Last Updated December 7, 2021
Last Reviewed October 31, 2022
At Bright Data, we are in the business of data and it's precisely because of this that we take data privacy so seriously. Our customers entrust us to empower their businesses with clean, compliant, and ethically sourced data whilst retaining the highest standards of privacy. Our products and services operate on a global scale and as such we continuously monitor the dynamic global privacy landscape and adapt accordingly to ensure complete compliance with privacy laws including the European Union's GDPR and California's CCPA. If you are a resident of California, we refer you to our CCPA Privacy Notice, found at the end of this policy.
We collect the following types of data from you when you use the Services ("User Data"):
If we combine non-personal information with personal information we will treat the combined information as personal information.
We may also collect publicly posted personal data from various online sources. Such information will include, in most cases, basic contact information, such as name, email and job title ("Public Data").
Processing of User Data is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests and to comply with our legal obligations.
Processing of Public Data is done in accordance with our legitimate interest, as long as such interest does not override your fundamental rights and freedom.
We use User Data in order to provide you with the Service and to comply with our legal requirements and internal guidelines. This means that we will use the information to set up your account, provide you with support regarding the Service, communicate with you for updates, marketing offers or concerns you may have and conduct statistical and analytical research to improve the Service. We may use Public Data in order to provide our users with our Services.
We do not rent or sell any User Data. We may share Public Data with our users in order to provide our Services.
We may disclose Personal Information to other trusted third party service providers or partners for the purposes of providing you with the Services, storage and analytics and to comply with our legal requirements and internal guidelines. We may also transfer or disclose Personal Information to our subsidiaries and affiliated companies.
Notwithstanding the paragraph above, we will not disclose your IP address to other customers. However, when other customers (e.g. other peers in the network) access the web using your IP address, the IP address may be visible to them, for example by way of looking up their current IP address.
Note that we are based in Israel and some of the data recipients listed above may be located outside the European Economic Area (EEA). In such cases we will share your data only with recipients located in such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection.
We use industry-standard information, security tools, and measures, as well as internal procedures and strict guidelines to prevent information misuse and data leakage. Our employees are subject to confidentiality obligations. We use measures and procedures that substantially reduce the risks of data misuse, but we cannot guarantee that our systems will be absolutely safe. If you become aware of any potential data breach or security vulnerability, you are requested to contact us immediately. We will use all measures to investigate the incident, including preventive measures, as required.
We strive to give you ways to update your information quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.
If you are a resident of the European Union, note that the following rights specifically apply regarding your personal information: (1) Receive confirmation as to whether or not personal information concerning you is being processed, and access your stored personal information, together with supplementary information; (2) Receive a copy of personal information you directly volunteer to us in a structured, commonly used and machine-readable format; (3) Request rectification of your personal information that is in our control; (4) Request erasure of your personal information; (5) Object to the processing of personal information by us; (6) Request to restrict processing of your personal information by us; (7) Lodge a complaint with a supervisory authority.
However, note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.
To exercise such right, you may contact us at: [email protected]
We will retain your personal information for as long as necessary to provide the Service, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods shall be determined taking into account the type of information collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
Notwithstanding anything else in this Policy, we are not responsible for the accuracy, correctness, and security of any of the information we gather, store, and disclose to you or to anyone else.
In the event of a change of ownership or control of all or a part of Bright Data, including without limitation through acquisition, merger, or sale, we reserve the right to transfer all or part of the User Data and Public Data we store in our systems. You acknowledge that in the event of bankruptcy, insolvency, or receivership, we may have no control over the use and transfer of your personal information.
We have also appointed GDPR representatives in the EU and the UK. You can contact the representatives regarding matters pertaining to the GDPR:
GDPR - European Representative:
Pursuant to Article 27 of the GDPR, Bright Data has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
UK General Data Protection Regulation (GDPR) - UK Representative:
Pursuant to Article 27 of the UK GDPR, Bright Data has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
This notice addresses the specific disclosure requirements under the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1798.100–1798.199) and the California Consumer Privacy Act Regulations by the Attorney General (collectively, "CCPA").
In the 12 preceding months, we have collected and disclosed the following categories of Personal Information:
|Category of Personal Information Collected||Personal Information Collected||Categories of service providers to whom Personal Information was disclosed|
|A. Identifiers.||B. Full name, email address, device identifiers, including certain software and hardware information (e.g. IP address, internet service provider, domain server, type of computer, browser type and language and operating system).||C. Cloud services.|
D. Website analysis.
E. Affiliated companies.
|F. Personal Information Categories listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e)).||G. Address, telephone number, financial information (e.g. credit card number).||H. Cloud services.|
I. Affiliated companies.
|J. Commercial Information.||K. Feedback of users.||L. Cloud services.|
M. Affiliated companies.
|N. Internet or Other Electronic Network Activity Information.||O. Information regarding the user's interaction with the website.||P. Cloud services.|
Q. Website analysis.
R. Affiliated companies.
|S. Geolocation Data.||T. Geolocation data based on device identifiers.||U. Cloud services.|
V. Affiliated companies.
|W. Professional or |
|X. Current or past job history.||Y. Cloud services.|
Z. Affiliated companies.
In the 12 preceding months, we have collected the above-mentioned categories of Personal Information from the following categories of sources:
In the preceding twelve (12) months, we may have sold the following categories of Personal Information to third parties or businesses for commercial purposes:
You may request, up to two times each year, that we disclose to you the categories and specific pieces of Personal Information that we have collected about you, the categories of sources from which your Personal Information is collected, the business or commercial purpose for collecting your Personal Information, the categories of Personal Information that we disclosed for a business purpose, any categories of Personal Information about you that we sold, the categories of third-parties with whom we have shared your Personal Information, and the business or commercial purpose for selling your Personal Information, if applicable.
You have the right to request that we delete any Personal Information collected from you and retained, unless an exception applies.
Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers, subcontractors, and consultants to delete) your Personal Information, unless an exception applies.
You can exercise your rights (such as access and deletion) by submitting a verifiable consumer request to our email address: [email protected] or by the toll-free number 1-888-538-9204. You can also send us a mail to our physical address specified in this policy.
Only you or a person authorized to act on your behalf may make a consumer request related to your Personal Information.
The request must:
You may only request a copy of your data twice within a 12-month period.
If you have any general questions about the Personal Information that we collect about you how we use it, please contact us at [email protected]
Our goal is to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing within the first 45 days period. We will deliver our written response, by mail or electronically, at your option. Any disclosures we provide will cover only the 12-month period preceding the request. If reasonably possible, we will provide your Personal Information in a format that is readily useable and should allow you to transmit the information without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
In case of rejection, the response we provide will explain the reasons for which we cannot comply with your request.
Please note that these CCPA rights are not absolute and requests are subject to any applicable legal requirements, including legal and ethical reporting or document retention obligations.
You can designate an authorized agent to make a request under the CCPA on your behalf if:
If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please mail a certified copy of your written declaration authorizing the authorized agent to act on your behalf using the contact information below.
If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.
We will not discriminate against you if you exercise any of your privacy rights as a California Consumer. Unless permitted by the CCPA, we will not: