Privacy Policy

The Short Version

Your data belongs to you and not us. We don’t resell data about our users. We do use data from our users for improving our Services. Keeping your data safe is our highest priority and we take extended measurements to guarantee data security.

The Long Version

The website – ‘www.cognisaas.com’ (hereinafter referred to as “CogniSaaS”) is a Service owned and operated by CogniSaaS Technologies Private Limited, a private limited company incorporated under the Companies Act, 2013, bearing CIN U72900KA2020PTC131982 and having its registered address in Bangalore, Karnataka, India (hereinafter referred to as the “Service Provider”) undertakes to protect the Personal Data (as defined herein) of its Clients. This Privacy Policy is part of the Terms of Service.

User privacy is of paramount importance to the Service Provider. This Privacy Policy explains how the Service Provider collects, uses, shares, discloses and protects Personal Information (as defined herein) of the Clients using the Services of CogniSaaS. Clients are advised to familiarize themselves with this Privacy Policy.

Capitalized terms used herein and not otherwise defined herein shall have the meanings assigned to them in the Terms of Service of CogniSaaS available at www.cognisaas.com/terms, unless the context shall otherwise require.

This Privacy Policy is an electronic record generated by a computer system and does not require any physical or digital signatures. This Privacy Policy is published in compliance with Applicable Laws

For the purposes of this Privacy Policy, “Applicable Laws” shall, inter alia, include all laws, statutes, ordinance, regulations, guidelines, policies and other pronouncements having the effect of law of all or any applicable jurisdictions by state, municipality, court, tribunal, government, ministry, department, commission, arbitrator or board or such other body which has the force of law in all or any applicable jurisdiction, including but not limited to the applicable provisions of the Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (“Rules”), Information Technology (Intermediaries Guidelines) Rules, 2011, Data Protection Act 1998 and General Data Protection Regulations (“GDPR”). In addition, Clients shall also governed by the applicable data protection / privacy laws of Client’s country of residence.By visiting or registeringon CogniSaaS, the Client acknowledges to comply with the Privacy Policy, which may be amended from time to time without prior notice. Any modification or update shall be uploaded on CogniSaaS. Client hereby consents to the Service Provider’s collection, use and sharing, disclosure of Client’s information as described in this Privacy Policy. The Service Provider reserves the right to change, modify, add or delete portions of the terms of this Privacy Policy, at the Service Provider’s sole discretion, at any time. If the Client does not agree with this Privacy Policy at any time, Clients are advised not to use any of the Services or give the Service Provider any information regarding the Client.

1. Collected Data

While registering to and using CogniSaaS, the Service Provider collects, on a voluntary basis, from the Client a limited number of data, including Personal Data, which is solely for the performance of CogniSaaS and used in connection with the Services provided by the Service Provider on CogniSaaS.

The Client may therefore be required to provide the following information and the Client hereby consents to the collection of such information by the Service Provider:

  1. First name
  2. Last name
  3. Email address
  4. Phone
  5. Company name
  6. Company billing address
  7. Company tax identification number (VAT/GST number)

In addition, thereto, Service Provider automatically collects the following information about the Client’s use of the CogniSaaS or online Services through cookies, web beacons, log files and other technologies, as enumerated below:

  1. Client’s unique device identifiers,
  2. Client’s domain name,
  3. Client’s browser type and operating system,
  4. web pages the Client views,
  5. links the Client clicks,
  6. Client’s IP address,
  7. the length of time Client visits CogniSaaS or uses the Services,
  8. Client’s activities on CogniSaaS or use of the Services (including Client’s movement through CogniSaaS), and
  9. the referring URL or the webpage that led the Client to CogniSaaS.

The information collected from the Client by the Service Provider may constitute ‘Personal Data or Information’ or ‘Sensitive Personal Data or Information’ under the Rules.

“Personal Data or Information” is defined under the Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.

