<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2011233505559308&amp;ev=PageView&amp;noscript=1">

Last Revised

17-09-2018

Introduction

This privacy policy (“Privacy Policy“) explains the types of information we collect through providing our Services, how we use that information and who we share it with, what our legal basis is for doing so, and what choices you have in relation to information that we collect about you.

We encourage you to read this Privacy Policy carefully and use it to make informed decisions. By using our Products and Services, you agree to the terms of this Privacy Policy and your continued use of our Products and Services constitutes your ongoing agreement to it.

Definitions

The terms Personal Data, Sensitive Data, Processing, Data Subject, Data Controller, and Data Processor have the meanings provided in the General Data Protection Regulation ((EU) 2016/679) (the GDPR).

Responsibilities

Cognito iQ. (“we” or the “Company“), may collect and process the Personal Data of the following:

  • visitors to our corporate website (the “Website”);
  • our customers and partners (“Customer(s)”), who are licensed to access or use our products (the “Products”) and any other services offered by us (the “Services”); 
  • any individual who is authorised by our Customers to use the Services or have access to any of the data managed and analysed by the Company (“User(s)“). 

Please note that the term “you” refers to website visitors, Customers and Users, as applicable.

Cognito iQ as a Data Controller – We are only acting as the Data Controller where we are entirely responsible for determining what happens with particular Personal Data, for example, in relation to the Personal Data of our employees, or in relation to our contacts at our Customers for account management and marketing purposes. 

Cognito iQ as a Data Processor – When a Company purchases our Products and / or Services, we will only process Personal Data under instruction of that company and as such will be acting as a Data Processor in relation to that Personal Data. Our Customers will be the Data Controller of any Personal Data held on the Services about their employees and anyone it allows to access our Products and Services. 


Types of data we collect

Some of the data we collect will be Personal Data. Other data may include non-Personal Data about your use of our Products and Services or anonymised data.

We may collect the following types of Personal Data from or about you:

  • Registration details: When our Customers order or register to receive our Products and Services, we may collect certain data that can be used to identify you (as the Customer’s point of contact or as a User) such as: your name, email address, postal address, phone number, user ID and other relevant details which are relevant to our day to day administration and performance of our agreement with our Customer. 
  • Voluntary information: We also collect information, which you provide to us voluntarily. For example, when you respond to communications from us, ask for our support, communicate with us via email or share additional information about yourself through your use of the Products or Services. 
  • Device data: We also collect specific types of connection details and information with regard to your device, software or hardware that may identify you as a User, such as a device’s unique identifier (e.g. UDID, IMEI address), IP address and geolocation. 
  • Forum data: As part of the Services, Users may communicate with other Users through the Website and upload content to our forums (“Forum Information”). Such Forum Information may consist of, for example, Users’ comments and tips for utilising the Services, and feedback. 
  • Application data: We may process the personal data that you provide to us when you apply for a vacancy with us, or when you register your interest in a position with us, or if you send a speculative job application to us ("application data"). Such application data may include your name, email address, curriculum vitae, nationality and immigration status, including related documents such as your passport or other identification and immigration information including copies of right to work documentation. We may also collect special categories of personal data from you during the course of your job application. This may include information about your race or ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, information about your health (including any medical conditions, health and sickness records), genetic information and biometric data and information about criminal convictions and offences. 
  • User Data: “User Data” may include records of operations of our Customer’s applications and systems and other information relating to our Customer’s employees’ and end-users’ activities. It may also include data, logs, text, audio, images or a location that a Customer or any User uses in connection with our Customer’s account, and any computational results that a Customer or any User derives through their use of our Product or Services.

Please note that User Data is exclusively controlled by the Customer, meaning that the Customer (or any Users authorised by the Customer to use our Products or Services on its behalf), maintains ownership of their related User Data and determine their own policies regarding the access permissions and retention of that User Data.

Here are some examples of User Data that may be recorded and processed when you use our Products and Services:

  • Digital files created or transmitted through User’s platforms, such as text files;
  • Contact directories (such as names and email addresses);
  • Device identifiers – such as the Internet Protocol (IP) address and other types of unique device identifiers relating to our Customer’s and its users’ devices.
  • Non-Personal Data, including usernames, directory names, server names, share names, file names, configurations, logs related to the Company (e.g. event logs), browsing events and technical information transmitted by the Customer’s and its Users’ devices.

