Purpose

The purpose of this Privacy Notice is to describe the personal information that we collect, how we obtain the information, how we may use or disclose that information, the security measures we have in place to protect this information, and the rights that end users have with respect to this information.

Scope

This Privacy Notice covers our privacy practices with respect to the collection, use, and disclosure of information obtained: (i) through the Cogito website at cogitocorp.com (hereinafter, our "Website"); and (ii) in connection with the use of our hosted software applications (the "Subscription Service") and related support services ("Support Services"), as well as expert services, including professional services, training and certification (the "Expert Services") that we provide to Customers.

Use of our Website and our provision of Services are intended only for persons at least 13 years of age and we do not knowingly collect or store personal information from children under the age of 13.

For the purposes of this Privacy Notice:

  • “Callers” mean the individuals who communicate or interact with our Customer’s contact centers.
  • "Customer" means any entity that purchases a license to any portion or component of the Services.
  • "Customer Data" means the personal information uploaded into, or otherwise made accessible to, any portion of the Services by, or for, a Customer or its Users, as further described below.
  • “Services” shall mean, collectively, the Subscription Service, Support Services and the Expert Services.
  • “User” means an individual authorized by or on behalf of the Customer to access and/or make use of any portion or component of the Services, as further described in the Customer Agreement.
  • "Visitor" means a visitor of the Website.

Your Privacy Choices:

You have the right to exercise the following choices with our use of your personal information.

  • Access the personal information we maintain about you.
  • Delete the personal information we maintain about you.
  • Correct inaccurate personal information we maintain about you.
  • Opt-out of certain uses of your personal information, notably:
    • Email marketing - unsubscribe to our email list by clicking the unsubscribe link at the bottom of the marketing emails.
    • Targeted advertising using third party cookies - refer to the “What is a Cookie?” section below to learn how to opt-out of these types of ads.

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

You can exercise these rights by contacting us at [email protected].

Website

For all Visitors, Cogito operates as the controller of your personal information. The following information applies to the personal information collected by Cogito from Visitors to our Website. For information with regard to the Cookies we collect on our Visitors, please refer to the Cookie Settings section below. For information with respect to any applicable data access rights, please refer to Your Rights and Choices with Cogito as a Controller of your Personal Information.

What Personal Data do we collect?

The following reflects information that we have collected about you over the past 12 months.

Information collected directly from you

The personal information we collect directly from you includes the following:
  • If you express an interest in obtaining additional information about our Services, use our “Contact Us” or similar features, request a demo, or download certain content, we may require that you provide to us your contact information such as your name, job title, company name, phone number, or email address. 
  • When you register or request further information or Services from us or participate in interactive features of our Website. 
  • When you report a problem with our Website.

Information collected from third parties

Cogito may collect and use information we receive from service providers in connection with your use of the Website. For instance, Cogito may use a service provider for reporting and analytics to measure the effectiveness of our Website and marketing efforts, and to identify areas for improvement. 

Information we collect as you navigate through the Website

As you navigate through the Website, we also collect details about your visits to our Website including, but not limited to, your IP address, usage patterns, traffic data, location data, logs and other communication data and the resources that you access, as well as information about your computer and internet connection, including your operating system and browser type. 

Cookies and Other Forms of Automated Collection

What is a Cookie?

When you visit our Website, we, or an authorized third party may place a small text file called a “Cookie” on your computer’s browser directory.  Cookies are designed to collect information, which includes personal information, about your online activities over time and across different sites.  

Session-based cookies exist only during one session and disappear from your computer when you close your browser or turn off your computer.  Persistent cookies remain on your computer or device after you close your browser or turn off your computer. You can control the use of cookies at the individual browser level, but choosing to disable cookies may limit your use of certain features or functions on our Website.  

The following describes how we use different categories of cookies and similar technologies, and your options for managing our collection of Cookies.