The Rules further define “Sensitive Personal Data or Information” of a person to mean personal information about that person relating to:

  • passwords
  • financial information such as bank accounts, credit and debit card details or other payment instrument details;
  • physical, physiological and mental health condition;
  • sexual orientation;
  • medical records and history;
  • biometric information;
  • information received by body corporate under lawful contract or otherwise;
  • visitor details as provided at the time of registration or thereafter; and
  • call data records.

2. Usage of Data

The purpose of data collection within CogniSaaS is to enhance the Client experience. The Service Provider will retain any Data the Client submits for as long as CogniSaaS deems it necessary to provide adequate Service to the Client, unless explicitly asked by a Client for their Data to be deleted.

The Client has a permanent right to access, amend or delete any information related to them by sending an email to [email protected].

All data provided by the Client, including Personal Data, will not be freely given to anyone. Service Provider does not, under any circumstances, sell the Client’s Personal Data.

If someone originating from Client’s Account or someone contacted via CogniSaaS at the Client’s discretion playing role of “Client” complains or contacts the Service Provider, the Service Provider might then contact that person.

Notwithstanding anything stated herein, CogniSaaS does not collect any Sensitive Personal Data that reveals, directly or indirectly, the racial and ethnic origins, the political, philosophical, religious opinions or trade union affiliation of persons, the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or information which concerns the health or sexual life or orientation of any person. Service Provider does not require / collect / process / share / store such Sensitive Personal Information of the Client.

For purposes of the Data Protection Act 1998 and GDPR, CogniSaaS acts as the “data controller” for Personal Data and acts as the “data processor” for data uploaded by the Client.

All Personal Data is stored securely by the Service Provider in accordance with the principles of the Data Protection Act 1998 and the European Union’s General Data Protection Regulation. For more details on these two security regulations see the clause below (Security).

Any or all of the above Data may be required by the Service Provider from time to time in order to provide the Client with the best possible service and experience when using CogniSaaS. Specifically, Personal Data may be used by the Service Provider for the following reasons:

  1. internal record keeping;
  2. improvement of the Service Provider’s products / Services;
  3. transmission by email of promotional materials that may be of interest to the Client;
  4. transmission to 3rd parties in order for them to market relevant promotional materials that may be of interest to you;
  5. the ability to make automated decision making, including profiling, only for the purpose of offering a better and more personalized experience for the Client or marketing to new clients based on information from the Clients of CogniSaaS in aggregate.

3. Third party websites and services

Service Provider may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of CogniSaaS. The providers of such services have access to certain Personal Data provided by the Client and may be located in various locations throughout the world.

Unless we specifically say otherwise, Client’s Data may be intentionally disclosed to third parties for the sake of administering better service on CogniSaaS, but never for marketing purposes through various affiliates and / or other companies within the Service Provider’s group.

Any Personal Data used by such parties is used only to the extent required by them to perform the services that the Service Provider requests of them. Any use for other purposes is strictly prohibited. Furthermore, any Data that is processed by third parties will be processed within the terms of this Privacy Policy and in accordance with the Data Protection Act 1998 and GDPR.

Additionally, Data can be transmitted to 3rd parties for relevant marketing purposes at the sole discretion of those employed by the Service Provider.

If requested by law or by court order, Service Provider may provide the Personal Data to the legal authorities.

4. Minor’s use of CogniSaaS and/or the Services

CogniSaaS and/or the Services are not intended for use of any person who is a minor as per the applicable laws of their residence. Service Provider does not knowingly collect any Personal Information from any person who is a minor or market to or solicit information from any person who is a minor. If Service Provider becomes aware that a person submitting Personal Information is a minor, Service Provider shall delete such Client’s Account and any related information immediately. If any persons believe that they may have any information from or about a child who is a minor using CogniSaaS and/or Services, please contact the Service Provider at [email protected].

5. Links to other websites

CogniSaaS may, from time to time, provide links to other websites. Service Provider has no control over such websites and is not responsible for the content of these websites. This Privacy oPlicy does not extend to Client’s use of such websites. Clients are advised to read the privacy policy or statement of such other websites prior to using them.

