COGITO PRIVACY STATEMENT

Cogito® Privacy Statement

Effective as of February 1st, 2019

Adjust Cookie Settings

Purpose

Cogito Corporation (hereinafter, “Cogito”, “we” or “us”) is committed to protecting your privacy. This Privacy Statement (the “Privacy Statement”) describes the personal information that we collect, how we obtain the information, how we may use or disclose that information, the security measures we have in place to protect this information, and the rights you have with respect to this information.

Scope

This Privacy Statement covers our privacy practices with respect to the collection, use, and disclosure of information obtained: (i) through the Cogito website at www.cogitocorp.com (hereinafter, our “Website”); (ii) in connection with the use of our hosted software applications (the “Subscription Service”) and related support services (“Support Services”), as well as expert services, including professional services, training and certification (the “Expert Services”) that we provide to Customers, and (iii) in connection with human resource functions for our employees and prospective employees, as described below.

For the purposes of this Privacy Statement:

  • “Callers” mean the individuals who communicate or interact with our Customer’s contact centers.
  • “Customer” means any entity that purchases a license to any portion or component of the Services.
  • “Customer Data” means the personal information uploaded into or otherwise made accessible to any portion of the Services by or for Customer or its Users, as further described below.
  • “Services” shall mean, collectively, the Subscription Service, Support Services and the Expert Services.
  • “User” means an individual authorized by or on behalf of the Customer to access and/or make use of any portion or component of the Services, as further described in the Customer Agreement.
  • “Visitor” means a visitor of the Website.

Website

For all Visitors, Cogito operates as the controller of your personal information. The following information applies to the personal information collected by Cogito from Visitors of our Website.  For information with regard to the Cookies we collect on our Visitors, please refer to Adjust Cookie Settings.  For information with respect to any applicable data access rights, please refer to Your Rights and Choices with Cogito as a Controller of your personal data.

What Personal Data do we collect?

The following information reflects information that we have collected about you over the past 12 months.

Information Collected Directly from you

The Personal Data we collect directly from you includes the following:

  • If you express an interest in obtaining additional information about our services, use our “Contact Us” or similar features, request a demo, or download certain content, we may require that you provide to us your contact information such as your name, job title, company name, phone number, or email address.
  • When you register or request further information or services from us or participate in interactive features of our Website.
  • When you report a problem with our Website.

Information Collected from third parties
Cogito may collect and use information we receive from third parties in connection with your use of the Website.  For instance, Cogito may use a third party for reporting and analytics to measure the effectiveness of our Website and marketing efforts, and to identify areas for improvement.

Information we collect as you navigate through the Website
As you navigate through the Website, we also collect details about your visits to our Website including, but not limited to, your IP address, usage patterns, traffic data, location data, logs and other communication data and the resources that you access, as well as information about your computer and internet connection, including your operating system and browser type.

Cookies and Other Forms of Automated Collection

What is a Cookie?

When you visit our Website, we, or an authorized third party may place a small text file called a “Cookie” on your computer’s browser directory.  Cookies are designed to collect information, which includes Personal Data, about your online activities over time and across different sites.

Session-based cookies exist only during one session and disappear from your computer when you close your browser or turn off your computer.  Persistent cookies remain on your computer or device after you closer your browser or turn off your computer.  You can control the use of cookies at the individual browser level, but choosing to disable cookies may limit your use of certain features or functions on our Website.

The following describes how we use different categories of cookies and similar technologies and your options for managing our collection of Cookies.

Different Categories of Cogito Cookies:

The Cookies that Cogito uses fall into the following categories:

Necessary:  Without these Cookies, we are unable to provide many services needed for this Website to function (e.g. essential cookies to help protect the security of the Website).  Because these Cookies are required for this Website to function, you cannot refuse them.

Performance and Analytics:  These Cookies track information about how the Website is being used so we can make improvements and report on the Website’s performance.  These cookies are designed to enhance the function, performance and services on the website, and may track behavior of Visitors for analytics and advertising purposes. These Cookies may either be first party Cookies (set by Cogito) or third party Cookies (set by authorized third parties).  Our third party Cookies include the use of Google Analytics, HotJar, and ShareThis.

Functional Cookies: These are Cookies used to enhance the performance of our Website, and to remember information you entered, and choices you made with respect to our Website, but are not essential to your use of the Website.  We may use our own technology or third party technology, including ShareThis to provide functional Cookies.

Advertising Cookies: These third party Cookies are placed by advertising platforms or networks on our Website in order to track ad performance, and to enable advertising networks to deliver ads that may be relevant to you based upon your activities (referred to as “re-marketing”). For more information on re-marketing, please see “Re-Marketing Activities” below. Cogito contracts with third parties such as Facebook, and GoogleAds to support the advertising Cookies’ purpose.

