Privacy Notice for Employees

Effective from: 25 May 2018
Last updated 18 July 2019

Who does this Notice apply to?

This Notice applies to prospective, current and former staff members and suppliers (including employees, apprentices, agency workers and contractors).

A separate Global Privacy Notice for Customers applies to prospective, current and former customers using our services, websites, apps and social media.  Bright Horizons’ services include child and adult care, coaching, consulting, educational advising and tuition assistance. 

Who controls your personal data?

Bright Horizons is made up of a number of related companies.  This section gives you the legal name of the Bright Horizons company processing your personal data as the data controller and tells you how to get in touch with us.

  • If you are a prospective, current or former staff member or supplier in the United States, Canada, or India, Bright Horizons Family Solutions LLC at 200 Talcott Avenue South, Watertown, Massachusetts 02472, USA is the data controller.
  • If you are a prospective, current or former staff member or supplier in the United Kingdom or Ireland, Bright Horizons Family Solutions Limited (Co. No. 2328679) at 2 Crown Court, Rushden, Northamptonshire, NN10 6BS, UK is the data controller.
  • If you are a prospective, current or former staff member or supplier in the Netherlands, Kindergarden Nederland B.V. (Co. No. 33303797) at Herengracht 244, 1016 BT Amsterdam, Netherlands is the data controller.

For any questions, please contact our Global Privacy Officer by email at dataprivacy@brighthorizons.com or by post at the United Kingdom address listed above.

For simplicity throughout this Notice, ‘we’, ‘us’, ‘our’ and ‘Bright Horizons’ means the relevant related company of Bright Horizons; ’staff’ or ’staff member’ includes employee, apprentice, or agency worker; ’supplier’ includes contractor; and ’you’ or ’your’ means staff, staff member or supplier.

What legal basis do we rely on to process your personal data?

Bright Horizons relies on the following legal basis for processing your personal data. 

  • Performance under a Contract:  For prospective, current and former staff members and suppliers, some of the personal data we process on you is necessary for the performance of the contract we have with you.  For example, all employees and apprentices will have employment contracts with Bright Horizons and all suppliers will have supplier contracts.  These contracts govern pay, duties, responsibilities and obligations of Bright Horizons and you, and requires the processing of your personal data.
  • Legal Obligations:  For prospective, current and former staff members and suppliers, there are many laws that require us to process your personal data.  Examples include laws and regulations for child/adult care, safeguarding, health and safety, tax and employment.
  • Legitimate Interests:  For prospective, current and former staff members and suppliers, we have a legitimate interest in processing some of your personal data.   For example, we will process personal data to process a job application for employment or an apprenticeship; process the on-boarding and management of an agency worker; and conduct due diligence on a supplier.  We will only process your personal data if our legitimate interests do not materially impact your fundamental rights, freedoms and interests.
  • Special Categories of Personal Data:  For prospective, current and former staff members and suppliers, we may need to process special categories of personal data necessary for the contract we have with you or in order to fulfil our legal obligations.

Depending on the circumstances, we may need to process special category personal data as necessary for performance of our rights and obligations in connection with employment or where there is explicit consent from you to process special categories of personal data.

Special categories of personal data that we may process includes:

  • race
  • religion or philosophical beliefs
  • trade union membership
  • biometrics (where used for ID purposes)
  • health
  • sexual orientation.
  • Processing of Personal Data relating to Criminal Convictions and Offences: For prospective, current and former staff members and suppliers, we may need to process personal data relating to criminal convictions and offences.  We would do this as necessary for performance of our rights and obligations in connection with employment.
  • See also ‘Why do we collect your personal data’  for further details.

    When do we collect your personal data?

    There are a variety of contexts under which we will collect your personal data.

    • When you apply for a role with Bright Horizons as a prospective staff member, we will collect your personal data when:
      • You create or update an account on our job application system.
      • Your recruitment agency shares your personal data with us.
      • You provide personal data necessary for your job application.
      • You contact us for information about the role or your job application.
      • You visit any of our websites or engage with us on an app or social media.
      • We obtain personal data about you from third parties to process your job application, such as references, qualifications and criminal background checks.
    • During your on-going relationship with Bright Horizons as a staff member, we will collect your personal data when:
      • We create your Bright Horizons’ employee account and you update your information.
      • You or we complete electronic and paper forms, assessments and other documentation that processes your personal data.
      • You download or install one of our apps that processes your personal data.
      • You visit any of our websites or engage with us on an app or social media.
      • We monitor your IT use on Bright Horizons’ digital devices, technology and systems.
      • Where Bright Horizons uses your image (either as a photograph provided by you or taken by us), either internally or externally.

    • When you apply to become a supplier of Bright Horizons, as a prospective supplier we will collect your personal data when:
      • You create or update an account on our supplier system.
      • You provide personal data necessary for your supplier application.
      • You contact us for information about the opportunity or your supplier application.
      • You visit any of our websites or engage with us on an app or social media.
      • We obtain personal data about you from third parties to process your supplier application, such as references, regulatory ratings, qualifications and criminal background checks.

