This article explains the data collection and related privacy policy for data collected by BrightCarbon’s BrandIn SaaS product.

BrandIn is an add-in for PowerPoint which provides users with access to a curated library of assets hosted in the customer’s tenant, and a suite of productivity tools.

There are two product variants as follows:

• V1 is a client side application without internet connectivity.
• V2 is a cloud-based SaaS product offering, with the app hosted on Microsoft Azure, within the BrightCarbon tenant.

This data privacy policy relates to V2 since V1 does not collect or store any data.

Why is data collected?

Data is collected for the purpose of managing user licences, provide customers with their deployment insights dashboard, keep BrightCarbon products up-to-date, detect, diagnose and fix problems, and also to make product improvements. The data collected does not include any presentation content within user’s files, or information about software unrelated to BrightCarbon products.

What data is collected?

The following data is collected from all users interacting with the BrandIn SaaS product:

Telemetry data

BrandIn is designed to operate entirely within a client’s SharePoint tenant. Customers may request usage data for the solution within their environment. To facilitate this request, a limited set of anonymised diagnostic data may be enabled by the BrandIn solution administrator. The diagnostic data collected is stored within the customer’s environment and accessible via the BrandIn Insights dashboard. Examples of the usage data collected in this case include the number of Brand Assets inserted over time (slides, pictures, icons, graphics), the number of times Brand Check has been run, the number of corrections made by Brand Check, how often help resources were accessed.

Does BrightCarbon process sensitive personal/organisation data?

No.BrightCarbon never accesses any sensitive data such as personal information other than work-related user names and email addresses. BrightCarbon never accesses company/organisation private data and/or intellectual property in the for of presentation content and the/or the graphical assets stored in the customer’s tenant.

Where is the data stored?

BrightCarbon uses Microsoft Azure to store the diagnostic data in a Mongo database. BrightCarbon choose the location of the data to be in Europe as this is where the strongest protection is offered for users via the EU implementation of GDPR laws. The Microsoft Azure privacy policy can be found here.

How can I see what data is collected?

Subscribing customers may view their Insights dashboard for their deployment in order to view licence and usage data for their tenant. This includes the number of users occupying licence seats, their name and email address, and anonymised collated data about how the BrandIn product is being used.

To view all data collected, please have your data privacy office make a formal request to BrightCarbon via email at privacy@brightcarbon.com

Who has access to the data?

BrightCarbon employees in the product group have access to the data for the purposes of maintaining the service and providing billing information to the operations team. Furthermore, BrightCarbon exclusively uses FTEs across the entire company and do not hire freelances or contractors. Data collected by the BrandIn SaaS product is never shared with non-BrightCarbon entities, with the exception of a formal request made by a subscribing customer.

Is BrightCarbon a data processor or controller?

For the purpose of delivering the BrandIn SaaS product to its customers as per subscription agreements and contracts, BrightCarbon acts as a data processor.

How can customers contact the DPO at BrightCarbon?

You can contact us via post or email as follows:

Karl Parry | Data Privacy Officer
BrightCarbon Ltd.
Digital World Centre,
1 Lowry Plaza,
The Quays,
MediaCity,
Manchester M50 3UB.
United Kingdom

privacy@brightcarbon.com