Privacy Notice | Personal Data & Data Protection – COGNEDT

---

INTRODUCTION

This Privacy Notice explains how we collect, use, and process your personal data when you interact with our website, https://cognedt.com. This includes any information you provide when you purchase a product or service, subscribe to our newsletter, book a consultation, submit an inquiry, participate in a prize draw or competition, or complete a survey.

 By providing us with your personal data, you confirm that you are at least 18 years of age.

 COGNEDT LTD is the data controller responsible for the processing of your personal data (referred to as "we", "us", or "our" in this Privacy Notice).

 Our full legal details are as follows:
Legal Entity Name: COGNEDT LTD
Postal Address: 66A Chandos Avenue, Ealing, London, England, W5 4ER 

 If you have any concerns about how we collect, process, or use your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection matters (www.ico.org.uk**). However, we would appreciate the opportunity to address your concerns first, so please contact us directly to allow us to resolve the issue.

 Ensuring the accuracy and currency of your personal data is important. If your information changes at any time, please notify us by contacting us directly or by using the 'Update Your Profile' option in any email communication you receive from us.

WHAT DATA DO WE COLLECT ABOUT YOU?

Personal Data refers to any information that can identify an individual. It does not include anonymized data. We may process the following categories of personal data about you:

• Identity Data: Includes your first name, maiden name, last name, username, job title, title, and gender.
• Contact Data: Includes your company name, billing address, delivery address, email address, and telephone numbers.
• Financial Data: Includes your bank account details and payment card information.
• Transaction Data: Includes records of payments between us and details of purchases made by you.
• Technical Data: Includes login credentials, IP addresses, browser type and version, browser plug-in types and versions, time zone settings, location data, operating system, platform, and other technology-related details about the devices you use to access our site.
• Profile Data: Includes your username and password, purchase history, attendance at live or recorded events, interests, preferences, feedback, responses to chat, polls, or quizzes, webinar attentiveness, duration of webinar attendance, eLearning course progress, and survey responses.
• Usage Data: Includes details about how you interact with our website, products, and services.
• Marketing and Communications Data: Includes your preferences for receiving marketing communications from us and third parties, as well as your communication preferences.

We collect and process this data to provide you with our services, enhance your user experience, and comply with legal and regulatory obligations.

We may also process Aggregated Data derived from your personal data. However, this data does not reveal your identity and, therefore, is not considered Personal Data on its own. For example, we may analyse Usage Data to determine the percentage of website users who engage with a particular feature of our site. If Aggregated Data is ever combined with your Personal Data in a way that allows you to be identified, we will treat it as Personal Data and process it accordingly.

Sensitive Data 

If you book an in-person consultation, course, or event, you may choose to provide us with sensitive personal data, such as health-related information. This may include dietary requirements or venue access needs to accommodate any medical conditions. The processing of this data is necessary for preventative medical purposes. Any such data will be anonymized where possible and may be shared with the event venue to ensure your health and safety during the event.

Additionally, if we are legally required to collect certain personal data or need it to fulfil our contract with you, failure to provide the requested data may prevent us from delivering the agreed goods or services. In such cases, we may need to cancel your order or service. If this occurs, we will inform you at the time..

HOW WE COLLECT YOUR PERSONAL DATA

We collect Personal Data through various methods, including:

1. Direct Interactions

You may provide us with Personal Data by filling out forms on our website or through other means of communication, such as by post, phone, email, webinars, or eLearning courses. This may occur when you:

• Enquire about or purchase our products or services;
• Create an account on our website;
• Subscribe to or trial our services or publications;
• Participate in webinars or eLearning courses;
• Request resources or marketing materials;
• Enter a competition, prize draw, promotion, or survey; or
• Provide us with feedback.  

2. Automated Technologies and Interactions

As you interact with our website, we may automatically collect Technical Data regarding your device, browsing behaviour, usage patterns, attendance, or course progress. This data is collected through cookies, server logs, and similar tracking technologies. Additionally, we may receive Technical Data when you visit other websites that utilize our cookies. For more details, please refer to our Cookie Policy.

3. Third-Party Sources and Publicly Available Data

We may obtain personal data from third-party sources and public records, including:

• Analytics providers located outside the EEA;
• Website hosting or software providers located outside the EEA;
• Webinar platform providers located outside the EEA;
• eLearning management platforms located within the EEA;
• Email marketing distribution providers located outside the EEA;
• Providers of technical, payment, and delivery services located outside the EEA, from whom we may receive contact, financial, and transaction data.

HOW WE USE YOUR PERSONAL DATA

We will only process your Personal Data when permitted by law. The most common lawful bases for processing your data include:

• Performance of a Contract: When processing is necessary to fulfil a contract we have with you.
• Legitimate Interests: Where processing is necessary for our legitimate business interests (or those of a third party), provided your interests and fundamental rights do not override these interests.
• Legal or Regulatory Obligations: When processing is necessary to comply with legal or regulatory requirements.

We generally do not rely on consent as a legal basis for processing your Personal Data, except for sending marketing communications via email. You have the right to withdraw your consent for marketing at any time by using the unsubscribe link or updating your preferences via the link in our marketing emails.

If you have subscribed to a contractual service, such as webinar updates, your email address is essential for receiving service-related communications. Unsubscribing from our emails will also remove you from webinar-related notifications and communications.

