The Short Version
Your data belongs to you and not us. We don’t resell data about our users. We do use data from our users for improving our Services. Keeping your data safe is our highest priority and we take extended measurements to guarantee data security..
The Long Version
Your data belongs to you and not us. We don’t resell data about our users. We do use data from our users for improving our Services. Keeping your data safe is our highest priority and we take extended measurements to guarantee data security.
Capitalized terms used herein and not otherwise defined herein shall have the meanings assigned to them in the Terms of Service of CogniSaaS available at www.cognisaas.com/terms, unless the context shall otherwise require.
1. Collected Data
While registering to and using CogniSaaS, the Service Provider collects, on a voluntary basis, from the Client a limited number of data, including Personal Data, which is solely for the performance of CogniSaaS and used in connection with the Services provided by the Service Provider on CogniSaaS.
The Client may therefore be required to provide the following information and the Client hereby consents to the collection of such information by the Service Provider:
- First name
- Last name
- Email address
- Company name
- Company billing address
- Company tax identification number (VAT/GST number)
In addition, thereto, Service Provider automatically collects the following information about the Client’s use of the CogniSaaS or online Services through cookies, web beacons, log files and other technologies, as enumerated below:
- Client’s unique device identifiers,
- Client’s domain name,
- Client’s browser type and operating system,
- web pages the Client views,
- links the Client clicks,
- Client’s IP address,
- the length of time Client visits CogniSaaS or uses the Services,
- Client’s activities on CogniSaaS or use of the Services (including Client’s movement through CogniSaaS), and
- the referring URL or the webpage that led the Client to CogniSaaS.
The information collected from the Client by the Service Provider may constitute ‘Personal Data or Information’ or ‘Sensitive Personal Data or Information’ under the Rules.
“Personal Data or Information” is defined under the Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.
The Rules further define “Sensitive Personal Data or Information” of a person to mean personal information about that person relating to:
- financial information such as bank accounts, credit and debit card details or other payment instrument details;
- physical, physiological and mental health condition;
- sexual orientation;
- medical records and history;
- biometric information;
- information received by body corporate under lawful contract or otherwise;
- visitor details as provided at the time of registration or thereafter; and
- call data records.
Other data covered under CCPA
We have collected the following categories of personal information from consumers within the last twelve (12) months:
|Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.||YES|
|Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|Protected classification characteristics under California or federal law||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||NO|
|Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||NO|
|Biometric information.||Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|Internet or other similar network activity.||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||YES|
|Geolocation data.||Physical location or movements.||NO|
|Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||NO|
|Professional or employment-related information.||Current or past job history or performance evaluations.||NO|
|Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|Inferences drawn from other personal information.||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||NO|
2. Usage of Data
The purpose of data collection within CogniSaaS is to enhance the Client experience. The Service Provider will retain any Data the Client submits for as long as CogniSaaS deems it necessary to provide adequate Service to the Client, unless explicitly asked by a Client for their Data to be deleted.
The Client has a permanent right to access, amend or delete any information related to them by sending an email to [email protected].
All data provided by the Client, including Personal Data, will not be freely given to anyone. Service Provider does not, under any circumstances, sell the Client’s Personal Data.
If someone originating from Client’s Account or someone contacted via CogniSaaS at the Client’s discretion playing role of “Client” complains or contacts the Service Provider, the Service Provider might then contact that person.
Notwithstanding anything stated herein, CogniSaaS does not collect any Sensitive Personal Data that reveals, directly or indirectly, the racial and ethnic origins, the political, philosophical, religious opinions or trade union affiliation of persons, the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or information which concerns the health or sexual life or orientation of any person. Service Provider does not require / collect / process / share / store such Sensitive Personal Information of the Client.
For purposes of the Data Protection Act 1998 and GDPR, CogniSaaS acts as the “data controller” for Personal Data and acts as the “data processor” for data uploaded by the Client.
All Personal Data is stored securely by the Service Provider in accordance with the principles of the Data Protection Act 1998 and the European Union’s General Data Protection Regulation. For more details on these two security regulations see the clause below (Security).
