Internet Court of Truth and Lies
The data controller for this website is Bright Plaza, Inc., a Delaware Corporation. For our contact information, see www.brightplaza.com.
Purposes of Processing
The purpose of processing is to allow individuals to log into this website and participate in the software services provided by the website which includes email announcements of website events inviting individuals to log into this website at certain times and dates. Any individual may at their own discretion provide digital information which may be available to up to eight other individuals also logged into the website. The purpose of the processing is to enable the groups to exchange form-based dialogue and to allow the individual to review the dialogue sessions and at his option publish any dialogue session he has participated in. The selection of the individuals in a group is determined by the individual member wishing to form a group. We also track which groups individuals may have created or participated, and whether they were on time to group meetings and filled out the required forms for completing the desired dialogue.
Lawful basis for the processing
Generally, we process personal information provided by visitors through our website or other interactions with us on the basis our legitimate interests in providing the software services.
We may also process personal information on other bases permitted by the GDPR and applicable laws, such as when the processing is necessary for us to comply with our legal obligations.
Categories of personal information
The categories of personal information that we process are email addresses required for logging in, associated passwords, and form content you may choose to fill in, and the small dialogue groups in which you participate as convened by you or other members.
Recipients of your personal information
We use various service providers to manage our website and provide services such as AWS hosting and ConstantContact.com for managing certain e-mail communications. Our service providers change from time to time. Note that our service providers have entered into contracts with us that restrict what they can do with your personal information.
Information regarding the transfers of personal data outside of the European Economic Area (EEA)
Bright Plaza’s main administrative offices are based in the USA and that’s where we process personal information collected through our website according to the terms and conditions of our website provider, AWS. The USA does not have an adequacy decision from the European Commission, which means that the Commission has not determined that the laws of the USA provide adequate protection for personal information. Although the laws of the USA do not provide legal protection that is equivalent to EU data protection laws, we safeguard your personal information by treating it in accordance with this GDPR Privacy Notice. We take appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. We use secure transmission methods to collect personal data through our website. We also enter into contracts with our data processors that require them to treat personal information in a manner that is consistent with this Notice.
Retention period for personal information
How long we retain personal information varies according to the type of information in question and the purpose for which it is used. We delete personal information within a reasonable period after we no longer need to use it for the purpose for which it was collected (or for any subsequent purpose that is compatible with the original purpose). This does not affect your right to request that we delete your personal data before the end of its retention period. We may archive personal data (which means storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures.
Your data subject access rights
You have the right to access to your personal data which is fully recorded on your dashboard once logged in, to have your personal data deleted, to withdraw any consent that you have given to the processing of your personal data (without affecting the lawfulness of the processing prior to your withdrawal of consent) and to object to our processing of your personal data. You also have the right of data portability which means that you can log in and copy down the data from your dashboard. Your rights may be subject to various limitations under the GDPR. If you wish to exercise any of these rights, or if you have any concerns about our processing of your personal data, please contact us in the way listed in the section “How to Contact Us” in our general Privacy Notice.
The right to lodge a complaint with a supervisory authority
You have the right to file a complaint concerning our processing of your personal data with your national (or in some countries, regional) data protection authority. The EU Commission has a list here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. The data protection authority for the United Kingdom is the Information Commissioner’s Office (https://www.ico.org.uk). The federal data protection authority for Switzerland is the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/task.html.
Absence of statutory or contractual requirement or other obligation to provide any personal data
Users of our website are under no statutory or contractual requirement or other obligation to provide personal information to us, but it will not be possible to receive communications from us or register for or participate in our website events without doing so.