The Short Version
Your data belongs to you and not us. We don’t resell data about our users. We do use data from our users for improving our Services. Keeping your data safe is our highest priority and we take extended measurements to guarantee data security.
The Long Version
Capitalized terms used herein and not otherwise defined herein shall have the meanings assigned to them in the Terms of Service of CogniSaaS available at www.cognisaas.com/terms, unless the context shall otherwise require.
1. Collected Data
While registering to and using CogniSaaS, the Service Provider collects, on a voluntary basis, from the Client a limited number of data, including Personal Data, which is solely for the performance of CogniSaaS and used in connection with the Services provided by the Service Provider on CogniSaaS.
The Client may therefore be required to provide the following information and the Client hereby consents to the collection of such information by the Service Provider:
- First name
- Last name
- Email address
- Company name
- Company billing address
- Company tax identification number (VAT/GST number)
In addition, thereto, Service Provider automatically collects the following information about the Client’s use of the CogniSaaS or online Services through cookies, web beacons, log files and other technologies, as enumerated below:
- Client’s unique device identifiers,
- Client’s domain name,
- Client’s browser type and operating system,
- web pages the Client views,
- links the Client clicks,
- Client’s IP address,
- the length of time Client visits CogniSaaS or uses the Services,
- Client’s activities on CogniSaaS or use of the Services (including Client’s movement through CogniSaaS), and
- the referring URL or the webpage that led the Client to CogniSaaS.
The information collected from the Client by the Service Provider may constitute ‘Personal Data or Information’ or ‘Sensitive Personal Data or Information’ under the Rules.
“Personal Data or Information” is defined under the Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.
The Rules further define “Sensitive Personal Data or Information” of a person to mean personal information about that person relating to:
- financial information such as bank accounts, credit and debit card details or other payment instrument details;
- physical, physiological and mental health condition;
- sexual orientation;
- medical records and history;
- biometric information;
- information received by body corporate under lawful contract or otherwise;
- visitor details as provided at the time of registration or thereafter; and
- call data records.
2. Usage of Data
The purpose of data collection within CogniSaaS is to enhance the Client experience. The Service Provider will retain any Data the Client submits for as long as CogniSaaS deems it necessary to provide adequate Service to the Client, unless explicitly asked by a Client for their Data to be deleted.
The Client has a permanent right to access, amend or delete any information related to them by sending an email to [email protected].
All data provided by the Client, including Personal Data, will not be freely given to anyone. Service Provider does not, under any circumstances, sell the Client’s Personal Data.
If someone originating from Client’s Account or someone contacted via CogniSaaS at the Client’s discretion playing role of “Client” complains or contacts the Service Provider, the Service Provider might then contact that person.
Notwithstanding anything stated herein, CogniSaaS does not collect any Sensitive Personal Data that reveals, directly or indirectly, the racial and ethnic origins, the political, philosophical, religious opinions or trade union affiliation of persons, the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or information which concerns the health or sexual life or orientation of any person. Service Provider does not require / collect / process / share / store such Sensitive Personal Information of the Client.
For purposes of the Data Protection Act 1998 and GDPR, CogniSaaS acts as the “data controller” for Personal Data and acts as the “data processor” for data uploaded by the Client.
All Personal Data is stored securely by the Service Provider in accordance with the principles of the Data Protection Act 1998 and the European Union’s General Data Protection Regulation. For more details on these two security regulations see the clause below (Security).
Any or all of the above Data may be required by the Service Provider from time to time in order to provide the Client with the best possible service and experience when using CogniSaaS. Specifically, Personal Data may be used by the Service Provider for the following reasons:
- internal record keeping;
- improvement of the Service Provider’s products / Services;
- transmission by email of promotional materials that may be of interest to the Client;
- transmission to 3rd parties in order for them to market relevant promotional materials that may be of interest to you;
- the ability to make automated decision making, including profiling, only for the purpose of offering a better and more personalized experience for the Client or marketing to new clients based on information from the Clients of CogniSaaS in aggregate.
3. Third party websites and services
Service Provider may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of CogniSaaS. The providers of such services have access to certain Personal Data provided by the Client and may be located in various locations throughout the world.
Unless we specifically say otherwise, Client’s Data may be intentionally disclosed to third parties for the sake of administering better service on CogniSaaS, but never for marketing purposes through various affiliates and / or other companies within the Service Provider’s group.
Additionally, Data can be transmitted to 3rd parties for relevant marketing purposes at the sole discretion of those employed by the Service Provider.
If requested by law or by court order, Service Provider may provide the Personal Data to the legal authorities.
4. Minor’s use of CogniSaaS and/or the Services
CogniSaaS and/or the Services are not intended for use of any person who is a minor as per the applicable laws of their residence. Service Provider does not knowingly collect any Personal Information from any person who is a minor or market to or solicit information from any person who is a minor. If Service Provider becomes aware that a person submitting Personal Information is a minor, Service Provider shall delete such Client’s Account and any related information immediately. If any persons believe that they may have any information from or about a child who is a minor using CogniSaaS and/or Services, please contact the Service Provider at [email protected].
5. Links to other websites
6. Controlling use of Client’s Data
Wherever the Client is required to submit Data, Client will be given options to restrict the Service Provider’s use of that Data. This may include the following:
- Use of Data for direct or indirect marketing purposes; and
- Client shall have the right to ask for a copy of any of the Client’s Personal Data held by CogniSaaS.