Different Categories of Cogito Cookies:

The Cookies that Cogito uses fall into the following categories:

Necessary: Without these Cookies, we are unable to provide many services needed for the Website to function (e.g. essential cookies to help protect the security of the Website). Because these Cookies are required for the Website to function, you cannot refuse them. 

Performance and Analytics: These Cookies track information about how the Website is being used, so we can make improvements and report on the Website’s performance. These cookies are designed to enhance the function, performance and services on the website, and may track behavior of Visitors for analytics and advertising purposes. These Cookies may either be first-party Cookies (set by Cogito) or third-party Cookies (set by authorized third parties). Our third-party Cookies include the use of Google Analytics, YouTube, Vimeo, Cloudflare, Calendly, LinkedIn, and GDPR Consent.

Functional Cookies: These are Cookies used to enhance the performance of the Website, and to remember information you entered, and choices you made with respect to the Website, but are not essential to your use of the Website. We may use our own technology or third-party technology, including Cloudflare, LinkedIn, and WordPress to provide functional Cookies.

Advertising Cookies: These third-party Cookies are placed by advertising platforms or networks on the Website in order to track ad performance, and to enable advertising networks to deliver ads that may be relevant to you based upon your activities (referred to as “re-marketing”). We contract with third parties such as GoogleAds to support the advertising Cookies’ purpose.

How Do We Use Cookies?

The Cookies we collect help us facilitate a safe interaction for you on the Website, enhance the function, performance and services on the Website, provide social media features, and analyze Website traffic. We also allow authorized third parties to use Cookies to enhance your use of the Website with social media, advertising, and our analytics partners. We use both session-based and persistent cookies on our websites.

Re-Marketing Activities

We use third-party pixels or web beacons on our Website to track activity for web analytics and for Re-Marketing Activities. “Re-Marketing Activities” means that our third parties will continue to show ads to you across the internet but we will not be collecting any identifiable information about you through the re-marketing system. The third-party vendors we use will place cookies on web browsers in order to serve ads based on past visits to our Website. This allows us to make special offers and continue to market our services to those who have shown interest in our service.  

To the extent any online tracking technologies are deemed to be a “sale” / “sharing” (as defined under applicable law), you can opt-out of these online tracking technologies by adjusting the cookies on your web browser. Please note, some features of our Website may not be available to you as a result.

How Do We Use the Information Collected?

We may use information that we collect about Visitors for the following purposes:

Purpose Legal basis
To protect the security of our Website Our legitimate interest in promoting the safety and security of our Website and in protecting our rights and the rights of others
To enhance the function, performance, and services on the Website Our legitimate interest in providing a relevant and well-functioning website for the benefit of our Website Visitors
To present our Website and their contents in a suitable and effective manner for you and for your computer and to enable the sharing of content across various social networks Our legitimate interest in providing online content to our Customers and prospective Customers regarding our service offering and related information
To diagnose and resolve technical problems with our Website Our legitimate interest in promoting the safety and security of our Website and in protecting our rights and the rights of others
To improve our Website Our legitimate interest in providing a relevant and well-functioning website for the benefit of our Website Visitors
To provide you with information, products or services that you request from us Our legitimate interest in advertising our products and services or, where necessary, to the extent you have provided your prior consent
To notify you about changes to our Website or obtain any required consent Our legitimate interest in informing you of changes that are important to your participation or relate to additional security measures
To allow you to participate in interactive features of our Website, when you choose to do so Our legitimate interest in advertising our products and services or, where necessary, to the extent you have provided your prior consent
For industry analysis, benchmarking, analytics, marketing, and other business purposes Our legitimate interest in conducting direct marketing or where you have provided your prior consent

 

If you ask us to contact you about our Services, we may use your personal information or permit selected service providers (such as an email service provider) to use your personal information to provide you with such information. Visitors may withdraw consent for use of such personal information, at any time, by clicking on the “unsubscribe” link located in the emails sent by Cogito, or exercising their applicable Data Access Rights as set forth below.