    • During your on-going relationship with Bright Horizons as a supplier, we will collect your personal data when:
      • We create your Bright Horizons’ supplier account and you update your information.
      • You or we complete electronic and paper forms, audits, assessments and other documentation that processes your personal data.
      • You download or install one of our apps that processes your personal data.
      • You visit any of our websites or engage with us on an app or social media.
      • We monitor your IT use on Bright Horizons’ digital devices, technology and systems.

    • When you access Bright Horizons’ premises, we will collect your personal data when:
      • You sign in to our visitor log and provide the requested information.
      • For locations with CCTV cameras, we may take CCTV images.   

      What personal data do we collect and process?

      If you are a prospective staff member of Bright Horizons, we will process the following categories of personal data about you:

      • All personal data that you provide to us.
      • Information from third parties about your suitability for your role including, if applicable, disqualification from childcare roles, criminal background records, references and training/qualifications.
      • For locations with CCTV cameras, images may be captured.
      • Other information as necessary to process your application.
      • Sensitive personal data which could include:
        • information about your race or ethnicity; religious beliefs; sexual orientation (for equal opportunities monitoring purposes);
        • information about your health as relevant to your role; and
        • criminal background records.

      If you are a current or former staff member, we will process the following categories of personal data about you:

      • All personal data that you provide to us during the course of your employment.
      • Details of your visits to our websites, apps, and social media, as well as information gathered by the use of cookies in your web browser.  Learn more about how we use cookies and similar technologies.
      • Employment records that could include, for example, compensation and benefits details, payroll records, tax status information, performance/disciplinary/grievance information, absences for sick and other types of leave, dates of employment, reason for leaving, location(s) of employment, training/qualifications and other general HR and business administrative records.
      • Information obtained through electronic means such as digital devices, swipe card records and key fob access records.
      • Photographs and biometric data.
      • For locations with CCTV cameras, images may be captured.
      • Records of employee contractual and statutory rights.
      • References about you either given by us or obtained from third parties.
      • Information that enables us to respond to and defend legal claims or to pursue legal claims.
      • Personal data provided to us in order to meet our legal obligations.
      • Sensitive personal data could include:
        • information about your race or ethnicity; religious beliefs; sexual orientation, gender (for equal opportunities monitoring purposes);
        • information about health or medical conditions to manage our employment law obligations for sick leave/absences, disabilities, and suitability to perform your role;
        • occupational health advice and other information about your health as relevant to your role; and
        • criminal background record checks.

      Why do we collect personal data?

      We limit the collection of personal data to what’s necessary.  Below we have highlighted the main reasons for collecting your personal data:

      • Respond adequately to your requests for information.
      • Comply with laws, and government regulations/standards.
      • Comply with our contractual obligations to you.
      • Support with education, training, communication, administration, and record keeping.
      • Fulfil tax, reporting, and other financial requirements and obligations.
      • Prevent or detect unlawful acts.

      We don’t sell your personal data to any third parties.

      Where do we process and store your personal data?

      Electronic Information:

      Although some personal data may remain on electronic storage data systems in the country where you work, it may also be processed and stored in the United States.  Please see below for more information on our adherence to the EU-US Privacy Shield Framework and compliance with other data protection laws.

      Hardcopy Information:

      The hardcopy of personal information we collect remains in the country where you work.

      Our adherence to the EU-US Privacy Shield Framework

      Bright Horizons Family Solutions LLC complies with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data we transfer from the European Union and the United Kingdom to the United States.  Bright Horizons Family Solutions LLC certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  The Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield. 

      If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall apply.  To learn more about the Privacy Shield program and view our certification, please visit https://www.privacyshield.gov/.

      Under certain circumstances, you have the right to invoke binding arbitration for complaints regarding our Privacy Shield compliance that you’ve been unable to resolve through any of the other Privacy Shield mechanisms.  To learn more about the binding arbitration mechanism, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction

      In compliance with the Privacy Shield Principles, Bright Horizons Family Solutions LLC commits to the following:

      • Resolve complaints about our collection or use of your personal data. If you have questions or complaints regarding our adherence to the EU-US Privacy Shield Framework, please contact our Global Privacy Officer at dataprivacy@brighthorizons.com or 2 Crown Court, Rushden, Northamptonshire, NN10 6BS, United Kingdom.
      • Cooperate with the panel established by the EU Supervisory Authorities (SAs) and comply with the advice given by the panel with regard to personal data transferred from the European Union.
      • Remain responsible and liable for the processing of personal data we receive under the Privacy Shield and subsequently transfer to a third party acting as an agent on our behalf.

      Who do we share your personal data with?

      We consider your personal data confidential and do not share it with anyone else except as described in this Notice.  There are limited circumstances that require us to disclose your personal data to others in order to meet our contractual or legal obligations or legitimate business interests.

