Privacy & Cookie Policy

1.1. This Privacy Notice explains how Brighter Applications Ltd and Goxhill IT (a local trading name of Brighter Applications Ltd.) collects, uses, shares and otherwise processes your Personal Data in accordance with applicable data privacy laws, in particular the DPA 2018 and the General Data Protection Regulation ("GDPR").

1.2. The information published here applies to the personal information (also known as 'Personal Data') that we collect about:

• Visitors to our website
• Subscribers to our online systems including holders of BrappsCRM™ accounts

2.1. The term "Personal Data" as used in this Data Protection Privacy Notice means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute Personal Data, including name, date of birth, residential address, identification number, location data or online identifier.

2.2. Personal Data does not include data from which you can no longer be identified such as anonymised aggregate data.

3.1. We collect data through:

• Website Visitors: Cookies (general browsing), Contact Forms, Mailing List sign-ups.
• Registered Users (BrappsCRM™): Account creation (name, email, password), Business details (if applicable), Project details submitted, Billing & Transaction information, Communications via the portal or support desk.

4.1. The kinds of Personal Data we may collect include:

• Your contact details (such as your address, email address and telephone number);
• Account credentials (username/email, hashed password);
• Business details (Company Name, Address, VAT number if applicable - for Business Accounts);
• Project-specific information you provide;
• Other materials we may need for our identification and compliance obligations;
• Complaints or disputes you may have had with us and details of the underlying transaction (where applicable);
• Sales and marketing information (e.g., preferences, communication history);
• Financial information and transactions records;
• Records of correspondence and other communications between you and Brighter Applications Ltd representatives;
• Information that we need to support our regulatory obligations;
• Technical data (IP address, browser type, device type - collected via cookies/analytics/server logs).

5.1. What are cookies?

Cookies are small text files placed on your device (computer, phone, tablet) when you visit a website. They help the website remember information about your visit, which can make your next visit easier and the site more useful to you. Cookies contain anonymous information like a unique identifier and the site name.

5.2. How we use cookies:

We use cookies for several essential functions and to understand how visitors use our site:

• Necessary Cookies: These are essential for the website to function correctly. They enable core functionality such as user login sessions, security, remembering your cookie consent preference (so you don't see the banner repeatedly), and potentially remembering display preferences (like keeping the footer collapsed). Our website cannot function properly without these cookies.
• Analytics Cookies: We use Google Analytics cookies to collect anonymous information about how visitors use our website (e.g., which pages are visited most often, how users navigate the site, approximate location based on IP address). This helps us analyse traffic, understand user behaviour, and improve our website and services. Your IP address may be transmitted to Google as part of this process. (See Section 7 'Data Sharing and Third Parties' below for more on Google Analytics).

5.3. Your Consent:

As stated in our cookie banner, your continued use of this website constitutes acceptance of our use of these necessary and analytics cookies.

5.4. Managing Cookies:

Most web browsers allow some control over cookies through the browser settings. You can usually set your browser to block certain cookies, clear existing cookies, or notify you when a cookie is set. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org. Please note that if you block essential cookies, parts of our website may not function correctly.

6.1. We will process your Personal Data if and to the extent applicable law provides us with a lawful basis to do so. Therefore, we will only process your Personal Data on the following grounds:

• Consent - you have consented to us using your data (e.g., for marketing emails via opt-in).
• Contract - we need it to perform the contract we have entered into with you (e.g., Providing website services, managing BrappsCRM™ accounts/projects, processing payments).
• Legal Obligation - we need it to comply with a legal obligation (e.g., Financial record keeping for 7 years, identity verification).
• Legitimate Interest - we have a legitimate interest which is not overridden by your interests or fundamental rights and freedoms (e.g., Improving services, website analytics, responding to enquiries, informing clients about relevant services (with opt-out), security monitoring).

6.2. We will use your Personal Data primarily to deliver services to you and/or to fulfil our contractual obligations. We may also use your Personal Data to inform you about us and our services (where permitted) or otherwise communicate with you as necessary.

6.3. Please note that we may use or disclose Personal Data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.

7.1. When using your Personal Data for the purposes and on the legal basis described above we may share your Personal Data with specific third-party service providers who assist us in operating our website, conducting our business, or servicing you. These include: Payment processors (Stripe), Hosting providers (AWS), Domain registrars (ENOM), Analytics providers (Google), and Email service providers (Google). We ensure these third parties apply appropriate security measures to data processing activities.

