Last updated 19 November 2021
PRIVACY NOTICE AND INFORMED CONSENT NOTICE
(EMAIL, WEBSITE AND SOCIAL MEDIA PRIVACY NOTICE)
General Data Protection Regulation (GDPR) | Protection of Personal Information Act (“POPIA”)
This Notice explains how we obtain, use and disclose your personal information, in accordance with the applicable laws. We at Cognician respect your privacy and your rights in relation to the protection of the personal data we collect and process.
Just to be clear, when we refer to ‘Cognician’, we mean Cognician Software (Pty) Ltd (whose principal place of business is at Office 4, Kings Cross, 9 Queens Park Avenue, Salt River, 7925, South Africa), including its associated and subsidiary company, Cognician, Inc. (whose principal place of business is at Suite 1628, 535 Mission St, San Francisco, CA 94105, USA).
The Personal Data We Collect
Looking after your personal data is a huge responsibility for us. We will continue to do our best to protect your personal data as best we can and be transparent about what data we collect and why we collect it.
We do not, and will never, engage in practices such as benefiting from selling your personal information to third parties.
A Look at the Use of Your Personal Data
We need to collect your personal data when you interact with certain components of our website and platform in order for us to deliver certain services or products to you. This will only take place on the basis of your full consent.
We Collect Your Personal Data for Very Specific Purposes
- During the registration of new users through our website or platform
- To enable us to provide services or products to registered users in the form of software as a service (SaaS)
- In order for us to provide you with technical and product support
- For general statistical purposes
- In direct support of the overall user experience
- In direct support of operating the underlying platform
- For general communications with you as the user
We Collect Both Personal and Non-Personal Data
- Contact information e.g. name, surname, email address
- Unique identifiers e.g. nickname and password
- Online identifiers e.g. internet protocol (IP) addresses
- User data generated by you on the Cognician platform categorised as:
- Engagements – e.g. aggregated user activity, program activity and cog activity
- Public – information that is designed to be shared within specific program groups e.g. user insights, user awards
- Diagnostics – information related to user linked system characteristics e.g. user messages sent or received, point in time active user sessions
- Content data that is offered by you as a participant in a particular program hosted on the platform categorised as Variables e.g. the learners’ responses to prompts in cogs which can include perspectives, observations, frame of reference and opinions.
- Functional data that is necessary for us to ensure that our products function as intended in terms of performance and functionality
- Location identifiers such as geolocation data may be collected by our third-party service providers for analysis purposes
Our Data Protection Officer
We have appointed a Data Protection Officer (DPO) in compliance with the GDPR. The DPO is formally responsible for data protection and ensuring compliance with GDPR requirements. You can reach our company DPO at firstname.lastname@example.org.
Keeping Your Data Secure
We do our best to secure your personal data and to protect your information from unauthorized access, alteration, disclosure, or destruction. While handling your personal data, we ensure that the appropriate security measures are in place and international standards are followed to protect the security of your personal data when transferred or when stored.
The Right of Individuals to Access Their Personal Data
It Is Important to Take Note of Your Rights
If you are a resident of South Africa, the EEA or the UK, you have the following data protection rights:
- You can request access, correction<, updates, or deletion of your personal data at any time.
- You can object to the processing of your personal data, ask us to restrict the processing of your personal data, or request portability of your personal data.
- If we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You can complain to a data protection authority (DPA) about our collection and use of your personal information. Contact details for data protection authorities in the EEA and the UK are available here.
To object to our processing of your personal data or to exercise any of your rights, you can simply submit a request to our Data Protection Officer at email@example.com.
Unsubscribe From Cognician’s Communications
You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located at the bottom of our emails and updating your communication preferences. You can also contact our Data Protection Officer at firstname.lastname@example.org.
Sharing Your Information with Third Parties
The personal data we collect might be disclosed to the following third parties:
- These are suppliers engaged by us that provide services on our behalf in support of providing products or services to you.
