Last updated: February 2026

1. Data Controller Information

2. Information We Collect

2.1 Personal Information You Provide

• Contact Details: Name, email address, phone number, postal address
• Service Information: Property details, service requirements, appointment preferences
• Payment Information: Billing address, payment method details (processed securely by third-party providers)
• Communication Records: Emails, phone calls, chat messages, service feedback
• Emergency Contact Information: For emergency call-out services

2.2 Information Collected Automatically

• Website Usage: IP address, browser type, pages visited, time spent on site
• Device Information: Device type, operating system, screen resolution
• Location Data: General location for service area determination (with consent)
• Cookies and Tracking: See our Cookie Policy for detailed information

2.3 Information from Third Parties

• Referrals: Contact information from referral partners or existing customers
• Credit Checks: Financial information for large installations (with consent)
• Certification Bodies: Relevant Polish and EU regulatory bodies

3. How We Use Your Information

3.1 Service Delivery

• Providing quotes and estimates for requested services
• Scheduling and conducting installations, repairs, and maintenance
• Processing payments and managing billing
• Providing customer support and after-sales service
• Managing warranty claims and service guarantees

3.2 Communication

• Responding to inquiries and service requests
• Sending appointment confirmations and reminders
• Providing service updates and completion notifications
• Sending important safety or regulatory information
• Marketing communications (with consent)

3.3 Business Operations

• Improving our services and customer experience
• Training staff and quality assurance
• Compliance with legal and regulatory requirements
• Fraud prevention and security
• Business analysis and planning

3.4 Legal Compliance

• Regulatory compliance reporting as required by law
• Building regulations compliance
• Health and safety record keeping
• Tax and accounting requirements
• Insurance and liability documentation

4. Legal Basis for Processing

5. How We Share Your Information

5.1 Service Providers

• Payment Processors: Secure payment handling (Stripe, PayPal, etc.)
• Cloud Services: Data storage and backup providers
• Communication Tools: Email and SMS service providers
• Scheduling Software: Appointment management systems
• Accounting Services: Bookkeeping and tax preparation

5.2 Regulatory Bodies

• Regulatory bodies: Engineer certification and sector-specific compliance
• Local Authorities: Building and technical regulations compliance
• Tax authorities: Tax reporting as required by law

5.3 Legal Requirements

• Court orders and legal proceedings
• Law enforcement requests
• Health and safety investigations
• Insurance claims and investigations

5.4 Business Transfers

In the event of a merger, acquisition, or sale of business assets, your personal data may be transferred to the new owner, subject to the same privacy protections.

6. Data Retention

7. Your Data Protection Rights

Under the GDPR (RODO), you have the following rights:

8. Data Security

8.1 Technical Measures

• SSL/TLS encryption for data transmission
• Encrypted data storage and backups
• Regular security updates and patches
• Firewall and intrusion detection systems
• Multi-factor authentication for staff access

8.2 Organizational Measures

• Staff training on data protection
• Access controls and need-to-know basis
• Regular security audits and assessments
• Incident response procedures
• Secure disposal of data and equipment

8.3 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the supervisory authority (UODO) within 72 hours and inform affected individuals without undue delay.

9. International Data Transfers

We primarily process data within Poland and the EEA. When we use service providers outside the EEA, we ensure adequate protection through:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Certification schemes and codes of conduct
• Binding corporate rules where applicable

10. Cookies and Online Tracking

Our website uses cookies and similar technologies to improve your experience. For detailed information about our use of cookies, please see our Cookie Policy.

10.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality
• Analytics Cookies: Help us understand website usage
• Marketing Cookies: Used for targeted advertising (with consent)
• Preference Cookies: Remember your settings and preferences

11. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

12. Marketing Communications

12.1 Consent

• We only send marketing emails with your explicit consent
• You can withdraw consent at any time
• Existing customers may receive service-related communications

12.2 Unsubscribing

• Click the unsubscribe link in any marketing email
• Email us at contact@brightwave-global.com
• Call us during business hours
• Write to our registered address

13. Complaints and Concerns

If you have concerns about how we handle your personal data:

1. Contact Us First: Email contact@brightwave-global.com or write to our registered address
2. Supervisory Authority: If unsatisfied, you have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO)

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:

• Post the updated policy on our website
• Update the "Last updated" date
• Notify you of significant changes via email or website notice
• Obtain new consent where required by law

15. Contact Information

For any questions about this Privacy Policy or our data practices, please contact us: