<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2011233505559308&amp;ev=PageView&amp;noscript=1">

Privacy Policy

Last Revised

23-09-2020

 

Contents

Introduction

How to contact us

Who are we?

Whose information do we collect?

What personal information do we collect about you?

Why do we collect this information?

Do you use my personal data for Marketing?

Do you share my personal data with others?

Can I withdraw my consent to let you process my personal data?

Do you share my personal data overseas?

What privacy rights do I have?

How can I exercise my rights?

How can I complain to or about you?

How long do you keep my personal information?

How do you keep my data safe?

Social media

Links to other websites

Do you use Cookies?

Do you use personal information about Children?

Changes to this document

What if I need extra help?

 

 

Introduction

Cognito iQ is committed to protecting your privacy and safeguarding your personal information. We will use your personal information in accordance with Data Protection Laws.

Please read this Privacy Policy and any other privacy information we may provide on specific occasions carefully, as it is intended to help you understand what information we collect, why we collect it, and how you can update, manage your information.

 

How to contact us

If you have any general questions regarding our Products or Services or the information that we collect about you and how we use it, please contact us at security@cognitoiq.com or use our contact form.

 

Who are we?

We are Cognito iQ Limited (“Cognito iQ”, “we”,” our”), a UK based company (company number 09872310) at Rivergate House, Newbury Business Park, London Road, Newbury, Berkshire, RG14 2PZ.

We collect, use and store certain personal information about you. When we do so we are regulated under Data Protection Law and are responsible as ‘controller’ of that personal information for the purposes of those laws.

Cognito iQ as a Data Controller – We are only acting as the Data Controller where we are entirely responsible for determining what happens with particular Personal Data, for example, in relation to the Personal Data of our employees, or in relation to our contacts at our Customers for account management and marketing purposes.

Cognito iQ as a Data Processor – When a Company purchases our Products and / or Services, we will only process Personal Data under instruction of that company and as such will be acting as a Data Processor in relation to that Personal Data. Our Customers will be the Data Controller of any Personal Data held on the Services about their employees, customers, and anyone it allows to access our Products and Services.

 

Whose information do we collect?

We may collect and process personal data of the following people:

  • visitors to this company website (the “Website”);

  • our customers and partners who access or use our products any other services offered by us;

  • users who are authorised by our customers to use the services or have access to any of the data managed and analysed by us; and

  • job applicants.

 

What personal information do you collect about me?

We may collect, use, store and/or transfer different kinds of personal data about you depending on our relationship with you:

 

Use of your Personal Data

Purpose of Collection

Registration details

When you order or register to receive our Products and Services, we may collect certain data that can be used to identify you such as your name, email address, postal address, phone number, user ID and other details which are relevant to our day to day administration and performance of our agreements with our customers. 

Information provided by you

For example, when you respond to communications from us, ask for our support, communicate with us via email or share additional information about yourself through your use of our products or services. 

Device data

Information about how you access our services, including information about the type of device, software or hardware, such as a device’s unique identifier (e.g. UDID, IMEI address), IP address and geolocation you're using when accessing our services and applications.

Forum data

Feedback, comments, information, and content you upload to our forums. Your username as and any information you upload to the forum, including personal data will be visible to other forum users. We recommend that you secure your anonymity and information so that you do not allow others to identify you

Application data (vacancies)

Personal data that you provide to us when you apply for a vacancy with us, or when you register your interest in a position with us, or if you send a speculative job application to us including your email address, curriculum vitae, nationality and immigration status, passport and other identification and immigration information including copies of right to work documentation.

Special categories of personal data

We may also collect special categories of personal data from you during your job application. special category (sensitive) personal data is information about your race or ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, information about your health (including any medical conditions, health and sickness records), genetic information and biometric data and information about criminal convictions and offences.

User Data

When you visit our website or use our products and services, we may collect the following information:

  • Data, logs, text, audio, images, or a location that a customer or any user uses in connection with a customer’s account

  • Digital files created or transmitted through user’s platforms, such as text files;

  • Contact directories (such as names and email addresses);

  • Device identifiers – such as the Internet Protocol (IP) address and other types of unique device identifiers relating to our customer’s and its users’ devices.

