The Short Version
Your data belongs to you and not us. We don’t resell data about our users. We do use data from our users for improving our Services. Keeping your data safe is our highest priority and we take extended measurements to guarantee data security..
The Long Version
Your data belongs to you and not us. We don’t resell data about our users. We do use data from our users for improving our Services. Keeping your data safe is our highest priority and we take extended measurements to guarantee data security.
Capitalized terms used herein and not otherwise defined herein shall have the meanings assigned to them in the Terms of Service of CogniSaaS available at www.cognisaas.com/terms, unless the context shall otherwise require.
1. Collected Data
While registering to and using CogniSaaS, the Service Provider collects, on a voluntary basis, from the Client a limited number of data, including Personal Data, which is solely for the performance of CogniSaaS and used in connection with the Services provided by the Service Provider on CogniSaaS.
The Client may therefore be required to provide the following information and the Client hereby consents to the collection of such information by the Service Provider:
In addition, thereto, Service Provider automatically collects the following information about the Client’s use of the CogniSaaS or online Services through cookies, web beacons, log files and other technologies, as enumerated below:
The information collected from the Client by the Service Provider may constitute ‘Personal Data or Information’ or ‘Sensitive Personal Data or Information’ under the Rules.
“Personal Data or Information” is defined under the Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.
The Rules further define “Sensitive Personal Data or Information” of a person to mean personal information about that person relating to:
Other data covered under CCPA
We have collected the following categories of personal information from consumers within the last twelve (12) months:
CategoryExampleData CollectedIdentifiersA real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.YESPersonal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.YESProtected classification characteristics under California or federal lawAge (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).NOCommercial information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.NOBiometric information.Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.NOInternet or other similar network activity.Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.YESGeolocation data.Physical location or movements.NOSensory data.Audio, electronic, visual, thermal, olfactory, or similar information.NOProfessional or employment-related information.Current or past job history or performance evaluations.NONon-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.NOInferences drawn from other personal information.Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.NO
2. Usage of Data
The purpose of data collection within CogniSaaS is to enhance the Client experience. The Service Provider will retain any Data the Client submits for as long as CogniSaaS deems it necessary to provide adequate Service to the Client, unless explicitly asked by a Client for their Data to be deleted.
The Client has a permanent right to access, amend or delete any information related to them by sending an email to firstname.lastname@example.org.
All data provided by the Client, including Personal Data, will not be freely given to anyone. Service Provider does not, under any circumstances, sell the Client’s Personal Data.
If someone originating from Client’s Account or someone contacted via CogniSaaS at the Client’s discretion playing role of “Client” complains or contacts the Service Provider, the Service Provider might then contact that person.
Notwithstanding anything stated herein, CogniSaaS does not collect any Sensitive Personal Data that reveals, directly or indirectly, the racial and ethnic origins, the political, philosophical, religious opinions or trade union affiliation of persons, the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or information which concerns the health or sexual life or orientation of any person. Service Provider does not require / collect / process / share / store such Sensitive Personal Information of the Client.
For purposes of the Data Protection Act 1998 and GDPR, CogniSaaS acts as the “data controller” for Personal Data and acts as the “data processor” for data uploaded by the Client.
All Personal Data is stored securely by the Service Provider in accordance with the principles of the Data Protection Act 1998 and the European Union’s General Data Protection Regulation. For more details on these two security regulations see the clause below (Security).
Any or all of the above Data may be required by the Service Provider from time to time in order to provide the Client with the best possible service and experience when using CogniSaaS. Specifically, Personal Data may be used by the Service Provider for the following reasons:
Sales of Personal Information
In the preceding twelve (12) months, Company has not sold personal information
3. Third party websites and services
Service Provider may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of CogniSaaS. The providers of such services have access to certain Personal Data provided by the Client and may be located in various locations throughout the world.
Unless we specifically say otherwise, Client’s Data may be intentionally disclosed to third parties for the sake of administering better service on CogniSaaS, but never for marketing purposes through various affiliates and / or other companies within the Service Provider’s group.
Additionally, Data can be transmitted to 3rd parties for relevant marketing purposes at the sole discretion of those employed by the Service Provider.
If requested by law or by court order, Service Provider may provide the Personal Data to the legal authorities.
4. Minor’s use of CogniSaaS and/or the Services
CogniSaaS and/or the Services are not intended for use of any person who is a minor as per the applicable laws of their residence. Service Provider does not knowingly collect any Personal Information from any person who is a minor or market to or solicit information from any person who is a minor. If Service Provider becomes aware that a person submitting Personal Information is a minor, Service Provider shall delete such Client’s Account and any related information immediately. If any persons believe that they may have any information from or about a child who is a minor using CogniSaaS and/or Services, please contact the Service Provider at email@example.com.
