We'll handle it for you.

Privacy Policy

BrightKey, Inc. (“BrightKey”/”Our”) is committed to protecting consumer privacy. This policy explains how BrightKey collects, processes, uses, and discloses information about you when you use our services and/or interact with our website.

Your use of BrightKey’s website, and/or receipt of Our services, constitute acceptance of this Policy.

This Policy explains our practices in the following areas:

  1. The types of information we collect about you;
  2. The way your information is used;
  3. The nature, frequency, and purpose of any disclosure of information that we may make, including the types of persons or entities to whom the disclosure may be made;
  4. Your rights under the Communications Act, 47 U.S.C. § 338(i); and
  5. If you are a California resident, your rights under the California Consumer Privacy Act.

If you have questions about this Policy or other matters, you may contact us by phone at (301) 604-3305, email us at info@brightkey.net, or mail to 60 West Street, Third Floor, Annapolis, MD 21401.

I. Types of Information we collect and how we collect it

The following are specific types of information we collect from customers and visitors to our websites.

“Account Information” means information about your BrightKey customer account (if you have one). This information includes, but is not limited to, your name, address, e-mail address, telephone number, and login information. We collect Account Information directly from you during our customer onboarding ‘discovery’ phase, and when you make changes to your account, or purchases services from us. We may combine information we obtain from the public arena with Account Information we collect.

“Commerce Information” means personally identifiable information (“PII”) about you that enables Our commerce partner(s) to fulfill your request to participate in a business transaction. This information can include, but is not limited to, your name, address, phone number, inquiry information, email address, order information, order history, and business/association affiliation and membership. Commerce Information is only collected directly from you. We only disclose to third parties the information necessary to complete the transaction. For example, we share your telephone information with our telephone provider, Mitel. We share your order information, name, and address with common carrier (i.e. fulfillment partners, such as USPS, FedEx, and UPS), and we share your payment card information (“PCI”) with payment processors like PayPal. In addition to fulfilling your business transaction, commerce partners given your information may also use your Commerce Information to send you other information in which you might be interested, consistent with its own privacy policies (e.g. order tracking information). BrightKey does not sell or otherwise market any PII or PCI.

“Contact Information” means PII that may be used to contact you. This information includes, but is not limited to, your name, address, phone number, email address, business/association affiliation, and initial inquiry information. This information is collected when you call BrightKey, use the ‘contact us’ form on Our website, or us the chat function on Our website. In some bases, we also obtain PII from third parties, such as through search engine searches that return results that include BrightKey webpages.

Links to Other Websites: When you visit our website, you may find links to third party websites. BrightKey’s privacy policy no longer applies when you click one of these links and are taken to the third party website. We recommend that you read the third party website’s privacy policy.


“Your Social Media Interactions” means PII about you that we collect when you interact with our social media pages. This information includes, but is not limited to, profile name, profile identifier, and the content of any submissions, comments, posts, or other interactions. We use this information to communicate with you until you withdraw consent or we no longer use the social media page. We recommend that you review the privacy policy and settings of any websites, applications, or social networks when using any social media platform. Please note that any content that you post on our social media pages is public and can be read, collected, or used by others (whose use is not covered by Our privacy policy).


II. Use of Customer Information

We use Customer Information to contact you, tailor your experience, address your inquiry, process your application or business transaction, deliver Our services, and to understand your needs so we can offer and provide you the most suitable services. For example, we may use your name, phone number, address, and/or e-mail address to:

  • Inform you of the different shipping costs of our fulfillment partners;
  • Provide order tracking information and updates;
  • Provide customer support; and
  • Solicit your feedback from your customer experience or improvement suggestions for our clients.


III. When we share your information with third parties

We do not share your PII with third parties, except as outlined below.

PII that we collect may include: name, address, date of birth, e-mail address, telephone number, credit card information, business/association affiliation and/or membership, order details, order history, initial inquiry information, and, for search engine searches, your search criteria. PCI that we may collect includes your credit card number, expiration date, verification number, and billing name and address. In the circumstances described below, we limit the information we provide to the minimum information necessary to perform the purpose or provide the service for which the information was disclosed. Third parties are not permitted to use the information you provide to us for any purposes other than as authorized by us. We take steps to ensure that these third parties maintain the confidentiality of your information and adhere to this privacy policy, including but not limited to ensuring that their terms of service and/or their agreement with BrightKey contains sufficient data protection requirements.

Industry Affiliates: We may share your information, including but not limited to PII and PCI, with other entities (and their affiliates) in the association, professional services, order fulfillment, and/or mail industry with whom we have a contractual relationship related to BrightKey’s business, specifically including but not limited to, our telephone provider (Mitel), common carriers (i.e. USPS, FedEx, and UPS), payment processors (e.g. PayPal). Information shared with these “Industry Affiliates” may be used only to support your use of BrightKey’s services, and Our Industry Affiliates’ products and services needed to support BrightKey’s services.


