Find e-booksFind past exams
Login / Sign up
svEnglish svSvenskasvNorsksvDansk

Privacy / GDPR

Privacy / GDPR

1. General

Athena EdTech AB ("Bright") provides a service that gives users access to course literature in the form of e-books ("The Service"). Bright values personal privacy and wants everyone who chooses to use the Service, visits Bright's website, or otherwise interacts with Bright to feel secure in providing their personal data. Such data will be treated with respect and in accordance with applicable data protection laws. Bright is the data controller for all personal data processing carried out within Bright's operations. "Personal data" refers to any information that can be linked to an identifiable living individual.


This Privacy Policy ("Policy") describes how Bright handles the collection, storage, use, and sharing of personal data. The Policy applies to users of the Service and to all individuals who visit Bright's website brighteducation.io, contact Bright, or otherwise interact with Bright.


Bright encourages you to regularly review this Policy to stay informed about how Bright processes personal data.


2. Purpose of Bright's Personal Data Processing

Bright processes personal data to manage relationships between Bright and its customers and to fulfill contractual or legal obligations. Bright also processes personal data to improve the Service and its functionality. This includes the use of personal data for market and customer analysis, market research, statistics, business monitoring, and business and method development.


Bright processes personal data to make the Service, offers, and recommendations as personalized as possible, aiming to minimize the risk of irrelevant marketing.

Personal data related to certain users' preferences, behaviors, education, needs, or lifestyles collected by Bright may also be used for targeted marketing to potential new customers.


Personal data may also be used for targeted marketing on social media platforms such as Facebook, TikTok, and Instagram, as well as on Google. Additionally, Bright may analyze and combine personal data with other information about the user available from third parties.


Bright's processing of personal data is also necessary to uphold Bright's general terms and conditions and to detect, investigate, and prevent potential prohibited or illegal activities.


3. When Personal Data Is Collected and How It Is Handled

Bright collects personal data about you when you visit Bright's website brighteducation.io, create an account, use the Service, contact customer support, link the Service to social media or other similar third-party services, or respond to surveys or other communications from Bright.


Bright may also collect personal data in other cases where it is necessary to manage the relationship between you and Bright. Bright collects information through its own cookies and third-party cookies.


Bright uses additional tracking technologies, such as beacons, tags, and pixels, to log your activities and choices while using the Service or interacting with Bright. This usage aims to improve Bright's website, the Service, offers, and marketing, simplify login, remember settings, and provide information on how users access the Service.


Further information about Bright's use of cookies is available in Bright's Cookie Policy on its website. Based on the purposes mentioned above, Bright may collect and process the following personal data:


  • Basic User Data

First name, last name, user ID, email address, address, phone number, and university. Bright may also collect personal data about your family, such as names, email addresses, dates of birth, and interests. If you provide such information, you are responsible for ensuring that you have consent from these individuals and that they are informed about our data processing practices.


  • Payment Information

Information about selected payment methods, such as card type, expiration date, payment history, and details about trial periods and inactive subscription periods. Payment information is collected by Stripe. See Stripe Privacy Policy for more information. Since Bright collaborates with Stripe, complete payment details (e.g., full credit card numbers) are not stored by Bright. If you registered as an invoice customer, Bright may collect and process payment details you provide to enable invoicing through its payment service providers.


  • Usage History

Search history, clicks on the website and app, selected titles, saved books, ratings of course literature, bookmarks, favorite authors/topics, times and durations of book readings, and connections between education and selected course literature.


  • Survey and Questionnaire Responses

Customer responses to surveys/questions, which may include personal data.


  • Email and Notification Interaction

Interactions with emails, in-app messages, and push notifications, such as whether an email was opened or links were clicked, including timestamps and geographic locations.


  • Technical Data

Unique platform identifiers, device IP addresses, Bright app version, app settings, language preferences, URLs, encrypted passwords, geographic location, and device type.


  • Third-Party Data

Data from connected services like Facebook or Instagram, where applicable.


4. Location Where Bright Stores Personal Data

Bright stores personal data on servers located in Sweden and, in some cases, outside the EU/EEA. In such transfers, adequate security measures are applied to protect personal data.


5. Legal Basis for Processing Personal Data

  • Legitimate Interest

Bright processes personal data when Bright or a third party is deemed to have a legitimate interest. Such a situation arises when Bright's or the third party's right to manage information outweighs the risks posed to the user by the processing of their personal data. For instance, this may occur when the user contacts Bright for assistance with features in the Service.


  • Legal Obligation

Bright may process personal data when necessary to fulfill a legal obligation under national or EU legislation.


  • Consent

Bright may process certain personal data based on the user's consent, which the user can withdraw, in whole or in part, at any time. Examples include Bright accessing personal data from social media platforms such as Facebook.


If a user provides Bright with personal data about other individuals, such as family members, the user is responsible for ensuring consent from these individuals.


6. Integrity and Data Security

Bright has implemented various technical and organizational security measures to protect your personal data from unauthorized access, use, and disclosure. Only authorized personnel at Bright have access to personal data. Additionally, Bright uses firewalls, encryption, passwords, and antivirus software to secure personal data. Although Bright regularly evaluates and implements security measures, no system is entirely secure. Bright encourages you to notify Bright immediately if you detect any suspicious activity related to the Service or Bright's website.


7. Disclosure of Personal Data

Bright may share personal data with third parties that provide services to Bright, such as payment services (e.g., Stripe), marketing services, analytics tools, and customer support. Bright ensures that these parties only have access to personal data to the extent necessary to perform their services.


8. External Links and Websites

Information from Bright may include external links to websites not owned by Bright. Bright takes no responsibility for how personal data is processed on these websites and refers you to the privacy information provided on the respective websites.


9. Changes to the Policy

Bright reserves the right to make changes to this Policy. Information about changes will be communicated in advance via email, SMS, or notices through the Service if they impact Bright's obligations or your rights. This allows you to consider the new Policy, which will be available on Bright's website. Bright may also contact you to obtain new consent if required due to changes.


10. Legal Rights

When Bright processes your personal data, and this takes place within the EU/EEA or you are located within the EU/EEA, certain statutory rights regarding your personal data apply. You can exercise these rights by contacting Bright. Note that some of these rights are only applicable under specific circumstances.


  • Right of Access

You have the right to ask Bright why, how, and whether Bright processes personal data about you. You also have the right to request information about the personal data Bright handles.


  • Right to Rectification

Bright has an obligation to amend or supplement incorrect or incomplete personal data at your request to ensure it is accurate.


  • Right to Erasure

In certain situations, you can request that Bright delete your personal data.


  • Right to Restrict Processing

In certain situations, you can request that Bright restricts the use of your personal data. In such cases, Bright may only process your personal data in specific circumstances as permitted by law.


  • Right to Data Portability

In certain situations, you have the right to receive the personal data Bright processes about you in a structured, commonly used, and machine-readable format. You also have the right to transfer such personal data to another entity.


  • Right to Object

Under certain circumstances, you have the right to object to Bright's processing of your personal data. Bright may then be required to cease processing. For example, you may object to Bright using your personal data for profiling or marketing in specific situations.


Additionally, you always have the right to file a complaint if you believe Bright's processing of your personal data violates applicable law. Such a complaint should be submitted to the Swedish Data Protection Authority (Datainspektionen) if you reside and/or work in Sweden or if Bright's processing took place in Sweden. Otherwise, it should be submitted to the relevant supervisory authority.


11. Contact Information

If you have questions about Bright's processing of personal data, please contact Bright as follows:

Email: general@brighteducation.io


Last updated on December 29, 2024.