Cognitivo Consulting Pty. Ltd. (referred to as “Cognitivo”, “we”, “us” and “our” throughout this document) has developed this policy, which is addressed to individuals and organisations outside our organisation (collectively referred to as “you” throughout this document) with whom we interact, including customers, visitors to our sites, users of our technology offerings, and other users of our services. Cognitivo is based in Australia and operates advisory and technology-based services. Thus, we are likely to be involved in data exchange with you if you are interested in our services or become an active customer of our services.
The purpose of this policy is to exemplify how we respect your privacy. Specifically, our Privacy Policy clarifies how we collect, use, store and disclose your personal information. This policy applies when you or our customers provide private information to us. When our customers provide private information to us, we rely on them to have obtained individual consent to the provision of data to us. We are bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (the Privacy Act). In addition, we are committed to upholding the additional rights of individuals defined by the EU data privacy regulation known as the General Data Protection Regulation (GDPR), as applicable. Thus, details of additional rights of individuals located in the EU and how we meet them are also outlined in this policy, despite the fact that Cognitivo does not have an established presence in the EU.
Please note that this policy may be updated from time to time to ensure compliance to applicable laws and coverage of new service offerings. Our website will always make the most up-to-date version of this policy available.
2. What is personal information?
As defined in the Privacy Act s6(1), personal information is ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable:
a. Whether the information or opinion is true or not; and
b. Whether the information or opinion is recorded in a material form or not.’
In some jurisdictions, this is referred to as PII (Personally Identifiable Information) and for the purpose of different regulations, has different definitions.
Furthermore, the Privacy Act specifically identifies sensitive information as a sub-category of personal information which is subject to particularly rigorous controls. Sensitive information includes, among other things, information or an opinion about an individual’s ethnicity, political opinions or religious beliefs, as well as health information. We will never collect sensitive information about you.
3. Collection of personal information
We collect personal information in order to provide our services to you in the most effective way. Specifically, this includes:
Enabling you to access our website, learn about our services and request our services;
Performing administrative and essential operational tasks, including optimising our website and marketing materials based on analytical insights;
Sending you service, support, informational and administrative messages including updates, reminders, technical notices, and security alerts, as requested by you;
Complying with our legal obligations;
Considering your employment application.
The specific data which may be collected includes:
Your device ID, type and IP address, your geo-location and connection information and page view analytics;
Additional information which you provide to us or permit us to collect, including name, contact details and payment information if you engage in our services.
We may also receive personal information about you in order to provide our data management, risk assessment and analytics services to our clients. However, we will only receive data to the extent that this has been consented to by the individuals who provided data to our clients.
4. How do we protect your data?
In accordance with applicable laws and as a matter of principle, we have implemented appropriate technical and organisational security measures to protect your data against accidental or unlawful destruction, loss or alteration, as well as unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing. Specifically, measures we have implemented include:
Educating our staff on processes and allowable uses relating to data security and privacy, including password protection and protection against social hacking;
Communicating data exclusively via a secure SSL (Secure Socket Layer) connection;
De-identifying and encrypting data which is transmitted to and held in our systems to the maximum feasible level;
Maintaining physical security measures, such as building security cameras, secure building access and use of lockers for storage of work devices;
Reducing the amount of data which is transferred overseas to an absolute minimum (i.e. data held by us will only be held on Australian servers, Google Analytics communicates some information to US servers and more detail is provided on this point below);
Restricting access to data to only those parties who need access in order to perform required business functions;
Maintaining necessary update schedules for software and hardware used in data capture, processing and storage;
Having a nominated Data Privacy Officer, who can be contacted via contact@cognitivo.com.au for all questions relating to this policy, information about which data about you we hold or have access to, as well as correction or deletion requests;
Disposing of data when it is no longer required;
Conducting regular reviews of our policies and procedures to ensure that they are up to date with technology and business requirements.
It is our policy to only use data for its primary intended use. We may use data to analyse the effectiveness of our provision of services by analysing usage statistics but we do not engage in any other secondary uses of data.
Of course, although we are committed to applying the best feasible data protection measures, we cannot provide a guarantee that data transmitted via the internet and held in cloud storage systems is safe from unauthorised access. You should take this into consideration when providing information to us.