Marketing: Unless you specifically opt-out, if your business transaction with BrightKey is related to membership or engagement with an association or other non-profit entity, we may share your information, including business transaction information, with other third party non-Industry Affiliates who offer products and services related to your business transaction. These third parties may use the disclosed information about you to market their products or services to you. In addition to fulfilling your request, that party may also use your Commerce Information to send you other information in which you might be interested consistent with its own privacy policies. Our website may also use cookies and similar technologies to help provide our Services, and to offer you a more streamlined user experience through no loss of data.


Legal Requirements & Professional Services: BrightKey may share your information if it believes in good faith that such disclosure is: a) necessary to comply with legal process, b) in response to legal claims, suits, or demands, c) necessary to protect personal safety, property, or other your/third party rights/Our rights and/or the rights of our service providers, or d) as part of a sale or assignment of all or a part of our business. BrightKey may also disclose your to any person performing audit, legal, accounting, operational or other similar services for BrightKey. Whenever reasonably possible we will require any recipient of your information for these purposes to agree in writing to hold the information in confidence, to use the information only for the permitted purpose, and to return or destroy the information when the services are completed.

We may share with third parties certain pieces of non-personally identifiable information and aggregated non-personally identifiable information, for example, the number of customers located in a certain geographic area that visit Our website. Such information will not identify you, or be capable of identifying you, individually.

 

IV. Opting Out of Marketing Communications

BrightKey may periodically send you messages via e-mail, telephone or traditional postal mail about services or information that we think may be of interest to you (e.g. order tracking information). In addition, as provided above, BrightKey may make your information available to third parties for the purpose of marketing such products or services.


You can choose not to receive marketing messages promoting BrightKey or third party products or services from us and third parties in the future by:

  1. e-mailing us at info@brightkey.net (please put “Opt-Out” in the subject line); or
  2. writing us at BrightKey, Inc. Attn: Data Security Officer, 60 West Street, Third Floor, Annapolis, MD 21401.

Upon receipt of your opt-out request, BrightKey will take the required actions within a reasonable period of time; however, we cannot guarantee that such removal will be immediately effective.


V. How long we keep Customer Information

Depending on the type of information collected and its purpose, BrightKey retains your information for:

  1. A minimum of 90-days; and
  2. A maximum of 7 years.

This retention period is subject to contractual requirements and the ‘Right to be Forgotten’ as provided by the GDPR (EU and Member States), and similar, applicable legislation.

VI. How we protect the security of Customer Information

BrightKey maintain technical, administrative, and physical security measures designed to protect your information. We take reasonable steps to protect your information by using security technologies and procedures that limit access to our databases. Servers that store sensitive information are also physically and logically separated from production servers. However, no system is completely secure or error-free. We do not, and cannot, guarantee the complete security of any stored or in-transit information.


VII. Online credit card transactions

BrightKey protect the security of credit card transactions on the Internet by using a secure and encrypted technologies. As a PCI-DSS Level 2 Service provider, we maintain credit card information collected during transactions in a secure database for fraud prevention and accounting and billing purposes. Stored information from credit card transactions is not released to third parties except i) to process the business transaction for which the information was provided; or ii) in response to legal process.

VIII. A Note for Parents Concerning Privacy

BrightKey’s website is not directed to children and we do not encourage children to participate in providing us with any PII. If we learn that we have collected personal information from any person under 16 years, we will delete that information as quickly as possible. If you believe that we might have any information from a person under age 16, please contact us at info@brightkey.net. We strongly recommend that persons under age 16 use our services only under the approval and supervision of their parents or legal guardian(s). We support the guidelines and regulatory requirements provided in the Children’s Online Privacy Protection Act of 1998 (COPPA).

IX. International Transfers of Information

BrightKey occasionally receive information from international sources. Unless proscribed by applicable legislation, information about you may be transferred to, or accessed by, entities located in countries outside of your home country.  To protect your information, any such international transfers will be made in accordance with applicable law, and only if required to perform the services and/or to meet contractual obligations.

X. Changes to this Privacy Policy

BrightKey shares information only in accordance with the privacy policy in effect at the time the information is collected. We reserve the right to change this privacy policy at any time. If we make a significant change with regard to our collection or use of information about our customers, we will note on the main page of Our websites that this policy has been updated. We consider a notice on the main page of our website a sufficient step to notify you about the new or revised policy. If have any questions regarding this privacy policy, or its enforcement, please contact us by phone (301) 604-3305, email at info@brightkey.net, or postal mail to: Attn: Data Protection Officer, BrightKey, Inc., 60 West Street, Third Floor, Annapolis, MD, 21401.

XI. Information for Residents of California

  1. The California Consumer Privacy Act (“CCPA”)

This following subsections to this privacy policy apply to BrightKey’s processing of personal information of California consumers (as the terms “personal information” and “consumer” are defined under the CCPA) (collectively, “Consumers,” “you,” or “your”). Any capitalized terms or other terms not defined herein have the same meaning ascribed to them in the privacy policy or, if not defined herein, the CCPA. To the extent of any conflict between this privacy policy and the CCPA, the CCPA shall control only with respect to Consumers and their personal information. If you are not located in the State of California, U.S.A, the following policies do not apply, and the foregoing sections of the privacy policy control.

