Global Consumer Privacy Notice
Owner: Privacy Department
Approver: Global Privacy Officer
Version: Effective January 2024
Last Reviewed: January 2024
- Introduction
- Who does this Notice apply to?
- Who controls your personal information?
- Why do we collect personal information?
- When do we collect your personal information?
- What personal information do we collect and process?
- Who do we share your personal information with?
- Where do we process and store your personal information?
- How long do we keep your personal information?
- What rights do you have over your personal information?
- How do we protect your personal information?
- Will this Notice change?
- Any questions?
Introduction
Around the globe, consumers trust Bright Horizons to provide high-quality education and care, operate with integrity, and empower them to thrive. Respecting the privacy rights of our consumers is an integral part of building and maintaining that trust. This Notice explains how Bright Horizons collects and uses its consumers’ personal information.
Who does this Notice apply to?
This Notice applies to any person who purchases or uses Bright Horizons’ services (Consumer), including prospective, current or former Consumers. It also covers all services provided by Bright Horizons in the locations listed in “Who Controls Your Personal Information” (Services).Consumers can click on the links below for additional terms that apply to Consumers residing in certain regions or receiving Services in those regions. The region-specific terms only apply to the Services that operate in those geographic locations or as applicable law requires.
A separate Global Staff and Supplier Privacy Notice applies to prospective, current and former staff and suppliers (including employees, apprentices, agency workers and contractors).
For simplicity throughout this Notice, ‘we’, ‘us’ and ‘our’ means Bright Horizons and ‘you’ or ‘your’ means Consumer.
Who controls your personal information?
Bright Horizons is made up of a number of companies. This section gives you the legal name of the Bright Horizons’ company responsible for processing your personal information.
Bright Horizons has a Global Privacy Officer (who also acts as its Data Protection Officer for the UK and the Netherlands) and can be contacted at [email protected].
|
Location of Services |
Responsible Company |
|
United States, Canada
|
Bright Horizons Family Solutions LLC 2 Wells Ave, Newton, Massachusetts, 02459, USA.
This entity also includes services under our brand names Bright Horizons, Bright Horizons EdAssist Solutions and College Coach.
|
|
United Kingdom, Ireland
|
Bright Horizons Family Solutions Limited (Co. No. 2328679) 2 Crown Court, Rushden, Northamptonshire, NN10 6BS, UK.
This entity also includes services under our brand names Bright Horizons, Yellow Dot Nurseries, Asquith Nurseries, Magic Nurseries, Saurus Nurseries, Tiggywigs and My Family Care (MFC).
|
|
Netherlands
|
Kindergarden Nederland B.V. (Co. No. 33303797) Herengracht 250, 1016 BV Amsterdam, Netherlands.
|
|
India |
Bright Horizons Child Care Services Private Limited 7/4, Thapar Niketan, Brunton Road, Bangalore-560025
|
Why do we collect your personal information?
We limit the collection of your personal information to what is necessary. Below we have highlighted the main reasons for collection:
- Fulfill or meet the reason you provided the personal information to us.
- Respond adequately to your requests for Services or information.
- Provide Services to you and/or your dependents.
- Personalize, enhance, and support your website experience and/or the Services.
- Create, maintain, customize, and secure your account with us.
- Facilitate and process purchases, financial transactions and payments.
- Provide information regarding our Services and areas of interest to you.
- Research and analyze existing Services for training and quality purposes and develop new Services.
- If you receive our Services as an employee benefit, to aid your employer in the administration of the employee benefit.
- Comply with laws, regulations and sector standards.
- Protect the security of our technology and data.
- Fulfil tax, reporting, and other financial requirements and obligations.
- Prevent or detect unlawful acts.
- As described to you when collecting your personal information.
- Evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all assets of Bright Horizons, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
- In relation to pandemics (for example COVID-19) or other state/national/international emergencies, to comply with our legal and regulatory obligations.
For UK and European Economic Area (EEA) Consumers: What legal basis do we rely on to process your personal information?