Purposes for Processing Your Personal Data

We process your Personal Data for the following purposes:

• To register you as a new customer – This allows us to provide access to our products and services and is necessary for the performance of a contract.
• To process and deliver your orders – This includes providing access to services or products, managing payments, fees, and recovering debts owed to us. This is based on contractual obligations and our legitimate interest in recovering outstanding payments.
• To manage our relationship with you – This includes notifying you of changes to our terms, privacy notice, or services, as well as requesting feedback or asking you to update your subscriber details. We process this data to comply with legal obligations and to ensure our records remain accurate.
• To enable participation in competitions, prize draws, surveys, polls, or interactive webinars – This processing is based on our legitimate interest in engaging customers and improving our services.
• To administer and protect our business and website – This includes troubleshooting, data analysis, testing, system maintenance, support, and hosting. Processing is necessary for our legitimate interest in securing our business operations, IT systems, and fraud prevention.
• To deliver relevant content and advertisements – We process data to measure and analyse the effectiveness of our marketing efforts and ensure you receive relevant information. This is based on our legitimate interest in understanding customer engagement.
• To improve our website, products, and services – We use data analytics to assess how customers interact with our content, helping us refine our marketing and enhance customer experiences. This is processed under our legitimate interest in business growth.
• To make personalised product or service recommendations – This helps us offer goods or services tailored to your interests and needs. We process this under our legitimate interest in customer engagement and business development.

Marketing Communications 

You will receive marketing communications from us if:

• You have requested information, purchased products, or subscribed to our services; or
• You provided your details and expressly consented to receive marketing communications; and
• You have not opted out of receiving such communications.

We do not share your Personal Data with third parties for their marketing purposes. If this policy changes, we will obtain your explicit opt-in consent before sharing your data.

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails. However, opting out will not affect necessary service-related communications, such as those related to product purchases, warranties, or customer support.

Change of purpose

We will only use your Personal Data for the purpose for which it was collected, unless we determine that another use is necessary and compatible with the original purpose. If you would like to understand how a new processing activity aligns with the original purpose, you may contact us for further details.

If we need to use your Personal Data for a purpose unrelated to its initial collection, we will notify you and explain the legal basis for the new processing activity.

In some cases, we may process your Personal Data without your knowledge or consent where required or permitted by law.

DISCLOSURES OF YOUR PERSONAL DATA

We may need to share your Personal Data with third parties for the purposes outlined in the Purposes for Processing Your Personal Data section. These third parties include:

• Service Providers: Companies that provide IT infrastructure, system administration, and support services.
• Professional Advisors: Legal, banking, audit, and insurance professionals who provide consultancy, legal, accounting, and financial services.
• Regulatory Authorities: HM Revenue & Customs, regulatory bodies, and other authorities in the United Kingdom and other jurisdictions requiring reporting of processing activities in specific circumstances.
• Business Transactions: Third parties involved in a business sale, merger, acquisition, restructuring, or transfer of assets.

We require all third parties with whom we share your data to maintain strict security standards and to process your Personal Data only in compliance with legal requirements and our instructions..

INTERNATIONAL TRANSFERS

Certain third-party service providers we use are based outside the United Kingdom (UK) and the European Economic Area (EEA), meaning their processing of your Personal Data involves transferring data outside these regions. As some countries do not provide the same level of data protection as the UK and the EEA, we implement appropriate safeguards to ensure your data remains secure. These safeguards may include:

• Transferring data only to countries deemed by both the UK Government and the European Commission to provide an adequate level of data protection.
• Using legally approved contractual agreements, such as the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs), to ensure equivalent protection for Personal Data.
• Transferring data to U.S.-based service providers who comply with UK-U.S. and EU-U.S. data transfer mechanisms that provide similar levels of protection.

If none of these safeguards apply, we may seek your explicit consent before transferring your Personal Data internationally. You have the right to withdraw your consent at any time.

For more details on the specific mechanisms we use for transferring data outside the UK and EEA, please contact us.

DATA SECURITY

We have implemented appropriate technical and organisational measures to prevent unauthorised access, alteration, disclosure, or loss of your personal data. These security measures include:

• Restricting access to Personal Data to employees, agents, and contractors who have a legitimate business need.
• Requiring those handling Personal Data to adhere to confidentiality obligations.
• Implementing robust data protection protocols to detect and respond to security incidents.

In the event of a suspected data breach, we will follow established procedures, including notifying you and the appropriate regulatory authorities where legally required.

DATA RETENTION

We will retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and regulatory requirements. The retention period is determined based on:

• The nature, volume, and sensitivity of the data.
• The potential risk of unauthorized disclosure or misuse.
• The legal requirements applicable to data retention.

By law, we must retain basic customer information (including Contact, Identity, Financial, and Transaction Data) for six years after a customer relationship ends for tax compliance purposes.

In certain cases, you may request deletion of your data. However, we may anonymize Personal Data for research or statistical purposes, allowing us to use it indefinitely without further notice.

YOUR LEGAL RIGHTS

Under data protection laws, you have specific rights regarding your Personal Data, including the right to:

• Access your Personal Data.
• Correct any inaccurate or incomplete data.
• Request erasure of your Personal Data under certain conditions.
• Object to processing of your data in certain circumstances.
• Restrict processing of your data where applicable.
• Request data portability, allowing you to obtain and reuse your data across different services.
• Withdraw consent where processing relies on your consent.

For more information on your rights, visit: ICO Guide to UK GDPR Rights.

To exercise your rights, please contact us via email.

There is no fee to access your Personal Data or exercise your rights. However, we may charge a reasonable fee if requests are clearly unfounded, repetitive, or excessive. In such cases, we may refuse to comply with the request.

To protect your data, we may need to verify your identity before processing any requests. This security measure ensures that Personal Data is not disclosed to unauthorized individuals. We may also request further details to expedite your request.

We strive to respond to all legitimate requests within one month. If your request is particularly complex or if multiple requests have been made, we may require additional time and will keep you informed of any delays.

THIRD-PARTY LINKS

 Our website may include links to third-party websites, plug-ins, and applications. Clicking these links or enabling such features may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to review the privacy notices of any external sites you visit.