How do we disclose the information collected?

Subject to any applicable data privacy law, or regulation, we may disclose personal information that you provide to us via the Website, to the following third parties:

  • To contracted service providers who agree to use the personal information exclusively for our benefit, including email services, website hosting and measurements. 
  • In the event of merger, acquisition, or any form of sale or transfer of some or all of our assets (including in the event of a reorganization, dissolution or liquidation), in which case personal information held by us about our Visitors will be among the assets transferred to the buyer or acquirer.
  • We may also disclose your personal information to third parties to:
    • Comply with any court order or other legal obligation.
    • Protect the rights, property, or safety of Cogito.
How long do we keep a Visitor’s personal information?

We may retain a Visitor’s personal information for the period of time which is consistent with the original purposes of collection, as determined in our sole discretion, and in accordance with our record retention policies.  When determining the retention of your personal information, we will evaluate the amount, nature, and sensitivity of such personal information processed, the potential risk of harm from the unauthorized use or disclosure of your personal information, and whether we can achieve the purposes of the processing such personal information through other means, as well as applicable legal requirements. Upon the expiration of the applicable retention period, your personal information will be deleted.  Any information we are unable to delete entirely from our systems will have measures in place to prevent any further access and use of such data.

Services

For all Customers and Users, Cogito operates as a processor of applicable Customer Data. The following information applies to the personal information collected by Cogito from Customers and Users of our Services. Data subject requests for Customer Data must be made through the applicable Customer as the controller of the data. Cogito will comply with all data subject access requests in accordance with the provisions of the applicable contract between Customer and Cogito.

What Customer Data do we collect?

We collect the following personal information from and/or about our Customers, Users, and Callers (collectively, the “Customer Data”), including:

  • General information, including a Customer’s company name and address, and the Customer’s representative’s contact information including name, email address, and telephone number (“General Information”) for billing and contracting purposes.
  • Information and correspondence our Customers and Users submit to us in connection with the use of our Services, including the phone number and/or phone extensions of the User and the Caller, the User identification numbers (which may be employee identification numbers).  
  • Server logs in support of the Services, which may contain device identification numbers.
  • The personal information contained in audio files and related metadata for phone calls processed by the Subscription Service.  Such audio files include customer service, sales and operations phone calls between Users and the Callers. We also collect metadata relating to these calls, which constitutes call-related statistics and identifiers. This metadata may contain personal information of the Users and the Callers including Caller phone numbers and usernames.

We also collect non-personal information in providing the Services to Customers such as: (1) behavioral and statistical usage data derived and/or generated from the operation of the Subscription Service, including behavioral signals and models derived from audio data processed by the Subscription Service as well as the performance results for the Subscription Service; and (2) quantitative data derived from our Customers and Users use of the Subscription Service and/or provided by our Customers, for example and without limitation, business and operational metrics related to our Customer’s business. Other than fulfilling specific data processing and/or reporting obligations for our Customers pursuant to Customer Agreements, all of this data collected, used, and disclosed will be in aggregate form only and will not identify any Customer or its Users, unless otherwise provided in a Customer Agreement.

How do we use Customer Data?

We use Customer Data to provide, maintain and improve the Services, including providing Support and Expert Services. Notwithstanding anything else to the contrary in this Privacy Statement, we will not use, disclose, review, distribute, transfer or reference any Customer Data except as permitted in the Customer Agreement, or as required by law.

What Cookies do we use with the Services?

When you use the Subscription Service, we use Cookies to:

  • Authenticate your access to the Subscription Service.
  • Route a browser request to a specific node when multiple nodes are assigned.
  • Recognize you when you return to the Subscription Service.

A User may refuse to accept the “remember me” cookie, which will then require a User to provide their username and password to log into the Subscription Service.

How do we disclose Customer Data?