 

  1. Personal Information We May Collect 

The table below shows the types of personal information that BrightKey has collected during the past twelve (12) months, the sources of the information, and the business or commercial purposes for which we may use that information. For all types of personal information collected, we disclose data to our service providers and other third parties to help us accomplish the business purposes described below. The examples given in each category are illustrative only, and are not exhaustive.

 

Types of Personal Information Collected

Sources of Personal Information

Business and Commercial Purposes

Identifiers (e.g., name, address, e-mail address, account login details)

  • Websites and web functions including ‘contact us’ and ‘chat (information collected directly from user)
  • Discovery phase of client onboarding (information collected directly from user)
  • Industry Affiliates, including client associations
  • Account activation and administration
  • Customer support and feedback
  • Process, fulfillment, and maintenance of order/service
  • Website Analytics

Commercial Information (e.g., orders/products/services inquired about, obtained, or purchased)

  • Websites and web functions including ‘contact us’ and ‘chat (information collected directly from user)
  • Customer call, email, chat, and fax inquiries (information collected directly from the user)
  • Industry Affiliates, including client associations
  • Customer support and feedback
  • Process, fulfillment, and maintenance of order/service
  • Delivery of marketing communications
  • Analytics

Internet or Network Activity (e.g., IP address, browser and operating system, referral URL, pages viewed, date/time of visit, and search criteria)

  • Websites and web functions including ‘contact us’ and ‘chat (information collected directly from user)
  • Third-party advertisers/promoters
  • Vendors (including Google Ads & Google Analytics)
  • Delivery of marketing communications
  • Analytics

Geolocation (physical location of device)

  • Websites and web functions including ‘contact us’ and ‘chat (information collected directly from user)
  • Third-party advertisers/promoters
  • Vendors (including Google Ads & Google Analytics)
  • Customer support and feedback
  • Process, fulfillment, and maintenance of order/service
  • Delivery of marketing communications
  • Analytics

Inferences drawn from any type of collected personal information (e.g., interest in services)

  • Websites and web functions including ‘contact us’ and ‘chat (information collected directly from user)
  • Third-party advertisers/promoters
  • Vendors (including Google Ads & Google Analytics)
  • Customer support and feedback
  • Process, fulfillment, and maintenance of order/service
  • Delivery of marketing communications
  • Analytics

Financial Information (e.g., credit card information, bank account information)

  • Industry Affiliates, including client associations
  • Vendors
  • Process, fulfillment, and maintenance of order/service


iii)        Your CCPA Rights

Access

No more than twice (2 times) per every twelve (12) months, and upon appropriate verification, you may request access to any personal information we have collected and maintained about you over the preceding twelve (12) month period. You may also request information regarding the use and disclosure of any personal information we have collected and maintained about you. You may only make such requests twice (2) per every twelve (12) months.


Deletion

Subject to certain exceptions, you have the right to request that we delete personal information collected and maintained about you. We will delete your personal information once your request has been verified and we have determined that applicable law requires us to delete that information. Your request to delete your personal information may be denied if it is necessary for us to retain your information under one or more of the exceptions listed in the CCPA. A record of your deletion request may be kept to comply with legal obligations.


iv)        Exercising Your Rights

To exercise your rights to access and deletion, please submit a request to us by either:

Consumers have a right to receive non-discriminatory treatment in the exercise of their CCPA rights.

v)         Verifying Your Request

Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In exercising your rights of access to and/or deletion of your personal information, your request must be verified before we can respond to the exercise.

Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information or a person authorized to act on your behalf (e.g., previous transactions of person to whom request relates).

The personal information you provide in order to verify your request will only be used to verify the request, and not for any other purpose. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority. 

BrightKey reserves the right to charge a reasonable fee or refuse to act on a request if the request is excessive, repetitive, or manifestly unfounded.


vi)        Your California Privacy Rights under the “Shine the Light” Law

Section 1798.83 of the California Civil Code (a separate law from the CCPA) provides that residents of California have the right to obtain certain information about the types of personal information that companies with whom they have an established business relationship (that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. If you would like to submit a request pursuant to this law, please contact us via email at info@brightkey.net with the subject line “CA Civil Code”.


vii)       Do Not Track 

We currently do not respond to any Do Not Track signals or similar signals.

viii)      Contacting Us

If you have any questions regarding our CCPA privacy practices, please contact us via email at info@brightkey.net with the subject line, “CCPA Policy”.

 

CERTIFICATIONS

WBENC Certified Women’s Business Enterprise (WBE)

WOSB since 2012

SOC 1 SSAE 18 Type II Audit Certification Warehousing, Fulfillment, and Mail Processing Services

SOC 2 Type II Audit Certification Warehousing, Fulfillment, and Mail Processing Services

PCI-DSS Level 2 Service Provider