Any or all of the above Data may be required by the Service Provider from time to time in order to provide the Client with the best possible service and experience when using CogniSaaS. Specifically, Personal Data may be used by the Service Provider for the following reasons:
- internal record keeping;
- improvement of the Service Provider’s products / Services;
- transmission by email of promotional materials that may be of interest to the Client;
- transmission to 3rd parties in order for them to market relevant promotional materials that may be of interest to you;
- the ability to make automated decision making, including profiling, only for the purpose of offering a better and more personalized experience for the Client or marketing to new clients based on information from the Clients of CogniSaaS in aggregate.
Sales of Personal Information
In the preceding twelve (12) months, Company has not sold personal information
3. Third party websites and services
Service Provider may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of CogniSaaS. The providers of such services have access to certain Personal Data provided by the Client and may be located in various locations throughout the world.
Unless we specifically say otherwise, Client’s Data may be intentionally disclosed to third parties for the sake of administering better service on CogniSaaS, but never for marketing purposes through various affiliates and / or other companies within the Service Provider’s group.
Additionally, Data can be transmitted to 3rd parties for relevant marketing purposes at the sole discretion of those employed by the Service Provider.
If requested by law or by court order, Service Provider may provide the Personal Data to the legal authorities.
4. Minor’s use of CogniSaaS and/or the Services
CogniSaaS and/or the Services are not intended for use of any person who is a minor as per the applicable laws of their residence. Service Provider does not knowingly collect any Personal Information from any person who is a minor or market to or solicit information from any person who is a minor. If Service Provider becomes aware that a person submitting Personal Information is a minor, Service Provider shall delete such Client’s Account and any related information immediately. If any persons believe that they may have any information from or about a child who is a minor using CogniSaaS and/or Services, please contact the Service Provider at [email protected].
5. Links to other websites
6. Controlling use of Client’s Data
Wherever the Client is required to submit Data, Client will be given options to restrict the Service Provider’s use of that Data. This may include the following:
- Use of Data for direct or indirect marketing purposes; and
- Client shall have the right to ask for a copy of any of the Client’s Personal Data held by CogniSaaS.
- Client has the right to withdraw consent necessary to use the Services provided by CogniSaaS at any time.
- Client has the right for Client Data to be deleted from the servers and databases of CogniSaaS.
Service Provider takes data security very seriously and its system is compliant with the latest web security standards. Service Provider uses full SSL encryption, between its server and the Client once the latter is logged in and for the transfer to the Client. The login system is protected against bruteforce attacks, injection of malicious scripts and other commonly known attack types. The access to CogniSaaS or to the Client’s Account and thus to the processed data is only possible through a valid password. The passwords are stored encrypted hash keys in the database and not visible to the staff of the Service Provider.
CogniSaaS is running on the AWS (Amazon Web Services) Cloud. Only authorized employees of the Service Provider have access to view Personal Data.
If password access is required for certain parts of CogniSaaS, Client shall be responsible for keeping this password confidential.
Service Provider endeavour to do its best to protect Client’s Personal Data. However, transmission of information over the internet is not always perfectly secure and is done at Client’s own risk. Service Provider cannot ensure the security of Client Data transmitted to CogniSaaS.
Service Provider has carefully chosen these Cookies and has taken steps to ensure that the Client’s privacy is protected and respected at all times.
These are cookies that are required for the operation of CogniSaaS. They include, for example, cookies that enable the Client to log into secure areas of CogniSaaS to make use of e-billing services.
Client can choose to enable or disable Cookies in Client’s internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, Clients are requested to consult the help menu in their internet browser.
Client can choose to delete Cookies at any time; however Client may lose any information that enables Client to access CogniSaaS more quickly and efficiently including, but not limited to, personalisation settings.
It is recommended that the Client ensures that the Client’s internet browser is up-to-date and that the Client consult the help and guidance provided by the developer of the Client’s internet browser if the Client are unsure about adjusting the Client’s privacy settings.