Bright Horizons relies on the following legal basis for processing UK / EEA personal information:
- Performance under a Contract: For Consumers, most of the personal information we process is necessary for us to perform our obligations under a contract we have with you, and, if applicable, your employer when you receive the Service as an employee benefit.
- Legal Obligations: For Consumers, there are many laws that require us to process your personal information. Examples include law and regulations for child/adult care, safeguarding, health and safety, tax and government funding.
- Legitimate Interest: For Consumers, we have a legitimate interest in processing some of your personal information in some circumstances. We will only process your personal information if our legitimate interests do not override your fundamental rights, freedoms and interests. For any questions regarding this legal basis, please contact our Global Privacy Officer at [email protected]. Some examples of our legitimate interests include:
- Use of your email address to send you newsletters, invitations to webinars, or information about your Services or new/enhanced Service updates.
- In some locations, we use Closed Circuit (CCTV) for security/safety of our consumers, staff and premises; to help prevent and detect crime; to support learning and training; and/or to defend legal claims.
- Recording your contact center calls to assist us with monitoring our policies and procedures; identifying opportunities for training and development; and improving Services to you.
- For consumers receiving our Services as an employee benefit, we will use the information provided to us from your employer and you to create reporting and analytics information that inform us and your employer of registration for and use of the Services, as well as for quality improvement of Services (including as necessary anonymization of your personal information for these purposes).
When do we collect your personal information?
There are a variety of contexts under which we will collect your personal information. Please click on the section below that is relevant to you.
When you visit our websites or use our applications (apps) or social media
When you call our Contact Centers
When you receive Services from us
When you visit our websites or use our applications (apps) or social media
- Monitoring your electronic visit and engagement with us.
- The information you provide to us (for instance, by completing one of our webforms).
- Learn more about how we use cookies and similar technologies by clicking here.
Our website is not intended for use by children under 16 years of age nor do we knowingly collect personal information from children under 16 through our website. If you are under 16, please do not use or provide any information on our website.
When you call our Contact Centers, we will collect your personal information from:
- The information you provide to us.
- Recording the calls, including the number you call from, for training and quality assurance purposes.
When you receive Services from us, we will collect your personal information from:
- The information you provide to us.
- Providing the Services to you such as completing forms, assessments and other documentation as part of the provision of Services.
- Recorded images at locations with CCTV cameras.
- Use of key fobs or swipe card to gain access to the Services.
- If you receive Services as part of an employee benefit, we may receive your personal information from your employer on your eligibility to use the Services and other reporting identifiers.
- If you receive government funding, we may receive personal information from the government on your eligibility for the funding and other reporting identifiers.
- Government agencies may provide us with personal information to support their regulatory obligations or investigations.
- Third party marketing companies who provide us with contact details for individuals who have consented to receive marketing materials. You have the right to opt-out of these communications at any time. See “What rights do you have over your personal information?” for more information.
What personal information do we collect and process?
If you are a prospective consumer:
- The personal information you provide to us. This personal information may include health related information relevant to determine the suitability of Services.
- Details of your visits to our websites, apps, and social media, as well as information we gather from the use of cookies. To learn more about how we use cookies and similar technologies click here.
- For locations with CCTV cameras, we may capture images.
- Your contact details as provided to us by third party marketing companies (for individuals who have consented to receive marketing materials). You have the right to withdraw your consent at any time.
Click here for more information on the specific categories of personal information we collect and process, and who we share that personal information with.
If you are a current or former consumer:
- All personal information you provide to us. This personal information may include health related information relevant to the provision of Services or as required under law/regulation or health and safety policies.
- Personalized registration username and passwords, and swipe card/key fob access records for Bright Horizons premises.
- Details of your visits to our websites, apps, and social media, as well as information we gather from the use of cookies in your web browser. To learn more about how we use cookies and similar technologies click here.
- For locations with CCTV cameras, we may capture images.
- Access information when using key fobs or swipe cards.
- Care and service records that may include for example: notes from meetings/calls; observations and assessments of you or your dependent’s activities while we provide services to them (e.g., illnesses, sleep, diaper changes, meals, medication, learning, interactions with others, and accidents); review and feedback on your or your dependent’s education/school applications; photographs to share with you for communication purposes, learning records or identification purposes; and utilization reports (including dates of service, user of service and reasons for service).
