Global Privacy Notice

Introduction

When you use Bright Horizons’ services, you trust us with your personal data. We are committed to keeping that trust, which starts with sharing our privacy practices. This Privacy Notice explains in detail what personal data we collect and how we use that information.

This Notice applies to any user of Bright Horizons’ services, websites, apps and social media anywhere in the world. Bright Horizons’ services include child and adult care, consulting, educational advising and tuition assistance.

This Notice is not intended to apply to any user whose personal data we are processing as a job applicant, apprentice, agency worker, employee and supplier.

Effective Date of Privacy Notice: 25 May 2018

Who controls your personal data?

Bright Horizons is made up of a number of related companies. This section gives you the legal name of the Bright Horizons’ company processing your personal data as the data controller and tells you how to get in touch with us.

  • If you use our services in the United States, Canada, or India, Bright Horizons Family Solutions LLC at 200 Talcott Avenue South, Watertown, Massachusetts 02472, USA is the data controller. This entity also includes services under our brand names Care Advantage, Special and Exceptional Needs, Workforce Consulting, EdAssist and Bright Horizons College Coach®.
  • If you use our services in the United Kingdom or Ireland, Bright Horizons Family Solutions Limited (Co. No. 2328679) at 2 Crown Court, Rushden, Northamptonshire, NN10 6BS, UK is the data controller. This entity also includes services under our brand names Care Advantage, Yellow Dot, Zoom, Asquith, Active Learning, Kids Unlimited, Active Learning, Casterbridge and Teddies.
  • If you use our services in the Netherlands, Kindergarden Nederland B.V. (Co. No. 33303797) at Herengracht 244, 1016 BT Amsterdam, Netherlands is the data controller.

For any questions, please contact our Global Privacy Officer by email at dataprivacy@brighthorizons.com or by post at the United Kingdom address listed above.

For simplicity throughout this Notice, &lsquo,we’ and &lsquo,us’ means Bright Horizons, its related companies and brands.

What legal basis do we rely on to process your personal data?

The privacy law in the European Union requires us to have a legal basis for processing your personal data. Below is a list of the legal basis we rely on:

Consent: We rely on your consent to process your personal data in very limited circumstances such as when you provide personal data to receive publications (e.g. newsletters, brochures, research studies), information on events or webinars and news about our company and services. After you sign up to receive communications you have the right to opt out at any time.

Performance under a Contract: Most of your personal data we process is necessary to perform our obligations under a contract we have with you, or your employer if you receive our service as an employee benefit. We can only provide the service to you or your dependents, if you provide us with the personal data necessary to perform the contract.

Legal Obligations: Across all of the services we provide, there are many laws that require us to process your personal data. We can only provide the service to you or your dependents, if you provide us with the personal data required under law. Examples include child/adult care regulations, safeguarding/health/safety regulations, tax and government funding regulations.

Legitimate Interests: In some situations, we process your personal data to pursue our legitimate interests as a business. We will only process your personal data if our legitimate interests do not materially impact your interests, fundamental rights, or freedoms. Examples include:

  • If you are a prospective, current or former customer, using your contact details to follow-up either by email, post, telephone or in-person to obtain your feedback on our service offering, reasons for choosing or not choosing our services and your experiences with our company.
  • If you are a prospective, current or former customer, using your email address to send you our newsletters, invitations to our webinars, informational publications, and new/enhanced service updates. You have the right to opt out of receiving these communications at any time.
  • Using your purchase, utilization and enquiry history to make personalized offers for our services available to you.
  • Combining the demographic information of our customers such as post codes, number of children and children’s ages to identify service trends, location expansions/closures, and new locations.
  • Combining the care and service information of our customers to identify trends, learning opportunities and training needs within the company, as well as, to calculate statistics and support improving our service or developing new services.
  • Tracking your website interactions to determine the effectiveness of our websites, promotional campaigns and advertising.
  • In some locations, using CCTV cameras/footage to assist with crime prevention, monitoring our policies/procedures, training and development, internal and external investigation/proceedings and law enforcement activities.
  • Recording your contact center calls to assist with monitoring our policies and procedures and identifying opportunities for training and development.

When do we collect your personal data?

How you interact with us, determines when we collect your personal data.

When you use our websites, apps and social media:

  • Visiting any of our websites or engaging with us on an app or social media.
  • Contacting us for information or customer service.
  • Creating an account and updating your account information.
  • Registering or making a reservation for our services.
  • Making a payment for our services.
  • Downloading or installing one of our apps.

When you call our Contact Centers

  • Contacting us for information or customer service.
  • Booking a visit or appointment for one of our services.
  • Creating an account and updating your account information.
  • Registering or making a reservation for our services.
  • Making a payment for our services.

When you contact or receive services directly

  • Contacting us for information or customer service on the telephone, email or in person.
  • Booking a visit or appointment for one of our services.
  • Registering for our services.
  • While receiving services, completing electronic and paper forms, assessments and other documentation.

