it to you in a portable, technically feasible, and ready-to-use format. </u;">

3. Right to Request Deletion: You have the right to request that we delete your personal information. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • complete the transaction for which we collected the personal information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • exercise freedom of speech and ensuring the right of another consumer to exercise their right to free speech or exercise another right provided for by federal or state laws;
  • comply with the California Electronic Communications Privacy Act;
  • engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
  • enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
  • comply with a legal obligation under federal or California state or local laws; or
  • make other internal and lawful uses of that personal information that are compatible with the context in which you provided that information.

4. Exercising Your Access, Data Portability and Deletion Rights:  To exercise the access, data portability, and deletion rights as outlined above, you must submit your request by either:

  • Webform: click here
  • Toll free: +1 855-687-7640 (Pacific Standard Time 8:00 AM -5:00 PM, Monday-Friday). 

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to your personal information. You may also make a verifiable request on behalf of your child under the age of 16 years old.

You may only make a verifiable request for access or data portability twice within a 12 month period. For the request to be verifiable it must:

  • provide sufficient information that allows us to reasonably verify you are the person about whom we processed personal information or a legally authorized representative; and 
  • describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We will not be able to respond to your request if we cannot verify your identity or legal authority to make the request and confirm the personal information relates to you or the subject of the request.

5. Response Timing and Format

We will endeavor to respond to your verified request within 45 days. If we require more time (up to 90 days) or are unable to comply with your request, we will inform you in writing of the reason and extension period. 

We will only provide disclosures for the 12 month period preceding receipt of your verified request. For data portability requests, we will select a format to provide your personal information that’s readily usable.

We do not charge a fee to respond to your verifiable request unless in exceptional circumstances we deem it to be excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will advise you in writing why we made that decision and provide you with a cost estimate before completing your request.


We will not discriminate against you for exercising any of your CCPA rights. 

Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Websites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact our Global Privacy Officer at