      Examples include: 

      • Sub-contractors and Other Agents: We sometimes employ or contract with other companies and individuals to perform functions on our behalf.  Depending upon the type of service they are providing, we may share personal and special category (sensitive) data only as appropriate and necessary. These parties are under contractual obligations to use your personal data only as directed by us and as needed to perform their functions.  All are under a legal duty to handle such data in accordance with data protection law, Bright Horizons’ information security and confidentiality standards, and this Notice.
      • Benefit Providers: We share personal data of our employees with benefit providers in order to ensure that they and we are able to provide to you any benefits to which you are entitled.  All are under a legal duty to handle such data in accordance with data protection law, Bright Horizons’ information security and confidentiality standards, and this Notice.
      • Clients: If you are an employee, contractor or agency worker at one of our Corporate Client Nurseries, we may share certain personal data with our corporate client as required by our contract with them. This will always be in accordance with applicable data protection laws and regulations.
      • Business Transfers: As we continue to develop our business, we might sell or buy assets.  If any Bright Horizons business unit is sold or substantially all of Bright Horizons is acquired, personal data relevant to the operation sold may be transferred as part of the transaction.
      • Comply with Legal Requirements: We share personal data if required by law/regulations or as we reasonably determine to be necessary and as permitted by law, to protect our rights or the rights of others, to prevent harm or damage to persons or property, to fight fraud, or to enforce our website terms of use or other contractual rights.  For example, the government (in the United States, European Union, United Kingdom, Canada or India) may require us to disclose personal data for law enforcement or national security purposes; or the government may require us to disclose personal data for safeguarding or tax compliance purposes.
      • Bright Horizons’ Subsidiaries and Affiliate/Group Companies:  We may share your personal data with our subsidiaries and affiliate/group companies as necessary.  

      How long do we keep your personal data?

      Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected and as required under law.  At the end of that retention period, your data will either be deleted completely or anonymized, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

      What rights do you have over your personal data?

      You have the right to request:

      • Access to the personal data we hold about you, free of charge in most cases.
      • The rectification of your personal data to ensure that it is up-to-date, accurate and complete.

      To request copies of your personal data, please email: dataprivacy@brighthorizons.com.

      If you are a staff member and wish to amend your personal data, you may be able to make the amendment yourself via your online employee account.  Alternatively, you may also request amendments to be made by your line manager or the HR Department. 

      If you are a supplier and wish to amend your personal data, you may contact your contract liaison or the Procurement Department.

      In circumstances where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data that doesn’t infringe your rights and freedoms. You have the right to challenge our decision to the Supervisory Authority or seek legal redress through the courts.

      If you feel that your personal data hasn’t been handled correctly, or you are unhappy with our response to any requests you have made regarding the use of your personal data, you have the right to lodge a complaint with the relevant Supervisory Authority.

      • UK Supervisory Authority:  Information Commissioner’s Office at www.ico.org.uk/concerns (opens in a new window; please note we can't be responsible for the content of external websites.)
      • Ireland Supervisory Authority:  Data Protection Commissioner/An Coimisinéir Cosanta Sonraí at www.dataprotection.ie/docs/Home/4.htm (opens in a new window; please note we can't be responsible for the content of external websites.)
      • Netherlands Supervisory Authority:  Autoriteit Persoonsgegevens (Dutch Data Protection Authority – Dutch DPA) at https://autoriteitpersoonsgegevens.nl/en/contact-dutch-dpa/contact-us (opens in a new window; please note we can't be responsible for the content of external websites.)
      • Canada Supervisory Authority:  Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca/en/ (opens in a new window; please note we can't be responsible for the content of external websites.)

      How do we protect your personal data?

      We utilise appropriate technical, organisational, and physical safeguards to protect your personal data we process in both physical and electronic formats.  We provide adequate and appropriate data protection, privacy and security training and conduct internal periodic quality assurance audits to ensure we maintain these standards.

      However, please note that no computer system or information can ever be fully resilient against every possible hazard or risk.  We do maintain appropriate levels of security in accordance with data protection, privacy and security laws and regulations in the territories we operate and keep these under review.

      You also play a valuable part in protecting the security of your information.  You should never share with anyone your password to access any accounts that you create or which are created for you by Bright Horizons (such as your employee account details).

      When using a browser to access your account, after you have finished you should log out and exit your browser to prevent unauthorised users from returning to your account.  If you believe that someone has improperly used your account or provided information about you that you did not authorise, please contact us immediately at dataprivacy@brighthorizons.com

      Will this Notice change?

      This Notice is subject to change in order to remain compliant with data protection and privacy laws in the territories in which we operate.  We will post revisions to this Notice on our BrightWeb intranet site.  Please check back periodically, especially before you provide any personal information.  This Notice was last updated in July 2019.

      Any questions?

      We hope this Notice has been helpful in setting out the way we process your personal data and how we do this in a transparent and accountable manner.

      If you have any questions that haven’t been covered by this Notice, please contact our Global Privacy Officer at:

      • Email:  dataprivacy@brighthorizons.com; or
      • Post:  Attn:  Global Privacy Officer, 2 Crown Court, Rushden, Northamptonshire, NN10 6BS, United Kingdom.