Information received from third parties

We may collect or receive information about individuals from service providers, and other third parties, such as our customers, professional advisers, content providers, government authorities and public sources and records.

 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

 

Why do we collect this information?

We collect and process personal information about you to enable us to administer our website, products, and services and to provide you with other related services and manage our relationship with you. Under Data Protection Law, we can only use your personal information if we have a proper reason for doing so.

The table below explains the main ways in which we use the personal data that we collect:

 

Use of your Personal Data

Purpose of Collection

Lawful basis of processing

To set up Customer accounts and process their related billing information

Providing our Products and Services to you, administering your account, and taking payment.

Contract Performance - We use your personal data on the basis that it is necessary for us to provide our services and products to you. 

Accordingly, if you are unable to provide such personal data this may make it difficult or prevent us from providing our services and products to you.

To identify and authenticate Users’ access to our Products and Services

Ensuring only authorised users are allowed access to our Products and Services.

Legitimate Interests - Wherever we process your personal data for these purposes, we ensure that your interests, rights, and freedoms are carefully considered.

To provide Services to our Customers (or Users) in connection with their respective User Data including:

  • providing tools to search and analyse User Data (e.g. for purposes of system troubleshooting, monitoring, etc.);

  • tagging User Data to identify specific end users’ activities; indexing User Data into dedicated data-stores;

  • and allowing Customer to perform activities concerning such data (e.g. visualisations, dashboards, and alerts).

Providing our Products and Services to you.

Contract Performance - We use your personal data on the basis that it is necessary for us to provide our services and products to you. 

Accordingly, if you are unable to provide such personal data this may make it difficult or prevent us from providing our services and products to you.

To support and troubleshoot our Services and to respond to queries

Ensuring our Products and Services and functioning properly and are continually improving.

Contract Performance - We use your personal data on the basis that it is necessary for us to provide our services and products to you. 

Accordingly, if you are unable to provide such personal data this may make it difficult or prevent us from providing our services and products to you.

Security

To protect our websites and infrastructure from cyber-attack or other threats and to report and deal with any illegal acts.

Legitimate Interests - Wherever we process your personal data for these purposes, we ensure that your interests, rights, and freedoms are carefully considered.

Risk Management

Managing risks, obtaining professional advice, and managing legal disputes.

Legitimate Interests - Wherever we process your personal data for these purposes, we ensure that your interests, rights, and freedoms are carefully considered.

To obtain Users’ feedback about the Services

Ensuring our Products and Services are continually improving.

Legitimate Interests - Wherever we process your personal data for these purposes, we ensure that your interests, rights, and freedoms are carefully considered.

To improve and customise our Services to Customer’s needs and interests

Ensuring our Products and Services are continually improving and are tailored to you, our Customers.

Legitimate Interests - Wherever we process your personal data for these purposes, we ensure that your interests, rights, and freedoms are carefully considered.

To communicate with you about any issue that you raise with us or which follows from an interaction between us.

So, your rights can be exercised, and complaints managed.

Legitimate Interests - Wherever we process your personal data for these purposes, we ensure that your interests, rights, and freedoms are carefully considered.

Legal Obligation

To communicate with you and to keep you informed of our latest updates and newsletters in an identified area of interest.

Marketing our Products, Services, and any improvements to you.

Legitimate Interests - Wherever we process your personal data for these purposes, we ensure that your interests, rights, and freedoms are carefully considered.

To identify and publicise you as a Customer on the Website, our client lists, press releases or other marketing documents

Marketing our Products and Services generally.

Consent - Where we process your personal data on this basis you have the right to withdraw consent at any time by emailing security@cognitoiq.com with your request.

To investigate violations and enforce our policies, and as required by law, regulation, or other governmental authority, or to comply with legal processes or respond to government requests

Ensuring the proper use of our Products and Services.

