Last updated 09 March 2022
PRIVACY NOTICE AND INFORMED CONSENT NOTICE (EMAIL, WEBSITE AND SOCIAL MEDIA PRIVACY NOTICE) General Data Protection Regulation (GDPR) | Protection of Personal Information Act (“POPIA”) This Notice explains how we obtain, use, and disclose your personal information in accordance with the applicable laws. We at Cognician respect your privacy and your rights in relation to the protection of the personal data we collect and process. Just to be clear, when we refer to 'Cognician', we mean Cognician Software (Pty) Ltd (whose principal place of business is at Office 4, Kings Cross, 9 Queens Park Avenue, Salt River, 7925, South Africa), including its associated and subsidiary company, Cognician, Inc. (whose principal place of business is at Suite 1628, 535 Mission St, San Francisco, CA 94105, USA).
The Personal Data We Collect
Looking after your personal data is a huge responsibility for us. We will continue to do our best to protect your personal data as best we can and be transparent about what data we collect and why we collect it. We do not, and never will, engage in practices such as benefiting from selling your personal information to third parties.
A Look at the Use of Your Personal Data
We need to collect your personal data when you interact with certain components of our website and platform. This enables us to deliver certain products to you on the basis of your full consent. The main interface through which this activity takes place is called a 'cog', which is short for 'coaching guide'. Cogs are short, bite-sized digital learning experiences that are designed to coach the user through a single cohesive idea, model, process, activity, or skill.
As part of any agreed scope of work with our clients, services could include activities such as program reporting (e.g. participation and completion statistics, aggregated results reporting at a group level, and content of specific text responses in an aggregated way).
We Collect Your Personal Data for Very Specific Purposes
- During the registration of new users through our website or platform.
- To enable us to provide programs to registered users as part of the product offering.
- Servicing and meeting our obligations in relation to client expectations and agreed services.
- For general statistical purposes and support of operating the underlying platform.
- In support of the overall user experience, including technical and product support.
- For general communications with you as the user.
We Collect Both Personal and Non-Personal Data
- Contact information (e.g. name, surname, email address).
- Unique identifiers (e.g. nickname and password).
- User data generated by you on the Cognician platform and referred to as engagements, such as user activity, program activity, and cog activity. This data is typically used for program reporting purposes in a non-aggregated and non-anonymized way and could include PII such as your registered email address.
- Content data, which refers to the responses of a participant in a particular program (e.g. a user's responses to prompts in cogs, which can include perspectives, observations, frames of reference, opinions, and so on). For program reporting purposes, this data is aggregated and anonymized and grouped together to generate statistics. Any exception to this is flagged to the user in the cogs themselves.
- Public data that is designed to be shared within specific program groups but still optional, (e.g. user insights, user awards, and so on). In these cases, it will be made clear that you are sharing something that will be seen by other program participants because sharing insights does include PII such as your name.
- Diagnostics data related to user-linked system characteristics (e.g. user messages sent or received, point-in-time active user sessions, and so on).
- Functional data that is necessary for us to ensure that our products function as intended in terms of performance and functionality.
- Location identifiers such as geolocation data may be collected by our third-party service providers for analysis purposes.
- Online identifiers such as internet protocol (IP) addresses.
Our Data Protection Officer
We have appointed a Data Protection Officer (DPO) in compliance with the GDPR. The DPO is formally responsible for data protection and ensuring compliance with GDPR requirements. You can reach our company DPO at email@example.com.
Keeping Your Data Secure
We do our best to secure your personal data and to protect your information from unauthorized access, alteration, disclosure, or destruction. While handling your personal data, we ensure that the appropriate security measures are in place and international standards are followed to protect the security of your personal data when transferred or when stored.
The Right of Individuals to Access Their Personal Data
It Is Important to Take Note of Your Rights
If you are a resident of South Africa, the EEA or the UK, you have the following data protection rights:
- You can request access, correction<, updates, or deletion of your personal data at any time.
- You can object to the processing of your personal data, ask us to restrict the processing of your personal data, or request portability of your personal data.
