Privacy Policy

1. Introduction

BrightSpark OÜ (from now on: BrightSpark, register code 12132735) values the privacy of its customers, partners and employees, and makes every effort to ensure that their personal data is processed legally and securely. These Data Protection Terms are for you to have an overview of how we collect, use, store and share your personal data.

2. Controller

Controller of personal data is BrightSpark.
Phone number: +372 654 4430,
E-mail address:,
Head Office postal address: Meistri 22, 13517 Tallinn.

3. What is personal data?

Personal data is any information that can identify a person directly or indirectly – identification number, name, mobile number, e-mail address or online identifier etc.

4. How do we obtain your personal data?

1. We obtain your personal data when you contact us using the general or specialist email address of our company, send us a letter by post or enter a question in the appropriate form on our website;
2. Apply to work for us.

5. Categories of personal data we process

Our clients are mainly other companies. Therefore, the personal data we process is your name and work contacts, such as work phone number, email address and company name where you work. By applying to work for us and sending us your CV,

we will process your personal data contained in your CV, including experience, education, previous jobs, place of residence etc. We assume that we can communicate with the persons whom the candidate has described as his/her references without additional permission.

6. Special categories of personal data

Special categories of personal data is data which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health etc

BrightSpark does not collect or process your special categories of personal data. If you have submitted personal data of special categories to us, we will stop processing it as soon as possible.
We do not collect information about children.

7. Purposes and basis of processing personal data

BrightSpark processes personal data if it has a legal basis and only for as long as necessary to meet the purpose of the processing or the legal requirements.
If you have contacted us on any other subject, provided us with your contact information and expecting to receive

an answer from us, then the purpose and duty of processing your personal data is to provide an answer to you and this is based on our, the data controller’s, legitimate interest. Data from non-selected candidates, including CVs,

will be deleted after the competition has ended, unless we have a written consent from the candidate to maintain it for a reasonable period of time for possible future competitions.

8. How we process and maintain your personal data?

Your letter that contains personal data will be forwarded to the people concerned, depending on the content of your message. Your personal data is processed in Estonia.

We also process your personal data when it is required by the legislation. In such case, we will store personal data according to the maintaining periods required by legislation.

9. How do we protect your personal data?

We protect your personal data by applying all relevant organisational, physical and technical security measures, but 100% safety can never be guaranteed.

10. Sharing data

We do not share your personal data with third parties, unless sharing is necessary to comply with legal requirements.

11. Use of cookies

We use cookies on our website, which help us to provide a convenient web page navigation for the users.

_ga Google Analytics Tracking: is used to evaluate the user’s visit goal, to generate website activity reports for website operators and improve customer experience.
Expiration – 2 years
Category – Performance Cookies
_gcl_au Unclassified cookies are cookies that we are still classifying with individual cookie providers.
Expiration – 3 months
_gid Google Analytics Tracking: is used to differentiate users, to analyse your browsing behaviour and computer mouse movement.
Expiration – 24 hours
Category – Performance Cookies
_icl_current_language WordPress WPMLi multilingual plug-in: this cookie saves the language of the client to navigate the website.
Expiration – 24 hours
Category – Necessary cookies
wpml_referer_url WordPress WPML-generated cookie that stores the url of the previous page.
Expiration – 24 hours
Category – Necessary cookies

12. Your rights

According to the European Union General Data Protection Regulation (“GDPR”)

you have the following rights:

  • Right to obtain information and have access to your personal data;
  • Right to erasure of personal data (“right to be forgotten”) and rectification of inaccurate personal data;
  • Right to restriction of processing personal data;
  • Right to personal data portability;
  • Right to object to processing of personal data;
  • Right to give and withdraw consent to processing personal data at any.

GDPR also provides for a number of restrictions on the corresponding rights.

With all of the questions relating to the processing of your personal data and the exercise of your rights, you can contact BrightSpark using the following contact detail:

Email address:

BrightSpark will provide information within 30 days of the receipt of the request. BrightSpark may extend that period by 60 further days, if more time is required to respond to the request, informing you about it.

You have the right to contact the Estonian Data Protection Inspectorate, if you believe that the way BrightSpark processes your personal data is contrary to the law governing the processing of personal data. The contact details are available on their website:

13. Changing the terms and conditions of data protection

BrightSpark reserves the right to change the data protection terms at any time and unilaterally.

Data protection terms and conditions apply from May 24, 2018.

Do you have a question?

Ask us