6. Controlling use of Client’s Data

Wherever the Client is required to submit Data, Client will be given options to restrict the Service Provider’s use of that Data. This may include the following:

  1. Use of Data for direct or indirect marketing purposes; and
  2. Client shall have the right to ask for a copy of any of the Client’s Personal Data held by CogniSaaS.
  3. Client has the right to withdraw consent necessary to use the Services provided by CogniSaaS at any time.
  4. Client has the right for Client Data to be deleted from the servers and databases of CogniSaaS.

7. Security

Service Provider takes data security very seriously and its system is compliant with the latest web security standards. Service Provider uses full SSL encryption, between its server and the Client once the latter is logged in and for the transfer to the Client. The login system is protected against brute­force attacks, injection of malicious scripts and other commonly known attack types. The access to CogniSaaS or to the Client’s Account and thus to the processed data is only possible through a valid password. The passwords are stored encrypted hash keys in the database and not visible to the staff of the Service Provider.

CogniSaaS is running on the AWS (Amazon Web Services) Cloud. Only authorized employees of the Service Provider have access to view Personal Data.

If password access is required for certain parts of CogniSaaS, Client shall be responsible for keeping this password confidential.

Service Provider endeavour to do its best to protect Client’s Personal Data. However, transmission of information over the internet is not always perfectly secure and is done at Client’s own risk. Service Provider cannot ensure the security of Client Data transmitted to CogniSaaS.

8. Cookies

CogniSaaS may place and access certain Cookies on the Client’s computer. CogniSaaS uses Cookies to improve Cient’s experience of using CogniSaaS and to improve the Service Provider’s range of products and Services provided on CogniSaaS.

Service Provider has carefully chosen these Cookies and has taken steps to ensure that the Client’s privacy is protected and respected at all times.

These are cookies that are required for the operation of CogniSaaS. They include, for example, cookies that enable the Client to log into secure areas of CogniSaaS to make use of e-billing services.

Client can choose to enable or disable Cookies in Client’s internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, Clients are requested to consult the help menu in their internet browser.

Client can choose to delete Cookies at any time; however Client may lose any information that enables Client to access CogniSaaS more quickly and efficiently including, but not limited to, personalisation settings.

It is recommended that the Client ensures that the Client’s internet browser is up-to-date and that the Client consult the help and guidance provided by the developer of the Client’s internet browser if the Client are unsure about adjusting the Client’s privacy settings.

9. Communication by CogniSaaS

Service Provider may send emails to the Client for technical or administrative purposes or to inform the Client of the latest developments. Service Provider may also send unrelated commercial offers to the Client but in relation with the activity of the Client.

10. General

Client may not transfer any of the Client’s rights under this Privacy Policy to any other person. Service Provider may transfer their rights under this Privacy Policy where the Service Provider reasonably believes that the Client’s rights will not be affected.

If any court or competent authority finds that any provision of this Privacy Policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Policy will not be affected.

Unless otherwise agreed, no delay, act or omission by a Party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

This Privacy Policy is governed by and interpreted according to the laws of India.

Any dispute, controversy or claim arising under, out of or relating to the validity, interpretation and performance of this Privacy Policy shall be referred to and finally determined by the competent courts in Bangalore, India and Indian law shall apply.

For any questions or concerns relating to the use of the Client Data by the Service Provider while using CogniSaaS, the Client is welcome to email the Service Provider at [email protected].

Service Provider is not responsible for any breach of security or for any actions of any third parties that receive the Client’s Personal Information.

Notwithstanding anything contained in this Privacy Policy or elsewhere, Service Provider shall not be held responsible for any loss, damage or misuse of the Client’s Personal Information, if such loss, damage or misuse is attributable to a Force Majeure Event (as defined below).

A “Force Majeure Event” shall mean any event that is beyond the reasonable control of the Service Provider and shall include, without limitation, sabotage, fire, flood, explosion, epidemic, pandemic, acts of God, civil commotion, strikes, lockouts or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, civil disturbances, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, and any other similar events not within the control of the Service Provider and which the Service Provider is not able to overcome.