- If you receive our service as part of an employee benefit, we may receive personal information from your employer on your eligibility to use the Services and other reporting identifiers.
- If you receive government funding, we receive personal information from the government on your eligibility for the funding and other reporting identifiers.
- Government agencies may provide us with personal information to support their regulatory obligations or investigations.
- Other personal information provided to us by third parties in order to meet our legal obligations.
- Personal information about you and/or your dependent as necessary to respond to and defend legal claims or to pursue legal claims.
There are a variety of categories of your personal information that we collect. Depending upon whether you are a prospective or current Consumer also determines the personal information we process. For more information, please see below.
Categories of personal information we collect
|
Categories
|
Examples include: |
Categories of Third Parties with whom we share (including Service Providers) |
Criteria for determining retention period |
|
Identifiers
Click here for more information on the specific types of sensitive information which we collect / process or each service and the purposes for which we process that sensitive personal information.
|
Name, alias, postal address, email address, driver’s license number, unique personal identifier, online identifier, Internet Protocol address, or other similar identifiers. |
Operating systems and platforms, IT developers, internet service providers, credit card/payment providers / financial institutions, insurers and professional advisers, government entities, employers providing the Services as a benefit to you and/or our business partners who may provide services you have requested. |
As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims. |
|
Formal Customer Records
Click here for more information on the specific types of sensitive information which we collect / process for each service and the purposes for which we process that sensitive personal information.
|
Name, signature, physical characteristics or description, address, telephone number, driver’s license or state identification card number, education, employment, bank account number, credit card number, debit card number, or medical information. |
Operating systems and platforms, IT developers, internet service providers, credit card/payment providers / financial institutions, insurers and professional advisers, government entities, employers providing the Services as a benefit to you and/or our business partners who may provide services you have requested. |
As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims. |
|
Commercial Information |
Products or services purchased, obtained, considered, or other purchasing or consuming histories.
|
Operating systems and platforms, IT developers, internet service providers, credit card/payment providers / financial institutions, insurers and professional advisers, government entities, employers providing the Services as a benefit to you and/or our business partners who may provide services you have requested. |
As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims. |
|
Protected Characteristics
Click here for more information on the specific types of sensitive information which we collect / process for each service and the purposes for which we process that sensitive personal information.
|
Protected Classification Characteristics including: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
Operating systems and platforms, IT developers, insurers and professional advisers, government entities, employers providing the Services as a benefit to you and/or our business partners who may provide services you have requested. |
As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims.
|
|
Internet or other similar network activity |
Browsing history, search history, information on your interaction with our website, application, or advertisements. |
Advertising networks, internet service providers, data analytics providers, operating systems and platforms, IT developers and social networks. Information in this category may be shared with these categories of third parties by cookies placed on your device when you interact with our websites and applications. Learn more about how we use cookies and similar technologies by clicking here. |
As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims.
|
Categories of sensitive personal information
Depending on the Services we provide to you, we may require certain sensitive personal information. Please click on the section below that is relevant to you.