- Client has the right to withdraw consent necessary to use the Services provided by CogniSaaS at any time.
- Client has the right for Client Data to be deleted from the servers and databases of CogniSaaS.
Service Provider takes data security very seriously and its system is compliant with the latest web security standards. Service Provider uses full SSL encryption, between its server and the Client once the latter is logged in and for the transfer to the Client. The login system is protected against bruteforce attacks, injection of malicious scripts and other commonly known attack types. The access to CogniSaaS or to the Client’s Account and thus to the processed data is only possible through a valid password. The passwords are stored encrypted hash keys in the database and not visible to the staff of the Service Provider.
CogniSaaS is running on the AWS (Amazon Web Services) Cloud. Only authorized employees of the Service Provider have access to view Personal Data.
If password access is required for certain parts of CogniSaaS, Client shall be responsible for keeping this password confidential.
Service Provider endeavour to do its best to protect Client’s Personal Data. However, transmission of information over the internet is not always perfectly secure and is done at Client’s own risk. Service Provider cannot ensure the security of Client Data transmitted to CogniSaaS.
Service Provider has carefully chosen these Cookies and has taken steps to ensure that the Client’s privacy is protected and respected at all times.
These are cookies that are required for the operation of CogniSaaS. They include, for example, cookies that enable the Client to log into secure areas of CogniSaaS to make use of e-billing services.
Client can choose to enable or disable Cookies in Client’s internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, Clients are requested to consult the help menu in their internet browser.
Client can choose to delete Cookies at any time; however Client may lose any information that enables Client to access CogniSaaS more quickly and efficiently including, but not limited to, personalisation settings.
It is recommended that the Client ensures that the Client’s internet browser is up-to-date and that the Client consult the help and guidance provided by the developer of the Client’s internet browser if the Client are unsure about adjusting the Client’s privacy settings.
9. Communication by CogniSaaS
Service Provider may send emails to the Client for technical or administrative purposes or to inform the Client of the latest developments. Service Provider may also send unrelated commercial offers to the Client but in relation with the activity of the Client.
Unless otherwise agreed, no delay, act or omission by a Party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
For any questions or concerns relating to the use of the Client Data by the Service Provider while using CogniSaaS, the Client is welcome to email the Service Provider at [email protected].
Service Provider is not responsible for any breach of security or for any actions of any third parties that receive the Client’s Personal Information.
A “Force Majeure Event” shall mean any event that is beyond the reasonable control of the Service Provider and shall include, without limitation, sabotage, fire, flood, explosion, epidemic, pandemic, acts of God, civil commotion, strikes, lockouts or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, civil disturbances, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, and any other similar events not within the control of the Service Provider and which the Service Provider is not able to overcome.
11. Changes of business ownership and control
12. For European Union citizens or Swiss citizens
12.1 Access to Personal Information
12.1.1Where applicable, Client shall have the right to obtain from the Service Provider, a confirmation as to whether or not Client’s Personal Information is being processed. In addition, where such processing is confirmed, and Client requests for the same, the Service Provider shall arrange access to the Personal Information and the following information:
- the categories of Personal Information concerned;
- the recipients or categories of recipient to whom the Personal Information have been or will be disclosed;
- where possible, the envisaged period for which the Personal Information will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the Registrar, rectification or erasure of Personal Information or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the Personal Information was not collected from the Client by the Service Provider, any available information as to its source (e.g. referral program etc.); and
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
12.1.2 Where Client’s Personal Information is transferred to a third country, Client shall also have the right to be informed of the appropriate safeguards the Service Provider have put in place pursuant to Article 46 of the GDPR relating to the transfer.
12.1.3 Copies of the information: The Service Provider shall be happy to provide, where requested, a copy of the information, relating to the Client, which are being processed, subject to the restrictions as noted in Article 23 of the GDPR.
All Personal Information held by the Service Provider is that Personal Information which the Client has provided the Service Provider. To review, update or correct this Personal Information, Client should log into their Account. If this is deemed insufficient, or if the Client is experiencing any difficulties in making the required updates, Client should contact the Service Provider at [email protected]
12.3 Deletion / Erasure
In the event that the Client, as the data subject, wishes to erase Personal Information concerning the Client, the Service Provider will fulfil this request should one of the following grounds apply:
- the Personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed, e.g. the provision of the Service Provider’s Services;
- where processing is based solely upon the Client’s required consent, and Client withdraws the consent on which the processing is based;
- where the Client objects to the processing, and where there are no overriding legitimate grounds for the processing;
- where Client can demonstrate that the Personal Information has been unlawfully processed;
- where Client provides notice that the Personal Information must be erased for compliance with a legal obligation as contained in a stated Union or Member State law to which the controller is subject; or
- where the Service Provider is unable to demonstrate proper reliance on an exception under 17 (3) of the GDPR.
12.4 Right to be Forgotten
In the event that the Service Provider has disclosed Client’s data to a third party and where the Client has made a valid request to erase the Client’s Personal Information, the Service Provider will, upon receipt of request thereto from the Client, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform any such third parties which are processing that Personal Information, of Client’s request for erasure.
14. Contact us
In case of any grievance, please get in touch with the Service Provider at the co-ordinates provided below:
Data Protection Officer
Name: Rupesh Rao
Email: [email protected]