Bright (Athena EdTech AB) - PRIVACY POLICY

1. General

Athena EdTech AB ("Bright") provides a service that gives users access to course literature in the form of e-books ("the Service"). Bright values personal privacy and wants everyone who chooses to use the Service, visits Bright's website, or otherwise comes into contact with Bright to feel confident in providing their personal data to Bright, knowing that this data will be treated with respect and in accordance with current data protection legislation.

Bright is the data controller for all handling of personal data conducted in Bright's operations. "Personal data" refers to any kind of information that can be linked to an identifiable living person.

This Privacy Policy ("Policy") describes how Bright handles the collection, storage, use, and dissemination of personal data. The Policy applies both to users who use the Service and to all individuals who visit Bright's website brighteducation.io, contact Bright, or otherwise come into contact with Bright.

Bright encourages you to regularly review the contents of this Policy to stay informed about how Bright processes personal data.

2. Purpose of Bright's processing of personal data

Bright processes personal data to manage the relationship between Bright and its customers and to fulfill contractual or legal obligations. Bright also needs to process personal data to improve the Service and its features, which is why personal data may be processed by Bright in connection with market and customer analyses, market research, statistics, business monitoring, and business and method development.

Bright processes personal data to make the Service, offers, and recommendations as personalized as possible and hopes to reduce the risk of irrelevant marketing.

Personal data concerning certain users' preferences, behavior, education, needs, or lifestyle that has been collected may also be used in targeted marketing regarding new potential customers.

Personal data may also be used by Bright for targeted marketing on social media, such as Facebook, TikTok, and Instagram, as well as on Google. Additionally, Bright may analyze and combine personal data with other information about the user that Bright has access to via third parties.

Bright's processing of personal data is also a prerequisite for Bright to maintain Bright's general terms and conditions and to detect, investigate, and prevent potential prohibited or illegal activities.

3. When personal data is collected and how it is handled

Bright collects personal data about you when you visit Bright's website brighteducation.io, create an account with Bright and use the Service, contact customer service, connect the Service to social media or other similar third-party services, respond to market surveys or other communication from Bright.

Bright may also collect personal data when, in addition to the above examples, it is necessary to administer the relationship between you and Bright. Bright also collects information through Bright's own cookies and third-party cookies.

Bright also uses other similar tracking techniques, such as beacons, tags, and pixels, to log your activities and choices when using the Service or other contact with Bright. This usage is intended to improve Bright's website, the Service, offers and marketing, simplify login and remember your settings, make the Service more personalized for the user or a group of users, and obtain information about how the user came to the service.

For more information about Bright's use of cookies, please refer to Bright's cookie policy available on Bright's website.

Based on the above purposes, the following personal data may be collected and processed by Bright:

• Basic user data

First name, last name, user ID, email address, address, university and phone number. Bright may also collect personal data that you provide about your family (including your family members' names, email addresses, birthdates, and interests). If you choose to provide such personal data, you are responsible for ensuring that you have the right to do so with their consent and you must also inform them of our data processing activities.

• Payment information

Information about chosen payment methods, such as card type, card expiration date, payment history information, and information about trial periods and periods without active subscriptions. Payment information is collected by Stripe. For information about their data handling, see Stripe Privacy Policy. Since Bright collaborates with Stripe, which operates independently in systems separate from Bright, no complete payment information, such as a full credit card number, will be stored by Bright. If you registered as an invoice customer with Bright, Bright may collect and process payment information that you provide to Bright's payment service providers to enable such invoicing.

• Usage history

Search history, clicks on the website and in the app, selected titles, saved books, ratings of course literature, bookmarks, and favorite authors/topics, when and how often a book is opened, how long a user reads a book, the connection between the user's education and choice of course literature, and the user's use of various features.

• Survey responses

Customer responses to surveys/questions we ask the customer to answer (e.g., in connection with subscription termination), which may contain personal data.

• Interaction with emails for marketing or market research purposes

Interaction with emails, in-app messages, and push notifications, e.g., whether the email was opened, if links in the email were clicked, and the time and place/city where the email was opened by the recipient.

• Technical data

Unique platform identifiers, phone and platform versions, device IP addresses, Bright's app version, app settings, language settings, URL information, passwords (encrypted), geographical location, device type, device name, operating system, cookies, browser type, and book title and ISBN.