How Do We Use Cookies?

The Cookies we collect help us facilitate a safe interaction for you on our Website, enhance the function, performance and services on the Website, provide social media features, and analyze our Website traffic.  We also allow authorized third parties to use Cookies to enhance your use of our Website with social media, advertising, and our analytics partners.  We use both session-based and persistent cookies on our websites.

Re-Marketing Activities

We use third-party pixels or web beacons on our Website to track activity for web analytics and for re-marketing activities.  “Re-marketing activities” means that our third parties will continue to show ads to you across the internet but we will not be collecting any identifiable information about you through this remarketing system.  The third-party vendors we use will place cookies on web browsers in order to serve ads based on past visits to our Website.  This allows us to make special offers and continue to market our services to those who have shown interest in our service.

To change your cookie settings and preferences for the Website, click on Adjust Cookie Settings

How Do We Use the Information Collected?
We may use information that we collect about Visitors for the following purposes:

  • To protect the security of our Website.
  • Enable the sharing of content across various social networks.
  • Enhance the function, performance, and services on the Website.
  • To track the behavior of the users on the Website.
  • To present our Website and their contents in a suitable and effective manner for you and for your computer.
  • To diagnose and resolve technical problems with our Website.
  • To improve our Website.
  • To provide you with information, products or services that you request from us.
  • To notify you about changes to our Website or obtain any required consent.
  • To allow you to participate in interactive features of our Website, when you choose to do so.
  • For industry analysis, benchmarking, analytics, marketing, and other business purposes.
  • To track your browsing behavior, such as the pages you visited over time.

 

If you ask us to contact you about our Services, we may use your personal information or permit selected third parties to use your personal information to provide you with such information. Visitors may withdraw consent for use of such personal data, at a later time by clicking on the “unsubscribe” link located in the emails sent by Cogito, or exercising their applicable Your Rights and Choices with Cogito as a Controller of your Personal Data.

How Do We Share the Information Collected?

Subject to any applicable data privacy law, or regulation, we may disclose personal information that you provide to us via this Website, to the following third parties:

  • In the event of merger, acquisition, or any form of sale or transfer of some or all of our assets (including in the event of a reorganization, dissolution or liquidation), in which case personal information held by us about our Visitors will be among the assets transferred to the buyer or acquirer.
  • We may also disclose your personal information to third parties to:
    • Comply with any court order or other legal obligation.
    • Protect the rights, property, or safety of Cogito or others.

 

We do not sell, rent or trade information collected through the Website to third parties.

How long do we keep a Visitor’s personal information?

We may retain a Visitor’s personal information for the period of time which is consistent with the original purposes of collection, as determined in our sole discretion, and in accordance with our record retention policies.  When determining the retention of your personal information, we will evaluate the amount, nature, and sensitivity of such personal information processed, the potential risk of harm from the unauthorized use or disclosure of your personal information, and whether we can achieve the purposes of the processing such personal data through other means, as well as applicable legal requirements.  Upon the expiration of the applicable retention period, your personal information will be deleted.  Any information we are unbale to delete entirely from our systems will have measures in place to prevent any further access and use of such data.

International Transfer of Data
Cogito may store and process any information collected in connection with the Website in any country where we have facilities or in which we engage service providers. Because of this, your Personal Data may be processed outside of your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the EEA.  We ensure that the recipient of your personal information offers an adequate level of protection, by complying with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce.

Services

For all Customers and Users, Cogito operates as the processor of applicable Customer Data. The following information applies to the personal information collected by Cogito from Customers and Users of our Services.   Data subject requests for Customer Data must be made through the applicable Customer as the controller of the data.  Cogito will comply with all data subject access requests in accordance with the provisions of the applicable contract between Customer and Cogito.  

What Customer Data do we collect?
We collect the following personal information from and/or about our Customers, Users, and Callers (collectively, the “Customer Data”), including:

  • General information, including a Customer’s company name and address, and the Customer’s representative’s contact information including name, email address, and telephone number (“General Information”) for billing and contracting purposes.
  • Information and correspondence our Customers and Users submit to us in connection with the use of our Services, including the phone number and/or phone extensions of the User and the Caller, the User identification numbers (which may be employee identification numbers).
  • Server logs in support of the Services, which may contain device identification numbers.
  • The personal information contained in audio files and related metadata for phone calls processed by the Subscription Service. Such audio files include customer service, sales and operations phone calls between Users and the “Callers”.   We also collect metadata relating to these calls, which constitutes call-related statistics and identifiers.  This metadata may contain personal information of the Users and the Callers including Caller phone numbers and User names.

