Privacy Policy

Cognota, Inc. (the “Vendor”),
199 Bay Street #4000, Toronto, Ontario, Canada M5L 1A9

We have updated the Privacy Policy as of March 4, 2024.

This Privacy Policy only applies when the Vendor (“we”, “us” or “our”) is the Controller of personal data (such as website visitors’ data and business-to-business contacts). The Vendor acts as a Processor, not a Controller, for personal data processed on behalf of a person, firm or corporation (the “Customer”) who purchases or uses the Subscription Services or Digital Properties as defined below. Please note that this policy does not cover data privacy practices of Customers or personal data related to employees, candidates, contractors, or agents.

Table of Contents:
1. Introduction
2. Personal Data We Collect and Disclose
3. How We Process Personal Data
4. Sources of Personal Data
5. Cookies and Tracking Technologies
6. Security and Retention
7. Children’s Privacy
8. External Links
9. Supplemental Terms for California Residents
10. Supplemental Information for the EEA, Switzerland, and the U.K.
11. Supplemental Information for Other Regions
12. Contact Information

1. Introduction. Capitalized terms not defined in this Privacy Policy (e.g., Subscription Services) are explained in our Terms of Use (the “Agreement“). For individuals located in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“U.K.”), please see details below on the specific entity acting as a controller of your personal data.

This Privacy Policy only applies to personal data when you:

Visit or interact with the www.Cognota.com or www.LearnOps.com websites, our social media pages, and other websites which we operate (collectively, our “Digital Properties”);
Register for or participate in our webinars, events, programs, marketing, and promotional activities;
Interact with us in person, such as when you visit our offices; and
Inquire about or engage in commercial transactions with us.

Changes: This Privacy Policy may be periodically updated. It is advised to review it regularly for any changes. If you do not agree with the changes, it is recommended to discontinue your interaction with us. Whenever necessary under applicable law, we will notify you of any modifications to this Privacy Policy by posting an update in the Subscription Services or through other appropriate means.

2. Personal Data Collection and Disclosure. The following table outlines the personal data we collect about you and the parties to whom we disclose this information. For California individuals, this table identifies the entities to which personal data is disclosed for business purposes according to California law.

Categories of Personal Data Collected	Disclosures of Personal Data
Identifiers, such as your name, email address, postal address, phone number, and device identifiers (e.g., advertising identifiers and IP address).	Cognota, Inc. Service providers, such as security and platform vendors With third parties that are necessary to complete a transaction Business partners who we partner with to jointly market or sell our Subscription Services, such as channel partners With third parties at your direction, such as event sponsors Professional advisors, such as lawyers, accountants, and auditors Entities involved in a corporate transaction, including if we sell, acquire, or merge all or some of our assets Companies that operate Cookies and Tracking Technologies, such as marketing and advertising partners To which you have consented to the disclosure
Commercial information, including preferences, such as purchasing history.	Cognota, Inc. Service providers, such as security and platform vendors With third parties that are necessary to complete a transaction, such as credit card processors Professional advisors, such as lawyers, accountants, and auditors Entities involved in a corporate transaction, including if we sell, acquire, or merge all or some of our assets To which you have consented to the disclosure
Internet or other electronic network activity information and device information, such as your browsing history, search history, device information, and other information (whether passive browsing or active engagement) regarding your interactions with us and use of our products, Subscription Services, emails, and other Digital Properties.	Cognota, Inc. Service providers, such as security and platform vendors Companies that operate Cookies and Tracking Technologies, such as marketing and advertising partners Entities involved in a corporate transaction, including if we sell, acquire, or merge all or some of our assets
Geolocation information, such as approximate location based on your IP address, mobile device location, or information you provide to us (such as city and state you provide through a webform). You may be able to control collection of this data through the settings of your device.	Cognota, Inc. Service providers, such as security and platform vendors Entities involved in a corporate transaction, including if we sell, acquire, or merge all or some of our assets. Companies that operate Cookies and Tracking Technologies, such as marketing and advertising partners
Audio, electronic, visual, and other sensory information, such as CCTV recordings (e.g., if you visit our offices or attend events); recordings of your interactions with our sales or support teams (e.g., for quality assurance or training purposes, in accordance with applicable laws); or customer support chat or messaging logs.	Cognota, Inc. Service providers, such as security and platform vendors Entities involved in a corporate transaction, including if we sell, acquire, or merge all or some of our assets
Inferences as defined by California law, such as marketing you are likely to react positively to.	Cognota, Inc. Service providers, such as platform vendors Entities involved in a corporate transaction, including if we sell, acquire, or merge all or some of our assets
Sensitive Personal Data, such as proof of vaccination or race and ethnicity (optional) (where permissible under applicable law).	Cognota, Inc. Service providers, such as platform vendors Entities involved in a corporate transaction, including if we sell, acquire, or merge all or some of our assets To which you have consented to the disclosure