• Personal data provided by third parties

If you choose to connect the Service to, for example, Facebook, Instagram, or other similar third-party services that are responsible for personal data, Bright may collect and process such personal data. Bright encourages you to review such third parties' privacy policies.

• Other

Bright may also collect and process personal data that you provide in public forums on Bright's website, in Bright's review feature, or that you make available to Bright when using Bright's website, Bright's pages on third-party platforms such as app marketplaces, social media, or when you link your profile on a third-party site or platform with your personal account in the Service.

4. Location where Bright stores personal data

Bright stores personal data on servers in Sweden and, in some cases, outside the EU/EEA. Adequate security measures are applied to protect personal data during such transfers.

5. Legal basis for processing personal data

• Legitimate interest

Bright processes personal data when Bright or a third party is deemed to have a legitimate interest. Such a situation arises when Bright's or a third party's right to manage information outweighs the risk to users posed by the processing of their personal data. This may be the case, for example, when the user contacts Bright for help with features in the Service.

• Legal obligation

Bright may process personal data when necessary to fulfill a legal obligation under national or EU legislation.

• Consent

Bright may process certain personal data with the user's consent, which the user can withdraw at any time, in whole or in part. Examples of such occasions are when Bright accesses personal data from social media such as Facebook.

If the user provides Bright with personal data about other individuals, such as family members, it is the user's responsibility to ensure that this is done with the consent of these individuals.

6. Privacy and data security

Bright has implemented a range of technical and organizational security measures to protect your personal data from unauthorized access, use, and disclosure. Only authorized personnel at Bright have access to the personal data. Additionally, Bright uses firewalls, encryption, passwords, and antivirus programs to protect personal data. Despite Bright's security measures and regular evaluations of these, it is difficult to completely eliminate risk. Very few security measures are impenetrable, and Bright therefore asks you to inform Bright immediately if you detect any suspicious activity in the Service or on Bright's website.

7. Disclosure of personal data

Bright may share personal data with third parties that provide services to Bright, such as payment services (e.g., Stripe), marketing services, analytics tools, and customer support services. Bright ensures that these parties only have access to personal data to the extent necessary to perform their services.

8. External links and websites

Information from Bright may contain external links, i.e., links to websites owned by others than Bright. Bright is not responsible for how personal data is processed on these websites and instead refers to the privacy information provided on the relevant websites.

9. Changes to the Policy

Bright reserves the right to make changes to this Policy. Information about changes will be sent out in advance via email, SMS, or through notifications via the Service when they affect Bright's obligations or your rights. This allows you to take a stand on the new Policy, which will be available on Bright's website. Bright may also contact you to obtain new consent from you if changes require it.

10. Legal rights

When Bright processes your personal data and this takes place within the EU/EEA, or you are located within the EU/EEA, there are certain statutory rights regarding your personal data that you can assert by contacting Bright. It is important to note, however, that some of these rights only apply under certain circumstances.

• Right of access

You have the right to ask Bright why, how, and if Bright processes personal data about you. You also always have the right to request information about which personal data Bright handles.

• Right to rectification

Bright has an obligation, at your request, to amend or supplement personal data that is incorrect or incomplete so that this data is correct.

• Right to erasure

In certain situations, you can request that Bright delete your personal data.

• Right to restriction of processing

In certain situations, you can request that Bright restrict the use of your personal data. Bright may then only use your personal data in specific situations as prescribed by law.

• Right to data portability

In certain situations, you have the right to receive your personal data that Bright processes. You should be able to access your personal data in a format that is structured, commonly used, and machine-readable. You also have the right to transfer such personal data to another entity.

• Right to object

Under certain circumstances, you have the right to object to Bright's processing of your personal data, and Bright may then be compelled to cease using it. For example, you can object to Bright using your personal data for profiling and marketing purposes in certain situations.

In addition to the above, you always have the right to file a complaint if you believe that Bright's processing of your personal data violates current legislation. Such a complaint is filed with the Swedish Data Protection Authority if you live and/or work in Sweden, or if Bright's unlawful processing of personal data occurred in Sweden. Otherwise, such a complaint should be filed with the appropriate supervisory authority.

11. Contact information

If you have any questions about Bright's processing of personal data, please contact Bright as follows:

Email - info@brighteducation.io

Mailing address - Athena EdTech AB, Artillerigatan 27, 114 45 Stockholm, Sweden

Last updated on May 27, 2024.