Cogna Privacy Policy

Welcome to Cogna's privacy policy.

We are Cogna Ltd (“Cogna”, “we” or “us”). Ourcompany registration number is 14854153 and our registered address is at Lg02Chancery House, 53-64 Chancery Lane, London, England, WC2A 1QS

For the purposes of UK laws regarding data protection, the data controller is Cognaand we are registered with the UK Information Commissioner’s Office (ICO):ZB632661.

This privacy policy sets out how and why we collect, store, use, share, andotherwise process Personal Data (as defined below), as well as your rights in relation to your Personal Data and details of how to contact us and supervisoryauthorities if you have a complaint. It applies to individuals who visit our website at https://cogna.co/ or https://cogna.app/ subdomains (the “Website”) or who interact with social media accounts and in connection with any customer engagements or matters. It also applies to all our business contacts, including contractors, suppliers,employees and agents (including when you apply to work for us, whether as anemployee, consultant or contractor) (“Employees”). It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why weare using your data.

 If you have any questions about how we use your Personal Data, pleasecontact: support@cogna.co

**Cogna – Privacy Statement**

1. The types of personal data we collect

In this Privacy Policy, “Personal Data” means any information relating to an identified oridentifiable natural person. We collect and use thefollowing information about you:

Information provided by you

●     Your Identity Data including your first name,surname, username or similar identifier, title.

●     Additional Identity Data including marital and dependent status, date of birth and gender.

●     Contact Data including your billing address,postal address, email address, and telephone numbers.

●      Financial Data including bank account and payment carddetails.

●     Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences.

●     Survey Data including data from surveys that we may, from time to time, run on the Website for research purposes, if you choose to respond to, or participate in,them.

●     Your Transactional Data including information about our business dealings, transactions and interactions with you.

Information collected when you use our services

●     Technical Data including general metadata and your IP address when you visit or engage with our Website or social media accounts.

●     Usage Data including information about how you use our Website and services including any user preferences.

●      Information Collected via Cookies and Other Tracking Technologies including information about your activities on our Website and/orservices using, for example, cookies, pixel tags, SDKs, or other tracking and analytics technologies. For more information, see the ‘Cookies’ section below.

Additional information provided by you as an applicant

 ●     Application Data including information within your resume/CV or provided by recruitment agencies, information held on yoursocial media accounts such as LinkedIn and any other information that is shared with us throughout the application process.

●     Recruitment Data including data relating to your performance during the application process and information provided by third party references,criminal records check (if applicable) and any relevant recruitment test results (if applicable).

●     Official Identification Data including your national insurance number, photos of your passport and a recent utility bill.

●     Equal Opportunities Data including your ethnicity, gender, socio-economic background, sexual orientation, religion, any disabilities that you may have and/or any equal opportunities monitoring information that you may provide.

●     Business Data including business contact details,third party references (if required), information required for anti-money laundering checks (if applicable), and insurance documents.

2.     If you fail to provide Personal Data

We will indicate where any Personal Data  we have requested is mandatory. We will also explain the consequences should you decide not to provide information which we have indicated is mandatory.

Where we need to collect Personal Data by law, or under the terms of an agreement we have with you, and you fail to provide that data when requested, we may not be able to perform the agreement we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

3.     How we use Personal Data

We use Personal Data relating to you that we collect, or that you provide to us, for the following purposes:

●     to respond to your queries;

●     to fulfil the terms of our engagement with our customers;

●     to provide, maintain, improve, and enhance our services including by conducting analytics and producing insights;

●     to ensure legal and regulatory compliance, including to protect against fraud and manage risk; comply with health and safety obligations; and comply with applicable laws, regulations, legal processes or enforceable governmental requests;

●     to handle any complaints and disputes, including to protect, enforce, and defend the legal rights, privacy, safety, or property of us and our Employees;

●     to perform our day-to-day business operations including business development;