Legitimate interests - Wherever we process your personal data for these purposes, we ensure that your interests, rights, and freedoms are carefully considered.

Legal obligation

To process the personal data that you provide to us when you apply for a vacancy, when you register your interest in a position with us, or if you send a speculative job application to us job

Ensuring the proper management and processing of your job application, speculative application, or registration of interest and for the purpose of providing you with a potential contract of employment.

Legitimate Interests- Wherever we process your personal data for these purposes, we ensure that your interests, rights, and freedoms are carefully considered.

Consent – where we collect special category data during this process.

 

Do you use my personal data for Marketing?

We may use your information to provide you with details about our products and services, and products and services from our partners and other relevant third parties. We may send you marketing messages by email or through social media.

You can change your mind on how you receive marketing messages or choose to stop receiving them at any time: Manage your contact preferences.

If you ask us not to send you marketing, it may take us a short period of time to update our systems and records to reflect your request, during which time you may continue to receive marketing messages.

If you have opted out from our marketing communications, it is possible that your details may be recaptured through public sources in an unconnected marketing campaign. We will try to make sure this does not happen, but if it does, we are sorry, and we would ask that you opt out again.

Please note that, even if you choose not to receive this information, we may still use your personal information to provide you with important services communications, including communications in relation to any applications or services you use.

 

Do you share my personal data with others?

We do not rent or sell any of your Personal Data. However, we may share your personal data with our subsidiaries and other affiliated companies as well as to other trusted third-party service providers or partners for the purposes listed below:

 

Sharing your Personal Data

Purpose of the Sharing

Assisting us with our business operations

We share personal data to be able to provide our products and services to you, to help administering your account, and for taking payment.

Manage and Support the Technology We Provide

We share personal data with third parties for the further processing and analysing of user data, or for research and analytics that will enable us to improve our products and services. Such third parties may include Logz.io (for the processing of logs and delivering associated analytics), Elastic.co (search and analytics services), InstaClustr (outsourced management services), and AlertLogic (managed security services covering our cloud networks).

Storage of information

We share personal data to provide our products and services using the Software as a Service (SaaS) model and hosting either within cloud-based platforms or our own, high-availability data centres.  All data (including personal data) and the software behind the services that we provide are processed and held within the EEA region.

Risk Management

We may disclose your Personal Data to our professional advisers insofar as reasonably necessary.

To comply with our legal obligations

We may disclose your Personal Data to appropriate third parties where we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our agreements), including investigations of potential violations of such policies and agreements; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights.

For the purposes of fraud/crime protection and investigation

We may share information with organisations such as Financial institutions, Payment card companies, credit agencies in order to prevent or investigate fraud / crime.

Analytics Service Providers

Third-party service providers to assist us with client insight analytics, such as Google Analytics.

Business transfers

As part of any merger, sale and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy, or similar event, including related to due diligence conducted prior to such event where permitted by law.

 

Where we share your personal data with any third party, we will ensure this processing is protected by appropriate safeguards including a suitable data processing agreement with that third party and we require all third parties to respect the security of your personal data and to treat it in accordance with the law.

If we wish to pass your sensitive data onto a third party, we will only do so once we have obtained your express consent unless we are legally required to do otherwise.

 

Can I withdraw my consent to let you process my personal data?

We may ask for your agreement to process your information for specific purposes and you have the right to withdraw your consent at any time.  Please email security@cognitoiq.com to withdraw your consent.

 

Do you share my personal data overseas?

Your information may be transferred to and stored in locations outside the European Economic Area (EEA), including countries that may not have the same level of protection for personal information.

When we do this, we will ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your information in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and/or for our legitimate interests. You can obtain more details of the protection given to your information when it’s transferred outside the EEA by contacting us.

 

What privacy rights do I have?

You have several rights under Data Protection Law, the rights available to you depend on our reason for processing your information and include:

 

Your Rights

 

Your right to be informed

 

We have a legal obligation to provide you with concise, transparent, intelligible, and easily accessible information about your personal information and our use of it. We have written this policy to do just that, but if you have any questions or require more specific information, you can contact us.