As a Processor of Customer Data, we only disclose the personal information collected in accordance with the Customer’s instructions, or as permitted in the applicable Customer Agreement. Subject to any applicable data privacy law and regulation, we may disclose Customer Data to third parties solely to:

  • Contracted service providers who agree to use the personal information exclusively for our benefit, including email services, website hosting and measurement, job application management, and other necessary functions. 
  • Comply with any court order or other legal obligation.
  • Enforce or apply the terms of the definitive agreement between Customer and Cogito pursuant to which the Customer purchased access to any portion or component of the Services (the “Customer Agreement”).
  • Protect the rights, property, or safety of Cogito, our Customers, or Users.
  • In the event of merger, acquisition, or any form of sale or transfer of some or all of our assets (including in the event of a reorganization, dissolution or liquidation), in which case personal information held by us about our Visitors will be among the assets transferred to the buyer or acquirer.

We do not sell, rent or trade Customer Data with third parties.

How long do we keep Customer Data?

We may keep Customer Data for the period of time which is agreed upon in the Customer Agreement. 

Communication Preferences and Choices and Accessing and Correcting Your Personal Information

Since each Customer is the controller of the personal information submitted to Cogito as a processor (including any personal information it collects from its Users and individuals that communicate or interact with Customer’s contact centers, how that information is used and disclosed, and how that information can be changed), Users and such individuals must contact the applicable Customer administrator with any inquiries about how the Customer uses and discloses personal information and how to access or correct personal information contained in Customer Data.  Cogito will comply with all obligations agreed to between the relevant Customer and Cogito to effectuate any data access rights a User or Caller may have with respect to the Cogito’s processing of the relevant personal information.

General

Data Protection Officer

Cogito has appointed a data protection officer at Lucid Privacy Group who has direct access to the highest level of management in the organization and is responsible for the organization's individual privacy protection program. Our appointment of Lucid Privacy Group is based on deep professional experience, in particular, expert knowledge of data protection law and practices and the ability to fulfill the tasks required of a Data Protection Officer. The Data Protection Officer is selected by Cogito’s General Counsel after a review of the Data Protection Officer’s qualifications and expert knowledge of data privacy laws and practices. Cogito’s General Counsel is responsible for periodically reviewing, at least annually, the qualifications and expert knowledge of the Data Protection Officer.

Complaints

Cogito commits to resolving complaints about its data collection and use of your personal information. We can be contacted by email at [email protected] with regard to any inquiries or complaints, and we are committed to responding to your inquiry in a timely manner. Inquiries or complaints may also be submitted to our Data Protection Officer at Lucid Privacy Group by sending an email to [email protected].  European data subjects maintain the right to contact their respective country-specific Data Protection Authority for any EU-specific complaints. 

Transfers

Cogito may transfer personal information it receives to a service provider to assist in the processing of that data for the purposes described in this Privacy Notice. In such instances, the third party’s access, use, and disclosure of the personal information must also comply with the written data protection agreement we have in place with that service provider which contains the contractual clauses for data protection. However, Cogito is ultimately liable for ensuring that the third party remains compliant with our obligations unless we prove that we are not responsible for the event giving rise to the damage.

International transfers

For international transfers of personal information (also known as personal data), Cogito ensures the protection of personal information by obtaining written agreement from each third-party processor of your personal information to a written data protection agreement which contains the contractual clauses for data protection approved by the EU Commission. Additionally, Cogito complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Cogito has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Cogito has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

U.S. Residents

Cogito is subject to certain states’ comprehensive privacy laws. The Virginia Consumer Data Protection Act (“VCDPA”), Colorado Privacy Act (“CPA”), and the Connecticut Data Privacy Act (“CTDPA”) create additional privacy obligations for businesses and provide their consumers with additional privacy rights.

