+44 (0)1635 508200
The terms Personal Data, Sensitive Data, Processing, Data Subject, Data Controller, and Data Processor have the meanings provided in the General Data Protection Regulation ((EU) 2016/679) (the GDPR).
Cognito iQ. (“we” or the “Company“), may collect and process the Personal Data of the following:
Please note that the term “you” refers to website visitors, Customers and Users, as applicable.
Cognito iQ as a Data Controller – We are only acting as the Data Controller where we are entirely responsible for determining what happens with particular Personal Data, for example, in relation to the Personal Data of our employees, or in relation to our contacts at our Customers for account management and marketing purposes.
Cognito iQ as a Data Processor – When a Company purchases our Products and / or Services, we will only process Personal Data under instruction of that company and as such will be acting as a Data Processor in relation to that Personal Data. Our Customers will be the Data Controller of any Personal Data held on the Services about their employees and anyone it allows to access our Products and Services.
Types of data we collect
Some of the data we collect will be Personal Data. Other data may include non-Personal Data about your use of our Products and Services or anonymised data.
We may collect the following types of Personal Data from or about you:
Please note that User Data is exclusively controlled by the Customer, meaning that the Customer (or any Users authorised by the Customer to use our Products or Services on its behalf), maintains ownership of their related User Data and determine their own policies regarding the access permissions and retention of that User Data.
Here are some examples of User Data that may be recorded and processed when you use our Products and Services:
We may collect non-Personal Data from or about you:
Non-Personal Data is non-identifiable information that, when taken alone, cannot be used to identify or contact you. As such, we are not aware of the identity of the User from which the Non-Personal Data was collected. We collect the following type of non-Personal Data:
Analytics Data: Our servers automatically record certain information regarding the use of our Website and our Products and Services. Such data may include information such as what website that a User was visiting before accessing our Website and other statistics related to our Products and Services. We also perform statistical analysis on this data.
We use this information to administer our Products and Services and analyse this information to improve and enhance our Products and Services we offer by expanding their features and functionality. Such data is also used for troubleshooting errors and bugs as well as for research and analytics purposes about how you use the Services.
For avoidance of doubt, if we combine Personal data with non-Personal Data (e.g. analytics data), the combined information will be treated as Personal Data as long as it remains combined.
We may collect anonymous data from or about you:
By using our Products and Services, we manage and analyse our Customers’ operational transactions and other data that is transmitted through to our Customers’ platforms (e.g. User Data). Such User Data is transferred by the Customer (or its Users) and processed by us on our servers and mobile platform. The Company provides such services as a “data processor”, acting under the sole direction of its Customers and Users.
How we use the data we collect
The table below explains the main ways in which we use the information that we collect, which may include your Personal Data. We have a legitimate interest in processing your Personal Data in these ways which is detailed below.
|Use of your Personal Data||Our legitimate interest for that processing|
|To set up Customers’ accounts and process their related billing information||Providing our Products and Services to you, administering your account, and taking payment.|
|To identify and authenticate Users’ access to our Products and Services||Ensuring only authorised users are allowed access to our Products and Services.|
|To provide Services to our Customers (or Users) in connection with their respective User Data including:
||Providing our Products and Services to you.|
|To support and troubleshoot our Services and to respond to queries||Ensuring our Products and Services and functioning properly and are continually improving.|
|To obtain Users’ feedback with regard to the Services||Ensuring our Products and Services are continually improving.|
|To improve and customise our Services to Customer’s needs and interests||Ensuring our Products and Services are continually improving and are tailored to you, our Customers.|
|To communicate with you and to keep you informed of our latest updates and newsletters||Marketing our Products, Services and any improvements to you.|
|To identify and publicise you as a Customer on the Website, our client lists, press releases or other marketing documents||Marketing our Products and Services generally.|
|To investigate violations and enforce our policies, and as required by law, regulation or other governmental authority, or to comply with legal processes or respond to government requests||Ensuring the proper use of our Products and Services.|
|To process the personal data that you provide to us when you apply for a vacancy, when you register your interest in a position with us, or if you send a speculative job application to us job||Ensuring the proper management and processing of your job application, speculative application or registration of interest and for the purpose of providing you with a potential contract of employment.|
We will use your Personal Data, such as your name, email address, etc. ourselves (or by using our third-party subcontractors) for the purpose of providing you with information which we think is relevant to you. We will use your information to contact you about products and services which we believe are related to your job role and organisation. The legal basis for this processing is our legitimate interests in marketing our Products and Services to you. Before processing your Personal Data in this way though, we will carefully consider and balance any potential impact on you and your rights under the GDPR and any other relevant law.
Some typical examples of when we might use this approach are for direct marketing, post-event follow up, market research, enhancing, modifying or improving our services. We will only process your Personal Data if we have a genuine and legitimate reason and we are not harming any of your rights and interests.
Out of respect to your right to privacy, we provide you within such marketing materials with means to decline receiving further marketing information from us. In addition, at any time, you can manage your contact preferences.
How we share your data we collect
We do not rent or sell any of your Personal Data. However, we may disclose Personal Data to other trusted third party service providers or partners for the purposes listed below. Where we share your Personal Data with any third party, we will ensure this processing is protected by appropriate safeguards including a suitable data processing agreement with that third party.
We may share your data to our partners who manage and support the technology we provide. This may include for the further processing and analysing of User Data, or for research and analytics that will enable us to improve our Products and Services.
Such third parties may include Logz.io (for the processing of logs and delivering associated analytics), Elastic.co (search and analytics services), InstaClustr (outsourced management services), and AlertLogic (managed security services covering our cloud networks).
In addition, we may transfer or disclose Personal Data to our subsidiaries and other affiliated companies.