All Services accessed via an online account
Childcare Services (Centers, Nurseries)
Back Up Care Services
EdAssist Services
College Coach Services
Personal / Family Coaching Services
|
Categories |
Examples include: |
Purposes of processing |
Categories of Third Parties with whom we share (including Service Providers) |
Criteria for determining retention period |
|
|
All Services accessed via an online account |
|||||
|
Complete account access credentials |
User names, account numbers; passwords. |
To create, maintain and secure your online account with us. |
Operating systems and platforms, IT developers, internet service providers. |
As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims. |
|
|
Childcare Services (Centers, Nurseries) |
|||||
|
Child Personal Information: If you are enquiring about / requesting / receiving childcare services, you agree to the collection and processing of your child’s personal information as necessary for us to respond to your enquiry / request, and to provide the childcare services to you and your child in accordance with our legal obligations. |
|||||
|
Health Data |
Allergies, special educational needs, specific medical conditions, or pandemic related such as vaccinations or illness |
To provide the services safely and/or in compliance with applicable law: for instance, to inform us of allergies, medicines, special physical or educational requirements, health conditions. |
Operating systems and platforms, IT developers, internet service providers, insurers and professional advisers, government entities. |
As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims. |
|
|
Government identifiers |
Driver's license; state ID card; passport number. |
To provide the services safely and/or in compliance with applicable law: for instance, for any child care related services, to confirm your identity and parental responsibility / rights in connection with the child. |
Operating systems and platforms, IT developers, internet service providers, credit card/payment providers / financial institutions, insurers and professional advisers, government entities. |
As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims. |
|
|
Back Up Care Services |
|||||
|
If you are providing sensitive personal information on behalf of another person (such as an elderly parent who requires care), by providing that information, you confirm you are doing so with that person’s consent and for their benefit. |
|||||
|
Health Data |
Allergies, special educational needs or specific medical conditions, pandemic related such as vaccinations or illness |
To provide the services safely and/or in compliance with applicable law for instance, to inform us of allergies, medicines, special physical or educational requirements, health conditions of the dependent. |
Operating systems and platforms, IT developers, internet service providers, insurers and professional advisers, government entities, and/or our business partners who may provide services you have requested. |
As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims. |
|
|
EdAssist Services |
|||||
|
Union membership |
|
Your employer may provide this sensitive information to us to assist with determining levels of employee’s eligibility for our EdAssist services. |
Operating systems and platforms, IT developers, internet service providers, insurers and professional advisers, government entities, and/or our business partners who may provide services you have requested. |
As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims. |
|
|
College Coach Services |
|||||
|
Health Data |
These categories of information are not required for us to provide the services - however you may provide this information to us voluntarily to enable us to better assist you: for example, to assist with identifying schools, scholarships, etc. |
Operating systems and platforms, IT developers, internet service providers, insurers and professional advisers, government entities, and/or our business partners who may provide services you have requested. |
As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims. |
||
|
Religious Beliefs |
|||||
|
Race/ethnic origin |
|||||
|
Sexual orientation |
|||||
|
Personal / Family Coaching Services |
|||||
|
Health Data |
These categories of information are not required for us to provide the services - however you may provide this information to us voluntarily to enable us to better assist you. |
For example, due date for pregnancy to enable us to create a parental leave plan for you. |
Operating systems and platforms, IT developers, internet service providers, insurers and professional advisers, government entities, and/or our business partners who may provide services you have requested. |
As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims. |
|
|
Religious Beliefs |
To support our coaching of you if provided by you as part of that confidential coaching. |
||||
|
Race/ethnic origin |
|||||
|
Sexual Orientation |
|||||
For UK and EEA Consumers: Special Categories of Personal Information
We may need to process special categories of personal information in order to evaluate whether Services are suitable for the care requested and/or to provide the Services safely and/or effectively. In some locations, government regulations/laws require us to process special categories of personal information. Special categories of personal information that we may process include information relating to:
- Health data:
- When receiving adult/child care services, in order for us to provide the services safely and/or in compliance with applicable law, you may need to provide us with health data of the dependent we care for (for example to inform us of allergies, medicines, special physical, educational requirements, health conditions).In addition, this type of information may be provided to us by a government body.
- When receiving personal or family coaching or special educational needs services, you may voluntarily provide us with health data about you / your dependents to enable us to provide the advice services.
- In relation to pandemics (for example COVID-19) or other state/national/international emergencies, in order to comply with our legal and regulatory obligations or health and safety policies you may need to provide us with health data.
- Race/ethnic origin data: you may provide this information to us voluntarily when receiving College Coach services (for example to assist with identifying schools, scholarships, etc.) .
- Trade union membership: your employer may provide this information to us to assist with determining levels of employee’s eligibility for our EdAssist services.
Who do we share your personal information with?
We consider your personal information confidential and do not share it with anyone else except as described in this Notice. Bright Horizons does not sell your personal information (or that of your dependents) to third parties.
