BrightTALK Privacy Policy

Last Updated March 10, 2023

1. This Policy

This Policy is issued by BrightTALK Inc. (“BrightTALK”) and is addressed to individuals outside  our organization with whom we interact, including visitors to our website and other users of our  services (together, “you”). BrightTALK is a wholly-owned subsidiary of TechTarget, Inc. Defined  terms used in this Policy are explained in Section (13) below. For the purposes of this Policy,  BrightTALK is acting solely as the Controller of the Personal Data. Contact details are provided in  Section (12) below. This Policy may be amended or updated from time to time to reflect changes in  our practices with respect to the Processing of Personal Data, or changes in applicable law. We  encourage you to read this Policy carefully, and to regularly check this page to review any changes  we might make in accordance with the terms of this Policy.

2. Processing Your Personal Data

Collection of Personal Data: We may collect Personal Data about you as provided in this Policy.  Examples of sources from which we may collect Personal Data include the following:

  1. We may obtain your Personal Data when you provide it to us (e.g., where you contact us via  email or telephone, or by any other means).
  2. We may collect your Personal Data in the ordinary course of our relationship with you (e.g., in  the course of administering your BrightTALK account).
  3. We may collect Personal Data that you manifestly choose to make public, including via our  website.
  4. We may receive your Personal Data from third parties who provide it to us (e.g., social media  platforms via plugins).
  5. We may collect or obtain Personal Data when you visit our website, or use any features or  resources available on or through our website. When you visit our website, your device and browser will automatically disclose certain information, some of which may constitute Personal Data (see below).

Creation of Personal Data: We may also create Personal Data about you, such as records of your  interactions using our website, and details of your account history.

Categories of Personal Data: The categories of Personal Data about you that we may Process include:

  1. Personal details: given name(s); preferred name; gender; nationality; photograph;  preferences; personal photo/image; and account settings.
  2. Contact details: telephone number; email address; mailing address; and social media profile  details.
  3. Professional details: professional profile details; association memberships; qualifications and  company insight data.
  4. Device details: device type, operating system, browser type, browser settings, browsing  information, IP address, language settings, dates and times of connecting to our website and  other technical communications information.
  5. Payment details: billing address; bank account number or credit card number; cardholder or  accountholder name; card or account security details; card ‘valid from’ date; card expiry date.
  6. Usage details: records of your use of our website and other services, including: registrations;  details of content with which you interact; votes; questions; downloads; ratings; feedback;  profile views; search queries; anonymous viewings; page views; player clickstream; chapters;  and favorite moments.
  7. Analysis data: keywords, communities, trends, content quality and content importance.
  8. Views, opinions and interests: any comments, ratings, views or opinions that you choose to  send to us, post via our website, via a survey, or publicly post via social media platforms;  your community interests and solution interests.

Lawful basis for Processing Personal Data: In Processing your Personal Data in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases,  depending on the circumstances:

  1. we have obtained your prior express consent to the Processing (this legal basis is only used in  relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way);
  2. the Processing is necessary in connection with any contract that you may enter into with us;
  3. the Processing is required by applicable law;
  4. the Processing is necessary to protect the vital interests of any individual; or
  5. we have a legitimate interest in carrying out the Processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your  interests, fundamental rights, or freedoms.

Processing your Sensitive Personal Data: We do not seek to collect or otherwise Process your  Sensitive Personal Data, except where:

  1. the Processing is required or permitted by applicable law (e.g., to comply with our diversity  reporting obligations);
  2. the Processing is necessary for the detection or prevention of crime (including the prevention  of fraud);
  3. the Processing is necessary for the establishment, exercise or defense of legal rights; or we have, in accordance with applicable law, obtained your prior explicit consent prior to  Processing your Sensitive Personal Data (as above, this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).

Purposes for which we may Process your Personal Data: The purposes for which we may Process  Personal Data, subject to applicable law, include:

  1. Our website: operating and managing our website; providing content to you; displaying  advertising and other information to you; and communicating and interacting with you via our website.
  2. Provision of services to you: providing our website and other services to you (including  suggesting content that may be of interest to you, based on your past activity);  communicating with you in relation to those services; recommending content that may be of  interest to you; and recommending your content to others.
  3. Marketing communications: communicating with you via any means (including via email,  telephone, text message, social media, post or in person) news items and other information in  which you may be interested, subject to ensuring that such communications are provided to  you in compliance with applicable law.
  4. Disclosing Personal Data to our clients: in accordance with the provisions of this Policy and  applicable law, we may disclose certain Personal Data to our clients. Our clients may contact  you with information that may be of interest to you, provided that such communication is not  otherwise in breach of applicable laws.
  5. Communications and IT operations: management of our communications systems; operation  of IT security; and IT security audits.
  6. Health and safety: health and safety assessments and record keeping; and compliance with  related legal obligations.
  7. Financial management: sales; finance; corporate audit; and vendor management.
  8. Surveys: engaging with you for the purposes of obtaining your views on our website or our  services.
  9. Improving our website and our services: identifying issues with existing website and our  services; planning improvements to existing website and our services; creating new website and our services.