In addition to the aforementioned disclosures, we may share your personal data in response to lawful requests from law enforcement or government authorities, including those related to national security, following the guidelines outlined in the Trust Center. We reserve the right to de-identify, anonymize, or aggregate personal data for sharing with third parties as legally allowed, for various purposes.

3. How We Process Personal Data. We may process your personal data for the below purposes:

Purpose of Processing	Lawful Basis
To provide our products, Subscription Services, and Digital Properties, we process and fulfill transactions, enable access to these services, maintain and enhance our Digital Properties, communicate with users for support and security updates, and track service quality for improvements.	Legitimate interests; Contract; Legal obligations
For internal business operations, including record-keeping, financial transactions, audits, IT security, business improvements, research and development, and handling surveys.	Legitimate interests; Legal obligations
For legal, safety, and security purposes, which may include compliance, legal defense, property protection, policy enforcement, and responding to security incidents or illegal activity. Additionally, in certain situations, special categories of personal data may be collected for relevant purposes like health data for public health or legal requirements.	Legitimate interests; Legal obligations; Public interest
To market our products and services, including soliciting testimonials, sending marketing communications, facilitating contests or events, and customizing advertisements for you and third-party offerings. You can opt out of marketing communications by using the “unsubscribe” link in our communications or contacting us at marketing@cognota.com. Please be aware that tracking technologies may be used in our marketing materials.	Consent (where required by law); Legitimate interests
To process referral requests when using our referral service to inform others about our Subscription Services, using the provided contact details to reach the referred individual. You must only provide others’ personal data if you have their consent to do so.	Consent (where required by law); Legitimate interests
To promote diversity, equity, and inclusion initiatives and representation within our business, as permitted by law.	Consent (where required by law); Legitimate interests
For corporate transactions, including sales, mergers, acquisitions, reorganizations, bankruptcies, and other such events.	Legitimate interests; Legal obligations
When you have provided voluntary consent for the processing of your personal data.	Consent

We respect your data subject rights as required by law. You may request access, correction, updating, or deletion of your personal data by contacting us at privacy@cogntoa.com. We work with select third-party providers who assist us in data processing for various purposes, ensuring they adhere to strict contracts limiting their access and use of personal data in line with applicable data protection regulations.

4. Sources of Personal Data

Information you directly provide to us, such as when registering, communicating through our Digital Properties, visiting our offices, or engaging in events and marketing activities.
Information collected from your employer, colleagues, or acquaintances, including details about employees or representatives of customers, suppliers, investors, and business partners. Additionally, we may receive information through referrals for our Subscription Services.
Automatically collected information, including technical data from your interactions with our Digital Properties, like IP addresses, browsing habits, and purchase history.
Information sourced from public outlets, like public records and data shared on social media platforms.
Information sourced from third parties, such as service providers, business partners, and social media networks, including widgets like the “LinkedIn Follow” button.

We may consolidate information acquired from different sources outlined in this Privacy Policy, including third-party and public sources, and utilize or disclose it for the stated purposes.

5. Cookies and Tracking Technologies. We utilize cookies and tracking technologies, allowing you to adjust settings as needed. Certain technologies may track your device activity. While some browsers have a Do Not Track option, we do not currently support this feature.

6. Security and Retention. We have robust security measures in place to safeguard your personal data from unauthorized access, loss, or alteration. Your data is retained for as long as necessary to fulfill the purposes for which it was collected. After termination of our relationship, we may keep your data for legal or business purposes. If there is no ongoing legitimate need for your data, we will securely store or delete it. For specific retention periods, please reach out to us.

7. Children’s Privacy. Our Digital Properties and Subscription Services are not intended for individuals under the age of 16, and we do not knowingly collect personal data from children. Parents or guardians who believe a minor has disclosed personal data to us should contact us.