When you visit our websites, apps, and social media, we use cookies and similar technologies as permitted by law, including for targeting / behavioral advertising. Bright Horizons recognizes Global Privacy Control and Do Not Track for Social Media and Targeting cookies and similar technologies. Our Cookies and Similar Technologies Notice provides details about this collection and sharing, including how you are able to set your tracking preferences.
There are limited circumstances that require us to disclose your personal information to others in order to deliver Services and meet our contractual/legal obligations or legitimate business interests. Examples include:
|
Bright Horizons’ Group Companies |
We may share your personal information with our subsidiaries and affiliate/group companies as necessary to provide the Services.
|
|
Sub-contractors and Agents |
We sometimes employ or contract with other companies and individuals to perform functions on our behalf. Depending upon the type of service they are providing, we may share personal and special category (sensitive) personal information only as appropriate and necessary. These parties are under contractual obligations to use your personal information only as directed by us and as needed to perform their functions. All are under a legal duty to handle such information in accordance with Bright Horizons’ information security, data protection and confidentiality standards, and this Notice. Some examples include our insurance brokers/provider, payment service providers, and IT developers.
|
|
Business Partners |
If you utilize our child/adult care or coaching services, we may partner with a professional external provider (Business Partner) to arrange for them to deliver the Services to you or your dependent. You will have an independent relationship with our Business Partner. They may require personal information from you in order to deliver the Services to you in accordance with their own processes and obligations under the law. In order to arrange the Services with the Business Partner, we may need to share personal and special category (sensitive) personal information as appropriate and necessary. We have contracts with the Business Partners that require them to use your personal information only as allowed under the contract, in compliance with all applicable laws and to meet appropriate standards of information security, data protection and confidentiality.
|
|
Employers |
Your employer may make the Services available to you as an employee benefit. In order to meet our obligations to your employer, we provide details of your use of the Services, which may include your name, dates of use, reasons for use, and other employer requested utilization information. We disclose only information relevant to the utilization of the Services, tax related requirements such as for imputed income or as necessary for their administration of the benefit.
|
|
Third Parties to Comply with Legal Requirements |
We share personal information if required by law/regulations or as we reasonably determine to be necessary and as permitted by law to protect our rights or the rights of others, to prevent harm or damage to persons or property, to fight fraud, or to enforce our website terms of use or other contractual rights. For example, a government may require us to disclose personal information for law enforcement purposes; or require us to disclose personal information for safeguarding or government funding purposes; or for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
|
|
Business Transfers |
As we continue to develop our business, we may sell or buy assets or entities. If any Bright Horizons business unit is sold, personal information relevant to the acquisition may be transferred as part of the transaction.
|
How long do we keep your personal information?
Whenever we collect or process your personal information, we’ll only keep it for as long as is necessary for the purpose for which it was collected, as required under law and to defend legal claims. At the end of that retention period, your information will either be deleted completely or anonymized, for example by aggregation with other information so that it can be used in a non-identifiable way for research, statistical analysis and business planning.
Where do we process and store your personal information?
|
Hardcopy Information |
The hardcopy of personal information we collect remains in the country where you receive the services or provide the information.
|
|
Electronic Information |
Some personal information may remain on electronic storage data systems in the country where we provide the service. However, our primary electronic storage facilities and contact centers are in the United States. Please note that we (or our Affiliates, service providers or agents) may process personal information in other countries, where your personal information may be subject to the laws of that jurisdiction, including laws regarding the disclosure of personal information to government authorities. We ensure appropriate safeguards are in place before we transfer personal information to any other country. |
For UK and EEA Consumers: International Transfers and Safeguards
We may process some of your personal information outside the UK / EEA as applicable. Whenever we transfer personal information out of the UK / EEA, we ensure a similar degree of protection is afforded to it by putting in place appropriate safeguards and protections.
For transfers to the United States, we rely on the Standard Contractual Clauses approved by the European Commission / the UK authorities that afford personal information the same protections it has in Europe and have completed appropriate risk assessments as required under the European Court of Justice ruling for Case C-311/18 Data Protection Commissioner v Facebook Ireland Ltd and Maximilian Schrems (“Schrems II”).
