We at Cognitect, Inc. (“Cognitect”) value your privacy. This privacy policy (the “Policy”) describes the information we collect when you access or use our websites, our information technology product Datomic (the “Product”), when we offer IT consulting and development services (the “Services”) to organizations and entities, and and how we use, disclose, and protect this information. It also tells you about rights and choices you may have with respect to your information, and how you can reach us to update your information or get answers to questions you may have about our privacy practices. Cognitect reserves the right to update this Policy, from time to time, in accordance with applicable law and industry best practices. Your use of our websites, Products, or Services constitutes acceptance of this Policy.
Cognitect complies with the EU-U.S. Privacy Shield Framework (the “Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Cognitect has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”). If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
The Federal Trade Commission has jurisdiction over Cognitect’s compliance with the Privacy Shield.
1. Information We Collect
Some of the information we receive from the European Economic Area may qualify as “personal information” or “personal data” (collectively, “Personal Information”) as defined in the Frameworks. This may include names, addresses, IP locations, device types, and contact information. When we process Personal Information on behalf of our enterprise customers, they determine the categories of data they upload in our systems and the purposes of the processing. Accordingly, customers are responsible for providing notice to individuals.
As a data controller, we collect and process EEA Personal Information directly from individuals, either via our publicly available websites, including www.cognitect.com and www.datomic.com, or in connection with our customer, partner, and vendor relationships.
As a data processor, we process and host EEA Personal Information obtained from our customers when providing our Services. In that context, we only process Personal Information on behalf and on the instructions of our customers, which are data controllers.
We commit to subject to the Principles all Personal Information received from the EEA in reliance on the Frameworks (which includes both types of activities).
2. Information You Provide
To register you for the Product or Services, we require you to provide us with certain information, including: (1) your name, location, and your contact information (such as your e-mail address, phone number, billing and physical addresses, and your account password); and (2) payment information (such as your credit or debit card number, bank account routing number, and billing and shipping address). If you communicate with us by, for example, e-mail, telephone, online form, any information voluntarily provided in such communication may be collected. Note, when you make a purchase of our Services, our payment processor directly collects and processes the payment information that you provide, as necessary to complete your purchase. You may, at any time, contact us using the information provided below.
3. Company Information
In order for us to provide our Product or Services, we may ask you to provide information about your company, which includes, but is not limited to: company name, company address, billing and payment information, location, team size, project name(s), project number(s), budgets, client names, holidays, payment information (e.g. payment number and invoice details), and currency.
4. Information We Receive from Third Parties
In order to support your experience using the Product or Services, or in the course of providing Services to EU companies or entities, we may also collect information about you from third party partners and combine it with other information we collect from you.
5. Automatically Collected Information
We automatically collect information when you access our Product or Services such as IP address. We may also track user activity (e.g. pages visited) and use cookies and other tracking technologies on our websites. Cookies are small text files that web servers place on your device; they are designed to store basic information and to help websites and applications recognize a browser. Cookies help us track and target the interests of our users to enhance their experience. We use IP address to derive your approximate location, device type, and date and time of access. We work with analytics providers such as Google Analytics, which use cookies and similar technologies to collect and analyze information about traffic to our websites and report on activities, trends, and demographics. You can learn about Google’s practices by going to www.google.com/policies/privacy/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at tools.google.com/dlpage/gaoptout. You can install third party services to block sharing cookies while browsing websites.
6. How We Use Information
We may use the information we collect for various purposes, including:
We take reasonable, industry standard steps to ensure that the Personal Information we process is relevant and reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information. These include the use of complex passwords, encryption of data, and evaluating our vendors to ensure they adequate security and privacy policies.
We will not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We will adhere to the Principles for as long as we retain the Personal Information collected under the Frameworks. When we process Personal Information on behalf of our enterprise customers, we process and retain Personal Information as necessary to provide our services to our customers, or as required or permitted under applicable law.
If we disclose your Personal Information to a third party acting as a data controller or as an agent, we will comply with, and protect the Personal Information as provided in, the Accountability for Onward Transfer Principle. We remain responsible for the processing of Personal Information received under the Frameworks and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage. We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
7. Your Rights and Choices
You may choose to change your Personal Information or cancel an account by contacting us using the contact details below. You can also unsubscribe from our marketing communications by following the instructions or unsubscribe mechanism in the e-mail message. If we intend to use your Personal Information for a purpose that is materially different from the purposes listed in this policy or our Privacy Policy, or if we intend to disclose it to a third party acting as a controller not previously identified, we will offer you the opportunity to opt-out of such uses and/or disclosures where it involves non-sensitive information or opt-in where sensitive information is involved.
8. Non-US Residents Choices
Under certain jurisdictions outside the US, we may obtain your opt-in consent at the time of collection for the processing of certain information for direct marketing purposes or to use cookies and similar tracking technologies. If we rely on consent for the processing of your information, you may have the right to withdraw your consent at any time and, when you do so, this will not affect the lawfulness of the processing before your consent withdrawal. Under certain jurisdictions, you may have the right to request access to and receive information about the information we maintain about you, to update and correct inaccuracies in your information, to restrict or to object to the processing of your information, have the information deleted, or to exercise your right to data portability, as appropriate. Those rights may be limited in some circumstances by local law requirements. In addition to the above-mentioned rights, you have the right to lodge a complaint with a competent supervisory authority subject to applicable law. The rights of access, correction, amendment and deletion are, in particular, provided under the Privacy Shield Frameworks.
9. Transborder Transfer
We may transfer or disclose personal information to recipients in countries outside of your country, including the United States, where we are headquartered. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer or disclose your personal information to other countries, we will protect that information as described in this Privacy Notice. We have certified to the EU-U.S. Privacy Shield Framework to provide adequate safeguards for the transfer of personal information to the United States from the European Economic Area (“EEA”).
10. Security
We are committed to protecting your information. We seek to use reasonable organizational, technical, and administrative measures to protect information within our organization. We also take measures to delete your personal information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it or when you request their deletion. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. Your password protects your user account, so you should use a unique and strong password, limit access to your computer and browser, and log out after having used our Product or Services. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the Contact Us section below.
11. Children
Our Products and Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16.
12. Updates to this Policy
From time to time we may, in our discretion, make changes to this Policy. The “Last Updated” date at the top of this page indicates when this Privacy Policy was last revised. Your continued use of our Services after we have updated this Policy constitutes your acceptance of the changes.
13. Recourse, Enforcement and Dispute Resolution
In compliance with the Privacy Shield Principles, Cognitect, Inc. commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Cognitect, Inc. at:.
Cognitect, Inc.
101 West Chapel Hill Street
Suite 300
Durham, NC 27701
USA
Email: info@cognitect.com
Phone: 919.283.2748
Cognitect, Inc. has further committed to refer unresolved Privacy Shield complaints to the International Centre for Dispute Resolution, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://go.adr.org/rs/294-SFS-516/images/PrivacyShield_Notice_of_Arbitration.pdf for more information or to file a complaint. The services of the International Centre for Dispute Resolution are provided at no cost to you.
If the ICDR does not resolve the matter, you may be able to invoke binding arbitration when other dispute resolution procedures have been exhausted. For more information, please visit: Privacy Shield website.
Non-HR Recourse Mechanism
http://go.adr.org/privacyshield.html