3. Disclosure of Personal Data to Third Parties

We may disclose your Personal Data to other entities within the BrightTALK group, in accordance  with applicable law. In addition, we may disclose your Personal Data to:

  1. our clients, subject always to compliance with the terms of this Policy and the requirements  of applicable law;
  2. other users, pursuant to our User Agreement, who may see your profile details in your public  profile setting, such as name, job title, organization, country, photos, website activity and  history, and comments, unless you choose to hide yourself from other users upon viewing a  particular webcast;
  3. legal and regulatory authorities, upon request, or for the purposes of reporting any actual or  suspected breach of applicable law or regulation;
  4. accountants, auditors, lawyers and other outside professional advisors to BrightTALK, subject to binding contractual obligations of confidentiality;
  5. third party Processors (such as IT service providers or other third party service providers we use for operational purposes), located anywhere in the world, subject to the requirements  noted below in this Section (3);
  6. any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights;
  7. any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against  and the prevention of threats to public security; and
  8. any relevant third party acquirer(s), in the event that we sell or transfer all or any relevant  portion of our business or assets (including in the event of a reorganization, dissolution or liquidation)

If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to  binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior  written instructions; and (ii) use measures to protect the confidentiality and security of the Personal  Data; together with any additional requirements under applicable law.

4. Transfer of Personal Data

We may disclose your Personal Data to other entities within the BrightTALK group website, in  accordance with applicable law. In addition, we may disclose your Personal Data to:

  1. our clients, subject always to compliance with the terms of this Policy and the requirements  of applicable law;
  2. other users, pursuant to our User Agreement, who may see your profile details in your public  profile setting, such as name, job title, organization, country, photos, website activity and  history, and comments, unless you choose to hide yourself from other users upon viewing a  particular webcast;
  3. legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
  4. accountants, auditors, lawyers and other outside professional advisors to BrightTALK, subject to binding contractual obligations of confidentiality;
  5. third party Processors (such as IT service providers or other third party service providers we use for operational purposes), located anywhere in the world, subject to the requirements  noted below in this Section (4);
  6. any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights;
  7. any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against  and the prevention of threats to public security; and
  8. any relevant third party acquirer(s), in the event that we sell or transfer all or any relevant  portion of our business or assets (including in the event of a reorganization, dissolution or liquidation)

If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to:

(i) only Process the Personal Data in accordance with our prior written instructions; and

(ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.

In accordance with applicable laws, your Personal Data may be transferred to, stored at and processed  by us and our third party providers outside the country in which you reside, including the United  States, where data protection and privacy regulations may not offer the same level of protection as in  other parts of the world. We have adopted Standard Contractual Clauses and/or another appropriate  legal basis for transfers of Personal Data, as applicable.  

5. Data Security

We have implemented appropriate technical and organizational security measures designed to protect  your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in  accordance with applicable law. These measures include, but are not limited to, the  implementation of current security technologies and processes to protect your Personal Data  from loss, misuse and unauthorized access, disclosure, alteration or destruction. Our security systems include authenticated access to internal databases, regular audits of processes and  procedures, scheduled reviews of overall web security, and the use of restrictions of access to  Personal Data in our possession. Additionally, we use encryption (HTTPS/TLS) to protect data  transmitted to and from our website. While BrightTALK maintains secure methods of transferring  Personal Data, we are not responsible for other methods that you may choose to send data, and you shall ensure that any Personal Data you send to us is securely sent.

6. Data Retention

We will retain copies of your Personal Data in a form that permits identification only for as long as is  necessary in connection with the purposes set out in this Policy, unless applicable law requires a  longer retention period. To determine the appropriate retention period for Personal Data, we consider  the amount, nature, and sensitivity of the Personal Data, potential risk of harm from unauthorized use  or disclosure of your Personal Data, purposes for which we process your Personal Data and whether  we can achieve those purposes through other means, and applicable legal requirements. We will retain users of our services Personal Data for so long as a user’s account remains in existence or  as needed to provide our services, to comply with our legal obligations, to resolve disputes, and  to enforce our agreements.  