9. Communication by CogniSaaS
Service Provider may send emails to the Client for technical or administrative purposes or to inform the Client of the latest developments. Service Provider may also send unrelated commercial offers to the Client but in relation with the activity of the Client.
Unless otherwise agreed, no delay, act or omission by a Party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
For any questions or concerns relating to the use of the Client Data by the Service Provider while using CogniSaaS, the Client is welcome to email the Service Provider at [email protected].
Service Provider is not responsible for any breach of security or for any actions of any third parties that receive the Client’s Personal Information.
A “Force Majeure Event” shall mean any event that is beyond the reasonable control of the Service Provider and shall include, without limitation, sabotage, fire, flood, explosion, epidemic, pandemic, acts of God, civil commotion, strikes, lockouts or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, civil disturbances, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, and any other similar events not within the control of the Service Provider and which the Service Provider is not able to overcome.
11. Changes of business ownership and control
12. For European Union citizens or Swiss citizens
12.1 Access to Personal Information
12.1.1Where applicable, Client shall have the right to obtain from the Service Provider, a confirmation as to whether or not Client’s Personal Information is being processed. In addition, where such processing is confirmed, and Client requests for the same, the Service Provider shall arrange access to the Personal Information and the following information:
- the categories of Personal Information concerned;
- the recipients or categories of recipient to whom the Personal Information have been or will be disclosed;
- where possible, the envisaged period for which the Personal Information will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the Registrar, rectification or erasure of Personal Information or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the Personal Information was not collected from the Client by the Service Provider, any available information as to its source (e.g. referral program etc.); and
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
12.1.2 Where Client’s Personal Information is transferred to a third country, Client shall also have the right to be informed of the appropriate safeguards the Service Provider have put in place pursuant to Article 46 of the GDPR relating to the transfer.
12.1.3 Copies of the information: The Service Provider shall be happy to provide, where requested, a copy of the information, relating to the Client, which are being processed, subject to the restrictions as noted in Article 23 of the GDPR.
All Personal Information held by the Service Provider is that Personal Information which the Client has provided the Service Provider. To review, update or correct this Personal Information, Client should log into their Account. If this is deemed insufficient, or if the Client is experiencing any difficulties in making the required updates, Client should contact the Service Provider at [email protected]
12.3 Deletion / Erasure
In the event that the Client, as the data subject, wishes to erase Personal Information concerning the Client, the Service Provider will fulfil this request should one of the following grounds apply:
- the Personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed, e.g. the provision of the Service Provider’s Services;
- where processing is based solely upon the Client’s required consent, and Client withdraws the consent on which the processing is based;
- where the Client objects to the processing, and where there are no overriding legitimate grounds for the processing;
- where Client can demonstrate that the Personal Information has been unlawfully processed;
- where Client provides notice that the Personal Information must be erased for compliance with a legal obligation as contained in a stated Union or Member State law to which the controller is subject; or
- where the Service Provider is unable to demonstrate proper reliance on an exception under 17 (3) of the GDPR.
12.4 Right to be Forgotten
In the event that the Service Provider has disclosed Client’s data to a third party and where the Client has made a valid request to erase the Client’s Personal Information, the Service Provider will, upon receipt of request thereto from the Client, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform any such third parties which are processing that Personal Information, of Client’s request for erasure.
13. CCPA Rights
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights
13.1 Access to Specific Information and Data Portability Rights
You have the right to request that CogniSaaS disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- Sales, identifying the personal information categories that each category of recipient purchased.
- Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
13.2 Deletion Request Rights
You have the right to request that CogniSaaS delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities..
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Response Timing and Format
We endeavour to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
14. Singapore PDPA Rights
The Singapore PDPA provides individuals with specific rights regarding their personal information. This section describes your PDPA rights and explains how to exercise those rights
Access to the Data: You can ask us for a copy of your personal data.
Change or Correct Data: You can ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
16. Contact us
In case of any grievance, please get in touch with the Service Provider at the co-ordinates provided below:
Data Protection Officer
Name: Vivek Devaraj
Email: [email protected]