Please note that such User Data may include Personal Data. If you (as a Customer or a User) submit to us or to third-parties acting on our behalf any Personal Data relating to other individuals (e.g. employees, end-users, etc.) in connection with your use of the Product, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy. If you have any reason to believe that our Services are misused, in any way, please do not hesitate to inform us at: security@cognitoiq.com.  

We may collect non-Personal Data from or about you: 

Non-Personal Data is non-identifiable information that, when taken alone, cannot be used to identify or contact you. As such, we are not aware of the identity of the User from which the Non-Personal Data was collected. We collect the following type of non-Personal Data:

Analytics Data: Our servers automatically record certain information regarding the use of our Website and our Products and Services. Such data may include information such as what website that a User was visiting before accessing our Website and other statistics related to our Products and Services. We also perform statistical analysis on this data.

We use this information to administer our Products and Services and analyse this information to improve and enhance our Products and Services we offer by expanding their features and functionality. Such data is also used for troubleshooting errors and bugs as well as for research and analytics purposes about how you use the Services.

For avoidance of doubt, if we combine Personal data with non-Personal Data (e.g. analytics data), the combined information will be treated as Personal Data as long as it remains combined.

We may collect anonymous data from or about you:

We may anonymise or de-identify the data collected by our Products and Services or via other means so that the information cannot, on its own, personally identify you. Our use and disclosure of such aggregated or de-identified information is not subject to any restrictions under this Privacy Policy, and we may disclose it to others without limitation and for any purpose.  

By using our Products and Services, we manage and analyse our Customers’ operational transactions and other data that is transmitted through to our Customers’ platforms (e.g. User Data). Such User Data is transferred by the Customer (or its Users) and processed by us on our servers and mobile platform. The Company provides such services as a “data processor”, acting under the sole direction of its Customers and Users. 

How we use the data we collect

The table below explains the main ways in which we use the information that we collect, which may include your Personal Data. We have a legitimate interest in processing your Personal Data in these ways which is detailed below.

Use of your Personal Data Our legitimate interest for that processing
To set up Customers’ accounts and process their related billing information Providing our Products and Services to you, administering your account, and taking payment.
To identify and authenticate Users’ access to our Products and Services Ensuring only authorised users are allowed access to our Products and Services.
To provide Services to our Customers (or Users) in connection with their respective User Data including:
  • providing tools to search and analyse User Data (e.g. for purposes of system troubleshooting, monitoring, etc.);
  • tagging User Data in order to identify specific end users’ activities; indexing User Data into a dedicated data-store; and allowing Customer to perform activities concerning such data (e.g. visualisations, dashboards and alerts).
Providing our Products and Services to you.
To support and troubleshoot our Services and to respond to queries Ensuring our Products and Services and functioning properly and are continually improving.
To obtain Users’ feedback with regard to the Services Ensuring our Products and Services are continually improving.
To improve and customise our Services to Customer’s needs and interests Ensuring our Products and Services are continually improving and are tailored to you, our Customers.
To communicate with you and to keep you informed of our latest updates and newsletters Marketing our Products, Services and any improvements to you.
To identify and publicise you as a Customer on the Website, our client lists, press releases or other marketing documents Marketing our Products and Services generally.
To investigate violations and enforce our policies, and as required by law, regulation or other governmental authority, or to comply with legal processes or respond to government requests Ensuring the proper use of our Products and Services.
To process the personal data that you provide to us when you apply for a vacancy,  when you register your interest in a position with us, or if you send a speculative job application to us job Ensuring the proper management and processing of your job application, speculative application or registration of interest and for the purpose of providing you with a potential contract of employment.

 

Marketing

We will use your Personal Data, such as your name, email address, etc. ourselves (or by using our third-party subcontractors) for the purpose of providing you with information which we think is relevant to you. We will use your information to contact you about products and services which we believe are related to your job role and organisation. The legal basis for this processing is our legitimate interests in marketing our Products and Services to you. Before processing your Personal Data in this way though, we will carefully consider and balance any potential impact on you and your rights under the GDPR and any other relevant law. 

Some typical examples of when we might use this approach are for direct marketing, post-event follow up, market research, enhancing, modifying or improving our services. We will only process your Personal Data if we have a genuine and legitimate reason and we are not harming any of your rights and interests. 

Out of respect to your right to privacy, we provide you within such marketing materials with means to decline receiving further marketing information from us. In addition, at any time, you can manage your contact preferences.

How we share your data we collect

We do not rent or sell any of your Personal Data. However, we may disclose Personal Data to other trusted third party service providers or partners for the purposes listed below. Where we share your Personal Data with any third party, we will ensure this processing is protected by appropriate safeguards including a suitable data processing agreement with that third party.

