Data Privacy and Security
Effective date: 1st November 2019
Policy key definitions:
- “I”, “our”, “us”, or “we” refer to the business, CogniClick Limited.
- “you”, “the user” refer to the person(s) using this website.
- GDPR means General Data Protection Act.
- ICO means Information Commissioner’s Office.
- Cookies mean small files stored on a users computer or device.
We are registered with the ICO under the Data Protection Register, our registration number is: A8440881.
Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.
Collecting personally identifiable information
We do not collect any personally identifiable information, without your express permission for which we will clearly ask. The only area where such a request is made is via a forms where we request your name, company name, telephone number and email address.
Any data that is received in this way is held securely and will not be shared with any third party, at any time.
This privacy notice aims to inform you about how we collect and process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information. It tells you about your privacy rights and how the law protects you.
The law requires that we tell you about your rights and our obligations to you in regard to the processing and control of your personal data. We do this now, by requesting that you read the information provided at http://www.knowyourprivacyrights.org
Except as set out below, we do not share, or sell, or disclose to a third party, any information collected via our application.
1. Data Protection Officer
The appointed Data Protection Officer (DPO) is Helen Kensett who is responsible for ensuring that our policy is followed. If you have any questions about this policy, including any requests to exercise your legal rights, please contact our DPO by email at firstname.lastname@example.org
2. Data the we process
We may collect, use, store and transfer different kinds of personal data about you which have been collated these into groups as follows:
- Your identity which includes information such as first name, last name, and other identifiers that you may have provided at some time.
- Your contact information which includes information: email address, telephone number, and any other information you have given to us for the purpose of communication or meeting.
- Technical data which includes your internet protocol (IP) address, browser type, and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website. Your profile includes information such as feedback and survey responses.
- Marketing data which includes your preferences in receiving marketing from us; communication preferences; responses and actions in relation to your use of our services.
- We may aggregate anonymous data such as statistical or demographic data for any purpose. Anonymous data is data that does not identify you as an individual. Aggregated data may be derived from your personal data but is not considered personal information in law because it does not reveal your identity. For example, we may aggregate profile data to assess interest in a product or service. However, if we combine or connect aggregated data with your personal information so that it can identify you in any way, we treat the combined data as personal information and it will be used in accordance with this privacy notice.
We do not collect or process any financial transactional data through our application.
3. Special personal information
Special personal information is data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. It also includes information about criminal convictions and offences. We do not collect any special personal information about you.
4. If you do not provide personal information we need
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform that contract. In that case, we may have to stop providing a service to you. If so, we will notify you of this at the time.
5. The bases on which we process information about you
The law requires us to determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category. If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data. If the basis changes then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.
5. Information we process because we have a contractual obligation with you
When you create an account through our application, you must agree to out terms and conditions and a contract is formed between you and us. In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.
We may use it in order to:
- verify your identity for security purposes
- provide you with suggestions and advice on products, services and how to obtain the most from using our application
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract. We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
6. Information we process with your consent
We will continue to process your information until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing me by writing to email@example.com However, if you do so, you may not be able to use our application further.
7. Information we process for the purposes of legitimate interests
We may process information on the basis there is a legitimate interest, either to you or to us, of doing so. Where we process your information on this basis, we do so after having given careful consideration to:
- whether the same objective could be achieved through other means
- whether processing (or not processing) might cause you harm
- whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so
For example, we may process your data on this basis for the purposes of:
- record-keeping for the proper and necessary administration of our business
- responding to unsolicited communication from you to which we believe you would expect a response
- protecting and asserting the legal rights of any party
- insuring against or obtaining professional advice that is required to manage risk
- protecting your interests where we believe we have a duty to do so
8. Information we process because we have a legal obligation
Sometimes, we it is necessary to process your information in order to comply with a statutory obligation. For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This may include your personal information.
9. Communicating with us
When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need. We record your request and our reply in order to increase the efficiency of our business. We keep personally identifiable information associated with your messages, such as your name and email address so as to be able to track our communications with you to provide a high-quality service.
• anonymously to track how you use our application
• to record whether you have seen specific messages displayed on the application
• to keep you signed in to the application
• to record your answers to surveys and questionnaires on the application while you complete them
11. Personal identifiers from your browsing activity
Requests by your web browser to our servers for web pages and other content on our website are recorded. We may record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to use our application, such as the type of computer or device and the screen resolution. We use this information in aggregate to assess the how we perform in providing content to you. If combined with other information that we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our application. We will not seek to identify you through these means.
12. Disclosure and sharing of your information we obtain from third parties
Although we do not disclose your personal information to any third party (except as set out in this notice), we may sometimes receive data that is indirectly made up from your personal information from third parties whose services we use. No such information is personally identifiable to you.
13. Data may be processed outside the European Union
Our website is hosted in the United Kingdom? No data is passed outside of the European Union?
Is this correct? Needs checking with Marc. We talked about Digital Ocean and the location of the servers.
Control over your own information
14. Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.
15. Access to your personal information
At any time you may review or update personally identifiable information that we hold about you. To obtain a copy of any information you should contact firstname.lastname@example.org to make that request. After receiving the request, we will tell you when we expect to provide you with the information, and whether we require any fee for providing it to you.
