Privacy Policy

Global Consumer Privacy Notice

Chestnut Hill Academy (and its parent company, Bright Horizons) is committed to protecting the confidentiality, integrity and security of your personal information and we take this responsibility very seriously. This privacy policy covers Chestnut Hill Academy’ practices for collecting and processing information about its customers, prospective customers, employees, subcontractors/suppliers, students/apprentices, website visitors and job applicants. For simplicity throughout this Notice, ‘we’, ‘us’ and ‘our’ means Bright Horizons and ‘you’ or ‘your’ means Consumer.

Who controls your personal information?

In the United States, Canada, and India, Chestnut Hill Academy Family Solutions LLC (through its related affiliates) is the data controller for the information collected about you. Our world headquarters are located at 200 Talcott Avenue South, Watertown, Massachusetts 02472, USA. Bright Horizons has a Global Privacy Officer. Q's? Email dataprivacy@brighthorizons.com

Why do we collect your personal information?

We limit the collection of your personal information to what is necessary. Below we have highlighted the main reasons for collection:

Fulfill or meet the reason you provided the personal information to us.
Respond adequately to your requests for Services or information.
Provide Services to you and/or your dependents.
Personalize, enhance, and support your website experience and/or the Services.
Create, maintain, customize, and secure your account with us.
Facilitate and process purchases, financial transactions and payments.
Provide information regarding our Services and areas of interest to you.
Research and analyze existing Services for training and quality purposes and develop new Services.
If you receive our Services as an employee benefit, to aid your employer in the administration of the employee benefit.
Comply with laws, regulations and sector standards.
Protect the security of our technology and data.
Fulfil tax, reporting, and other financial requirements and obligations.
Prevent or detect unlawful acts.
As described to you when collecting your personal information.
In relation to pandemics (for example COVID-19) or other state/national/international emergencies, to comply with our legal and regulatory obligations.

When do we collect your personal information?

There are a variety of contexts under which we will collect your personal information.

When you visit our websites or use our applications (apps) or social media, we collect your personal information from:

Monitoring your electronic visit and engagement with us.
The information you provide to us (for instance, by completing one of our webforms).
Learn more about how we use cookies and similar technologies by clicking here.

When you call us, we will collect your personal information from:

The information you provide to us.
Recording the calls, including the number you call from, for training and quality assurance purposes.

When you receive Services from us, we will collect your personal information from:

The information you provide to us.
Providing the Services to you such as completing forms, assessments and other documentation as part of the provision of Services.
Recorded images at locations with CCTV cameras.
Use of key fobs or swipe card to gain access to the Services.
Government agencies may provide us with personal information to support their regulatory obligations or investigations.

What personal information do we collect and process?

If you are a prospective consumer:

The personal information you provide to us. This personal information may include health related information relevant to determine the suitability of Services.
Details of your visits to our websites, apps, and social media, as well as information we gather from the use of cookies. To learn more about how we use cookies and similar technologies click here.
For locations with CCTV cameras, we may capture images.
Your contact details as provided to us by third party marketing companies (for individuals who have consented to receive marketing materials). You have the right to withdraw your consent at any time.

If you are a current or former consumer:

All personal information you provide to us. This personal information may include health related information relevant to the provision of Services or as required under law/regulation or health and safety policies.
Personalized registration username and passwords, and swipe card/key fob access records for Bright Horizons premises.
Details of your visits to our websites, apps, and social media, as well as information we gather from the use of cookies in your web browser. To learn more about how we use cookies and similar technologies click here.
For locations with CCTV cameras, we may capture images.
Access information when using key fobs or swipe cards.
Care and service records that may include for example: notes from meetings/calls; observations and assessments of you or your dependent’s activities while we provide services to them (e.g., illnesses, sleep, diaper changes, meals, medication, learning, interactions with others, and accidents); review and feedback on your or your dependent’s education/school applications; photographs to share with you for communication purposes, learning records or identification purposes; and utilization reports (including dates of service, user of service and reasons for service).
Government agencies may provide us with personal information to support their regulatory obligations or investigations.
Other personal information provided to us by third parties in order to meet our legal obligations.
Personal information about you and/or your dependent as necessary to respond to and defend legal claims or to pursue legal claims.

There are a variety of categories of your personal information that we collect. Depending upon whether you are a prospective or current Consumer also determines the personal information we process.

