This is a previous version of the Privacy Policy that was in effect from May 21, 2018 until
Jan 1, 2020.
View the current Privacy Policy
Brilliant Worldwide, Inc. ("Brilliant") knows that you care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn more about our Privacy Statement. By using the brilliant.org website, or any of our mobile applications (such as are available via the App Store and Google Play Store), and any related services and/or features (collectively, the "Service") you acknowledge that you accept the practices and policies outlined in this Privacy Statement. If you are a resident of the European Union ("EU"), United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the "GDPR") with respect to your Personal Information, as outlined below.
This Privacy Statement covers Brilliant's treatment of personally identifiable information ("Personal Information") that Brilliant gathers when you access/use the Service.
Brilliant collects information you voluntarily submit to the Service, such as, the information we collect when you register for an account: your name, email address, school, date of birth, etc.
Information you elect to submit to the Service in a public or quasi-public manner may be disclosed to other users of the Application or the general public ("User Submission(s)"). For example–if you make a post to a message board or chat forum that includes any personal information – such information will be made publicly available. We endeavor to make sure the Service's functionality puts you on reasonable notice as to the scope of an intended submission.
In addition, we may automatically receive and store certain, anonymous types of information whenever you interact with the Service. Such information may include the user's IP address, domain server, and type of Internet browser. This information helps us, among other things, analyze trends and administer the Service. This information is anonymous and contains no personally identifiable data.
Do Not Track Policy. Through cookies we place on your browser or device, we may collect information about your online activity after you leave our Services. Just like any other usage information we collect, this information allows us to improve the Services and customize your online experience, and otherwise as described in this Privacy Policy. Your browser may offer you a "Do Not Track" option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Services and after you leave our Services.
The safety and privacy of children is extremely important to us. If you are a resident of the EU, United Kingdom, Lichtenstein, Norway, or Iceland, then you must be 16 years old or older to use the Services in any way. Otherwise, every user of the Service must be 13 years of age or older. Any person that does not meet the foregoing age requirements is a "Minor". Minors are prohibited from signing up or using the Service in any way. If you are a Minor, please do not attempt to register for the Services or send any personal information about yourself to us. If we learn that we have collected personal information from a Minor, we will delete that information as quickly as possible. If you believe that a Minor may have provided us personal information, please contact us at privacy@brilliant.org. We reserve the right to require any user to verify that the user is not a Minor, and if a user does not provide such verification in a timely manner, we will terminate the user's account and delete all personally identifiable information displaying on the site and collected from such user.
To the limited extent we collect Personal Information – we neither rent nor sell your Personal Information to anyone. We share your Personal Information only as described below.
Recipient of User Submissions: As mentioned above – your User Submissions may be shared in a public or quasi-public manner.
Service Providers and Agents: We employ other companies and people to perform tasks on our behalf. For example, we may decide to use a third party payment processing company to process payments you make through the Service. In addition, parts of the Service may be hosted by a third party on our behalf. Your information may be accessed by such providers/agents, in the event that we need to share your information with them to provide our services or customer support to you. Unless we tell you differently, Brilliant's agents do not have any right to use Personal Information we share with them beyond what is necessary to assist us.
Business Transfers: In some cases, we may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that are transferred. Moreover, if Brilliant, or substantially all of its assets were acquired, or in the unlikely event that Brilliant goes out of business or enters bankruptcy, customer information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Brilliant may continue to use your Personal Information as set forth in this policy.
Protection of Brilliant and Others: We may release Personal Information when we believe in good faith that release is necessary to comply with the law; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Brilliant, our employees, our users, or others.
With Your Consent: Except as set forth above, you will be notified when your Personal Information may be shared with third parties, and will be able to prevent the sharing of this information.
If you decide to access or use the Service, such access and use and any possible dispute over privacy is subject to this Privacy Statement and our Terms of Use (located on our website), including limitations on damages, disclaimer of warranties, and the application of California state law.
The Site may permit you to link to other websites on the Internet, and other websites may contain links to the Site. These other websites are not under Brilliant control, and such links do not constitute an endorsement by Brilliant of those other websites or the services offered through them. The privacy and security practices of websites linked to or from the Service are not covered by this Privacy Statement, and Brilliant is not responsible for the privacy or security practices or the content of such websites.
If you would like to stop receiving email from Brilliant, simply visit the Email section of your Account settings and uncheck any and all boxes.
The Services are hosted and operated in the United States ("U.S.") through Brilliant and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Brilliant in the U.S. and will be hosted on U.S. servers, and you authorize Brilliant to transfer, store and process your information to and in the U.S., and possibly other countries. You hereby consent to the transfer of your data to the U.S. pursuant to EU-US and Swiss–US Privacy Shield Framework, the details of which are further set forth below.
