Be GDPR compliant with CogniClick
The General Data Protection Regulation (GDPR) comes into effect on May 25th, 2018, and the new regulations will have wide-ranging impacts on organisations that collect and process data in the EU. Specifically, the GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer and/or use.
Data is incredibly important to CogniClick. We process a lot of it and therefore it’s important we comply with GDPR, and make it easy for you to meet the demands of GDPR.
For the purposes of this regulation our clients at CogniClick are The Data Controllers. Cogniclick is The Data Processor. We process data on behalf of the data controller.
PRIVACY FOR CONTACTS
(People who use a Cogniclick tool on third party websites)
This applies to the information we process about our clients’ (Data Controllers) contacts as a data processor.
1. Consent >
GDPR sets a high standard for Consent.
Within Cogniclick tools we set up lead forms with opt-ins and include check boxes that are not pre-clicked.
Consent within the tools is clear and distinguishable and in a intelligible and easy accessible form, using clear and plain language. It is as easy to withdraw consent as to give it.
The lead form consent will be attached to your contact within your data file and will always be readily available.
2. Access >
The GDPR includes the right for contacts to receive confirmation and information as to whether a company is processing personal data concerning them.
Cogniclick can provide a digital copy of all personal data on contacts gained through a CogniClick tool and export the data digitally.
3. Right to Portability
Data portability is the right for a contact to receive the personal data which they have previously provided to the company in a digital format.
Cogniclick will provide you with all information we have gained on your behalf through interactive content. You can export this data digitally.
4. Right to be forgotten
The right to be forgotten is also known as data erasure and entitles the contact to have the company holding their data erase their personal data and cease further dissemination.
You can quickly and easily erase personal data on the Cogniclick platform.
5. Reporting breaches
We are prepared to inform our clients, partners, authorities, vendors and suppliers about any security breach with 72 hours.
6. Protective measures
Appropriate technical and organisational measures which may include: pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the such measures adopted by it.
Our systems are hosted on a service called Heroku which provides a world class level of security and privacy. Our servers are located in Ireland. Further technical details on this can be found here: https://devcenter.heroku.com/articles/security-privacy-compliance
7. Return or deletion of the data
Whenever we collect or process your personal data, our suggested retention period is 12 months from your event start date. At the end of this 12 month period, your data will be deleted.
If you wish to raise a complaint on how we have handled your personal data, you can contact us at firstname.lastname@example.org and we will investigate the matter. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to …..
This privacy statement was created in May 2018.
PRIVACY FOR COGNICLICK CLIENTS
Give to clients for their websites >
‘People who use our Cogniclick service’
We use a third party provider, Cogniclick, to support our website.
If you use this tool we will only collect your name and email address if you provide these when prompted. This information, including contents of your session will be retained for 12 months and will not be shared with any other organisations.
You can request a transcript of your session if you provide your email address when prompted at the end of your session.