8. External Links. When engaging with us, you may come across links to external sites or online services, potentially through third-party ads. We are not responsible for the privacy and data collection practices of these third-party sites. For further information or inquiries, refer to the privacy policies of the respective third parties.

9. Supplemental Terms for California Residents. Under the California Consumer Privacy Act (“CCPA”), this Section pertains to specific personal data collected about California individuals which we process as a “business.” It adds to the information outlined above and does not cover current or former employees, applicants, contractors, or agents.

a. Additional Data Processing Disclosures: The following table outlines the categories of personal data disclosed to third parties, as defined by the California Privacy Rights Act, along with the categories of personal data collected and disclosed by us.

Categories of Personal Data We Collect	California Privacy Rights Act Details: Categories of Third Parties to Whom Personal Data is “Sold or Shared”
Identifiers, including your name, email address, postal address, phone number, and device identifiers like advertising identifiers and IP address.	Companies that operate Cookies and Tracking Technologies, such as marketing and advertising partners Business partners who we partner with to jointly market or sell our products and Services, such as channel partners.
Commercial information, including preferences, such as purchasing history or tendencies and transactional information, such as banking information.	Not applicable
Internet or other electronic network activity information includes details like browsing and search history, device specifics, and interactions with our products, Subscription Services, emails, and Digital Properties.	Companies that operate Cookies and Tracking Technologies, such as marketing and advertising partners
Geolocation information, like approximate location derived from your IP address, mobile device location, or details you provide, such as city and state through a webform, can be managed through your device settings.	Companies that operate Cookies and Tracking Technologies, such as marketing and advertising partners
Audio, electronic, visual, and other sensory information include CCTV recordings at our premises or from events, recordings of interactions with our teams, and customer support chat logs.	Not applicable
Inferences as defined by California law, such as marketing you are likely to positively react to.	Not applicable
Sensitive Personal Data, such as proof of vaccination or optional race and ethnicity information (where permitted by law).	Not applicable

We conduct standard practices with partners and Digital Properties that involve potential “sale” or “sharing” as outlined by California law. We do not share personal data of minors under 16 knowingly. Additionally, we do not gather or use “sensitive personal information” to make inferences about individuals and handle such data in line with the exceptions for limiting sensitive data.

Financial Incentives: We may provide a benefit, like a discount or coupon, in exchange for your personal data when responding to surveys, contests, or promotions. Participation details and financial incentives are outlined in the promotion’s terms and conditions. The value of your data equals the benefit provided, calculated based on associated costs. You can opt out of financial incentives at any time by contacting us at privacy@cognota.com. If alternative incentives are offered, we will disclose all relevant details for your participation.

b. Your Data Protection Rights: Subject to legal limitations, certain California residents may have the below rights.

Right to Know. You can ask for details about the types of personal data we have collected about you, including sources, purposes of collection, categories of third parties it has been shared with, and the specific pieces of data collected (“Specific Pieces Report”).
Right to Delete. You have the right to request that we delete personal data that we have collected from you.
Right to Correct. You have the right to request that we correct inaccurate personal data that we maintain about you.
Right to Opt Out of Sale or Sharing. We do not sell personal data to third parties, but we share information with partners who may collect data from our Digital Properties. This sharing may be considered a “sale” or “sharing” under California law, and you have the right to opt out of this activity.

California residents can exercise their Right to Know, Right to Delete, Right to Correct or opt out of information sharing by emailing us at privacy@cognota.com and providing a written request. We will process these requests within fifteen (15) business days of receipt unless additional time is necessary, up to ninety (90) days. Rest assured, we will not discriminate against you for utilizing these rights, as prohibited by law.

10. Supplemental Information for the EEA, Switzerland, and the U.K. The following terms supplement the Privacy Policy with respect to our processing of EEA (i.e., European Union Member States, Iceland, Liechtenstein, and Norway), Swiss, and U.K. personal data. In the event of any conflict or inconsistency between the other parts of the Privacy, this Section shall govern and prevail with regard to the processing of EEA, Swiss, and U.K. Personal Data, to the extent applicable.

Data Controller: The Vendor entity that you primarily engage with, such as the one that entered into a Subscription Services contract or provided marketing materials, is the controller under this Privacy Policy. This typically refers to Cognota, Inc., unless stated otherwise.

a. Legal Basis for Processing: Please see Section 3 for the legal basis on which we rely for the collection, processing, and use of personal data.

b. Your Data Protection Rights: Under applicable data protection laws, you may exercise certain rights regarding your personal data.

