Privacy Statement
Our commitment to privacy
CogMap Ltd respects that you care how information about you is used and shared. Our commitment to safeguarding your right to privacy is one of the many reasons we are a trusted provider. This commitment includes controls on the protection and use of personal information within our organization, its systems and our website, as well as programs to educate employees to respect your privacy at all times.
We take all of the necessary precautions to ensure the safeguarding of your information, whether it is stored electronically or in paper format. In all cases, information is retained in secure facilities, protected from unauthorized access and kept only as long as is reasonably required. For example, our electronic files are backed up for redundancy, password protected and accessible only by authorized employees, on a need-to-know basis. Personal information is retained only as long as necessary for the fulfilment of the above-specified purposes. You access some content via passwords and logins. To ensure that these areas and your personal information used in these areas remain secure, it is important that you protect yourself against other parties accessing your password and your computer. We encourage you to log off each time you complete a secure session and each time that you complete a session on a shared computer.
What this policy describes
This Privacy Policy describes the commitments of Cogmap Ltd and the rights of our customers and visitors of our websites regarding personal information. It is also intended to comply fully with the Personal Information Protection and Electronic Documents Act in London, United Kingdom.
What this policy covers
This Privacy Policy applies to the following The Cogmap Ltd and all of its Affiliates as listed below. In addition to this Privacy Policy, Cogmap Ltd may also be subject to the requirements of applicable local legislation, tariffs and regulations and the orders of any court or other lawful authority. Any time you do business with Cogmap Ltd, you are protected by the rights and safeguards contained in the Cogmap Ltd Privacy Policy. This Privacy Policy also governs the behaviour of our employees and agents acting on our behalf. All of our employees who have access to personal information receive training on using and protecting that information. All of our employees and agents are bound by confidentiality and other agreements requiring them to protect any personal information they may access as part of their job.
What is personal information?
Personal information is information about an identifiable individual. Publicly available information — such as a public directory listing of your name, address, telephone number, email or other electronic address — is not considered to be personal information.
What data is being collected or processed?
User data
At user level the data collected by Cogmap is divided into two categories.
Personal Data:
- Name
- Gender
- Date of birth
- Email address
- Physical attributes (where applicable)
- Dominant hand
- Dominant foot
- Height
Module Data:
- Results of module
- The time, frequency and duration of your activities on our Products
- Interactions with our Products and their content
- The clients/partners who have provided you access to our Products
Personal data is encrypted and securely stored. We do not process personal data unless necessary and only in anonymised format and as part of a collection. Personal data is shared with the specific organisation which have provided you with access to our Products or to other organisations with user’s consent.
All module data is anonymised and will be kept as a collection with all other module data collected through our Products. We process module data for various data processing tasks including, but not limited to, population analysis, training machine learning algorithms and predictions.
Organisations
At user level the data collected by Cogmap is divided into two categories.
Organisational Data:
- Organisation Name
- Organisation Logo
- Email address (where applicable)
Module Data:
- List of users
- Results of module
- The time, frequency and duration of user activities on our Products
- Interactions with our Products and their content
- Users for whom you have provided access to our Products.
Organisational data is encrypted and securely stored. We do not process Organisational data. Organisational data is not shared with the other clients/partners who have access to our Products without express consent.
Organisational data is encrypted and securely stored. We do not process Organisational data. Organisational data is not shared with the other clients/partners who have access to our Products without express consent.
Information Rights
Everyone has rights with regards to how Cogmap uses personal data about them. The rights are:
- Provision of a privacy notice when personal data are collected
- Right of access to their personal data
- Rectification of inaccurate personal data
- Right of erasure
- The right to restrict the use of their personal data
- Data portability
- The right to object to the use their personal data for some situations
- The right not to be subject to automated decision-making, including profiling.
The rights are not absolute, and each right is subject to certain exemptions. Each rights request will be assessed on an individual basis and be processed by the Data Protection team. To ensure that the Cogmap can fulfil its statutory obligations in relation to information rights requests, The Data Protection team have been given the authority to:
- Obtain cooperation and assistance for dealing with rights requests.
- Obtain access to documents, emails or other personal data that may be in scope of an information rights requests.
- Review data to establish if an exemption applies.
- Consider the applicability of any relevant exemption.
- Make disclosures required to fulfil our obligations relating to information rights.
Any individual that is impacted by a request, e.g., the data protection team need to request a search for the emails of a specific member of staff, will unless circumstances prevent it, be informed of the existence of a rights request, and asked to supply any relevant information or data as soon as is practical. If co-operation is not provided or the individual concerned is off sick or on leave, the Data Protection team, may seek to access the required information through a formal request to Information Services. Any request for access will be strictly limited to what is necessary to fulfil the rights request, and detailed records will be maintained.
Exercising Information Rights
If an individual wants to exercise an information rights request, they are entitled to do so verbally or in writing. It is important to note that rights requests should be submitted to Data Protection team on
dataprotection@cogmap.ai. Any requests submitted to any other department or communication channel should be forwarded to
dataprotection@cogmap.ai as soon as practical.
Retention of Personal Data
Cogmap keeps some forms of personal data longer than others. In accordance with the storage limitation principle of the legislation, personal data can only be retained for as long as it is necessary in order to achieve the purpose for which it was collected. There are two drivers for retention of personal data:
- A legal requirement that sets out a statutory retention period or
- A justified business need for the retention of personal data
The retention period assigned to a piece of personal data can vary on a variety of factors, but you should consider the above drivers as a starting point.
Cogmap keeps anonymised module data as part of a collection indefinitely. Module data is non-identifiable and would be subject to data processing in accordance with the relevant laws.
