Personal data is information that makes it possible to identify a natural person. This includes, in particular, name, date of birth, address, telephone number, e-mail address, but also your IP address. Anonymous data is data that cannot be linked to a specific user.
Plas Eirias Business Centre,
Abergele Road, Colwyn Bay,
Wales, LL29 8BF
Cognitive Edge Pte Ltd
1 Raffles Place
#20-61 Tower 2
Cognitive Edge USA Inc.
1000 N West St STEn1200
Your rights as a data subject
First of all, we would like to inform you here about your rights as a data subject.
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them.
Right to information: You can request information from us as to whether and to what extent we process your data.
Right to rectification: If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to erasure: You may request that we erase your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations. Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.
Right to restriction of processing: You may request us to restrict the processing of your data if you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data, the processing of the data is unlawful, but you object to erasure and request restriction of data use instead, we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or you have objected to the processing of the data.
Right to data portability: You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and this processing is carried out with the aid of automated procedures. If technically feasible, you may request us to transfer your data directly to another controller.
Right to object: If we process your data for legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
Right of complaint: If you are of theI opinion that we violate data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision. If you wish to assert any of the aforementioned rights against us, please contact us using our contact form. In case of doubt, we may request additional information to confirm your identity.
Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information.
What are the relevant legal bases for processing your data?
The following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies:
Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
Contract – This is where we process your information to fulfill a contractual arrangement we have made with you.
Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc.
Legitimate Interests - This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime.
Vital interests – This is where we process your information for communications about security, privacy and performance improvements of our services. Or for establishing, exercising or defending our legal rights.
Accuracy – It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.
What are the categories of data subjects?
Customers, interested parties, visitors, members and users of the online offer as well as our business partners.
Sources and origin of the data
Which data we process is determined by the respective context: this depends on whether you simply browse our website or enter a query in our contact form, for example, or whether you send us a membership application or submit a query.
Online presences in social media
We maintain online presences in Facebook, Twitter, LinkedIn, Slack, and Tribe on the basis of our legitimate interests and in order to communicate with customers, interested parties, members and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
When you visit our website
When visiting this website, your browser transmits the following types of data, which are stored by us:
These first three types of data are technically necessary in order to correctly display the pages of this website that you have accessed. In addition, they may be used, if necessary, to maintain the secure operation of this website (e.g. to defend against hacking attempts). The IP address and browser language are also used to suggest the appropriate language setting for our website. The referrer URL is used in anonymised form for statistical purposes. For reasons of technical security and in particular to defend against attempted attacks on our web server, this type of data is also stored for a certain period of time on the basis of our legitimate interests.
We collect and process the following data within the scope of a contact request:
You can use our website to send us various types of queries, e.g. to join us as a member or to enquire about specific services or our SenseMaker API.
A contact form is used in each case to record the contact data necessary for communication (e.g. name, company name or e-mail address) and to record the content of your message. This data is used for customer relationship management (contact history) and to answer/fill your request.
Our website allows you to send a membership request via email. If you write to us , we will process the data you provide in the email for the purpose of contacting you and answering your questions and requests. If you contact us by e-mail, we will process the personal data provided in the e-mail solely for the purpose of processing your membership request.
When using all communication channels, the principle of data minimisation and data economy is observed in that you only have to provide the data that we absolutely need from you to contact you and to process your respective query.
In addition, your IP address will be processed for reasons of technical security and to defend against any attempted attacks.
Webinars and Newsletter Signup
You can also show interest in our Webinars and subscribe to a free newsletter on our website. The e-mail address provided when registering for Webinars or the newsletter, as well as your name and company name, will be used for sending the personalised newsletter and .
The principle of data minimisation and data economy is observed, as only the e-mail address and your name and title are marked as mandatory fields for personalisation. For technical necessity and for legal protection, your IP address is also processed when you order the newsletter.
You can, of course, unsubscribe at any time using the unsubscribe option provided in the newsletter and thus revoke your consent. Furthermore, you can also unsubscribe from the newsletter at any time directly via our website.
We store your data as long as they are needed for the respective processing purpose. Please note that numerous retention periods require that data continue to be stored. This applies in particular to retention obligations under commercial or tax law. If there are no further storage obligations, the data is routinely deleted once the purpose has been achieved.
In addition, we may retain data if you have given us your permission to do so or if legal disputes arise and we use evidence within the framework of statutory limitation periods, which can be up to thirty years; the regular limitation period is six years.
Security of your Data
In order to protect the data stored with us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorised persons, we use appropriate technical and organisational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.
The exchange of data to and from our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols.
In addition, we offer our users content encryption as part of the contact forms and for applications. Only we are able to decrypt this data. There is also the option of using alternative communication channels.