- Information about our sub-processors, including their functions and locations, is available here.
Subsidiaries, Affiliates, and/or Trusted Partners
- Your personal data may be shared as part of and in support of the operation of our business, such as contacting you based on your request to receive such communications.
- Your personal data may be shared with any competent law enforcement body, regulatory body, government agency, court, or other third party where we believe disclosure is necessary (a) as a matter of applicable law or regulation, (b) to exercise, establish, or defend our legal rights, or (c) to protect your vital interests or those of any other person.
- We may share and/or transfer your personal information if we become involved in a merger, acquisition, bankruptcy, or any form of sale of some or all of our assets.
International Transfer of Your Personal Data
We will not transfer your personal data to organizations, states, or countries that do not have adequate data protection measures in place. To facilitate our global operations, we transfer information to either Ireland or the United States and allow access to that information from countries in which the Cognician-affiliated entities have operations for the purposes described in this policy.
Certain recipients (sub-processors) (i.e., our suppliers who process your personal data on our behalf) may also transfer personal data outside the country in which you are a resident. Where such transfers occur, we will protect your personal data when it is transferred outside of the EEA, the UK, or Switzerland by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal data, or otherwise ensuring appropriate safeguards are in place to protect your personal data.
Legal Mechanism for Transfers
For transfers of your personal data to recipients (sub-processors) who are located outside of the EEA, the UK, or Switzerland, we will rely on:
- European Commission-approved standard contractual data protection clauses, and or
- Binding corporate rules for transfers to data processors,
- EU-US Privacy Shield, Swiss-EU Privacy Shield,
- other appropriate legal mechanisms to safeguard the transfer.
Requirements for Sub-Processor Engagement
When engaging any sub-processor, we will:
- Ensure via a written contract that the sub-processor only accesses and uses your personal data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the Agreement and any Model Contract Clauses entered into or Alternative Transfer Solution adopted by us;
- Ensure that the data protection obligations described in Article 28(3) of the GDPR are imposed on the sub-processor if the GDPR applies to the processing of your personal data; and
- Remain fully liable for all obligations subcontracted to, and all acts and omissions of, the sub-processor.
EU-US Privacy Shield
Cognician complies with the EU-US Privacy Shield Framework (Privacy Shield) as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom, and/or Switzerland, as applicable to the United States in reliance on Privacy Shield.
In compliance with the Privacy Shield Principles, Cognician is subject to the investigatory and enforcement powers of the FTC, the Department of Transportation or any other U.S. authorized statutory body [currently, there is no other U.S. authorized statutory body recognized by the EU or Switzerland], commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our Data Protection Officer at email@example.com.
Cognician has further committed to cooperate with the panel established by the EU data protection authorities with regard to unresolved Privacy Shield complaints concerning data transferred from the EU. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Retention of Your Personal Data
In general, we retain your personal information as needed to fulfill the purposes for which it was collected, i.e., we will process and store your personal data as necessary in order to fulfill our business requirements and contractual or legal obligations.
Cookies and Similar Technologies
Cookies are small text files that are stored in the web browser on your device by websites you visit. They enable a website to ‘remember’ information about your activity as a user and also serve a number of purposes, like storing your preferences and simplifying navigation and login functionality.
Website Contacts Tracking
In order for us to obtain business-to-business contact information we subscribe to a service which recognizes companies visiting our website and then matches this information to these companies. Data of individuals are not recognized or matched as part of this service.
Information collected includes:
- Email address
- Public social media handles, links and profile photos
- Job titles
Click here for more specific information about the website visitor tracker.
A Note on Web Analytics
We implement Google Analytics features that use Display Advertising information for Google Analytics Demographics and Interest Reporting. We collect information about how you interact with our platform and services on our website. You can opt out of Google Analytics for Display Advertising to prevent your data from being used by Google Analytics by going to the Google Analytics opt-out page.
Google reCAPTCHA v3