Last updated: 29th March 2021.
It’s important for you to know that using this website means that you have read, understood, and acknowledge this policy. We know this seems weird, but we have no way of knowing who reads it and who doesn’t, and who has what expectations about if and what we do with their information. And we’re not going to prevent entry to this website until you check a box saying you’ve read this whole page… that’d be dumb.
So, we just have to assume that you are OK with what’s on this page when you use our website, to ensure we don’t have any disputes based on unequal expectations.
Not going to lie, this part gets a bit hefty. It’s about if you’re accessing our website on your own behalf, or on behalf of your employer. For users based in the EU and the UK, we need to describe our role and our responsibility for your personal information using terms described by EU privacy law.
you use our website in connection with an agreement between your former, current, or prospective employer (“Employer”) and Bright Pilots (the “Enterprise Agreement”),
and your Employer remains the data controller for certain personal information you may need to provide in connection with using this website,
then the terms of that Enterprise Agreement shall apply with respect to the processing of any personal information. In these instances, we act as a “data processor”. This means that we process your personal information to provide a service to your Employer, and we do so at their direction. If you have any questions about specific privacy practices in connection with using our website through your Employer, please contact your Employer.
We use the Plausible website analytics platform to collect the following information about visitors to this website:
If you have subscribed to our newsletter, you have provided your:
We will never ask for information regarding gender, place of employment, salary, location, marital status, or dependents.
We use the information captured from our website analytics platform (above) to learn what seems to resonate with people, what doesn’t, and to guide our decisions about what content to provide you, to maximise its value to you. All of that information is anonymous and we can’t access details on individual visitors.
We use newsletter subscribers’ names and email addresses solely to send emails that people agreed to subscribe to, through a dual authentication pathway (i.e. you subscribed, and then you confirmed your subscription in a follow-up request email from us). We don’t use this information for any other purpose than for what you signed up for, in accordance with the General Data Protection Regulation (GDPR). This means that the emails we send you are only about the class(es) and topics you’ve asked to be notified about, and we don’t add any other type of content that you didn’t ask for.
We can access all of the names and email addresses, stored in our MailerLite account, but we rarely look at individual records. Our primary concern is whether the content we’re sending is of interest. This means we tend to only look at the aggregate campaign information, like the percentage of subscribers who have opened emails, and clicked on links in the emails.
We use online survey results to learn about and better understand what interests people the most about the topics for which we provide training, and how to improve the topic choices, structure, content, and delivery of our training classes. We access the survey results in Paperform in an aggregate report form, and very rarely look at whole individual records. A lot of the information is in a free-text form (e.g. feedback about a class), so we’ll read the individual responses for specific questions like this, but we very rarely then look at names attached to the free-text information. Sometimes, we will export survey results as a CSV file to then open and sort and filter using Google Sheets, which is captured and stored securely. If we do this, we delete the CSV file so that there is no information left outside of a secure cloud-based application.
In case you’re wondering:
If that ever happens, we’ll contact you using the email address for you that we have stored, and we’ll explain the legal basis which allows us to do this.
We’ve implemented appropriate physical, technical, and administrative measures designed to secure your personal information from accidental loss and unauthorised access, use, alteration, and disclosure. We also limit access to this information to only those employees, agents, contractors, and other third parties who really need to have access to such information for the operation of our business, including the operation of this website. They will only access and use your personal information on our instructions, and they are subject to a duty of confidentiality.
That said, the safety and security of your information also depend on you. Where we have given you (or where you have chosen) a password to access certain parts of our website, you are responsible for keeping this password safe and confidential. Please don’t share your password with anyone, and be careful about giving out information in public areas (physical or digital), because others might see it and use it without your knowledge or authorisation.
Unfortunately, no digital data transmission or storage of information can be guaranteed to be completely secure or error-free. We cannot warrant or guarantee the security of any personal information transmitted using our website, or any of the other applications we use (above). Any transmission of personal information is at your own risk.
Under the General Data Protection Regulation 2016/679 (the GDPR) and the California Consumer Protection Act (CCPA), if you are located in the EU, UK, and California, you have these rights (under certain circumstances):
In response to any of these requests, we may need to request specific information from you, so that we can confirm your identity and to ensure you have the right to access that information (or to exercise any of your other rights). This ensures that your personal information is not disclosed to anyone who does not have the right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you have any questions or concerns regarding this policy, and our approach to your privacy, please contact us.