Please contact the Global Privacy Officer at [email protected] if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
For UK / EEA Consumers: Adherence to the EU-US Privacy Shield Framework
Although, we do not rely on the EU-US Privacy Shield Framework to transfer your personal information out of the European Economic Area, Bright Horizons Family Solutions LLC remains certified under the EU-US Privacy Shield Framework and does comply with its requirements as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information we transfer from the United Kingdom and European Union to the United States. Bright Horizons Family Solutions LLC certified to the Department of Commerce that it adheres to the Privacy Shield Principles. The Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.
If there is any conflict between the terms in our Global Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall apply. To learn more about the Privacy Shield program and view our certification, please visit https://www.privacyshield.gov/.
Under certain circumstances, you have the right to invoke binding arbitration for complaints regarding our Privacy Shield compliance that you have been unable to resolve through any of the other Privacy Shield mechanisms. To learn more about the binding arbitration mechanism, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
In compliance with the Privacy Shield Principles, Bright Horizons Family Solutions LLC commits to the following:
- Resolve complaints about our collection or use of your personal information. If you have questions or complaints regarding our adherence to the EU-US Privacy Shield Framework, please contact our Global Privacy Officer at [email protected] or 2 Crown Court, Rushden, Northamptonshire, NN10 6BS, United Kingdom.
- Cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to personal information transferred from the European Union.
- Remain responsible and liable for the processing of personal information we receive under the Privacy Shield and subsequently transfer to a third party acting as an agent on our behalf.
What rights do you have over your personal information?
The location of where you reside or receive Services determines your rights. We will not discriminate against you for exercising any of your privacy rights. Please click on the section below that is relevant to you.
All Locations
United Kingdom and European Economic Area
California
Virginia
All Locations
Amend Personal Information:
To ask for your personal information to be amended, please follow one of the steps below as applicable to the Services you receive:
- Online Account: If you have an online account, you can update the information directly online.
- Contact Center: Call our contact center team to request the amendments.
- Child Care Centers / Nurseries / Schools: Contact the location providing the Service to request the amendments.
Removal from email lists:
To be removed from email lists, please follow the steps below:
- Unsubscribe: Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails from that particular mailing list.
- Account Preferences: If you have an account, log in to your account and change your preferences.
- Apps: In our apps, you can manage your preferences and opt out from one or all of the different notifications by selecting or deselecting the relevant options in the ‘Settings’ section.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
Access/Deletion or Other Requests:
To submit any other request or query about your personal information to us (including requests to access or delete your information):
- Complete our Webform
- Call our Toll free phone number: +1 855-687-7640, open Pacific Standard Time 8:00 AM -5:00 PM, Monday-Friday.
United Kingdom and European Economic Area
Your rights under the Data Protection Act 2018 / UK General Data Protection Regulation and the General Data Protection Regulation.
What rights do you have over your personal information?
You have the right to request:
- Access to the personal information we hold about you, free of charge in most cases.
- The rectification of your personal information to ensure that it’s up-to-date, accurate and complete.
- The erasure of your personal information (subject to certain exemptions).
- We stop processing your personal information for direct marketing purposes (either through specific channels or all channels).
- We and other third parties cease processing your personal information when this was previously undertaken based on your consent and you’ve now withdrawn that consent.
How do you make a request about your personal information?
Complete our Webform to make a request to access / receive a copy of your personal information or for us to correct or delete your personal information (or exercise any of your other rights).
You can also contact the Global Privacy Officer at [email protected].
Please note:
- Only you (or your authorized legal representative) may make a request related to your personal information. You may also make a request on behalf of your child.
- In order to authenticate and process your request, you will need to:
- provide sufficient information that allows us to reasonably verify you are the person about whom we processed personal information or a legally authorized representative; and
- describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
- We will not be able to respond to your request if we cannot verify your identity or legal authority to make the request and confirm the personal information relates to you or the subject of the request.
