Effective date: February 28, 2025
Last updated: March 10, 2025
1. Introduction
Brilliant View is a product developed by Brilliant AS. We are committed to protecting your privacy and ensuring the safe and transparent handling of your personal data. This Privacy Policy explains how we collect, use, store, and protect your data.
2. Data We Collect
We collect the following types of data:
Personal Data: Name, date of birth, email address, and telephone number.
Usage Data: IP address, browser type, device information, and usage patterns within Brilliant View.
Data from Third-party Integrations: Information retrieved from external services through API connections enabled by the customer. Customers are responsible for managing API token access levels. Consent for data retrieval from third-party integrations is given by the customer upon connecting to the API.
Brilliant AS explicitly disclaims responsibility for data obtained through third-party integrations beyond the general security measures described in this privacy policy. The Customer is solely responsible for ensuring integrations comply with their internal requirements and for any consequences arising from misuse or unauthorized access to API tokens.
Support Requests: Information provided when contacting customer support.
3. How We Use Your Data
We process your data to:
Provide access to and maintain Brilliant View.
Deliver personalized user experiences and dashboards.
Analyze usage to enhance performance and functionality.
Provide customer support and respond to inquiries.
Comply with legal obligations and protect our rights.
4. Legal Basis for Processing
In accordance with GDPR, we process data based on:
Consent: When you explicitly permit us for specific purposes.
Contractual Necessity: To fulfill our service agreements.
Legitimate Interest: To improve our services while carefully balancing your privacy interests.
Legal Obligations: When required by law.
5. Storage and Security
Data is securely stored in Microsoft Azure data centers within the EU, preferably Norway East.
Data is processed and retained until explicitly requested deleted by the customer or for up to 6 months after termination of the service agreement.
Security measures include encryption, backup procedures, network security, Single Sign-On (SSO) with Microsoft 365, and regular security audits.
Access to personal data is restricted to authorized personnel, with logs maintained for users granted elevated access.
Brilliant AS shall not be liable for any loss of data or other consequences resulting from the Customer’s or User’s own actions, including but not limited to negligent handling of login credentials or inadequate security measures on their own devices or systems.
6. Data Sharing
We do not sell personal data. We may share data with:
Service Providers: For hosting, analytics, and support under strict data processing agreements.
Authorities: When legally obligated.
Business Partners: Only with your explicit consent.
7. Your Rights
Under GDPR, you have the following rights:
Access: Obtain a copy of your personal data.
Rectification: Correct inaccurate or incomplete data.
Deletion: Request deletion of your data.
Restriction: Limit data processing under specific circumstances.
Data Portability: Receive data in a structured and transferable format.
Objection: Object to data processing on legitimate grounds.
Requests can be submitted to: post@brilliant.no
8. Cookies
Brilliant View uses cookies to:
Maintain sessions and user preferences.
Analyze site traffic and improve performance.
Enhance security features.
You may manage cookie settings in your browser. Brilliant AS shall not be held responsible for any consequences arising from the Customer’s own settings related to cookies, including functional limitations if cookies are disabled or restricted by the Customer.
9. International Data Transfers
If data is transferred outside the EU/EEA, we ensure:
Compliance with Standard Contractual Clauses (SCCs) and other relevant security measures.
Adherence to applicable privacy laws.
Brilliant AS shall not be responsible for any unintended data transfers outside the EU/EEA caused by Customer-initiated integrations, API connections, or other actions directly taken by the Customer.
10. Data Processing and Retention
Data is retained only as long as necessary for the purposes described in this policy or as required by law.
When no longer required, data is securely deleted or anonymized.
Brilliant AS will use reasonable measures to securely delete or anonymize data when it is no longer required. Brilliant AS is not responsible for the storage or security of data exported or stored by the Customer outside of Brilliant AS’s systems.
11. Procedures for Data Breaches
Brilliant AS has established clear procedures for managing data security breaches. Upon detecting a breach, we immediately implement measures to mitigate harm, notify the Norwegian Data Protection Authority within 72 hours, and inform affected users without undue delay. Notifications to users include details of the incident, mitigation steps taken, and recommendations for protective actions.
Brilliant AS will notify the Customer of security breaches in accordance with GDPR requirements but explicitly disclaims responsibility for indirect or consequential losses or damages suffered by the Customer arising from such breaches, unless explicitly required under applicable laws.
12. Right to Withdraw Consent
You may withdraw your consent at any time by contacting us at post@brilliant.no. Upon receiving your request, we will cease processing based on your withdrawn consent unless another legal basis applies. Withdrawal does not affect the legality of data processing conducted prior to withdrawal.
13. Changes to This Privacy Policy
We may periodically update this Privacy Policy. Users will be informed of significant changes via email or notifications within the service.
14. Contact Information
For questions regarding this Privacy Policy or our data practices, please contact:
Brilliant AS
Skippergata 14, 7042 Trondheim, Norway
Email: post@brilliant.no
Telephone: +47 475 17 777
This Privacy Policy ensures compliance with GDPR and other applicable privacy laws.