●     for recruitment and employment administration purposes. We process candidate and Employee personal data to manage recruitment (including assessing your application, improving our application process, conducting pre‑employment checks and onboarding), and for ongoing HR administration and employment management, and this may include the use of pre‑approved AI tools that have been assessed through our governance processes;

●     for financial management;

●     to ensure that content from the Website is presented in the most effective manner for you and for yourcomputer;

●     to notify you about changes to the Website and the materials on the Website;

●     as part of our efforts to keep the Website safe and secure;

●     to provide you with marketing information related to our services which we believe may be of interest to you;

●     to generate anonymized or aggregate datacontaining only de-identified, non-Personal Data that we may use for any lawfulpurposes such as to publish reports;

●     to manage and engage in acquisitions, mergers,and reorganizations or sale of some or all of Cogna;

●     to ensure the safety and security of our data,premises, operations and systems; and

●     for other business purposes for which we providespecific notice, or if required by law, seek your consent, at the time theinformation is collected.

4.Lawful basis for processing

We will only process your Personal Data where we have a lawful basis to do so. The lawful basis will depend on the purposes for which we have collected and use your Personal Data. The lawful bases we rely on include:  

●     Consent. We will process your Personal Data where you have consented to the use of your Personal Data. For example, we may rely on consent for the placement of non-essential cookies or similar tracking technologies, or send you marketing communications.

●     Legitimate interests. Where we or a third party have a legitimate interest to use Personal Data regarding you, for example in relation to the operation of our business, we may rely on this legal basis to do so provided that our interest is not overridden by your rights and interests. For example, we may rely on this lawful basis for system administration purposes and for internal operations, including survey purposes.

●     Performance of a contract with you. We will process your Personal Data where it is necessary to give effect to a contract between you and us. For example where you have provided your information in order to receive details in relation to our services from us.

●     Compliance with the law. We may process your Personal Data where we are subject to a legal obligation and need to use your Personal Data in order to comply with that obligation.

5.How we share your Personal Data with third parties

We may disclose your Personal Data to other third parties in the following cases:

●     with our vendors and service providers who are retained in connection with the provision of our services, such as for payment processing, invoicing and providing IT hosting and maintenance;

●     for the purposes of research,evaluation, and analysis of our services;

●     in the event of any merger,acquisition, debt financing, sale of assets, or similar transaction, in which case we may disclose your Personal Data to the prospective buyer of such business or assets. We may also transfer your Personal Data in the event of an insolvency,bankruptcy, or receivership;

●     if we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation or request;

●     if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose your Personal Data that we believe, in goodfaith, is appropriate or necessary to (i) protect the rights, property or safety of us or our users, or others, (ii) to protect our property and other legal rights, including to enforce or apply our terms and conditions (this includes exchanging informationwith other companies and organisations for the purposes of fraud protection andcredit risk reduction), (iii) take precautions against liability, (iv) protect ourselves or others from fraudulent, abusive, or unlawful uses oractivity,  or (v) investigate and defend ourselves against any third-party claims or allegations;

●     to other members of our group of companies (including outside of your home jurisdiction) for the purposes set out in this privacy policy;

●     during emergency situations or where necessary to protect the safety of persons;

●     where the Personal Data is publicly available; or

●     for additional purposes where we have a legal basis and/or where permitted by law.

We  use Microsoft Entra for authenticating users. This cookie contains list of  services accessed to facilitate sign-out. No user information. Security  feature.

6.   Marketing

We may send you marketing materials which we believe may be of interest to you.

We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising. You may receive marketing communications from us if you have provided consent for us to do so, or if you requested information from us or purchased goods on the Website and you have not opted out ofreceiving that marketing.

Third-party marketing. We are committed to protecting and respecting your Personal Data. We will not sell or rent your Personal Data to any third parties. We will not share your Personal Data with third parties for marketing purposes.

