Last updated:  4 November 2025

This GDPR Privacy Notice (the “GDPR Notice”) supplements our Privacy Policy. When we use the term “Brilliance” or “we,” “us,” or “our”, we mean to refer to Brilliance Financial Technology and its affiliates.  

If you are located in the European Union (EU), United Kingdom, Lichtenstein, Norway, or Iceland (“European Individuals”), you may have additional rights with respect to your Personal Data under the General Data Protection Regulation (“EU GDPR”), and/or the EU GDPR as saved into United Kingdom law by the United Kingdom’s European Union (Withdrawal) Act 2018 (“UK GDPR”) (collectively with the EU GDPR, the “GDPR”), as set forth in this GDPR Notice. 

In this GDPR Notice, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to identify a person, and “processing” generally refers to actions that can be performed on data such as its collection, use, storage or disclosure. Brilliance will usually be the controller of your Personal Data processed in connection with the Website and Services.  

Where applicable, this GDPR Notice is intended to supplement, and not replace, our Privacy Policy. If there are any conflicts between the GDPR Notice and the other parts of the Privacy Policy, and you are located in the EU, United Kingdom, Lichtenstein, Norway, or Iceland, the provision that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this GDPR Notice or whether any of the following rights apply to you, please contact us at https://bxfin.com/contact-us/ with the subject line “GDPR Request.” 

Our Role in Data Processing:  

The entity responsible for the collection and use of your Personal Data when you use the Website or otherwise interact with us in any way is Brilliance, which for purposes of General Data Protection Regulation and the UK Data Protection Act 2018, is the data controller. Brilliance is also the data controller with respect to certain Personal Data it processes for its own purposes, such as for improving, developing, and securing the Website.  

The entity responsible for the processing of customer data provided by our customers in connection with their use of Brilliance’s products and services is Brilliance, which for purposes of General Data Protection Regulation and the UK Data Protection Act 2018, is the data processor. Brilliance processes such customer data as a “data processor” in accordance with its customer agreements. 

Capitalized terms not defined herein have the meanings given to them in our Privacy Policy. 

1. Types of Personal Data we Collect 

We currently collect and otherwise process the categories of Personal Data listed in the Section of our Privacy Policy titled “The Information We Collect And/Or Receive.” 

2. How we Obtain the Personal Data and Why we Have it 

We collect and/or receive the Personal Data in the ways and for the purposes listed in the Section titled “The Information We Collect And/Or Receive” and Section titled “How We Use and Share The Information?” of our Privacy Policy. We will only process your Personal Data if we have a lawful basis for doing so. Under the GDPR, the lawful bases we rely on for processing this information are: 

     a) Your Consent 

In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection. You can remove your consent at any time. You can do this by contacting us at https://bxfin.com/contact-us/ with the subject line “GDPR Request.” 

     b) We Have a Contractual Obligation 

We process certain categories of Personal Data as a matter of “contractual necessity,” meaning that we need to process the data in order to provide you with the Website or to fulfill your request. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Website that require such data. These categories of Personal Data are: 

•     ● Contact Information; 
•     ● Job Application Information;  
•     ● Internet or other electronic network activity information;  
•     ● Marketing and communications information; and 
•     ● Information Obtained from Other Sources. 

     c) We Have a Legitimate Interest 

We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties: 

•     ● Contact Information; 

•     ● Job Application Information;  

•     ● Internet or other electronic network activity information;  

•     ● Marketing and communications information; and 

•     ● Information Obtained from Other Sources. 

Our legitimate interests are: 

•     ● Information Security: We process identifiers and contact information and internet or other electronic network activity information when you use Website in order to maintain an audit log of activities performed. We use this information pursuant to our legitimate interests in tracking usage, combating DDOS or other attacks, and removing or defending against malicious individuals or programs.  

•     ● Operation and Improvement of Website: We process internet or other electronic network activity information pursuant to our legitimate interest in operating and improving our Website.  

•     ● Audience Measurement and Marketing: Pursuant to a user’s consent, we use analytics and targeting cookies, and collect identifiers through such cookies, for purposes of audience measurement, analytics, audience reaction to the Website, and creating relevant user experiences. 