5. Links to other websites
6. Controlling use of Client’s Data
Wherever the Client is required to submit Data, Client will be given options to restrict the Service Provider’s use of that Data. This may include the following:
Service Provider takes data security very seriously and its system is compliant with the latest web security standards. Service Provider uses full SSL encryption, between its server and the Client once the latter is logged in and for the transfer to the Client. The login system is protected against bruteforce attacks, injection of malicious scripts and other commonly known attack types. The access to CogniSaaS or to the Client’s Account and thus to the processed data is only possible through a valid password. The passwords are stored encrypted hash keys in the database and not visible to the staff of the Service Provider.
CogniSaaS is running on the AWS (Amazon Web Services) Cloud. Only authorized employees of the Service Provider have access to view Personal Data.
If password access is required for certain parts of CogniSaaS, Client shall be responsible for keeping this password confidential.
Service Provider endeavour to do its best to protect Client’s Personal Data. However, transmission of information over the internet is not always perfectly secure and is done at Client’s own risk. Service Provider cannot ensure the security of Client Data transmitted to CogniSaaS.
Service Provider has carefully chosen these Cookies and has taken steps to ensure that the Client’s privacy is protected and respected at all times.
These are cookies that are required for the operation of CogniSaaS. They include, for example, cookies that enable the Client to log into secure areas of CogniSaaS to make use of e-billing services.
Client can choose to enable or disable Cookies in Client’s internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, Clients are requested to consult the help menu in their internet browser.
Client can choose to delete Cookies at any time; however Client may lose any information that enables Client to access CogniSaaS more quickly and efficiently including, but not limited to, personalisation settings.
It is recommended that the Client ensures that the Client’s internet browser is up-to-date and that the Client consult the help and guidance provided by the developer of the Client’s internet browser if the Client are unsure about adjusting the Client’s privacy settings.
9. Communication by CogniSaaS
Service Provider may send emails to the Client for technical or administrative purposes or to inform the Client of the latest developments. Service Provider may also send unrelated commercial offers to the Client but in relation with the activity of the Client.
Unless otherwise agreed, no delay, act or omission by a Party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
For any questions or concerns relating to the use of the Client Data by the Service Provider while using CogniSaaS, the Client is welcome to email the Service Provider at firstname.lastname@example.org.
Service Provider is not responsible for any breach of security or for any actions of any third parties that receive the Client’s Personal Information.
A “Force Majeure Event” shall mean any event that is beyond the reasonable control of the Service Provider and shall include, without limitation, sabotage, fire, flood, explosion, epidemic, pandemic, acts of God, civil commotion, strikes, lockouts or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, civil disturbances, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, and any other similar events not within the control of the Service Provider and which the Service Provider is not able to overcome.
11. Changes of business ownership and control
12. For European Union citizens or Swiss citizens
12.1 Access to Personal Information
12.1.1Where applicable, Client shall have the right to obtain from the Service Provider, a confirmation as to whether or not Client’s Personal Information is being processed. In addition, where such processing is confirmed, and Client requests for the same, the Service Provider shall arrange access to the Personal Information and the following information:
12.1.2 Where Client’s Personal Information is transferred to a third country, Client shall also have the right to be informed of the appropriate safeguards the Service Provider have put in place pursuant to Article 46 of the GDPR relating to the transfer.
12.1.3 Copies of the information: The Service Provider shall be happy to provide, where requested, a copy of the information, relating to the Client, which are being processed, subject to the restrictions as noted in Article 23 of the GDPR.
All Personal Information held by the Service Provider is that Personal Information which the Client has provided the Service Provider. To review, update or correct this Personal Information, Client should log into their Account. If this is deemed insufficient, or if the Client is experiencing any difficulties in making the required updates, Client should contact the Service Provider at email@example.com
12.3 Deletion / Erasure
In the event that the Client, as the data subject, wishes to erase Personal Information concerning the Client, the Service Provider will fulfil this request should one of the following grounds apply:
12.4 Right to be Forgotten
In the event that the Service Provider has disclosed Client’s data to a third party and where the Client has made a valid request to erase the Client’s Personal Information, the Service Provider will, upon receipt of request thereto from the Client, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform any such third parties which are processing that Personal Information, of Client’s request for erasure.
13. CCPA Rights
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights
13.1 Access to Specific Information and Data Portability Rights
You have the right to request that CogniSaaS disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
13.2 Deletion Request Rights
You have the right to request that CogniSaaS delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Response Timing and Format
We endeavour to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
14. Singapore PDPA Rights
The Singapore PDPA provides individuals with specific rights regarding their personal information. This section describes your PDPA rights and explains how to exercise those rights
Access to the Data: You can ask us for a copy of your personal data.
Change or Correct Data: You can ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
16. Contact us
In case of any grievance, please get in touch with the Service Provider at the co-ordinates provided below:
Data Protection Officer
Name: Vivek Devaraj