5. Who do we share your information with?
In order to provide our services, your information will be shared with our technology providers, including:
Microsoft Azure – We only use Microsoft data centres which are located in Australia and for which we have implemented all of the above listed measures for protecting your data for the services we offer. We will comply with customer requests to use data centres in different locations if this is required and justified on a case by case basis.
Google Analytics – Please see the section on ‘Website analytics’ below for details on the services provided by Google Analytics and the data privacy implications.
Squarespace – Please see the section on ‘Website hosting’ below for details on the services provided by Squarespace and the data privacy implications.
Our employees and other associated entities, such as contractors, may also need to gain access to your data in order to provide services requested by you or our other customers (who have provided us with your data). These parties will only be able to access your data for the purpose of providing the service and this will be guaranteed by binding legal contracts, which include a confidentiality requirement.
We may also be required to share your data with legal and regulatory authorities, law enforcement agencies or courts for the purposes of investigating an actual or suspected breach of relevant laws or regulations and for the exercise and defence of legal rights.
6. How long do we retain your information?
We retain your information for the necessary duration to provide our services to you, conduct administrative business processes and to comply with applicable laws and regulations. If we receive unsolicited personal information, our employees are instructed to ensure that they are able to identify this information as being received in error and to destroy this information as soon as is practical.
7. Use of cookies
Cookies are not harmful to your computer and do not contain viruses. Cookies serve the purpose of making the offering more user friendly, effective and safe. Cookies are small text files which are copied to your computer and saved by your browser. These files are likely to contain information which is specific to the individual users. Most of the cookies we use are so-called ‘session cookies’. They are automatically deleted at the end of your visit. We do also use other cookies which are saved on your machine until you delete them. These cookies make it possible for the browser to recognize your computer again upon your return. You can set your browser so that you are notified when cookies are used and only allow cookies in individual cases, in certain scenarios or to generally deny or automatically delete cookies when browsing activities are ceased. If cookies are deactivated, the functionality of the website may be reduced.
8. Website analytics
The Cognitivo website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
By using this website, you consent to the processing of data about you by Google in the manner described in Google's Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google. The latter can be accessed via this link: https://tools.google.com/dlpage/gaoptout?hl=en
9. Website hosting
The Cognitivo website is hosted by Squarespace. Squarespace collects personal data when you visit the website, including:
Information about your browser, network and device
Web pages you visited prior to coming to this website
Your IP address
Squarespace needs the data to run this website, and to protect and improve its platform and services. Squarespace analyzes the data in a de-personalised form.
10. Links to external websites
Our website may contain links to other websites. Please be aware that we are not responsible for the privacy practices of such other sites. When you go to other websites from here, we advise you to be aware and read their privacy policy.
11. How do we deal with complaints and requests?
You may request access to Personal Information about you that we hold and you may ask us to correct your Personal Information if you find that it is not accurate, up-to-date or complete. You may also make a complaint about our handling of your Personal Information. These services are free of charge.
To protect your privacy and the privacy of others, we will need evidence of your identity before we can grant you access to information about you or change it.
You can contact us by email or send your request or complaint to the postal address below. We undertake to respond within 30 days. If the request or complaint will take longer to resolve, we will provide you with a date by which we expect to respond.
12. Rights specific to the European Union (EU) General Data Protection Regulation (GDPR)
EU citizens have the following legal data protection rights under the following specific legal conditions: Right to information (Article 15 GDPR), right to deletion (Article 17 GDPR), right to correction (Article 16 GDPR), right to restriction of processing (Article 18 GDPR), right to data portability (Article 20 GDPR), right to lodge a complaint with a supervisory authority (Article 77 GDPR), right to withdraw consent (Article 7 (3) GDPR) as well as the right to object to particular data processing measures (Article 21 GDPR). As noted above, we have a nominated Data Privacy Officer, who can be contacted via contact@cognitivo.com.au and will deal with any requests which go over and above the procedures outlined for dealing with requests in the above section on dealing with complaints and requests.
Contact us
mailto:contact@cognitivo.com.au about your privacy concerns.
Alternatively, you can write to us at:
Cognitivo.com.au Service Manager Cognitivo Consulting
Level 2, 11-13 York Street, Sydney, 2000, Australia