Brilliant has certified to the EU.-U.S. and Swiss–US Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection and use of Personal Data transferred from the EU and Switzerland. For more information about the Privacy Shield Program, and to view Brilliant's certification, please visit www.privacyshield.gov. Brilliant is committed to the Privacy Shield Principles of (1) notice, (2) consent, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access and (7) recourse, enforcement and liability with respect to all Personal Data received from within the EU and Switzerland in reliance on the Privacy Shield. The Privacy Shield Principles require that we remain potentially liable if any third party processing subject Personal Data on our behalf fails to comply with these Privacy Shield Principles (except to the extent we are not responsible for the event giving rise to any alleged damage). Brilliant's compliance with the Privacy Shield is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Please contact us at privacy+gdpr@brilliant.org with any questions or concerns relating to our Privacy Shield Certification. If you do not receive timely acknowledgment of your Privacy Shield-related complaint from us, or if we have not resolved your complaint, you may also resolve a Privacy Shield-related complaint through JAMS, an alternative dispute resolution provider located in the United States. You can visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for more information or to file a complaint, at no cost to you. Under certain conditions, you may also be entitled to invoke binding arbitration for complaints not resolved by other means.
For this GDPR section, we use the terms "Personal Data" and "processing" as they are defined in the GDPR, but "Personal Data" generally means information that can be used to individually identify a person, and "processing" generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. Brilliant will be the controller of your Personal Data processed in connection with the Sites. Note that we may also process Personal Data of our customers' end users or employees in connection with our provision of services to customers, in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.
If there are any conflicts between this section and any other provision of this Privacy Policy, the policy or portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at privacy+gdpr@brilliant.org.
What Personal Data Do We Collect From You? We collect Personal Data about you when you provide such information directly to us, when third parties such as our business partners or service providers provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Sites.
Information we collect directly from you: We receive Personal Data directly from you when you provide us with such Personal Data, including without limitation the following:
Information we receive from third party sources: Some third parties such as our business partners and service providers provide us with Personal Data about you, such as the following:
Information we automatically collect when you use our Sites: Some Personal Data is automatically collected when you use our Sites, such as the following:
How Do We Use Your Personal Data? We process Persona Data to operate, improve, understand and personalize our Sites. For example, we use Personal Data to:
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our "legitimate interests" or the legitimate interest of others, as further described below.
How and With Whom Do We Share Your Data? We share Personal Data with vendors, third party service providers and agents who work on our behalf and provide us with services related to the purposes described in this Privacy Policy or our Terms and Conditions. These parties include:
We also share Personal Data when necessary to complete a transaction initiated or authorized by you or provide you with a product or service you have requested. In addition to those set forth above, these parties also include:
We also share information with third parties when you have given us consent to do so (as indicated at the point such information is collected).
We also share Personal Data when we believe it is necessary to:
Furthermore, if we choose to buy or sell assets, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party, and we would share Personal Data with the party that is acquiring our assets. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Information as set forth in this policy.
How Long Do We Retain Your Personal Data? We retain Personal Data about you as long as you have an open account with us or as otherwise necessary to provide you Services. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
What Security Measures Do We Use? We seek to protect Personal Data using appropriate technical and organizational measures based on the type of Personal Data and applicable processing activity. For example, we encrypt all data in-transit, obfuscate and anonymize data that we share with processors like analytics services, and maintain all services with security patches in a timely manner. We also require that our suppliers protect such information from unauthorized access, use, and disclosure.
Personal Data of Children: We do not knowingly collect or solicit Personal Data from anyone under the age of 16. If you are under 16, please do not attempt to register for the Sites or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Data, please contact us at privacy+gdpr@brilliant.org.
What Rights Do You Have Regarding Your Personal Data? You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email privacy+gdpr@brilliant.org. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need to you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
Right to File Complaint: You have the right to lodge a complaint about Brilliant's practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
Brilliant may amend this Privacy Statement from time to time. Use of information we collect now is subject to the Privacy Statement in effect at the time such information is used. If we make changes in the way we use Personal Information, we will notify you by posting an announcement on our website, or via the Service, or sending you an email. Users are bound by any changes to the Privacy Statement when he or she uses the Service after such changes have been first posted.
If you have any questions or concerns regarding privacy, please send us a detailed message at privacy@brilliant.org. We will make every effort to resolve your concerns.
Effective Date: May 21, 2018
The previous version of this document is located
here.