  • Assisting us with our business operations:

    We may share your data to our partners who manage and support the technology we provide. This may include for the further processing and analysing of User Data, or for research and analytics that will enable us to improve our Products and Services.

    Such third parties may include Logz.io (for the processing of logs and delivering associated analytics), Elastic.co (search and analytics services), InstaClustr (outsourced management services), and AlertLogic (managed security services covering our cloud networks).

    In addition, we may transfer or disclose Personal Data to our subsidiaries and other affiliated companies.

  • Storage of information: Cognito iQ’s Products and Services are provided using the Software as a Service (SaaS) model and are hosted either within cloud-based platforms or our own, high-availability data centres.  All data (including Personal Data) and the software behind the services that we provide are processed and held within the EEA region.

    Wireless network access for devices used by the Customer are controlled by the Customer (and not the Company) and their (Customer) policies.

    Our legal basis for disclosing your Personal Data to such third parties in this way is our legitimate interests in providing our Products and Services to you in conjunction with our partners, and ensuring that our Products and Services are continually improving.

  • Our professional advisers: We may disclose your Personal Data to our professional advisers insofar as reasonably necessary. Our legal basis for this is our legitimate interest in managing risks, obtaining professional advice and managing legal disputes.
  • To comply with our legal obligations: We may disclose your Personal Data to appropriate third parties where we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our agreements), including investigations of potential violations of such policies and agreements; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights.
  • Sensitive Data: If we wish to pass your sensitive data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do otherwise.

Your Privacy Rights 

You may instruct us to provide you with any Personal Data we hold about you; provision of such information will be subject to:

  • your request not being found to be unfounded or excessive, in which case a charge may apply; and
  • the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport, driving licence, or birth certificate certified by a solicitor or bank plus an original copy of a utility bill showing your current address).

We may withhold Personal Data that you request to the extent permitted by law.

Please note: if you are an end user of the Cognito iQ products and services, your request may be passed to your data controller for investigation.

You may instruct us at any time not to process your Personal Data for marketing purposes. 

In practice, you will usually either expressly agree in advance to our use of your Personal Data for marketing purposes, or we will provide you with an opportunity to opt out of the use of your Personal Data for marketing purposes.

Your right to access your data: You have the right to ask us to confirm whether or not we process your Personal Data and, to have access to the Personal Data, and any additional information. That additional information includes the purposes for which we process your data, the categories of Personal Data we hold and the recipients of that Personal Data. You may request a copy of your Personal Data. The first copy will be provided free of charge, but we may charge a reasonable fee for additional copies.

Your right to rectification: If we hold any inaccurate Personal Data about you, you have the right to have these inaccuracies rectified. Where necessary for the purposes of the processing, you also have the right to have any incomplete Personal Data about you completed.

Your right to erasure: In certain circumstances you have the right to have Personal Data that we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold those Personal Data in relation to the purposes for which they were originally collected or otherwise processed; you withdraw your consent to any processing which requires consent; the processing is for direct marketing purposes; and the Personal Data have been unlawfully processed. However, there are certain general exclusions of the right to erasure, including where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for establishing, exercising or defending legal claims.

Your right to restrict processing: In certain circumstances you have the right for the processing of your Personal Data to be restricted. This is the case where: you do not think that the Personal Data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your Personal Data for the purposes of our processing, but you still require that Personal Data in relation to a legal claim; and you have objected to processing, and are waiting for that objection to be verified. Where processing has been restricted for one of these reasons, we may continue to store your Personal Data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

Your right to object to processing: You can object to us processing your Personal Data on grounds relating to your particular situation, but only as far as our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party. If you make an objection, we will stop processing your Personal Data unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.

Your right to object to direct marketing: You can object to us processing your Personal Data for direct marketing purposes. If you make an objection, we will stop processing your Personal Data for this purpose.

Your right to data portability: Where you have given us consent to process your Personal Data, or where we are processing your Personal Data for the performance of a contract, you have a legal right to receive a copy of the Personal Data we hold about you in a structured, commonly used and machine readable format. When a data request is made of us we will make available all applicable Personal Data to you in a machine readable format agreed by us to be passed to the appropriate third party on your instruction. We will not however process your data in this way if we believe that it may pose a threat to the security of the data.

Your right to object for statistical purposes: You can object to us processing your Personal Data for statistical purposes on grounds relating to your particular situation, unless the processing is necessary for performing a task carried out for reasons of public interest.