- If we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You can complain to a data protection authority (DPA) about our collection and use of your personal information. Contact details for data protection authorities in the EEA and the UK are available here.
Unsubscribe From Cognician’s CommunicationsYou may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located at the bottom of our emails and updating your communication preferences. You can also contact our Data Protection Officer at firstname.lastname@example.org.
Sharing Your Information with Third PartiesThe personal data we collect might be disclosed to the following third parties: Service Providers
- These are suppliers engaged by us that provide services on our behalf in support of providing products or services to you.
- Information about our sub-processors, including their functions and locations, is available here.
- Your personal data may be shared as part of and in support of the operation of our business, such as contacting you based on your request to receive such communications.
- Your personal data may be shared with any competent law enforcement body, regulatory body, government agency, court, or other third party where we believe disclosure is necessary (a) as a matter of applicable law or regulation, (b) to exercise, establish, or defend our legal rights, or (c) to protect your vital interests or those of any other person.
- We may share and/or transfer your personal information if we become involved in a merger, acquisition, bankruptcy, or any form of sale of some or all of our assets.
International Transfer of Your Personal Data
We will not transfer your personal data to organizations, states, or countries that do not have adequate data protection measures in place. To facilitate our global operations, we transfer information to either Ireland or the United States and allow access to that information from countries in which the Cognician-affiliated entities have operations for the purposes described in this policy. Certain recipients (sub-processors) (i.e., our suppliers who process your personal data on our behalf) may also transfer personal data outside the country in which you are a resident. Where such transfers occur, we will protect your personal data when it is transferred outside of the EEA, the UK, or Switzerland by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal data, or otherwise ensuring appropriate safeguards are in place to protect your personal data.
Legal Mechanism for Transfers
For transfers of your personal data to recipients (sub-processors) who are located outside of the EEA, the UK, or Switzerland, we will rely on:
- European Commission-approved standard contractual data protection clauses, and or
- Binding corporate rules for transfers to data processors,
- EU-US Privacy Shield, Swiss-EU Privacy Shield,
- other appropriate legal mechanisms to safeguard the transfer.
Requirements for Sub-Processor Engagement
When engaging any sub-processor, we will:
- Ensure via a written contract that the sub-processor only accesses and uses your personal data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the Agreement and any Model Contract Clauses entered into or Alternative Transfer Solution adopted by us;
- Ensure that the data protection obligations described in Article 28(3) of the GDPR are imposed on the sub-processor if the GDPR applies to the processing of your personal data; and
- Remain fully liable for all obligations subcontracted to, and all acts and omissions of, the sub-processor.
EU-US Privacy Shield
To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. In compliance with the Privacy Shield Principles, Cognician is subject to the investigatory and enforcement powers of the FTC, the Department of Transportation or any other U.S. authorized statutory body [currently, there is no other U.S. authorized statutory body recognized by the EU or Switzerland], commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our Data Protection Officer at email@example.com.
Cognician has further committed to cooperate with the panel established by the EU data protection authorities with regard to unresolved Privacy Shield complaints concerning data transferred from the EU. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Retention of Your Personal DataIn general, we retain your personal information as needed to fulfill the purposes for which it was collected – i.e., we will process and store your personal data as necessary in order to fulfill our business requirements and contractual or legal obligations.
Cookies and Similar Technologies
Website Contacts Tracking
In order for us to obtain business-to-business contact information, we subscribe to a service that recognizes companies visiting our website and then matches this information to these companies. Data of individuals are not recognized or matched as part of this service. Information collected includes:
- Email address
- Public social media handles, links, and profile photos
- Job titles
Click here for more specific information about the website visitor tracker.
A Note on Web Analytics
We implement Google Analytics features that use Display Advertising information for Google Analytics Demographics and Interest Reporting. We collect information about how you interact with our platform and services on our website. You can opt out of Google Analytics for Display Advertising to prevent your data from being used by Google Analytics by going to the Google Analytics opt-out page.
Google reCAPTCHA v3
Click here for more information about Google reCAPTCHA v3.