Part One: General
1. Cognition Services Ltd ("Cognition") is dedicated to protecting the confidentiality and privacy of information entrusted to us in accordance with the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
2. If you have questions or comments about how we handle personal data you can direct your correspondence to Cognition at info@cognition.world. We aim to respond within 60 days from the date we receive privacy-related communications. You may contact the Data Protection Commissioner at www.dataprotection.ie to report concerns you may have about our data handling practices.
3. We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration, or destruction, these are laid out in the below section.
Part Two: Technical and organisational security policies/procedures:
1. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We may apply pseudonymisation, de-identification and anonymisation techniques in efforts to further protect personal data.
2. If you have access to parts of our portal or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the Internet is not completely secure.
3. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.
4. We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations and professional obligations that we are subject to. Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual requirements, where we retain personal data in accordance with these purposes, we retain such personal data for seven years.
5. We obtain the following categories of personal data about individuals through direct interactions with us;
6. We typically do not collect sensitive or special categories of personal data about individuals
7. We do not collect information from individuals under 13 years of age.
8. We will not share personal data with third parties without your express permission
9. We store personal data on servers located in the European Economic Area (EEA). We reserve the right to transfer personal data to reputable third party organisations situated inside or outside the EEA when we have a business reason to engage these organisations.
10. Our websites may use cookies. Where cookies are used, a statement will be provided explaining the use of cookies.
11. We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:
a) Contract – We may process personal data in order to perform our contractual obligations owed to (or to enter into a contract with) the relevant individuals.
b) Consent - We may rely on your freely given consent at the time you provided your personal data to us.
c) Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced to deliver services to our clients
d) Legal obligations – We may process personal data in order to meet our legal and regulatory obligations or mandates.
12. We aspire to be transparent when we collect and use personal data and tell you why we need it, which typically includes:
a) Authenticating registered users to certain areas of our sites.
b) Processing online requests, including responding to communications from individuals
c) Compiling health and safety data (directly or indirectly) following an incident or accident.
d) Providing professional advice and delivering analysis related to our services, which may involve processing personal data for the relevant client.
e) Personalising online landing pages and communications we think would be of interest based on interactions with us
f) Administering, maintaining and ensuring the security of our information systems, applications and websites.
g) Complying with legal and regulatory obligations.
13. You can ask us to:
a) verify whether we are processing personal data about you, and if so, to provide more specific information.
b) correct our records if you believe they contain incorrect or incomplete information about you.
c) erase (delete) your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected.
d) temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
e) transmit, in some circumstances, personal data (in a structured, commonly used, and machine-readable format) directly to another company if is technically feasible.
f) review any decisions made about you which we made solely based on automated processing, including profiling, that produced legal effects concerning you or similarly significantly affected you.
14. You can object to our use of your personal data for direct marketing purposes, including profiling, however we may need to keep some minimal information to comply with your request to cease marketing to you.
15. You can withdraw your consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.
16. If you would like to exercise your Data Subject Rights, you can email info@cognition.world.
17. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. A small fee may be required to make a request particularly if your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
Part Three: Your GDPR Rights:
1. Below we present our data protection notice for personal data which contains important information about how we process personal data supplied by clients. We will ensure that this notice is made available to any data subjects whose personal data is provided to us.
2. The General Data Protection Regulation (GDPR) is designed to give individuals more control over their personal data. Cognition became subject to the GDPR on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive.
3. Under the GDPR, individuals have the following rights:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object;
- Rights in relation to automated decision making and profiling
For up to date guidance visit the DPC: www.dataprotection.ie
4. Definition of Personal Data: any information relating to a living person who is identified or identifiable (such a person is referred to as a “data subject”). A person is identifiable if they can be identified directly or indirectly using an “identifier”, including names, identification numbers, photographs and location data. A person may also be identifiable by reference to factors which are specific to their identity, such as physical, genetic or cultural factors.
5. You can submit a subject access requestunder GDPR by email to: info@cognition.worldand include the following:
- A statement that the request is being made under GDPR
- Information about the subject matter of the access request
- Confirming that you are ok to receive your records electronically
- Proof of ID e.g. driver’s license, passport and/or utility bill
6. Your subject access request will be acknowledged within 5 working days. A response to your request will be provided within 45 days. Depending on the complexity and number of requests, Cognition shall inform you if any extension to the request is required and the reasons for the delay.
7. If Cognition does not take action on foot of your request, we will inform you within 45 days of receipt of your request with the reasons for not taking action and explaining your right to lodge a complaint with a supervisory authority.
8. The cost of your request may incur a small fee taking into account the administrative costs of providing the information/ taking the action requested and where requests are considered ‘manifestly unfounded or excessive’.
9. Contact details for Cognition’s Data Protection Officer: info@cognition.world
Part Four: COGNITION'S PERSONAL DATA PROTECTION NOTICE (DPN):
1. Cognition ("we", "us" or "our") is committed to protecting and respecting your privacy. This Data Protection Notice tells you about your privacy rights and sets out how we, as a Controller, collect, use, process and disclose your personal data relating to your interactions with us.
2. Information we may collect from you
a. Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect and process any type of personal data you provide to us in the course of your interactions with us. You may have provided some of your personal data directly to us such as when you visited our website by volunteering personal data when subscribing to email alerts or by using our online feedback or other forms. We may also receive personal data about you from various third parties and public sources such as LinkedIn. Categories of such personal data include names, addresses, contact information and other information that is relevant to the provision of our services.
b. If you do not provide us with your personal data we may not be able to provide you with our services or respond to any questions or requests you submit to us via our website. We will tell you when we ask for personal data which is a contractual requirement or is needed to perform our functions or to comply with our legal obligations.
3. How we use personal data we collect: We will only use your personal data for the purposes and legal bases set out in the table below.
