Privacy Policy - Cogitamus

1. Introduction

This Privacy Policy details how Cogitamus Limited of 11 Woodfield Road, Peterborough, PE3 6HD, United Kingdom (we, us) collect, use, process and disclose personal data.

Your privacy is important to us and we are committed to protecting the privacy of your personal data. So, if you have any questions on this Privacy Policy or otherwise relating to how we process your personal data you can contact us at info@cogitamus.co.uk.

This Privacy Policy affects your legal rights and obligations so please read it carefully. If you do not agree to be bound by this Privacy Policy, please do not provide your personal data to us.

We may update this Privacy Policy from time to time at our discretion and in particular to reflect any changes in applicable laws. If we do so, and the changes substantially affect your rights or obligations, we shall notify you if we hold your email address. Otherwise, you are responsible for regularly reviewing this Privacy Policy so that you are aware of any changes to it.

We are the controller of the personal data provided to us for the purposes of applicable data protection legislation.

2. What personal data do we collect?

We may collect, use, store and transfer different kinds of personal data about you:

Contact Data including your email address, telephone number, correspondence address, job title and employer;
Identity Data including first name, last name, date of birth, gender, job title;
Financial Data including credit or debit card details and bank details;
Technical Data including internet protocol (IP) address, your login data, browser type and version, cookies, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites and any communications we may send to you;
Usage Data including information about how you use our website and services; and
Marketing Data including your preferences in receiving marketing communications from us.

Information you provide to us

All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identity fraud, we will record this and we may also report this to the appropriate authorities.

When you contact us by email or post, we may keep a record of the correspondence and we may also record any telephone call we have with you.

From time to time you may provide personal data to us. This may be because you wish to:

use our website;
purchase services from us or enquire about doing so;
purchase tickets to an event from us;
provide ID documents to us so that we can verify your identity as part of our know your client and anti-money laundering processes;
provide services to us, including freelance consultancy services;
apply to us for work opportunities or vacancies; and/or
otherwise contact us including with queries, comments or complaints.

We shall process all such personal data in accordance with this Privacy Policy. Certain personal data is mandatory to be provided to us in order that we can fulfil your request and we shall notify you accordingly at the relevant time.

Information we automatically collect about you

When you use our website, we may automatically collect and store information about your device and your activities. This information could include:

technical information about your device such as type of device, web browser or operating system;
your preferences and settings such as time zone and language; and
how long you used the website and which services and features you used.

Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, please see our Cookies Policy.

Information we receive from others

We may also receive personal data about you from your employer. In addition, we may receive personal data about you from our subcontractors and agents such as companies we engage to provide IT services or payment services to us.

If we reasonably believe that any of the personal data you have provided to us is inaccurate, we may receive further personal data from third parties, confirming or otherwise, your identity.

3. Lawful use of your personal data

We will use your personal data only where we have a lawful basis to do so. The lawful purposes that we rely on under this Privacy Policy are:

consent (where you choose to provide it including for marketing purposes);
performance of our contract with you;
compliance with legal requirements; and
legitimate interests – when we refer to legitimate interests we mean our legitimate business interests in the normal running of our business which do not materially impact upon your rights, freedom or interests.

We may from time to time need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect ours or a third party’s rights, property, or safety.

We may also use your personal data for our legitimate interests including:

to improve our website and services;
to operate properly our business and provide services;
in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
to deal with any questions or comments you raise;
for audit purposes; and
to contact you about changes to this Privacy Policy as set out above.

4. Whom do we share your data with?

For our legitimate interests, we may share your personal data with our sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including IT service providers, payment providers, accountants, auditors and lawyers.

We shall provide our sub-contractors and agents only with such of your personal data as they need to provide the service for us and, if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.

If you purchase a ticket to attend one of our events, we may share your name and employer details with other delegates, and if you agree, we may also share your name and employer details with any sponsor.

5. Where we hold and process your personal data

Some or all of your personal data may be stored or transferred outside of the United Kingdom or European Economic Area (the EEA) if for example, if our email server is located in a country outside the United Kingdom or the EEA or if any of our sub-contractors are based outside of the United Kingdom or the EEA.

Where your personal data is transferred outside the United Kingdom or the EEA, it will only be transferred to countries that have been identified as providing adequate protection for personal data or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties).

6. Security

We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. In particular, access is restricted to employees who need to know your personal data, and we use appropriate password protection and appropriate strong encryption electronic measures within our electronic data management systems.

However, unfortunately because of the nature of electronic storage, we cannot promise that your personal data or any other data you provide to us will always remain secure. If there is a security breach, we will do all that we can as soon as we can to stop the breach and minimise the loss of any data.

7. Marketing

You may provide to us your email address in order to receive marketing information about our services and our business generally.

You can choose to no longer receive marketing emails from us by contacting us or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.

If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information.

8. Your rights

You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. Further information can be found here and here:

Right of access: you have the right to obtain from us a copy of the personal data that we hold for you;
Right to rectification: you can require us to correct errors in the personal data that we process for you if it is inaccurate, incomplete or out of date;
Right to portability: you can request that we transfer your personal data to another organisation;
Right to restriction of processing: in certain circumstances, you have the right to require that we restrict the processing of your personal data;
Right to be forgotten: you also have the right at any time to require that we delete the personal data that we hold for you, where it is no longer necessary for us to hold it – however, whilst we respect your right to be forgotten, we may still retain your personal data in accordance with applicable laws; and
Right to stop receiving marketing information: you can ask us to stop sending you information about our business.

To exercise these rights, please contact us at info@cogitamus.co.uk with details of your request.

We reserve the right to charge an administrative fee if your request in relation to your rights is manifestly unfounded or excessive.

If you have any complaints in relation to this Privacy Policy or otherwise in relation to our processing of your personal data, please tell us. We shall review and investigate your complaint and try to get back to you within a reasonable time. You can also contact the Information Commissioner’s Office, see www.ico.org.uk or, if you are based outside of the United Kingdom, please contact your local regulatory authority.

9. Retention of personal data

Subject to the provisions of this Privacy Policy, we will retain personal data in accordance with applicable laws.

In particular, we shall retain your personal data for as long as we have a business interest to do so. However, we may also be required to retain personal data for a particular period of time to comply with legal, auditory or statutory requirements, including requirements of HMRC in respect of financial documents, fraud detection and to manage complaints or legal claims.

Where we have no legal basis for continuing to process your personal data, we shall either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

10. Personal Data within the content of the services we provide

We store, process and transfer personal data about relevant individuals to our clients from time to time as part of the Cogitamus consultancy service. It is not realistic for us to obtain opt-in consent to such processing of personal data. Therefore, we provide that personal data on the basis of our legitimate business interests.

Clients are responsible for ensuring that their use of any personal data we provide to them is lawful and processed in accordance with all applicable laws.

11. General

If any provision of this Privacy Policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.

This Privacy Policy shall be governed by and construed in accordance with English law and you agree to submit to the exclusive jurisdiction of the English Courts.

Last updated: March 2020