In more detail to access our database the user must be authorised, and is challenged through a two-way authentication system. Also, the removal of Personal Data from our location is forbidden and made by using a complex encryption system very difficult. We use cutting edge antivirus and anti-malware software and up-to-date firewall protection. Moreover, authorised personnel must have a legitimate need to know interest such as being your point of contact or service your user account.
The data we collect from you may be stored, with appropriate technical and organisational security measures applied to it, on our Amazon Web Services AWS servers. In all cases, we follow generally high data protection standards and advanced security measures to protect the personal data submitted to us, both during transmission and once we receive it.
Disclosure to third parties
We will only share your data with third parties within the scope of the legal provisions or with corresponding consent. Otherwise, we will not disclose your data to third parties unless we are obliged to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies).
Recipients of the data / categories of recipients
Within our company, we ensure that only those persons receive your data who need them to fulfill contractual and legal obligations.
Disclosure within our Company and our Subsidiaries
In the course of providing our services and answering your queries, our subsidiaries in the above mentioned offices may be involved. One example is a query for support at your location, which should expediently be handled by a nearby subsidiary in their location that is closest to you.
In some cases, service providers support our specialist departments in the fulfillment of their tasks.
Third country transfer / intention to transfer data to third countries
We may transfer your personal information outside the United Kingdom and the European Economic Area (EEA). For example, our Websites are hosted on servers within Europe and the United States of America, and our third party service providers and our subsidiaries operate around the world.
We will only transfer your personal information outside the UK and the EEA if adequate protection measures are in place. To ensure that your personal information does receive an adequate level of protection outside the UK and the EEA we use contractual clauses and standard contractual clauses approved by the Information Commissioner and the European Commission. Further details in respect of protective measures used outside of the UK and the EEA are available on request.
Data is only transferred to third countries (for example our Satellite offices) if this is required by law or if you have given us your consent to do so or if this is necessary for the performance of the contractual relationship.
This is currently the case when you use our contact function for queries because a service provider who provides this function for us obtains access to your personal data. In this case, we take the measures possible and necessary under data protection law in accordance in order to establish the level of data protection in the third country.
Marketing and advertising
We are interested in maintaining our member and user relationship with you and in sending you information and offers about our products / services. Therefore, we process your data to send you relevant information and offers by e-mail.
If you do not wish this, you can object to the use of your personal data for direct marketing purposes at any time; this also applies to profiling insofar as it is related to direct marketing. If you object, we will no longer process your data for this purpose.
The objection can be made free of charge and without formalities without giving any reasons and should preferably using our contact form.
Integration Of Service Providers And Contents Of Third Parties
We use within our online offer on the basis of our legitimate interests, content or services offered by third-party providers in order to integrate their content and services.
This always requires that the third-party providers of this content are aware of your IP address, since the content or service could not send to your browser without the IP address. The IP address is thus required for the display of this content and we endeavor to use providers that only use your IP address for the delivery of the content or services. However, Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources. We use the following Service Providers:HubSpot, Google, Yoast, MonsterInsights, Amazon
Social Media Functions and Widgets
Within our online offer, functions and widgets of Facebook, Twitter, LinkedIn are integrated. When you click on or use any of those functions and widgets, your browser establishes a direct connection to Facebook, Twitter, LinkedIn. The function or widget then transmits log data to Facebook, Twitter, LinkedIn. This log data may contain your IP address, the address of the visited websites, type and settings of the browser, date and time of the request, your usage of Facebook, Twitter, LinkedIn ,as well as cookies. Those may also include the display of our post, the link to our profile, the possibility to interact with the posts and functions, as well as to measure users reach (so-called conversion measurement).
Hosting and Content Delivery Networks (CDN)
This website is hosted by an external service provider (Amazon Web Services AWS and WordPress). The personal data collected on this website is stored on AWS and WordPress' servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website. AWS and WordPress are used for the purpose of fulfilling the contract with our potential and existing visitors and users and in the interest of a secure, fast and efficient provision of our online offer by a professional provider.
AWS and WordPress will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.
Advertisers and third parties also may collect information about your activity on our sites and applications, on devices associated with you, and on third-party sites and applications using tracking technologies. Tracking data collected by these advertisers and third parties is used to decide which ads you see both on our sites and applications and on third-party sites and applications. You can opt out on the Digital Advertising Alliance (DAA) if you wish not to receive targeted advertising. You may also be able to choose to control targeted advertising on other websites and platforms that you visit. In addition, you may also choose to control targeted advertising you receive within applications by using the settings and controls on your devices.
Remarketing and Behavioural Targeting
These types of services allow us and our partners to analyse how www.cynefincentre.com has been used in a user's previous sessions in order to target, optimise and deploy advertising.