Opting out. You can unsubscribe from our promotional emails via the link provided in the emails. Even if you opt out of receiving promotional email messages from us, you will continue to receive administrative messages from us.

7.   Cookies

We use cookies to provide you with a good experience when you browse our Website and improve our Website. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. We use the following cookies:

●     Strictly necessary cookies.These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of ourWebsite or make use of e-billing services.

●     Analytical or performance cookies.These allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.

●     Functionality cookies.These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember yourpreferences.

●     Targeting cookies.These cookies record your visit to our Website, the pages you have visited andthe links you have followed.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

CCState: We use Microsoft Entra for authenticating users. This cookie contains session  information state to be used between Microsoft Entra ID and the Microsoft  Entra Backup Authentication Service.

buid: We use Microsoft Entra for  authenticating users. This cookie tracks browser related information. Used for service telemetry and  protection mechanisms.

ESTSAUTH: We  use Microsoft Entra for authenticating users. This cookie contains user's session information to facilitate SSO. Transient.

ESTSAUTHPERSISTENT: We use Microsoft Entra for authenticating users. This cookie contains user's  session information to facilitate SSO. Persistent.

ai_session: These  cookies are used by Microsoft Azure Application Insights, which collects site  telemetry, allowing us to analyze how our site is performing and to perform  optimization.

MicrosoftApplicationsTelemetryD eviceId: We  use Microsoft Entra for authenticating users. This cookie tracks a unique ID  for the users’ device for telemetry purposes.

esctx (including any cookie  with name esctx-*): We  use Microsoft Entra for authenticating users. This cookie provides session  context cookie information. For CSRF protection. Binds a request to a  specific browser instance so the request can't be replayed outside the  browser. No user information.

ESTSAUTHLIGHT: We use Microsoft Entra for authenticating users. This cookie contains Session GUID Information. Lite session state cookie used exclusively by client-side  JavaScript in order to facilitate OIDC sign-out. Security feature.

x-ms-gateway-slice: We use Microsoft Entra for authenticating users. This cookie is a Microsoft  Entra Gateway cookie used for tracking and load balance purposes.

brcap: We use Microsoft Entra for authenticating users. This is a client-side cookie(set by JavaScript) to validate client/web browser's touch capabilities.

fpc: We use Microsoft Entra for authenticating users. This cookie tracks browser  related information. Used for tracking requests and throttling.

SignInStateCookie: We use Microsoft Entra for authenticating users. This cookie contains list of services accessed to facilitate sign-out. No user information. Security feature.

intercom-id-l33mpy9e: We  use Intercom for chat support. This cookie allows visitors to see any  conversations they've had on Intercom websites.

stsservicecookie: We  use Microsoft Entra for authenticating users. This cookie is a Microsoft  Entra Gateway cookie also used for tracking purposes.

_upscope__shortId: We  use Upscope to enable co-browsing from inside Intercom chats to allow us to  help customers navigate our applications. This cookie is necessary for  Upscope’s functionality.

intercom-device-id-l33mpy9e: We  use Intercom for chat support. This cookie is used to identify the device  interacting with the Intercom Messenger in order to improve security.

intercom-session-l33mpy9e: We  use Intercom for chat support. This cookie allows users to access their  conversations and have data communicated on logged out pages for 1 week.

_upscope__region: We  use Upscope to enable co-browsing from inside Intercom chats to allow us to  help customers navigate our applications. This cookie is necessary for  Upscope’s functionality.

session: Used  to to identify the users session on the server to allow the application to  store user-specific state and use this in serving the application. Necessary  for the application to work correctly.

oidc_id_token: We  use Microsoft Entra for authenticating users. This cookie is used to  facilitate SSO through Microsoft Entra.

authTokenId: Used for onboarding workflows in the product through HelpHero

ory_kratos_continuity: For authentication of users  through Ory

ory_session_*: For authentication of users through Ory

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, pleasenote that some parts of this Website may become inaccessible or not functionproperly. Most browsers allow you to control your cookie settings so that youcan:

●     View your cookies or other locally stored data and delete them on an individual basis;

●     Block first-party and/or third-partycookies or similar technology;

●     Block all cookies or similartechnologies from being set; or

●     Delete all cookies or similartechnologies when you close your browser.