Right to Access. You have the right to obtain confirmation from us whether we are processing your personal data and related information, as well as the right to obtain a copy of your personal data undergoing processing.
Right to Data Portability. You have the right to receive your personal data in a format that is structured, commonly used, and machine-readable. You may also have the right to transmit this data to other data controllers without any obstacles, provided the processing is based on your consent or a contract, and is conducted through automated means.
Right to Rectification. You have the right to request the rectification of inaccurate personal data and to have incomplete data completed.
Right to Objection. You have the right to object to the processing of your personal data in certain cases.
Right to Restrict Processing. You may request that we restrict the processing of your personal data in certain cases.
Right to Erasure. You may request that we erase your personal data in certain cases.
Right to Lodge a Complaint. You have the right to file a complaint with a supervisory authority. We commit to cooperating with EU data protection authorities, the UK Information Commissioner’s Office, and the Swiss Federal Data Protection and Information Commissioner to resolve any complaints regarding our handling of personal data.
Right to Refuse or Withdraw Consent. You may decline or retract your consent for processing personal data at any time without repercussions. The legality of data processing prior to withdrawal remains unaffected.
Right to Not Be Subject to Automated Decision-making. We do not engage in the automated decision-making types outlined in Article 22(1) and (4) of the EU/UK General Data Protection Regulation (“GDPR”) regarding your personal data. If this changes, we will notify you of the decision-making rationale, significance, potential consequences, and your entitlement to human intervention and objections.

You can exercise these rights by contacting us at privacy@cognota.com to make your request. Please be aware that we may decline to fulfill data protection requests in specific situations, such as cases where access could violate others’ privacy rights or affect our legal duties.

c. International Transfers of Personal Data: As part of our global operations, data may be shared with recipients located outside the EEA, Switzerland, or the U.K., where data protection standards may not be equivalent. To ensure data protection, transfers to such countries are conducted through approved data transfer mechanisms like the EU Standard Contractual Clauses, the U.K. Addendum, or other valid methods as authorized by relevant authorities. Certain countries have been deemed to provide adequate protection. For more details on data transfers, including available mechanisms, please contact us.

The Vendor upholds compliance with the applicable Data Privacy Frameworks, including the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework. We adhere to the principles outlined in these frameworks when handling personal data received from the European Union under the EU-U.S. Data Privacy Framework and from the United Kingdom (including Gibraltar) under the UK Extension to the EU-U.S. Data Privacy Framework.

11. Supplemental Information for Other Regions

Australia: Personal data managed by us adheres to the Australian Privacy Act 1988 (Commonwealth) and the Australian Privacy Principles. In case of dissatisfaction with our complaint handling or resolution, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (“OAIC”). You may also request us to forward your complaint details directly to the OAIC.
Canada: Personal data, as defined in the Personal Information Protection and Electronic Documents Act (“PIPEDA”) will be collected, stored, used, and/or processed by us in accordance with our obligations under PIPEDA.
Nevada: Although we do not currently sell personal data as outlined by Nevada law, residents of Nevada can still exercise their right to opt-out of sale by contacting us via email using the information provided above.
New Zealand: Our collection, storage, and processing of personal data align with New Zealand’s Privacy Act 2020 and the 13 Information Privacy Principles (“NZ IPPs”).
Singapore: Personal data handled by us, as outlined in this Privacy Policy, is managed in compliance with the obligations set out in the Personal Data Protection Act 2012 (“PDPA”).
United Kingdom: The collection, storage, and processing of personal data as detailed in this Privacy Policy adhere to our responsibilities under the UK Data Protection Act 2018, modified by the Data Protection, Privacy, and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, and any subsequent amendments or replacements (“U.K. GDPR”).

12. Contact Information. For inquiries or concerns regarding this Privacy Policy or our privacy procedures, please reach out to us via email at privacy@cognota.com. In accordance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework, we pledge to direct unresolved complaints about our handling of personal data under these frameworks to JAMS, an alternative dispute resolution provider specializing in data protection, located in the United States.

If we introduce what we consider to be a significant change to our Privacy Policy, we will use reasonable efforts to notify you of that change by posting a notification of that effect within the Subscription Services. Also, when such a change occurs, we will amend the effective date by at the top of this Privacy Policy.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.