7. Legal Rights For EEA and UK Residents

Subject to applicable law, you may have a number of rights regarding the Processing of your Personal Data as a resident of the European Economic Area (“EEA”) or United Kingdom (“UK”), including:

  1. the right to be informed of the processing of your Personal Data;  
  2. the right to request access to, or copies of, your Personal Data that we Process or control;
  3. the right to request rectification of any inaccuracies in your Personal Data that we Process or  control;
  4. the right to request, on legitimate grounds:
  5. erasure of your Personal Data that we Process or control; or
  6. restriction of Processing of your Personal Data that we Process or control;
  7. the right to object, on legitimate grounds, to the Processing of your Personal Data by us or on  our behalf;
  8. the right to have your Personal Data that we Process or control transferred to another  Controller, to the extent applicable;
  9. where we Process your Personal Data on the basis of your consent, the right to withdraw that consent; and
  10. the right to lodge complaints with a Data Protection Authority regarding the Processing of  your Personal Data by us or on our behalf

This does not affect your statutory rights.

To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please use this form or the contact  details provided in Section (12) below.

Information for Authorized Agents – Authorized Agents who have the regulatory authority to submit a request may use our Authorized Agent Portal available here to submit rights requests on behalf of individuals from whom they have received prior authorization to act on their behalf.

In order to ensure the security of an individual’s Personal Information, we ask that all requests from Authorized Agents be submitted via this method. Evidence of a signed authorization to act on the behalf of the individual that is the subject of the request, should be submitted as a PDF as part of this process. Authorized Agents must also attest to their legal authority to submit information on the behalf of each individual they represent. Please note, if an authorized agent is unable to provide proof of authorization, their request may be rejected.

Providing missing or inaccurate Personal Information on behalf of the individual you are representing may also result in the request being denied, unless that information is promptly corrected by the Authorized Agent.

8. Legal Rights for California Residents

California consumers may have additional rights as described in the California Consumer Privacy Notice found here, which is hereby incorporated into this Policy by reference.

9. Cookies and other Tracking Technologies

We use cookies and other tracking technologies or other similar solutions (“Tracking Technologies”) to collect or receive certain information when you visit or use the BrightTALK  website, read an email, newsletter, or otherwise interact with content from us.  

Cookies are small data files which are placed on your computer or mobile device when you visit a  website or use an online service. For example, cookies enable us to identify and authenticate you and  remember your preferences so we can enhance your experience on our websites. They also help us  serve you ads relevant to your professional interests, understand and improve our service, and know  when content has been shown to you. Most browsers are initially set up to accept cookies, but you can  reset your browser to refuse all cookies or to indicate when a cookie is being sent.

We strongly recommend that you leave the cookies activated, however, because cookies enable you to take advantage of some of the website features and if you decline or delete them then parts of our  website and services may not work properly.

BrightTALK uses several different types of cookies on our website, including the following.

  1. Strictly Necessary Cookies. Strictly necessary cookies facilitate the operation of our website.  Without the use of these cookies, portions of our websites would not function properly. For example, we use essential cookies to help us identify which of our visitors have previously  registered in order to access our services.  
  2. Performance Cookies. Performance cookies help us monitor the performance of our website and  how users interact with them. These cookies collect information such as how often users visit our  website, what pages they visit when they do so, and what other websites they used prior to  coming to our website and provide us with information that allows us to improve our website and  services.
  3. Functional Cookies. Functional cookies are used to remember your preferences on our website and to authenticate your identity. For example, we use functional cookies to recognize and save  your name and password on our website.
  4. Behavioral Advertising Cookies. BrightTALK may use behavioral advertising cookies in order to  provide you with advertising which is tailored to your interests when you visit websites on and  off our network. Behavioral advertising cookies analyze information about your interests and your browsing history and provide you with advertisements on and off our network that match  these interests. Behavioral advertising is a type of advertising that is based upon your web  browsing activity over a period of time – so it’s different than advertising you may see when  you’re looking for something online using a search engine (e.g., Google, Yahoo, or Bing) or on a website you may be visiting at a particular time. As an example, you may be doing research on  products and services related to data center virtualization. If a data center virtualization provider  is conducting an advertising campaign on our network, as you browse the relevant portions of our  website, then we may serve you with an advertisement of one of their solutions.

Although our website currently does not respond to “do not track” browser headers, you can limit tracking through third-party programs and by taking the other steps discussed in this section. You  may opt-out of internet-based advertising by removing cookies or by setting your web browser  settings to refuse cookies and similar Tracking Technologies. Please note that web browsers operate using different identifiers. As such, you must adjust your settings in each web browser and for each  computer or device that you would like to opt-out on. Further, if you simply delete your cookies, you  will need to remove cookies from your device after every visit to the website. You may download a  browser plugin that will help you maintain your opt-out choices by visiting www.aboutads.info/pmc.  You may block cookies entirely by disabling cookie use in your browser or by setting your browser to  ask for your permission before setting a cookie. Blocking cookies entirely may cause some websites  to work incorrectly.