Your right to access your data

You have the right to ask us to confirm whether we process your personal data and, to have access to the personal data, and any additional information. that additional information includes the purposes for which we process your data, the categories of personal data we hold and the recipients of that Personal Data. You may request a copy of your personal data.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your right to erasure

Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.

Your right to restrict processing

 

You may ask us to stop processing your personal data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:

  • The accuracy of the personal data is contested.

  • Processing of the personal data is unlawful.

  • We no longer need the personal data for processing, but the personal data is required for part of a legal process.

  • The right to object has been exercised and processing is restricted pending a decision on the status of the processing.

Your right to object to processing

 

You may ask us to stop processing your personal data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure.

Your right to data portability.

 

You have a legal right to receive a copy of the Personal Data we hold about you in a structured, commonly used, and machine-readable format. The right only applies if we are processing information based on your consent or for the performance of a contract and the processing is automated.

 

For more information about your rights contact us or see https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

 

How can I exercise my rights?

In most circumstances you do not need to pay any charge for exercising your rights. We have one month to respond to you.

To exercise your rights or get more information about exercising them contact us, giving us enough information to identify you, e.g. photocopy of your passport, driving licence, or birth certificate certified by a solicitor or bank plus an original copy of a utility bill showing your current address. Please let us know the information to which your request relates, including any useful details or dates.

 

How can I complain to or about you?

We hope that we can resolve any query or concern you raise about our use of your information. So please contact us first and title your complaint “Complaint”. All complaints will be treated in a confidential manner and we will try our best to deal with your concerns.

You have the right to lodge a complaint with a supervisory authority, in particular in the UK or EEA member state where you work or normally live, or where any alleged infringement of data protection laws occurred. The supervisory authorities are listed here https://edpb.europa.eu/about-edpb/board/members_en

 

The supervisory authority in the UK is the Information Commissioner’s Office, which may be contacted at https://ico.org.uk/concerns or by telephone on 0303 123 1113.

 

How long do you keep my personal information?

We will keep your personal data in line with our data retention policy for no longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

How do you keep my data safe?

We take great care in implementing and maintaining the security of our Products, Services, and your information. We employ industry standard procedures to ensure the confidentiality, integrity, and availability and safety of your personal data, and to prevent unauthorised use of any such information.

We use a range of measures to keep your information safe and secure including, encryption, and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.

 

We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

 

We do not, however, have any control over what happens between your personal device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information.

 

If you feel that your privacy is not being treated in accordance with this Privacy Policy, please contact us directly.

 

Social media

Our application and websites include social media features and links, such as an icon that link to our presence on that specific site (e.g. Twitter). These features may collect your IP address and information on which page you are visiting on our site and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by another company or are hosted directly on our site. Your interactions with these features are governed by the privacy policy of the company providing it.

 

Links to other websites

Where we provide links to websites of other organisations, this Privacy Policy does not cover how that organisation processes personal information. We do not control such third-party websites and are not responsible for their content or privacy statements. We would encourage you to read the privacy policy or notice of every website you visit.

 

Do you use Cookies?

We collect certain information automatically and store it in log files. We sometimes collect information about our visitor's behaviour during their visits to our websites to help us provide better customer service, to improve the quality of our website experiences or to tailor advertising. For more information on which cookies we use and how we use them, please see our Cookie Policy.

 

Do you use personal information about Children?

We do not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to provide us with their personal information without verifiable parent or guardian consent. In the event we learn that we collected personal information from anyone under the age of 16, and do not have a parent or guardian's consent, we will delete that information as quickly as possible.

If you have any reason to believe that a minor has shared any information with us, please contact us at security@cognitoiq.com.  

 

Changes to this document

We keep this document under regular review to make sure it is up to date and accurate. We encourage you to review this page regularly to identify any updates or changes to our Privacy Policy.

 

What if I need extra help?

If you would like this website privacy policy in another format (for example: audio, large print) please contact us.

Want to find out more?

Our security team will be happy to help.

100