- We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
- In circumstances where we are processing your personal information based on our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal information that doesn’t infringe your rights and freedoms. You have the right to challenge our decision to the Supervisory Authority or seek legal redress through the courts.
- If you feel that your personal information hasn’t been handled correctly, or you are unhappy with our response to any requests you have made regarding the use of your personal information, you have the right to lodge a complaint with the relevant Supervisory Authority.
|
Location |
Authority |
Link to Authority webpage (opens in a new window; please note we can't be responsible for the content of external websites.) |
|
UK |
Information Commissioner’s Office |
|
|
Ireland |
Data Protection Commissioner/An Coimisinéir Cosanta Sonraí at |
|
|
The Netherlands |
Autoriteit Persoonsgegevens (Dutch Data Protection Authority – Dutch DPA) |
https://autoriteitpersoonsgegevens.nl/en/contact-dutch-dpa/contact-us |
California
Your rights under the California Consumer Privacy Act of 2018 (CCPA) and California Privacy Rights Act 2020 (CPRA).
Do we sell / share your personal information?
Bright Horizons does not sell your personal information (or that of your dependents) to third parties. We also do not “share” your personal information as defined in the CRPA.
When you visit our websites, apps, and social media, we use tracking technologies (such as cookies) as permitted by law, including for targeting / behavioral advertising if you direct us to do so via our Cookie banner. Bright Horizons recognizes Global Privacy Control and Do Not Track for Social Media and Targeting cookies and other similar technologies. Our Cookies and Similar Technologies Notice provides details about this collection and sharing, including how you are able to set your tracking preferences.
How to Opt-Out of sale / sharing of your Personal Information
We do not sell or “share” (as defined in the CPRA) your personal information - but you can click here to access our Cookies and Similar Technologies Notice which explains how you are able to set your tracking preferences.
What other rights do you have in relation to your personal information?
You also have the right to request:
- that we confirm the following personal information we have collected over the past 12 months:
- categories of personal information we collected about you;
- categories of sources for the personal information we collected about you;
- our business/commercial purpose for collecting that personal information;
- categories of third parties with whom we share that personal information;
- where we disclosed personal information for a business purpose, the categories of personal information that each category of recipient obtained from us; and
- specific pieces of personal information we collected about you.
- that we provide a copy of your personal information to you in a portable and ready-to-use format. This right applies when we collect personal information from you in an electronic format and it is technically feasible for us to provide it to you in a portable, ready-to-use format
- that we delete your personal information (subject to certain exemptions).
How do you make a request about your personal information?
Bright Horizons provides the following two ways for you to make a request under the CCPA and CPRA:
- Complete our Webform to make a request to access / receive a copy of your personal information or for us to correct or delete your personal information.
- You can also call our dedicated Toll free number: +1 855-687-7640 (Pacific Standard Time 8:00 AM -5:00 PM, Monday-Friday).
Please note:
- Only you, or a person that you authorize to act on your behalf, may make a verifiable request related to your personal information. You may also make a verifiable request on behalf of your child under the age of 16 years old.
- A person who states they are authorized on your behalf to make a request will be required to produce appropriate signed permission / authority from you that they are authorized on your behalf for the purposes of the request.
- You may only make a verifiable request for access or data portability twice within a 12 month period.
- In order for us to verify your request, you will need to:
- provide sufficient information that allows us to reasonably verify you are the person about whom we processed personal information or a legally authorized representative; and
- describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
- We will not be able to respond to your request if we cannot verify your identity or legal authority to make the request and confirm the personal information relates to you or the subject of the request.
- We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
When and how will Bright Horizons respond to your request?
We will endeavor to respond to your verified request within 45 days. If we require more time (up to 90 days) or are unable to comply with your request, we will inform you in writing of the reason and extension period.
Will we charge you a fee?
We do not charge a fee to respond to your authenticated request unless in exceptional circumstances we deem it to be excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will advise you in writing why we made that decision and provide you with a cost estimate before completing your request.
What happens if we decline your request?