Wireless network access for devices used by the Customer are controlled by the Customer (and not the Company) and their (Customer) policies.
Our legal basis for disclosing your Personal Data to such third parties in this way is our legitimate interests in providing our Products and Services to you in conjunction with our partners, and ensuring that our Products and Services are continually improving.
Your Privacy Rights
You may instruct us to provide you with any Personal Data we hold about you; provision of such information will be subject to:
We may withhold Personal Data that you request to the extent permitted by law.
Please note: if you are an end user of the Cognito iQ products and services, your request may be passed to your data controller for investigation.
You may instruct us at any time not to process your Personal Data for marketing purposes.
In practice, you will usually either expressly agree in advance to our use of your Personal Data for marketing purposes, or we will provide you with an opportunity to opt out of the use of your Personal Data for marketing purposes.
Your right to access your data: You have the right to ask us to confirm whether or not we process your Personal Data and, to have access to the Personal Data, and any additional information. That additional information includes the purposes for which we process your data, the categories of Personal Data we hold and the recipients of that Personal Data. You may request a copy of your Personal Data. The first copy will be provided free of charge, but we may charge a reasonable fee for additional copies.
Your right to rectification: If we hold any inaccurate Personal Data about you, you have the right to have these inaccuracies rectified. Where necessary for the purposes of the processing, you also have the right to have any incomplete Personal Data about you completed.
Your right to erasure: In certain circumstances you have the right to have Personal Data that we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold those Personal Data in relation to the purposes for which they were originally collected or otherwise processed; you withdraw your consent to any processing which requires consent; the processing is for direct marketing purposes; and the Personal Data have been unlawfully processed. However, there are certain general exclusions of the right to erasure, including where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for establishing, exercising or defending legal claims.
Your right to restrict processing: In certain circumstances you have the right for the processing of your Personal Data to be restricted. This is the case where: you do not think that the Personal Data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your Personal Data for the purposes of our processing, but you still require that Personal Data in relation to a legal claim; and you have objected to processing, and are waiting for that objection to be verified. Where processing has been restricted for one of these reasons, we may continue to store your Personal Data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
Your right to object to processing: You can object to us processing your Personal Data on grounds relating to your particular situation, but only as far as our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party. If you make an objection, we will stop processing your Personal Data unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.
Your right to object to direct marketing: You can object to us processing your Personal Data for direct marketing purposes. If you make an objection, we will stop processing your Personal Data for this purpose.
Your right to data portability: Where you have given us consent to process your Personal Data, or where we are processing your Personal Data for the performance of a contract, you have a legal right to receive a copy of the Personal Data we hold about you in a structured, commonly used and machine readable format. When a data request is made of us we will make available all applicable Personal Data to you in a machine readable format agreed by us to be passed to the appropriate third party on your instruction. We will not however process your data in this way if we believe that it may pose a threat to the security of the data.
Your right to object for statistical purposes: You can object to us processing your Personal Data for statistical purposes on grounds relating to your particular situation, unless the processing is necessary for performing a task carried out for reasons of public interest.
Automated data processing: To the extent that the legal basis we are relying on for processing your Personal Data is consent, and where the processing is automated, you are entitled to receive your Personal Data from us in a structured, commonly used and machine-readable format. However, you may not have this right if it would adversely affect the rights and freedoms of others.
Complaining to a supervisory authority: If you think that our processing of your Personal Data infringes data protection laws, you can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
Right to withdraw consent: To the extent that the legal basis we are relying on for processing your Personal Data is consent, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
Exercising your rights: You may exercise any of your rights in relation to your Personal Data by written notice to us in addition to the other methods specified above.
For how long do we retain the data we collect?
We will process (collect, store and use) the information you provide in a manner compatible with the General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. We are required to retain information in accordance with the law, such as information needed for income tax and audit purposes, to resolve disputes and enforce our agreements (unless we are instructed otherwise).
How long certain kinds of Personal Data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal Data may be held in addition to these periods depending on individual business needs.
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
Please note that User Data hosted on and/or obtained through our Services is fully controlled by the Customer. This means that the Customer (and not the Company) determine the policies and retention periods of the User Data.
How do we safeguard your data?
We take great care in implementing and maintaining the security of our Products, Services and your information. We employ industry standard procedures to ensure the confidentiality, integrity, and availability of our Customers’ systems and User Data, the safety of your Personal Data, and to prevent unauthorised use of any such information.
Therefore, while we strive to use commercially acceptable means to protect your Personal Data and User Data, we cannot guarantee its absolute security.
Cookies and Pixels
A “cookie” is a small piece of information that a website assigns to your device while you are viewing the website. Cookies are very helpful and can be used for various purposes. These purposes include allowing you to navigate between pages of the website efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and the Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of the Services.
We may use the following types of cookies:
You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of the Services may not operate properly, and your online experience may be limited.
Our Products and Services are not available to individuals under the age of 16. If you are under 16 you should not use our Products or Services nor provide any Personal Data to us.
We reserve the right to access and verify any Personal Data, which is collected from you by us. In the event that we become aware that an individual under the age of 16 has accessed our Products and Services and shared any information (including any Personal Data), we will discard such information. If you have any reason to believe that a minor has shared any information with us, please contact us at firstname.lastname@example.org
In the event that you wish to make a complaint about how your Personal Data is being processed by us (or third parties as described in “How we share the information we collect” above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and our data protection representative (who can be contacted by emailing email@example.com) and the matter will be investigated.
How to contact us
If you have any general questions regarding our Products or Services or the information that we collect about you and how we use it, please contact us at firstname.lastname@example.org
Information about us
Our details are as follow: Cognito Ltd trading as Cognito iQ, at the following address: Rivergate House, Newbury Business Park, London Road, Newbury, Berkshire, RG14 2PZ .