Please note that the use of online tracking mechanisms by third parties is subject to those third  parties’ own privacy policies, and not this Policy. You may remove yourself from the targeted  advertising of companies within the Network Advertising Initiative by opting out here, or of  companies participating in the Digital Advertising Alliance program by opting out here, the Digital  Advertising Alliance of Canada (DAAC) (for Canadian users) by opting out here; or the European  Interactive Digital Advertising Alliance (EDAA) (for users in the EU) by opting out here.

In addition to the foregoing, in order to protect our registration forms and other website features, we  may use Google reCAPTCHA provided by Google Inc. (“reCAPTCHA”). We employ  reCAPTCHA to check whether data is entered into our forms by a person or by an automated  program, script or bot. reCAPTCHA analyzes the behavior of the person entering the data using  various features. This analysis starts automatically as soon as the website is accessed. For analysis,

reCAPTCHA evaluates various information (e.g., IP address, browser type, settings, and plugins,  URL of the referring website, time spent on the respective website, mouse movements, input  characteristics of the data entry, including speed, sequence and selection of inputs, etc.). The data  collected during the analysis is forwarded to a Google server in the USA, where it is stored and  evaluated. We carry this processing out based on our legitimate interest in preventing the misuse of  our websites through automated means. You can find Google’s current privacy policy  at: https://policies.google.com/privacy. Detailed information about Google reCAPTCHA can be  found at the following address: https://www.google.com/recaptcha.

10. Minors

Our products, services, events and offerings are directed to professionals. Our business is not  directed at children, and we do not solicit or knowingly collect any Personal Data from children  under the age of 16. If you are not 18 or older, you are not authorized to use our website or  services. Parents should be aware that there are parental control tools available online that you can use to prevent children from submitting information online without parental permission or  from accessing material that is harmful to minors. If you learn that a child under 16 has  provided us with Personal Data without consent, please contact us via the information provided  in Section 12 below.

11. User Agreement

All use of our website is subject to our User Agreement.

12. Contact Details and Data Subject Requests

If you have any comments, questions or concerns about any of the information in this Policy, or any  other issues relating to the Processing of Personal Data by BrightTALK, please contact:

BrightTALK, Inc.
275 Grove Street
Newton,  MA  02466
Email:
privacy@brighttalk.com
Phone: (617) 431-9200

General Privacy Rights Request Form

EU and UK GDPR Rights Request Form

California CCPA Rights Request Form

13. Definitions

  • ‘BrightTALK group’ means BrightTALK and its affiliates and parent company.
  • ‘Controller’ means the entity that decides how and why Personal Data is Processed. In many  jurisdictions, the Controller has primary responsibility for complying with applicable data  protection laws.
  • ‘Data Protection Authority’ means an independent public authority that is legally tasked  with overseeing compliance with applicable data protection laws.
  • ‘Personal Data’ means information that is about any individual, or from which any  individual is identifiable. Examples of Personal Data that we may Process are provided in  Section (2)
  • ‘Process’, ‘Processing’ or ‘Processed’ means anything that is done with any Personal Data,  whether or not by automated means, such as collection, recording, organization, structuring,  storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,  dissemination or otherwise making available, alignment or combination, restriction, erasure  or destruction.
  • ‘Processor’ means any person or entity that Processes Personal Data on behalf of the  Controller (other than employees of the Controller).
  • ‘Sensitive Personal Data’ means Personal Data about race or ethnicity, political opinions,  religious or philosophical beliefs, trade union membership, physical or mental health, sexual  life, any actual or alleged criminal offences or penalties, national identification number, or  any other information that may be deemed to be sensitive under applicable law.

14. EU Representative  

In accordance with Article 27 of the GDPR, we have appointed a representative within the European  Union.

The contact details of our EU representative are below.

Postal Address: E-Magine Medias SAS, 29 rue du Colisée, 7th Floor, 750008 Paris Email address: eurep_ttgt@techtarget.com

Telephone: +33 (0)1 77 32 13 00.

E-Magine Medias role in this respect is limited solely to being a contact point for questions from  European residents and data protection supervisory authorities regarding data protection. E-Magine  Medias cannot respond to other communications or legal processes on BrightTALK’s behalf. This  designation does not alter BrightTALK’s role with respect to the personal data in its control nor does  it affect BrightTALK’s responsibility or obligations under GDPR.