Purpose(s) for Processing
- Register you as a new website user;
- Notify you about changes to our DPN
- Ask you to take a survey
- To manage our relationship with you:
- Contact you in relation to login requests
- Facilitate providing training programs / resources
- Work with you on support request relating to our technology
- Share information with benchmark agencies
- Act as advisor on expert panels / mentor to clients
- To comply with our regulatory and professional requirements
- To prevent and detect fraud, money laundering or other offence
- To exercise our right to defend, respond or conduct legal proceedings
- To carry out direct marketing
- To provide, or permit selected 3rd parties to provide, information about events hosted or co-sponsored by us or about events we feel may interest you;
- To send you email alerts and newsletters that you have opted-in to receive by filling in our online forms or contacting us by email or by other means;
- To contact clients regarding business opportunities.
- To contact you regarding the services provided by us.
- To customise your experience on our website, or to serve you specific content that is relevant to you
4. Retention of your personal data: We will store your personal data only for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship and/or provide our services; (ii) whether there is a legal requirement to which we are subject; and (iii) whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). Please contact us if you wish to obtain further information concerning our retention periods (see Contact Us below).
5. Disclosure of your personal data: We may disclose your personal data to third parties who provide a service to us which may impact upon Cognition, or in the event of any future mergers/ dissolutions of Cognition, in which case we may disclose your personal data to the applicable successor entity of Cognition or, if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or where necessary for our legitimate business interests to protect the rights, property, or safety of Cognition, our clients, or others or for the purposes of fraud protection and credit risk reduction. Such disclosure may, as appropriate, include exchanging information with other organisations, companies, auditors, Government Departments, Institutes of Technologies, recruiters, Semi State Agencies, universities and public bodies, where any such body provides a service to Cognition and we are satisfied that it complies with the GDPR requirements.
The personal data that we collect may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"), for the purposes described above. Those countries may not provide an adequate level of protection in relation to processing personal data. Due to the global nature of our business, certain personal data may be disclosed to staff members of Cognition working outside the EEA. To the limited extent that it is necessary to transfer your personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses. Please contact us if you wish to obtain information concerning such safeguards.
6. Links to other sites: Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
7. Your rights: You have several rights in relation to your personal data under applicable privacy and data protection law, which may be subject to certain limitations and restrictions. We will respond to any valid requests within one month, unless it is particularly complicated or you have made repeated requests in which case we will respond, at the latest, within three months. We will inform you of any such extension within one month of receipt of your request, together with the reasons for the delay. You will not be charged a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive, in which case we will charge a reasonable fee in the circumstances or refuse to act on the request.
If you wish to exercise any of these rights, please contact us (see Contact Us below). We may request proof of identification to verify your request.
Right to withdraw consent If we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time (see Contact Us below). However, the withdrawal of your consent will not invalidate any processing we carried out prior to your withdrawal and based on your consent.
Right of Access You can request a copy of the personal data we hold about you.
Right to Rectification You have the right to request that we correct any inaccuracies in the personal data we hold about you and complete any personal data where this is incomplete.
Right to Erasure (‘Right to be Forgotten’) You have the right to request that your personal data be deleted in certain circumstances including:
- The personal data are no longer needed for the purpose for which they were collected;
- You withdraw your consent (where the processing was based on consent);
- You object to the processing and there are no overriding legitimate grounds justifying us
processing the personal data (see Right to Object below);
- The personal data have been unlawfully processed; or
- To comply with a legal obligation.
However, this right does not apply where the processing is necessary to comply with a legal
obligation or for the establishment, exercise or defence of legal claims.
Right to Restriction of Processing You can ask that we restrict your personal data (keep, not use) where:
- The accuracy of the personal data is contested;
- The processing is unlawful but you do not want it erased;
- We no longer need the personal data but you require it for the establishment, exercise or defence of legal claims; or
- You have objected to the processing and verification as to our overriding legitimate grounds is pending.
We can continue to use your personal data:
- Where we have your consent to do so;
- For the establishment, exercise or defence of legal claims;
- To protect the rights of another; or
- For reasons of important public interest.
Right to Data Portability Where you have provided personal data to us, you have a right to receive such personal data back in a structured, commonly-used and machine-readable format, and to have those data transmitted to a third-party data controller without hindrance but in each case only where:
- processing is carried out by automated means; and
- processing is based on your consent or the performance of a contract with you.
Right to Object You have a right to object to the processing of your personal data in those cases where we are processing your personal data in reliance on our legitimate interests, for the performance of a task carried out in the public interest or in the exercise of our official authority. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate grounds which override your interests and you have a right to request information on the balancing test we have carried out. You also have the right to object where we are processing your personal data for direct marketing purposes.
Automated Decision-Making You have a right not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you other than where the decision is:
- Necessary for entering into a contract, or for performing a contract with you;
- Based on your explicit consent – which you may withdraw at any time; or
- Is authorized by EU or Member State law.
Where we base a decision solely on automated decision-making, you will always be entitled to have a person review the decision so that you can contest it and put your point of view and circumstances forward.
Right to Complain You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR.
8. Security and where we store your personal data: We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available. Where we have given you a password which enables you to access certain parts of our website, you are responsible for keeping that password confidential. We ask you not to share your password with anyone.
Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website. Any transmission of personal data is at your own risk. Once we receive your personal data, we use appropriate security measures to seek to prevent unauthorised access or disclosure.
9. Changes to this Data Protection Notice: We reserve the right to change this Data Protection Notice from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Data Protection Notice. However, if we make material changes to this Data Protection Notice we will notify you by means of a prominent notice on the website prior to the change becoming effective. Please review the Data Protection Notice whenever you access or use this website.
Copyright © 2023 Connect360 - All Rights Reserved.
Powered by Cognition World