Categories of personal information we collect

Categories	Examples include:	Categories of Third Parties with whom we share (including Service Providers)	Criteria for determining retention period
Identifiers Click here for more information on the specific types of sensitive information which we collect / process or each service and the purposes for which we process that sensitive personal information.	Name, alias, postal address, email address, driver’s license number, unique personal identifier, online identifier, Internet Protocol address, or other similar identifiers.	Operating systems and platforms, IT developers, internet service providers, credit card/payment providers / financial institutions, insurers and professional advisers, government entities, employers providing the Services as a benefit to you and/or our business partners who may provide services you have requested.	As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims.
Formal Customer Records Click here for more information on the specific types of sensitive information which we collect / process for each service and the purposes for which we process that sensitive personal information.	Name, signature, physical characteristics or description, address, telephone number, driver’s license or state identification card number, education, employment, bank account number, credit card number, debit card number, or medical information.	Operating systems and platforms, IT developers, internet service providers, credit card/payment providers / financial institutions, insurers and professional advisers, government entities, employers providing the Services as a benefit to you and/or our business partners who may provide services you have requested.	As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims.
Commercial Information	Products or services purchased, obtained, considered, or other purchasing or consuming histories.	Operating systems and platforms, IT developers, internet service providers, credit card/payment providers / financial institutions, insurers and professional advisers, government entities, employers providing the Services as a benefit to you and/or our business partners who may provide services you have requested.	As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims.
Protected Characteristics Click here for more information on the specific types of sensitive information which we collect / process for each service and the purposes for which we process that sensitive personal information.	Protected Classification Characteristics including: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	Operating systems and platforms, IT developers, insurers and professional advisers, government entities, employers providing the Services as a benefit to you and/or our business partners who may provide services you have requested.	As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims.
Internet or other similar network activity	Browsing history, search history, information on your interaction with our website, application, or advertisements.	Advertising networks, internet service providers, data analytics providers, operating systems and platforms, IT developers and social networks. Information in this category may be shared with these categories of third parties by cookies placed on your device when you interact with our websites and applications. Learn more about how we use cookies and similar technologies by clicking here.	As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims.

Categories of sensitive personal information collected via an online account

Categories	Examples include:	Purposes of processing	Categories of Third Parties with whom we share (including Service Providers)	Criteria for determining retention period
Complete account access credentials	User names, account numbers; passwords.	To create, maintain and secure your online account with us.	Operating systems and platforms, IT developers, internet service providers.	As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims.
Childcare Services (Schools, Centers, Nurseries)
Child Personal Information: If you are enquiring about / requesting / receiving childcare services, you agree to the collection and processing of your child’s personal information as necessary for us to respond to your enquiry / request, and to provide the childcare services to you and your child in accordance with our legal obligations.
Health Data	Allergies, special educational needs, specific medical conditions, or pandemic related such as vaccinations or illness	To provide the services safely and/or in compliance with applicable law: for instance, to inform us of allergies, medicines, special physical or educational requirements, health conditions.	Operating systems and platforms, IT developers, internet service providers, insurers and professional advisers, government entities.	As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims.
Government identifiers	Driver's license; state ID card; passport number.	To provide the services safely and/or in compliance with applicable law: for instance, for any child care related services, to confirm your identity and parental responsibility / rights in connection with the child.	Operating systems and platforms, IT developers, internet service providers, credit card/payment providers / financial institutions, insurers and professional advisers, government entities.	As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims.
Back Up Care Services
If you are providing sensitive personal information on behalf of another person (such as an elderly parent who requires care), by providing that information, you confirm you are doing so with that person’s consent and for their benefit.
Health Data	Allergies, special educational needs or specific medical conditions, pandemic related such as vaccinations or illness	To provide the services safely and/or in compliance with applicable law for instance, to inform us of allergies, medicines, special physical or educational requirements, health conditions of the dependent.	Operating systems and platforms, IT developers, internet service providers, insurers and professional advisers, government entities, and/or our business partners who may provide services you have requested.	As long as is necessary for (1) the purpose for which it was collected; (2) as required under law; and (3) to defend legal claims.

We consider your personal information confidential and do not share it with anyone else except as described in this Notice. Bright Horizons does not sell your personal information (or that of your dependents) to third parties.

When you visit our websites, apps, and social media, we use cookies and similar technologies as permitted by law, including for targeting / behavioral advertising. Bright Horizons recognizes Global Privacy Control and Do Not Track for Social Media and Targeting cookies and similar technologies. Our Cookies and Similar Technologies Notice provides details about this collection and sharing, including how you are able to set your tracking preferences.