16. Removal of your information
If you wish us to remove personally identifiable information, you should contact us at email@example.com to make your request. This may limit the service we can provide to you.
17. Verification of your information
When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
Other privacy matters
18. Use of site by children
We do not sell products or provide services for purchase by children, nor do we market to children. If you are under 18, you may use our website only with consent from a parent or guardian. We collect limited session data about all users of and visitors to these areas regardless of age, and we anticipate that some of those users and visitors will be children.
19. Encryption of data sent between us
We take many additional steps to protect your data within our application. We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you provide us.
Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.
20. How too make a complaint
21. Retention period for personal data
Except as otherwise mentioned in this privacy notice, we will keep your personal information only for as long as required by us:
- to provide you with the services you have requested;
- to comply with other law,
- to support a claim or defence in court.
22. Compliance with the law
Data Protection Policy
Policy brief & purpose
This Policy outlines proportionate measures designed to achieve and maintain compliance with the General Data Protection Regulation. These measures have been designed to minimise the risk of breaches and uphold the protection of personal data. This Data Protection Policy refers to our commitment to treat information of employees, customers, stakeholders and all other interested parties with the utmost care and confidentiality. With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.
The scope of this policy refers to all parties (company employees, customers, job candidates, consultants, contractors, suppliers etc.) who provide any information to us.
Who is covered under the Data Protection Policy?
Employees of our company and its subsidiaries must follow this policy. Contractors, consultants, partners and any other external entity are also covered. Generally, our policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.
As part of our operations, we need to obtain and process information. This information includes any offline or online data that makes a person identifiable such as names, addresses, usernames and passwords, digital footprints, photographs, social security numbers, financial data etc.
Our company collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, the following rules apply.
Our data will be:
- Compliant with EU General Data Protection Regulation (GDPR)
- Accurate and kept up-to-date
- Collected fairly and used for lawful purposes only
- Processed by the company within its legal and moral boundaries
- Protected against any unauthorised or illegal access by internal or external parties
- Process securely within the European Union
- Encrypted in storage and transfer
Our data will not be:
- Store insecurely in any way
- Communicated informally
- Stored for more than a specified amount of time
- Transferred to organisations or countries outside of the European Union
- Distributed to any party other than the ones agreed upon by the data’s owner, except where required to do so by law.
In addition to ways of handling the data the company has direct obligations towards people to whom the data belongs. We will:
- Let people know which of their data is collected
- Inform people about how we’ll process their data
- Inform people about who has access to their information
- Have provisions in cases of lost, corrupted or compromised data – You will need to create an internal policy for this
- Allow people to request that we modify, erase, reduce or correct data contained in our databases
To exercise data protection we are committed to:
- Restrict and monitor access to sensitive data
- Develop transparent data collection procedures
- Train employees in online privacy and security measures
- Maintain secure networks to protect online data from malware and cyberattacks
- Establish clear procedures for reporting privacy breaches or data misuse – You will need to create an internal policy for this
- Communicate statements on how we handle data
- Establish data protection practices
- data encryption
- frequent backups
- access authorisation
- document shredding
All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.
Effective from 1st November 2019
What are cookies?
Cookies are small text files that are downloaded to your device (computer, tablet or smartphone) browser from our application’s server. Cookies contains a unique identifier, but do not contain personally identifiable information such as your name or your email address. The browser stores the cookies on your computer’s hard drive and sends this back to our site whenever you return this may be accessed next time you visit the site.
What is the function of our cookies?
- permit automated access to your previously stored account information and preferences to deliver a more personalised service
- provide customer and site analytics so that we can review and optimise the service based on for example usage patterns and audience size
How does Cogniclick use information from Cookies?
What if you don’t want to accept the cookies that we use?
The different types of Cookie that we use:
These types of cookie only last for the duration of your visit and are deleted when you close your browser. As a result, these perform relatively simple tasks such as tracking how you move through our site, supporting website security, and recognising your device to ensure that the pages you view are displayed properly.
These cookies will remain behind after the browser has been closed. They can be used to remember log in information (so that when you come back, it is easier and quicker for you to get in).
First and third-party cookies
First party cookies are served by us and our site or app. All other cookies are considered third-party cookies.
First party cookies
Cookie Name: _convince-app_session
Description: This functional Cookie is is used to distinguish between different visitors. It is removed up on exit from the application.
Cookie Name: ccsession30
Duration: 7 days
Description: This Cookie is used to process the data you enter as you move between screens and recall data when returning to the application.
Cookie name: _ga
Duration: 2 years
Type:Persistent / Analytics
Description: Google Analytics cookies to track users as they navigate the website and help improve the websites usability. It is used to distinguish unique users by assigning a randomly generated number
as an identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the site’s analytics reports.
Cookie name: _gid
Duration: 24 hours
Type: Persistent / Analytics
Description: Stores and updates unique value of any pages visited.
Cookie name: _gat (This cookie will have en extension beginning with UA which relates either to our own use, our clients or both)
Duration: 1 minute
Type: Session / Performance
Description: Limits the collection of data on high traffic sites.
Guides to managing Cookies in your browser:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en