This activity is facilitated by tracking usage data and the use of trackers that collect information which is then transmitted to the partners who manage the remarketing and behavioural targeting activities.Some services offer a remarketing option based on email address lists.
In addition to any opt-out options offered by each of the services listed below, users may opt-out via the Network Advertising Initiative opt-out page. Users may also opt-out of certain advertising features through appropriate device settings, such as device advertising settings for mobile phones or advertising settings in general.
Remarketing with Google Analytics (Google Inc.)
Remarketing with Google Analytics is a remarketing and behavioural targeting service provided by Google LLC or by Google Ireland Limited, depending on the location from which www.cynefincentre.com is accessed, which combines the tracking activities of Google Analytics
and its cookies with the Google Ads advertising network and the "DoubleClick" cookie.
Personal data processed: Cookie; Usage data.
Facebook Remarketing (Facebook, Inc.)
Facebook Remarketing is a remarketing and behavioural targeting service provided by Facebook, Inc. that connects activity taking place through www.cynefincentre.com to the Facebook ad network.
Personal data processed: Cookie; Usage data.
Facebook Custom Audience (Facebook, Inc.)
Facebook Custom Audience is a remarketing and behavioural targeting service provided by Facebook, Inc. that connects activity taking place through www.cynefincentre.com to the Facebook ad network.
Personal data processed: Cookie; Email.
Google Ads Remarketing (Google LLC)
Personal data processed: Cookie; Usage data.
We integrate Google`s "reCAPTCHA" function to be able to recognise whether entries (e.g. in online forms) are made by humans and not by automatically acting machines (so-called "bots"). The data processed may include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies as well as results of manual recognition processes (e.g. answering questions asked or selecting objects in images).
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer we use Google Analytics. The information generated about the use of the website by the user is usually transferred to Google and stored there. Google will use this information on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of the user is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server shortened there.
The IP address transmitted by the user's browser will not be merged with other data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and relating to their use of the online offer.
Automated decision-making and profiling
We do not use automation for decision-making and profiling
Do Not Track
Do Not Track is a privacy preference you can set in most browsers. We support Do Not Track because we believe that you should have genuine control over how your info gets used and our site responds to Do Not Track requests.
Do Not Sell My Personal Information
We do not sell information that directly identifies you, like your name, address or phone records.
From time to time we may use the personal information we collect from you to identify particular products offers which we believe may be of interest to you. We may contact you to let you know about these products and services and how they may benefit you.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or relationship with us.
Direct Marketing from generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by Cognitive-Edge, or by our contracted service providers. Every directly addressed marketing form sent or made by us or on our behalf should include a means by which customers may unsubscribe (or opt out) of receiving similar marketing in the future. You can ask us to remove or amend any previous consent you provided by contacting us.
Individual(s) or companies that have been approved by us as a recipient of organizational Personal Data and from which Cognitive-Edge has received confirmation of their data protection practices conformance with the requirements of this policy. Commercial Partners include all external providers of services to Cognitive-Edge and include proposed Commercial Partners. No Personal Data can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.
Personal Data Training
All new hires entering Cognitive-Edge who may have access to Personal Data are provided with introductory training regarding the provisions of this policy, a copy of this policy and implementing procedures for the department to which they are assigned. Employees in positions with regular ongoing access to Personal Data or those transferred into such positions are provided with training reinforcing this policy and procedures for the maintenance of Personal Data and shall receive annual training regarding the security and protection of Personal Data and company proprietary data.
Personal Data Audit(s)
Cognitive-Edge conducts audits of Personal Data maintained by Cognitive-Edge in conjunction with fiscal year closing activities to ensure that this policy remains strictly enforced and to ascertain the necessity for the continued retention of Personal Data. Where the need no longer exists, Personal Data will be destroyed in accordance with protocols for destruction of such records and logs maintained for the dates of destruction.
Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, Cognitive-Edge will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Confirmation of Confidentiality
All company employees must maintain the confidentiality of Personal Data as well as company proprietary data to which they may have access and understand that that such Personal Data is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgement reminders annually attesting to their understanding of this company requirement.
Violations of Personal Data Policies and Procedures
Cognitive-Edge views the protection of Personal Data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions under Cognitive-Edge’s discipline policy and may include suspension or termination in the case of severe or repeat violations. Personal Data violations and disciplinary actions are incorporated in Cognitive-Edge’s onboarding and refresher training to reinforce Cognitive-Edge’s continuing commitment to ensuring that this data is protected by the highest standards.
This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.
Queries and Complaints
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.
Cognitive Edge Ltd. & Cognitive Edge Pte. trading as The Cynefin Company and The Cynefin Centre.
© COPYRIGHT 2023