Automated data processing: To the extent that the legal basis we are relying on for processing your Personal Data is consent, and where the processing is automated, you are entitled to receive your Personal Data from us in a structured, commonly used and machine-readable format. However, you may not have this right if it would adversely affect the rights and freedoms of others.

Complaining to a supervisory authority: If you think that our processing of your Personal Data infringes data protection laws, you can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

Right to withdraw consent: To the extent that the legal basis we are relying on for processing your Personal Data is consent, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

Exercising your rights: You may exercise any of your rights in relation to your Personal Data by written notice to us in addition to the other methods specified above.

For how long do we retain the data we collect?

We will process (collect, store and use) the information you provide in a manner compatible with the General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. We are required to retain information in accordance with the law, such as information needed for income tax and audit purposes, to resolve disputes and enforce our agreements (unless we are instructed otherwise). 

How long certain kinds of Personal Data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal Data may be held in addition to these periods depending on individual business needs.

We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.

Please note that User Data hosted on and/or obtained through our Services is fully controlled by the Customer. This means that the Customer (and not the Company) determine the policies and retention periods of the User Data.

How do we safeguard your data?

We take great care in implementing and maintaining the security of our Products, Services and your information. We employ industry standard procedures to ensure the confidentiality, integrity, and availability of our Customers’ systems and User Data, the safety of your Personal Data, and to prevent unauthorised use of any such information.

However, we cannot guarantee that hackers or unauthorised personnel will not gain access to information despite our efforts. You should note that by using our Products and Services, your information will be transferred through third party infrastructures which are not under our control. No method of transmission over the Internet, or method of electronic storage, is 100% secure. 

Therefore, while we strive to use commercially acceptable means to protect your Personal Data and User Data, we cannot guarantee its absolute security.

If you feel that your privacy is not being treated in accordance with this Privacy Policy, please contact us directly at security@cognitoiq.com

Cookies and Pixels

We and our partners (e.g. third-party service providers, third party analytic companies, etc.) may use cookies and pixels, including when you visit our Website or access the Services.

A “cookie” is a small piece of information that a website assigns to your device while you are viewing the website. Cookies are very helpful and can be used for various purposes. These purposes include allowing you to navigate between pages of the website efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and the Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of the Services.

 We may use the following types of cookies:

  • ‘Session cookies’ which are stored temporarily during a browsing session to allow normal use of the system and are deleted from your device when the browser is closed;
  • ‘Persistent cookies which are saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, to store your preferences for the next login and to improve our users’ experience of the Services. We will only use these cookies if you have given your consent for us to do so;
  • ‘Third party cookies’ which are set by other websites or services that run content on the page you are viewing, such as by third party analytic companies who monitor and analyse your web access. We will only use these cookies if you have given your consent for us to do so.

You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of the Services may not operate properly, and your online experience may be limited.   

Corporate transaction

We may share information, including Personal Data, in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or sale of an asset or transfer in the operation thereof) of the Company. In the event of the above, we will ensure that the acquiring company or transferee will respect the rights and obligations as described in this Privacy Policy.

Minors

Our Products and Services are not available to individuals under the age of 16. If you are under 16 you should not use our Products or Services nor provide any Personal Data to us.

We reserve the right to access and verify any Personal Data, which is collected from you by us. In the event that we become aware that an individual under the age of 16 has accessed our Products and Services and shared any information (including any Personal Data), we will discard such information. If you have any reason to believe that a minor has shared any information with us, please contact us at security@cognitoiq.com

Complaints 

In the event that you wish to make a complaint about how your Personal Data is being processed by us (or third parties as described in “How we share the information we collect” above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and our data protection representative (who can be contacted by emailing security@cognitoiq.com) and the matter will be investigated.  

Updates or amendments to the Privacy Policy

We may revise this Privacy Policy from time to time, in our sole discretion, and the most current version will always be posted on our Website (as reflected in the “Last Revised” heading). We encourage you to review this Privacy Policy regularly for any changes. In case of material changes, we will notify you through our Services or via email. Your continued use of our Products and Services, following the notification of such amendments on our Website, constitutes your acknowledgement and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.  

How to contact us

If you have any general questions regarding our Products or Services or the information that we collect about you and how we use it, please contact us at security@cognitoiq.com  

Information about us

Our details are as follow: Cognito Ltd trading as Cognito iQ, at the following address: Rivergate House, Newbury Business Park, London Road, Newbury, Berkshire, RG14 2PZ .