What personal data do we collect and process?

The main reason we collect and process your personal data is to provide, evaluate and improve our services and your experiences with us.

Information you provide voluntarily (by telephone, online or in-person):

  • If you are a prospective customer, your contact details and other information necessary to fulfill your request for information.
  • If you are a customer, when registering for our services or during the course of receiving our services:
    • For child/adult care services, types of personal data may include your: personalized registration user name and password, personal and work contact details, proof of identity records such as driver’s license or passport) dependent’s details such as birth certificate, name, date of birth, gender, allergies, food restrictions, special needs, health information, and emergency contact details for doctors and alternative care providers, and payment details.
    • For Bright Horizons College Coach® services, types of personal data may include your: personalized registration user name and password, personal and work contact details, financial information in relation to saving/paying for college, dependent’s details such as name, date of birth, gender, ethnicity, educational preferences, career/educational goals, school transcripts, entry exam results, applications, registrations and any other information you provide for advisory assistance, and payment details.
    • For EdAssist services, types of personal data may include your: personalized registration user name and password, personal and work contact details, course details, transcripts and receipts, and any other information required by your employer to implement their tuition assistance benefit.

Information we create/process when you use our services:

  • Details of your visits to our websites, apps, and social media, as well as information gathered by the use of cookies in your web browser. Learn more about how we use cookies and similar technologies.
  • For all our services, we create records during the course of providing services to you or your dependents such as notes from meetings/calls. Records created during child/adult care include notes or the completion of forms recording activities and behaviors such as illness, sleep, nappy changes, meals, medication, learning, interactions with others, and accidents. For childcare we take photographs of children to share with their parents and as part of their learning journey records.
  • Utilization information, such as dates of service, type of service, user of service and reasons for service.
  • Payment information.
  • For locations with CCTV cameras we may capture your and your dependent’s image, as well as your car license plate.
  • Social media username and public comments/feedback on social media so that we can respond to comments, questions or feedback. These online and social media sites typically have their own privacy policies explaining how they use and share your personal data. You should carefully review those privacy policies before using these sites to make sure that you are happy with how they collect and share your personal data.

Information from third parties:

  • If you receive our service as part of an employee benefit, we may receive personal data from your employer on your eligibility to use the service and other reporting identifiers.
  • If you receive government funding, we receive personal data from the government on your eligibility for the funding and other reporting identifiers.
  • Government agencies may provide us with personal data to support their regulatory obligations or investigations.
  • Third party marketing companies provide us with contact details for individuals who have consented to receive marketing materials. You have the right to opt-out of these communications at any time.

Why do we collect personal data?

We limit the collection of personal data to what is necessary to provide you with high-quality services, to support your requests, and to meet our business needs in connection with the services. We do not sell your personal data to any third parties. Below we have highlighted our reasons for collecting your personal data:

  • Respond adequately to your requests for services or information.
  • Provide services to individuals, families and employers that include childcare and other dependent care, education (general, higher and accredited education), wellbeing and work/life support, and consulting.
  • Provide a safe, healthy, and environment for those to whom we provide services.
  • Provide resource material/information regarding our services and areas of interest to our customers, such as parenting, childcare, adult care, education, wellbeing, and work/life balance.
  • Aid in the administration of our services to our customers.
  • Administer first aid, emergency and other medical care, when necessary.
  • Comply with laws, and government regulations/standards.
  • Support with education, training, curriculum, communication, administration, and record-keeping.
  • Provide utilization reports and other information to employers offering our services as an employee benefit.
  • Facilitate and process payments for the services.
  • Fulfil tax, reporting, and other financial requirements and obligations.
  • Prevent or detect unlawful acts.

Where do we process and store your personal data?

Electronic Information:

Although some personal data may remain on electronic storage data systems in the country where we provide the service, it may also be processed and stored in the United States. For example, the contact centers and systems supporting our back-up care services are located in the United States. Please see below for more information on our adherence to the EU-US Privacy Shield Framework.

Hardcopy Information:

The hardcopy of personal information we collect remains in the country where you receive the services or provide the information.

Our adherence to the EU-US Privacy Shield Framework.

Bright Horizons Family Solutions LLC complies with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data we transfer from the European Union to the United States. Bright Horizons Family Solutions LLC certified to the Department of Commerce that it adheres to the Privacy Shield Principles. The Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.

If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and view our certification, please visit https://www.privacyshield.gov/.

Under certain circumstances, you have the right to invoke binding arbitration for complaints regarding our Privacy Shield compliance that you have been unable to resolve through any of the other Privacy Shield mechanisms. To learn more about the binding arbitration mechanism, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

In compliance with the Privacy Shield Principles, Bright Horizons Family Solutions LLC commits to the following:

  • Resolve complaints about our collection or use of your personal data. If you have questions or complaints regarding our adherence to the EU-US Privacy Shield Framework, please contact our Global Privacy Officer at dataprivacy@brighthorizons.com or 2 Crown Court, Rushden, Northamptonshire, NN10 6BS, United Kingdom.
  • Cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to personal data transferred from the European Union.
  • Remain responsible and liable for the processing of personal data we receive under the Privacy Shield and subsequently transfer to a third party acting as an agent on our behalf.