Additional Privacy Rights

In addition to rights granted in the “Your Privacy Choices” section above, if you are a California or Virginia resident, you have the right to:

  • Opt out of the “sale” of your personal information. We do not “sell” your personal information for monetary benefit.
  • Opt out of targeted advertising. Some third party cookies placed on our website may be considered a “sale or share” as use for our “targeted advertising”. You may opt out of such cookies as detailed in the “What is a Cookie?” section above.

Controller/Processor Designation

Under the VCDPA, CPA, and CTDPA, Cogito operates as a Controller for all information collected through the Website, and as a Processor in providing the Services to Cogito’s Customers.

EEA Residents

Rights and choices with Cogito as a controller of your personal information

Where Cogito is considered a controller of your personal information under relevant data protection laws, you have certain rights relating to the personal information we collect about you, subject to the applicable data protection laws. These rights are detailed below.

Specifically, if you are located in the EEA, you may have the following rights:

  • Right of Access: A right to access the personal information we have collected about you.
  • Right of Erasure: A right to erase or delete the personal information we collected about you, subject to applicable verifiability requirements below.

The following rights are related to personal information that we have collected about you if you are located in the EEA:

  • Right to reconciliation: You have the right to ensure your personal information is complete, and to rectify it, where needed.
  • Right to restrict processing: You have the right to request a restriction on our processing of your personal information.
  • Right to data portability: You have the right to transfer your personal information to another controller, to the extent possible.
  • Right to object: You have the right to object to any processing of your personal information carried out on the basis of legitimate interests. Where we process your personal information for direct marketing purposes or disclose it with service providers to assist us with direct marketing, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.
  • Rights related to automated decision-making and profiling: You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects.  (Cogito does not participate in automated decision-making and profiling at this time.)
  • Right to withdraw consent: If we collect, process, and disclose your personal information based on your consent, you have the right to withdraw such consent at any time. This withdrawal will not affect the lawfulness of the processing based on such consent before its withdrawal.
  • Right to lodge a complaint with the data protection authority: If you believe that we have not assisted with a complaint or concern related to your data privacy rights, you have the right to lodge a complaint with the competent EEA supervisory authority.

Exercising EEA Data Subject Rights

To exercise your applicable data protection rights, please use one of the options:

  • Submit a verifiable customer request to us by emailing us at [email protected];
  • Calling our toll-free number 1-855-4Cogito (1-855-426-4486) and dialing “0” for operator
  • You may also submit a request to our Data Protection Officer at Lucid Privacy Group by sending an email to [email protected].

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Cogito commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

Security Statement

Cogito maintains reasonable and appropriate measures to protect the personal information obtained from loss, misuse and unauthorized access, disclosure, alteration and destruction. Please report any known or suspected violations at [email protected]

Cogito has formally appointed a qualified Data Protection Officer, reporting to senior management, who is directly and fully responsible for the privacy of personal information. See “Contact Information”, below.

Third Party Websites and Applications

This Website may link to websites that are not owned or controlled by Cogito. As such, this Privacy Notice does not apply to information collected on any third-party site or by any third-party application that may link to or be accessible from the Website. This Privacy Notice also does not cover the use or disclosure of any information stored in the Subscription Service when hosted by the Customer. 

Changes to our Privacy Notice

Cogito reserves the right to update or change this Privacy Notice from time to time. If Cogito’s Privacy Notice is updated, we will notify you by posting the new Privacy Notice on this web page and updating the revision date below (and obtain your consent where required). Except where express consent is required by applicable law, Customer Agreements or End User License Agreements, your continued use of the Website and/or Services is deemed to be acceptance of any updates or changes we make to this Privacy Notice. Accordingly, we ask that you review the Privacy Notice periodically for any updates or changes that we may have made

Contact Information

If you have any questions about this Privacy Notice or our privacy practices contact us at:

Cogito Corporation

75 State Street, Suite 100

Boston, MA 02109

Attn: Data Privacy

[email protected]

 

Cogito’s Data Protection Officer can be reached at:

Lucid Privacy Group

1050 Page Street,

San Francisco, CA 94117

[email protected]