Toget information on how to update such settings, you may visit one of thefollowing pages, or another page, depending on your browser:

●      GoogleChrome: https://support.google.com/chrome/answer/95647?hl=en  

●      Apple Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac  

●      InternetExplorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies  

●      MicrosoftEdge: https://support.microsoft.com/en-gb/help/4027947/microsoft-edge-delete-cookies  

●      MozillaFirefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer  

●      Opera:https://help.opera.com/en/latest/web-preferences/  

We do not share the information collected by the cookies with any third parties.

8.     Where we store your Personal Data

Generally, the Personal Data that we collect from you will not be transferred to, and stored within, countries outside the United Kingdom (“UK”) and European Economic Area ("EEA").

However,if we do transfer your information internationally, we will ensure that adequate safeguards are in place to protect your Personal Data and to make sure it is treated securely and in accordancewith this privacy policy. In these cases, we rely on approved data transfer mechanisms (such as the EU “Standard Contractual Clauses” or UK “International Data Transfer Agreement” or “UK Addendum”) to ensure your information is subject to adequate safeguards in the recipient country. If you are located inthe UK or EEA, you may contact us for a copy of the safeguards which we have put in place to protect your Personal Data andprivacy rights in these circumstances.

9.     Your Rights

Cogna takes your privacy seriously and wants you to be aware of your rights, as follows:

●     you have the right to request (i) confirmation of whether we process your Personal Data and (ii) access to a copy of the Personal Data retained;

●     you have the right to have inaccurate Personal Data rectified, or completed if it is incomplete;

●     in certain situations, you have the right to have your Personal Data erased or transmitted directly to another company, where technically feasible;

●     where the processing of your Personal Data is based on your consent, you have the right to withdrawyour consent at any time without impact to any data processing activities that have taken place before such withdrawal;

●     in certain situations, you have theright to restrict or object to our processing of Personal Data regarding you; and

●     the right to lodge complaints before the UK Information Commissioner’s Office (“ICO”) and you may do so at https://ico.org.uk/make-a-complaint/. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Before we can respond to a request to exercise one or more of the rights listed above, you may be required to verify your identity or your account details. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Please send us an email at support@cogna.co if you would like to exercise any of your rights.

10.  Data Security

We make reasonable efforts to protect your Personal Data by using physical and electronic safeguards designed to improve the security of the information we maintain. However, because no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your Personal Data.

11.  How long we keep your Personal Data

We retain your information for as long as it is necessary for the purposes for which it was collected and processed. We take measures to delete your Personal Data or keep it in a form that does not permit identifying you when thisinformation is no longer necessary for the purposes for which we process it, unless we need to retain data for the purposes of satisfying any legal, regulatory, accounting, finance, tax, reporting and insurance requirements. When determining the specific retention period, we take into account various criteria, such as the type of service provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law and the relevant statute of limitations. For example, if you request that we provide you with a demonstration of Cogna’s services, we will retain the Personal Data you provide to us for the period required for that demonstration, and a reasonable time afterwards for follow-up as reasonably required to respond to any queries you may raise.

12.  Information relating to children

Cogna does not knowingly collect, maintain, or use personal information from children under 18 years of age, and no part of our services are directed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may contact us at support@cogna.co.

13.  Complaints

In the event that you wish to make a complaint about how we process your Personal Data, please contact us in the first instance at support@cogna.co andwe will endeavour to deal with your request as soon as possible.

This is without prejudice to your right to launch a claim with the ICO.

14.  Changes

It is your responsibility to check this policy regularly for any changes. We will also update the “Last Updated” date at the top of this policy, which reflects the effective date of such policy.