There are limited circumstances that require us to disclose your personal information to others in order to deliver Services and meet our contractual/legal obligations or legitimate business interests. Examples include:

Bright Horizons’ Group Companies	We may share your personal information with our subsidiaries and affiliate/group companies as necessary to provide the Services.
Sub-contractors and Agents	We sometimes employ or contract with other companies and individuals to perform functions on our behalf. Depending upon the type of service they are providing, we may share personal and special category (sensitive) personal information only as appropriate and necessary. These parties are under contractual obligations to use your personal information only as directed by us and as needed to perform their functions. All are under a legal duty to handle such information in accordance with Bright Horizons’ information security, data protection and confidentiality standards, and this Notice. Some examples include our insurance brokers/provider, payment service providers, and IT developers.
Business Partners	If you utilize our child/adult care or coaching services, we may partner with a professional external provider (Business Partner) to arrange for them to deliver the Services to you or your dependent. You will have an independent relationship with our Business Partner. They may require personal information from you in order to deliver the Services to you in accordance with their own processes and obligations under the law. In order to arrange the Services with the Business Partner, we may need to share personal and special category (sensitive) personal information as appropriate and necessary. We have contracts with the Business Partners that require them to use your personal information only as allowed under the contract, in compliance with all applicable laws and to meet appropriate standards of information security, data protection and confidentiality.
Employers	Your employer may make the Services available to you as an employee benefit. In order to meet our obligations to your employer, we provide details of your use of the Services, which may include your name, dates of use, reasons for use, and other employer requested utilization information. We disclose only information relevant to the utilization of the Services, tax related requirements such as for imputed income or as necessary for their administration of the benefit.
Third Parties to Comply with Legal Requirements	We share personal information if required by law/regulations or as we reasonably determine to be necessary and as permitted by law to protect our rights or the rights of others, to prevent harm or damage to persons or property, to fight fraud, or to enforce our website terms of use or other contractual rights. For example, a government may require us to disclose personal information for law enforcement purposes; or require us to disclose personal information for safeguarding or government funding purposes; or for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Business Transfers	As we continue to develop our business, we may sell or buy assets or entities. If any Bright Horizons business unit is sold, personal information relevant to the acquisition may be transferred as part of the transaction.

How long do we keep your personal information?

Whenever we collect or process your personal information, we’ll only keep it for as long as is necessary for the purpose for which it was collected, as required under law and to defend legal claims. At the end of that retention period, your information will either be deleted completely or anonymized, for example by aggregation with other information so that it can be used in a non-identifiable way for research, statistical analysis and business planning.

Where do we process and store your personal information?

Hardcopy Information

The hardcopy of personal information we collect remains in the country where you receive the services or provide the information.

Electronic Information

Some personal information may remain on electronic storage data systems in the country where we provide the service. However, our primary electronic storage facilities and contact centers are in the United States. Please note that we (or our Affiliates, service providers or agents) may process personal information in other countries, where your personal information may be subject to the laws of that jurisdiction, including laws regarding the disclosure of personal information to government authorities. We ensure appropriate safeguards are in place before we transfer personal information to any other country.

What rights do you have over your personal information?

Amend Personal Information:

To ask for your personal information to be amended, please follow one of the steps below as applicable to the Services you receive:

Online Account: If you have an online account, you can update the information directly online.
Email support@chestnuthillacademy.com

Removal from email lists:

Unsubscribe: Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails from that particular mailing list.
Account Preferences: If you have an account, log in to your account and change your preferences.
Email support@chestnuthillacademy.com

Access/Deletion or Other Requests:

To submit any other request or query about your personal information to us (including requests to access or delete your information) email support@chestnuthillacademy.com

How do we protect your personal information?

Bright Horizons’ Information Security program is ISO 27001 certified and our Privacy program is ISO 27701 certified. Click here to view our applicable ISO certifications.

We utilize appropriate technical, organizational, and physical safeguards to protect your personal information we process in both physical and electronic formats. We provide data protection, privacy and security training and conduct internal periodic quality assurance audits to ensure we maintain these standards.

However, please note that no computer system or information can ever be fully resilient against every possible hazard or risk. We do maintain appropriate levels of security in accordance with data protection, privacy and security laws and regulations in the territories we operate and keep these under review.

You also play a valuable part in protecting the security of your personal information. You should never share with anyone your password to access any accounts that you created or which we created for you. When using a browser to access your account, after you have finished you should log out and exit your browser to prevent unauthorized users from returning to your account.

If you believe that someone has improperly used your account or provided information about you that you didn’t authorize, please contact us immediately at support@chestnuthillacademy.com.

Will this Notice change?

This Notice is subject to change in order to remain compliant with data protection and privacy laws in the territories in which we operate. Please check back periodically, especially before you provide any personal information. This Notice was last updated in March 2024

Any Questions?

We hope this Notice has been helpful in setting out the way we process your personal information and how we do this in a transparent and accountable manner. If you have any questions that haven’t been covered by this Notice, please email support@chestnuthillacademy.com.

Owner: Bright Horizons Privacy Department | Approver: Global Privacy Officer | Version: Effective January 2024 | Last Reviewed: March 2024