Privacy Policy
BrightonLum Budget Compliance Services
Last updated: March 15, 2025
1. Introduction and Data Controller
BrightonLum ("we," "our," or "us") operates the website brightonlum.com and provides budget compliance consulting services to businesses across Bulgaria and European markets. This privacy policy explains how we collect, use, store, and protect your personal information when you interact with our services.
As the data controller, BrightonLum is responsible for ensuring your personal data is processed in compliance with the General Data Protection Regulation (GDPR) and Bulgarian Personal Data Protection Act. Our registered address is bul. "Tsar Simeon Veliki" 168А, 6001 кв. Опълченски, Stara Zagora, Bulgaria.
2. Information We Collect
Personal Information You Provide
Automatically Collected Information
3. How We Use Your Information
We process your personal data for specific, legitimate business purposes related to our budget compliance services. Each use is based on a legal foundation under GDPR, including contract performance, legitimate interests, or your explicit consent.
| Purpose | Legal Basis | Data Types |
|---|---|---|
| Service delivery and consultation | Contract performance | Contact details, business information, financial data |
| Communication and support | Contract performance | Contact information, communication records |
| Website improvement and analytics | Legitimate interests | Usage data, technical information |
| Legal compliance and record-keeping | Legal obligation | All relevant business records |
4. Data Sharing and Third Parties
We maintain strict controls over data sharing and only work with trusted partners who meet our security standards. Your information is never sold to third parties or used for purposes beyond those outlined in this policy.
Service Providers and Partners
Legal Requirements
We may disclose your information when required by Bulgarian law, EU regulations, or court orders. This includes responding to legitimate requests from tax authorities, regulatory bodies, or law enforcement agencies within the scope of their authority.
5. Your Rights Under GDPR
As a data subject under GDPR, you have comprehensive rights regarding your personal information. We've designed clear procedures to help you exercise these rights effectively and without unnecessary delay.
Right to Access
Request a copy of all personal data we hold about you, including details about processing activities and data sources.
Right to Rectification
Correct any inaccurate or incomplete personal information we maintain in our systems.
Right to Erasure
Request deletion of your personal data when it's no longer necessary for the original purpose.
Right to Data Portability
Receive your personal data in a structured, machine-readable format for transfer to another service.
How to Exercise Your Rights
To exercise any of these rights, contact us at help@brightonlum.com with your specific request. We'll respond within 30 days and may require identity verification for security purposes. There's no fee for most requests, though we may charge for excessive or repetitive requests.
6. Data Security and Protection
We implement comprehensive security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security approach combines technical, administrative, and physical safeguards.
Technical Security Measures
Administrative Controls
Access to personal data is strictly limited to authorized personnel who require it for their job functions. All staff receive regular privacy and security training, and we maintain detailed access logs for audit purposes.
7. Data Retention and Deletion
We retain personal information only as long as necessary for the purposes outlined in this policy or as required by applicable laws. Different types of data have different retention periods based on legal requirements and business needs.
Retention Periods
Secure Deletion Process
When retention periods expire, we securely delete personal data using certified data destruction methods. This includes overwriting digital storage media and physically destroying any physical records containing personal information.
8. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to provide functionality, analyze usage, and improve your experience. You can control cookie settings through your browser, though some features may not work properly if cookies are disabled.
Types of Cookies We Use
Most cookies expire automatically after your session ends or after a predetermined period. You can view and manage cookies through your browser settings or contact us for assistance with cookie-related questions.
9. International Data Transfers
While we primarily store and process data within the European Union, some of our service providers may be located outside the EU. When international transfers occur, we ensure appropriate safeguards are in place to protect your personal information.
Transfer Safeguards
10. Changes to This Privacy Policy
We review and update this privacy policy regularly to reflect changes in our services, legal requirements, or privacy practices. When we make significant changes, we'll notify you through email or prominent website notices before the changes take effect.
Minor updates for clarity or additional detail may be made without specific notice. We recommend reviewing this policy periodically, especially before sharing new types of personal information with us.
Contact Us About Privacy
If you have questions about this privacy policy, want to exercise your data rights, or need to report a privacy concern, please contact us using the information below. We're committed to addressing your privacy inquiries promptly and thoroughly.
For complaints about data processing that we cannot resolve directly, you have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection or your local supervisory authority.