We will endeavor to inform you of this within 45 days. We will provide our justification for declining to take action in connection with your request.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Websites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact our Global Privacy Officer at [email protected].
Virginia
Your rights under the Virginia Consumer Data Protection Act (VCDPA).
Do we sell / share your personal information?
Bright Horizons does not sell your personal information (or that of your dependents) to third parties.
When you visit our websites, apps, and social media, we use tracking technologies (such as cookies) as permitted by law, including for targeted / behavioral advertising, if you choose not to opt out via our Cookie banner. Bright Horizons recognizes Global Privacy Control and Do Not Track for Social Media and Targeting cookies and other similar technologies. Our Cookies and Similar Technologies Notice provides details about this collection and sharing, including how you are able to Opt Out of the use of your personal information for targeted / behavioral advertising and how to set your tracking preferences.
How to Opt-Out of Sale / Sharing of your Personal Information
Click here to access our Cookies and Similar Technologies Notice which explains how you are able to Opt Out of the use of your personal information for targeted / behavioral advertising and how to set your Cookie preferences.
What other rights do you have in relation to your personal information?
You also have the right to request:
- that we confirm whether we process personal information about you.
- access to your personal information.
- that we provide a copy of your personal information to you in a portable and ready-to-use format. This right applies when we collect personal information from you in an electronic format and it is technically feasible for us to provide it to you in a portable, ready-to-use format.
- that we correct inaccuracies in your personal information.
- deletion of your personal information (subject to certain exemptions).
How do you make a request about your personal information?
Complete our Webform to make a request to access / receive a copy of your personal information or for us to correct or delete your personal information.
Please note:
- Only you (or your authorized legal representative) may make a request related to your personal information. You may also make a request on behalf of your child under the age of 13 years old.
- You may only make a request for access or data portability twice within a 12 month period.
- We will not be able to respond to your request if we cannot verify your identity or legal authority to make the request and confirm the personal information relates to you or the subject of the request.
- We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
- In order to authenticate and process your request, you will need to:
- provide sufficient information that allows us to reasonably verify you are the person about whom we processed personal information or a legally authorized representative; and
- describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
When and how will Bright Horizons respond to your request?
We will endeavor to respond to your verified request within 45 days. If we require more time (up to 90 days) or are unable to comply with your request, we will inform you in writing of the reason and extension period.
Will we charge you a fee?
We do not charge a fee to respond to your authenticated request unless in exceptional circumstances we deem it to be excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will advise you in writing why we made that decision and provide you with a cost estimate before completing your request.
What happens if we decline your request?
We will endeavor to inform you of this within 45 days. We will provide our justification for declining to take action in connection with your request. You are entitled to file an appeal to us by writing to our Global Privacy Officer directly at [email protected] within a reasonable period after receiving our response.
How do we protect your personal information?
Bright Horizons’ Information Security program is ISO 27001 certified and our Privacy program is ISO 27701 certified. Click here to view our applicable ISO certifications.
We utilize appropriate technical, organizational, and physical safeguards to protect your personal information we process in both physical and electronic formats. We provide data protection, privacy and security training and conduct internal periodic quality assurance audits to ensure we maintain these standards.
However, please note that no computer system or information can ever be fully resilient against every possible hazard or risk. We do maintain appropriate levels of security in accordance with data protection, privacy and security laws and regulations in the territories we operate and keep these under review.
You also play a valuable part in protecting the security of your personal information. You should never share with anyone your password to access any accounts that you created or which we created for you. When using a browser to access your account, after you have finished you should log out and exit your browser to prevent unauthorized users from returning to your account.
If you believe that someone has improperly used your account or provided information about you that you didn’t authorize, please contact us immediately at [email protected].
Will this Notice change?
This Notice is subject to change in order to remain compliant with data protection and privacy laws in the territories in which we operate. Please check back periodically, especially before you provide any personal information. This Notice was last updated in December 2022.
Any Questions?
We hope this Notice has been helpful in setting out the way we process your personal information and how we do this in a transparent and accountable manner. If you have any questions that haven’t been covered by this Notice, please contact our Global Privacy Officer at [email protected].