Who do we share your personal data with?

We consider your personal data confidential and do not share it with others except as described in this Privacy Notice. There are limited circumstances that require us to disclose your personal data to others in order to deliver services, or to meet our legal obligations or legitimate business interests. Examples include:

  • Your Employer: Bright Horizons services are often made available to you as an employee benefit. In order to meet our obligations with your employer, we provide details of your use of the services, which may include your name, dates of use, reasons for use, and other employer requested utilization details. We disclose only information relevant to the utilization of the services or necessary for their administration of the benefit.
  • Subcontractors and Other Agents: We sometimes employ or contract with other companies and individuals to perform functions on our behalf, such as providing dependent care services, recruiting services, and supporting our systems and contact centers. Depending upon the type of service they are providing, we may share sensitive personal data only as appropriate and necessary for the performance of the service. These parties are under contractual obligations to use your personal data only as directed by us and as needed to perform these functions. All are under a legal duty to handle such data in accordance with Bright Horizons’ information security and confidentiality standards, and this Privacy Notice.
  • Business Transfers: As we continue to develop our business, we might sell or buy assets. If any Bright Horizons business unit is sold or substantially all of Bright Horizons is acquired, personal data relevant to the operation sold may be transferred as part of the transaction.
  • Meet Legal Requirements: We share personal data if required by law/regulations or as we reasonably determine to be necessary to protect our rights or the rights of others, to prevent harm to persons or property, to fight fraud, or to enforce our website terms of use. For example, a government (in the United States, European Union, Canada or India) may require us to disclose personal data for national security or law enforcement purposes.

How long do we keep your personal data?

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected and as required under law. At the end of that retention period, your data will either be deleted completely or anonymized, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

What rights do you have over your personal data?

You have the right to request:

  • Access to the personal data we hold about you, free of charge in most cases.
  • The correction of your personal data when incorrect, out of date or incomplete.
  • That we stop using your personal data for direct marketing (either through specific channels, or all channels).
  • That we stop any consent-based processing of your personal data after you withdraw that consent.

To ask for copies of your personal data, please complete our Data Subject Access Request Form and return it to dataprivacy@brighthorizons.com or the relevant address on the Form. To ask for your information to be amended, please update your online account, or contact our contact center team or the location providing the service directly.

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request. There are several ways you can stop direct marketing communications from us:

  • Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails from that particular mailing list.
  • If you have an account, log in into your account and change your preferences.
  • In our apps, you can manage your preferences and opt out from one or all of the different notifications by selecting or deselecting the relevant options in the ‘Settings’ section.

Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Notice. If you have authorized a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the relevant data protection regulator.

  • UK Regulator: Information Commissioner’s Office at ico.org.uk/concerns(opens in a new window; please note we can’t be responsible for the content of external websites.)
  • Ireland Regulator: Data Protection Commissioner/An Coimisinéir Cosanta Sonraí at dataprotection.ie/docs/Home/4.htm (opens in a new window; please note we can’t be responsible for the content of external websites.)
  • Netherlands Regulator: Autoriteit Persoonsgegevens (Ductch Data Protection Authority – Dutch DPA) at https://autoriteitpersoonsgegevens.nl/en/contact-dutch-dpa/contact-us (opens in a new window; please note we can’t be responsible for the content of external websites.)
  • Canada Regulator: Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca/en/ (opens in a new window; please note we can’t be responsible for the content of external websites.)

How do we protect your personal data?

We utilize appropriate technical, administrative and physical safeguards to protect your personal data we collect in both physical and electronic format. We provide training to our staff and conduct periodic quality assurance audits. However, no computer system or information can ever be fully protected against every possible hazard. As a result, Bright Horizons cannot guarantee the security and privacy of the information you provide to us.

You also play a valuable part in protecting the security of your information. Your password to access your registration information should never be shared with anyone and should be changed frequently. After you have finished using our site, you should log out and exit your browser to prevent unauthorized users from returning to your online Bright Horizons account. If you believe that someone has improperly used your account or provided information about you that you did not authorize, please contact us immediately at dataprivacy@brighthorizons.com.

Will this Privacy Notice change?

This Privacy Notice is subject to change and we will post revisions on our website. Please check back periodically, especially before you provide any personal information. This privacy policy was last updated in May 2018.

Questions?

We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.

If you have any questions that haven’t been covered, please contact our Global Privacy Officer who will be pleased to help you:

  • Email us at dataprivacy@brighthorizons.com
  • Or write to us at Attn: Global Privacy Officer, 2 Crown Court, Rushden, Northamptonshire, NN10 6BS, United Kingdom.

Other Terms:

Your use of any Bright Horizons website is subject to our Terms of Use.