Effective Date: November 2020
Last Reviewed: November 2020
Introduction
We are disclosing information about our data processing practices as required by the United Kingdom’s Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR). This DPA/GDPR Addendum supplements the information contained in the Bright Horizons Global Staff and Supplier Privacy Notice and applies exclusively to staff and suppliers located in the United Kingdom, Ireland, the Netherlands and any other European Economic Area country.
What legal basis do we rely on to process your personal information?
Bright Horizons relies on the following legal basis for processing your personal information.
International Transfers
We may process some of your personal information outside the European Economic Area (EEA). Whenever we transfer personal information out of the EEA, we ensure a similar degree of protection is afforded to it by putting in place appropriate safeguards and protections.
For transfers to the United States, we rely on the Standard Contractual Clauses approved by the European Commission that afford personal information the same protections it has in Europe and have completed appropriate risk assessments as required under the European Court of Justice ruling for Case C-311/18 Data Protection Commissioner v Facebook Ireland Ltd and Maximilian Schrems (“Schrems II”).
Please contact the Global Privacy Officer at dataprivacy@brighthorizons.com if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
Adherence to the EU-US Privacy Shield Framework.
Bright Horizons Family Solutions LLC does not rely on the EU-US Privacy Shield Framework to transfer your personal information out of the European Economic Area. However, Bright Horizons Family Solutions LLC remains certified under the EU-US Privacy Shield Framework and does comply with its requirements as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information we transfer from the United Kingdom and European Union to the United States. Bright Horizons Family Solutions LLC certified to the Department of Commerce that it adheres to the Privacy Shield Principles. The Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.
If there is any conflict between the terms in our Global Privacy Notice, DPA/GDPR Notice and the Privacy Shield Principles, the Privacy Shield Principles shall apply. To learn more about the Privacy Shield program and view our certification, please visit https://www.privacyshield.gov/.
Under certain circumstances, you have the right to invoke binding arbitration for complaints regarding our Privacy Shield compliance that you have been unable to resolve through any of the other Privacy Shield mechanisms. To learn more about the binding arbitration mechanism, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
In compliance with the Privacy Shield Principles, Bright Horizons Family Solutions LLC commits to the following:
What rights do you have over your personal information?
You have the right to request:
Please contact the Global Privacy Officer at dataprivacy@brighthorizons.com if you would like to:
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
In circumstances where we are processing your personal information based on our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal information that doesn’t infringe your rights and freedoms. You have the right to challenge our decision to the Supervisory Authority or seek legal redress through the courts.
If you feel that your personal information hasn’t been handled correctly, or you are unhappy with our response to any requests you have made regarding the use of your personal information, you have the right to lodge a complaint with the relevant Supervisory Authority.