7.2. **International Transfers:** For the purposes described above, we may occasionally transfer your Personal Data from the European Economic Area (EEA) or the UK to a third party outside of these areas, potentially in a jurisdiction not subject to an adequacy decision. In such cases, we will ensure there is a legal basis and appropriate safeguards (such as Standard Contractual Clauses) for such data transfer, ensuring your Personal Data is treated consistently with UK and EU data protection laws.

7.3. Third Parties: Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. ('Google'). Google Analytics uses cookies to help analyse how users use the site. The information generated by the cookie (including your IP address) will be transmitted to and stored by Google on servers, potentially outside the UK/EEA. Google uses this information to evaluate website usage, compile activity reports, and provide other related services. Google may transfer this information to third parties if required by law or where they process data on Google's behalf. Google states it will not associate your IP address with other data held. By using this website, you consent to Google processing data about you as described above.

8.1. We take the safety and protection of your personal data very seriously and implement appropriate technical and organisational measures to ensure your data is protected against unauthorised or unlawful processing, accidental loss, destruction, or damage.

8.2. We work with our IT and storage providers to maintain the ongoing confidentiality, integrity, availability, and resilience of processing systems.

8.3. Access to your data is restricted to authorised staff and third parties on a need-to-know basis.

8.4. We utilize appropriate technology, procedures, and training to keep your personal data secure from collection until it is securely destroyed or anonymised.

9.1. We will only retain your Personal Data for as long as is necessary to fulfil the purposes for which it was collected, including satisfying any legal, regulatory, accounting, or reporting requirements, or for the establishment, exercise, or defence of legal claims.

9.2. Key retention periods include:

• Customer/Financial Records: 7 years after the end of the customer relationship (for tax/legal compliance).
• Account Data: For the duration the account is active, plus a limited period post-deletion as required for backups or legal obligations.
• Contact Form/Prospect Data: Until the enquiry is resolved and deemed no longer relevant, or until deletion is requested.
• Analytics Data: 26 months.

9.3. To determine the appropriate retention period, we consider the amount, nature, sensitivity, potential risk of harm, processing purposes, possibility of achieving purposes through other means, and legal requirements. In some circumstances, we may anonymise your Personal Data so it can no longer be associated with you.

9.4. Upon expiry of the applicable retention period, we will securely destroy your Personal Data.

10.1. You have rights as an individual which you can exercise under certain circumstances in relation to your Personal Data that we hold. These rights include the right to:

• Request access to your Personal Data (a "subject access request") and information about its processing;
• Request rectification of inaccurate Personal Data;
• Request the erasure of your Personal Data (the "right to be forgotten");
• Request the restriction of processing of your Personal Data;
• Object to the processing of your Personal Data (particularly for direct marketing);
• Request the transfer of your Personal Data (data portability) to another organisation or directly to you, under certain conditions.

10.2. **Complaints:** You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (https://ico.org.uk/). We would, however, appreciate the chance to deal with your concerns first.

10.3. **Subject Access Requests (SARs):** If you wish to receive a copy of your personal data, please contact us (see Section 15). Once we have verified your identity, we will respond within one calendar month. SARs are typically free, but we may charge a reasonable administrative fee for requests that are manifestly unfounded, excessive, or repetitive.

10.4. Right to Withdraw Consent

Where we rely on consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before consent was withdrawn. If you withdraw consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If we process your Personal Data for direct marketing purposes, you can object at any time, and we will cease processing for such purposes.

11.1. It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us, primarily through updating your details in your BrappsCRM™ account where applicable.

12.1. Providing Personal Data is generally voluntary. However, if you do not provide Personal Data required for specific purposes (e.g., account creation, service delivery, contractual obligations), we may not be able to provide you with information, accept an engagement, or enter into/fulfil a contract with you.

13.1. We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason compatible with the original purpose. If we need to use it for an unrelated purpose, we will notify you and explain the legal basis.

13.2. We may anonymise your Personal Data for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

14.1. Brighter Applications Ltd reserves the right to update this Privacy Notice at any time. We will make an updated copy available on our website and may notify you of significant changes via email or your BrappsCRM™ account.

14.2. This Privacy Notice was last updated in October 2025.

15.1. Brighter Applications Ltd is the data controller responsible for your Personal Data. If you have any queries, questions, concerns, or require further information regarding this Privacy Notice, or wish to exercise any of your data protection rights, please contact us:

Via our website contact form

Or write to us at:

Data Protection Query
Brighter Applications Ltd (trading as Goxhill IT)
Arkle House, Chapel Street
Goxhill, Barrow-Upon-Humber
North Lincolnshire DN19 7JJ
United Kingdom