GDPR Statement

Bright Mobile Apps Ltd is a company registered in England and Wales, with company number 09868529. The registered office is 37 Shiphay Lane, Torquay, Devon, UK.

The EU General Data Protection Regulation (GDPR) builds on existing data protection laws, strengthening the rights that EU individuals have over their personal data, and creating a single data protection approach across Europe. We are committed to the General Data Protection Regulations to ensure that the data we hold on clients is both accurate and only used with the explicit permission of the client.

Bright Mobile Apps Ltd

We believe compliance is a shared responsibility, giving assurance and assistance to our customers. We have reviewed all our internal processes, procedures, data systems and documentation to ensure that we comply. Our GDPR Principles are:

– Data is processed fairly and lawfully
– Data is processed only for specified and lawful purposes
– Processed data is accurate and, where necessary, kept up to date
– Data is not kept longer than necessary
– Data is processed in accordance with an individual’s consent and rights
– Data is kept secure

We hold your personal information in accordance with the security provisions of the UK Data Protection legislation. We use industry standard Secure Server Software (SSL) for any user form enquiry. It encrypts all of your personal information so that it cannot be read as the information travels over the internet. Pseudonymisation is recommended to reduce the risks to the concerned data subjects and also help controllers and processors to meet their data-protection obligations.

App User Registration

Personal data is only collected if an app user registers on an app developed by Bright Mobile Apps. If a user does register, the following personal data is encrypted and stored for the following reasons:

Full Name: Enables the admin to assign loyalty card stamps
Email Address: Enables the user to login to the registration area
Date of Birth: Enables automatic push notifications to be sent on the day of the users birthday. This is not a required field and users registering can leave this field blank. The Date of Birth is only seen and editable by the client from their device.

Personal data is stored on a secure, dedicated server in the UK. Personal data is not shared with any company. All data resides on a UK based server and is never transmitted outside of the UK (backups are off-site but still in the country). If you wish to change or remove the above information, please edit ‘Your Profile’ within the app or please see the section ‘Right to Erasure’.

An app user can only receive push notifications not text messages. On downloading the app, the user has the right to choose whether they wish to receive push notifications. If at a later date they wish to change their decision, this can be updated through the handsets main ‘Settings’ section.

Right to be Forgotten / Data Erasure

Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests. To remove all your personal data, please contact the company app you are registered on or email gdpr@brightapps.co.uk with your full name and short statement. In regards to data portability, if you have made an appointment or booking through the app, again please contact the company directly or their booking system.

Right to Access

Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.

Data Portability

Depending on the application, the company may have included links to third-party websites such as an online booking system – this is not controlled by Bright Apps Ltd. We are in no way responsible for the content, terms and conditions, policies or privacy conditions of such websites and programs. Your dealings with these third party sites are solely between you and the relevant third party, we advise their terms and conditions, policies for use and terms of service are read and agreed to before commencing to use them. More information on GDPR can be found at https://www.eugdpr.org