11. Changes of business ownership and control

Service Provider may, from time to time, expand or reduce its business and this may involve the sale and/or the transfer of control of all or part of the Service Provider. Data provided by the Clients will, where it is relevant to any part of the Service Provider’s business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use the Data for the purposes for which it was originally supplied to the Service Provider. Service Providers may also disclose Data to a prospective purchaser of the Service Provider’s business or any part of it. In the above instances, Service Provider will take steps with the aim of ensuring that the Client’s privacy is protected.

12. For European Union citizens or Swiss citizens

12.1 Access to Personal Information

      12.1.1Where applicable, Client shall have the right to obtain from the Service Provider, a confirmation as to whether or not Client’s Personal Information is being processed. In addition, where such processing is confirmed, and Client requests for the same, the Service Provider shall arrange access to the Personal Information and the following information:

  1. the categories of Personal Information concerned;
  2. the recipients or categories of recipient to whom the Personal Information have been or will be disclosed;
  3. where possible, the envisaged period for which the Personal Information will be stored, or, if not possible, the criteria used to determine that period;
  4. the existence of the right to request from the Registrar, rectification or erasure of Personal Information or restriction of processing of personal data concerning the data subject or to object to such processing;
  5. the right to lodge a complaint with a supervisory authority;
  6. where the Personal Information was not collected from the Client by the Service Provider, any available information as to its source (e.g. referral program etc.); and
  7. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

      12.1.2 Where Client’s Personal Information is transferred to a third country, Client shall also have the right to be informed of the appropriate safeguards the Service Provider have put in place pursuant to Article 46 of the GDPR relating to the transfer.

      12.1.3 Copies of the information: The Service Provider shall be happy to provide, where requested, a copy of the information, relating to the Client, which are being processed, subject to the restrictions as noted in Article 23 of the GDPR.

   12.2 Rectification

      All Personal Information held by the Service Provider is that Personal Information which the Client has provided the Service Provider. To review, update or correct this Personal Information, Client should log into their Account. If this is deemed insufficient, or if the Client is experiencing any difficulties in making the required updates, Client should contact the Service Provider at [email protected]

   12.3 Deletion / Erasure

      In the event that the Client, as the data subject, wishes to erase Personal Information concerning the Client, the Service Provider will fulfil this request should one of the following grounds apply:

  1. the Personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed, e.g. the provision of the Service Provider’s Services;
  2. where processing is based solely upon the Client’s required consent, and Client withdraws the consent on which the processing is based;
  3. where the Client objects to the processing, and where there are no overriding legitimate grounds for the processing;
  4. where Client can demonstrate that the Personal Information has been unlawfully processed;
  5. where Client provides notice that the Personal Information must be erased for compliance with a legal obligation as contained in a stated Union or Member State law to which the controller is subject; or
  6. where the Service Provider is unable to demonstrate proper reliance on an exception under 17 (3) of the GDPR.

   12.4 Right to be Forgotten

      In the event that the Service Provider has disclosed Client’s data to a third party and where the Client has made a valid request to erase the Client’s Personal Information, the Service Provider will, upon receipt of request thereto from the Client, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform any such third parties which are processing that Personal Information, of Client’s request for erasure.

13. Changes to this Privacy Policy

The Service Provider reserves the right to change this Privacy Policy as the Service Provider may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on CogniSaaS and the Client shall be deemed to have accepted the terms of this Privacy Policy on the Client’s first use of CogniSaaS following the alterations. All information submitted by the Client through CogniSaaS to the Service Provider is subject to the terms and conditions of this Privacy Policy, as amended. Queries regarding this Privacy Policy should be directed to [email protected]

14. Contact us

In case of any grievance, please get in touch with the Service Provider at the co-ordinates provided below:

Data Protection Officer

Name: Rupesh Rao

Phone: +91-9632043273

Email: [email protected]