•     ● General Business Development and Management: We process contact information, internet or other electronic network activity information, marketing and communications information and information obtained from other sources pursuant to our legitimate interest in creating and managing our business relationships with European Individuals, including without limitation: 

•                ◦ To respond to inquiries from European Individuals;  

•                ◦ To provide European Individuals with information about our products and services; and 

•                ◦ To assist European Individuals with any issues while using the Website. 

•     ● Direct Marketing: Generally, we send email marketing to European Individuals pursuant to their consent. When you use the Website, email marketing may be sent to you pursuant to our legitimate interest in sending marketing communications to you in the context of such engagement. 

•     ● Protection of Rights: We may disclose any categories of Personal Data to respond to claims of violation of third party rights or to enforce and protect our rights. 

     d) We Have a Legal Obligation 

We may be required to disclose Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose Personal Data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas. 

3. How we Share Your Personal Data 

The Section of our Privacy Policy titled “How we Use and Share he Information?” explains how we share your Personal Data with third parties. 

4. How we Store and Protect Your Personal Data 

We use commercially reasonable administrative, technical, and physical safeguards to protect your Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, for which we take into account the nature of the Personal Data, its processing, and the threats posed to it. Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us via https://bxfin.com/contact-us/ with the subject line “GDPR Request.” 

We retain your Personal Data for as long as needed to fulfill the purposes for which we obtained it, as further described in this Privacy Policy. We will only keep your Personal Data for as long as allowed or required by law. 

5. Your Data Protection Rights 

You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please contact us at https://bxfin.com/contact-us/ with the subject line “GDPR Request.” You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request. 

•     ● Right of access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.  

•     ● Right to rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.  

•     ● Right to erasure: You can request that we erase some or all of your Personal Data from our systems.  

•     ● Right to restriction of processing: You have the right to ask us to restrict the processing of your Personal Data.  

•     ● Right to object to processing: You have the the right to object to the processing of your Personal Data in certain circumstances. 

•     ● Right to data portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible. 

•     ● Right to withdraw consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize our Website and/or some or all of the Services. 

•     ● Objecting to Legitimate Interest/Direct Marketing: You may object to Personal Data processed pursuant to our legitimate interest. In such case, we will no longer process your Personal Data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your Personal Data for direct marketing purposes by clicking “Unsubscribe” within an automated marketing email or by submitting your request at https://bxfin.com/contact-us/ with the subject line “GDPR Request.” In such case, your Personal Data will no longer be used for that purpose. 

We will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We reserve the right to keep any information in our archives that we deem necessary to comply with our legal obligations, resolve disputes and enforce our agreements. Please note that all of these rights are subject to applicable exemptions and restrictions, and are not absolute rights. If we need to rely on these exemptions or restrictions, we will provide this information to you in our response.  

6. How to Complain 

If you have any concerns about our use of your Personal Data, you can make a complaint to us at https://bxfin.com/contact-us/ with the subject line “GDPR Request.” 

You also have the right to lodge a complaint about the processing of your personal data with a supervisory authority of the European state where you work or live or where any alleged infringement of data protection laws occurred. A list of most of the supervisory authorities can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. 

7. Corporate Restructuring 

In the event of a merger, reorganization, dissolution, or similar corporate event, or the sale of all or substantially all of our assets, the information that we have collected, including Personal Data, may be transferred to the surviving or acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such Personal Data as set forth in this GDPR Notice.  

8.Transfers of Personal Data 

When we transfer personal data outside of the European Union, United Kingdom, Lichtenstein, Norway, or Iceland, we ensure an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country’s data protection laws and contractual obligations placed on the recipient of the data. To request more information, please contact us at https://bxfin.com/contact-us/. 

9. Updates to this GDPR Notice 

If, in the future, we intend to process your Personal Data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this GDPR Notice, and the “Last Updated” at the top of this page will be updated accordingly.  

10. Our Contact Information 

Please reach out to us at https://bxfin.com/contact-us/mailto:contact@bracket.fi for any questions, complaints, or requests regarding this GDPR Notice, and include in the subject line “GDPR Request.”