This article explains the data collection and related privacy policy for data collected by BrightCarbon’s BrandIn SaaS product.
BrandIn is an add-in for Microsoft PowerPoint and Microsoft Word which provides users with access to a curated library of assets hosted in the customer’s tenant, and a suite of productivity tools.
There are two product variants as follows:
- BrandIn is a cloud-based SaaS product offering, with the app hosted on Microsoft Azure, and asset libraries hosted on customers’ SharePoint site(s).
- BrandIn On-Prem is a client side application without internet connectivity.
This data privacy policy relates to BrandIn since BrandIn On-Prem does not collect or store any data. Further information can be found in the BrandIn SaaS Agreement.
Why is data collected?
Data is collected for the purpose of managing user licences, providing customers with their deployment insights dashboard, keeping BrightCarbon products up-to-date, detecting, diagnosing and fixing problems, and also to make product improvements. The data collected does not include any PowerPoint or Word content within user’s files, or information about software unrelated to BrightCarbon products.
What data is collected?
The following data is collected from all users interacting with the BrandIn SaaS product:
| Description | Format | Example |
| Organisation ID | GUID | abcdef12-abcd-abcd-abcd-abcdef123456 |
| Tenant ID | GUID | abcdef12-abcd-abcd-abcd-abcdef123456 |
| Team ID | Hex 24 | abcdef0123456789abcdef01 |
| User ID | GUID | abcdef12-abcd-abcd-abcd-abcdef123456 |
| User Name | Plain Text | Joe Blogs |
| User Email | Plain Text | joe.blogs@brightcarbon.com |
| User Preferences | Various | language, dark mode |
| Telemetry | Various | session info, actions (see below) |
Telemetry data
BrandIn is designed to operate in conjunction with assets hosted entirely within a client’s tenant via one or more SharePoint sites. Customers may request usage data for the solution within their environment. To facilitate this request, a limited set of anonymised diagnostic data may be enabled by the BrandIn solution administrator. The diagnostic data collected is stored within the customer’s environment and accessible via the BrandIn Insights dashboard. Examples of the usage data collected in this case include the number of Brand Assets inserted over time (slides, pictures, icons, graphics), the number of times Brand Check has been run, the number of corrections made by Brand Check, how often help resources were accessed.
Does BrightCarbon process sensitive personal/organisation data?
No. BrightCarbon never accesses any sensitive data such as personal information other than work-related user names and email addresses. BrightCarbon never accesses company/organisation private data and/or intellectual property in the for of presentation content and the/or the graphical assets stored in the customer’s SharePoint site(s).
Where is the data stored?
BrightCarbon uses Microsoft Azure to store the diagnostic data in an Azure-hosted database. BrightCarbon has chosen the location of the data to be in Europe as this is where the strongest protection is offered for users via the EU implementation of GDPR laws. The Microsoft Azure privacy policy can be found here.
How can I see what data is collected?
Subscribing customers may view their Insights dashboard for their deployment in order to view licence and usage data for their tenant. This includes the number of users occupying licence seats, their role, name and email address, and anonymised collated data about how the BrandIn product is being used.
To view all data collected, please have your data privacy office make a formal request to BrightCarbon via email at privacy@brightcarbon.com
Who has access to the data?
BrightCarbon employees in the product group have access to the data for the purposes of maintaining the service and providing billing information to the operations team. Furthermore, BrightCarbon exclusively use FTEs (Full Time Employees) across the entire company and do not hire freelancers or contractors. Data collected by the BrandIn SaaS product is never shared with non-BrightCarbon entities, with the exception of a formal request made by a subscribing customer.
Is BrightCarbon a data processor or controller?
For the purpose of delivering the BrandIn SaaS product to its customers as per subscription agreements and contracts, BrightCarbon acts as a data processor.
How can customers contact the DPO at BrightCarbon?
You can contact us via post or email as follows:
Karl Parry | Data Privacy Officer
BrightCarbon Ltd.
Digital World Centre,
1 Lowry Plaza,
The Quays,
MediaCity,
Manchester M50 3UB.
United Kingdom
privacy@brightcarbon.com
- Share this
Join the BrightCarbon mailing list for monthly invites and resources
Tell me more!