 

We also collect non-personal information in providing the Services to Customers such as: (1) behavioral and statistical usage data derived and/or generated from the operation of the Subscription Service, including behavioral signals and models derived from audio data processed by the Subscription Service as well as the performance results for the Subscription Service; and (2) quantitative data derived from our Customers and Users use of the Subscription Service and/or provided by our Customers, for example and without limitation, business and operational metrics related to our Customer’s business.  Other than fulfilling specific data processing and/or reporting obligations for our Customers pursuant to Customer Agreements, all of this data collected, used, and disclosed will be in aggregate form only and will not identify any Customer or its Users, unless otherwise provided in a Customer Agreement.

How do we use Customer Data?
We use Customer Data to provide, maintain and improve the Services, including providing Support and Expert Services. Notwithstanding anything else to the contrary in this Privacy Statement, we will not use, disclose, review, share, distribute, transfer or reference any Customer Data except as permitted in the Customer Agreement, or as required by law.

What Cookies do we use with the Services?
When you use the Subscription Service, we use Cookies to:

  • Authenticate your access to the Subscription Service
  • Route a browser request to a specific node when multiple nodes are assigned
  • Recognize you when you return to the Subscription Service

 

A User may refuse to accept the “remember me” cookie, which will then require a User to provide their username and password to log into the Subscription Service.

How Do We Share the Personal Information Collected?
As a Processor of Customer Data, we only share the personal information collected in accordance with the Customer’s instructions, as permitted in the applicable Customer Agreement.   Subject to any applicable data privacy law and regulation, we may disclose Customer Data to third parties solely to:

  • Comply with any court order or other legal obligation.
  • Enforce or apply the terms of the definitive agreement between Customer and Cogito pursuant to which the Customer purchased access to any portion or component of the Services (the “Customer Agreement”).
  • Protect the rights, property, or safety of Cogito, our Customers, Users or others.

 

We do not sell, rent or trade Customer Data with third parties.

How long do we keep your personal information?

We may keep Customer Data for the period of time which is agreed upon in Customer Agreement.

Communication Preferences and Choices and Accessing and Correcting Your Personal Information
Since each Customer is the controller of the personal information submitted to Cogito as a processor (including any personal information it collects from its Users and individuals that communicate or interact with Customer’s contact centers, how that information is used and disclosed, and how that information can be changed), Users and such individuals must contact the applicable Customer administrator with any inquiries about how the Customer uses and discloses personal information and how to access or correct personal information contained in Customer Data.  Cogito will comply with all obligations agreed to between the relevant Customer and Cogito to effectuate any data access rights a User or Caller may have with respect to the Cogito’s processing of the relevant personal information.

Employee and Applicant Information

How Do We Obtain and Use Employee and Applicant Personal Information?

Employee Information

As a controller of our employee’s personal information, we collect personal information and sensitive personal information provided to us by you which may include, without limitation, name, address, email address, date of birth, gender, ethnicity, physical address, phone number, birth date, citizenship, education, employer (current or former), title, passport number, driver’s license number, spouse or dependents, compensation, personal health information, payment instructions, credit card information, and EEOC data only for legitimate business purposes, including (1) the management and operations of our company, its functions and activities, (2) employee communications, including employee surveys, (3) maintaining a global directory, (4) carrying out obligations under employment contracts and employment, tax and benefits laws, and in connection with other working relationships or arrangements, (5) development and training programs, (6) assessing employee qualifications and performance, (7) managing employee performance, (8) determining employee compensation or payment, (9) managing the employee termination process, and (10) other general human resources purposes.  Our European Union and Swiss Employees at the time of their employment are notified in detail how their personal information will be used. Employee information on health, performance evaluations, and disciplinary actions and other sensitive employee matters, whether it is stored manually or electronically, is accessible by other Cogito employees only if necessary with respect to legitimate human resource functions or issues, and in accordance with applicable laws.  Cogito will obtain affirmative consent from an employee before using such employee’s personal information for any purpose other than described above. Employees may decline to provide this consent, and employees may withdraw their consent at any time.

Employees may choose to voluntarily disclose personal information about family members, in which cases, such personal information shall be treated, for the purposes of this Privacy Statement, the same as an employee’s personal information. Employee personal information is never sold, leased, or rented to any third party.

In accordance with applicable law, employees may have the right to opt-out of disclosing their personal information provided that Cogito does not need such personal information for a legitimate business purpose. Employees can contact the People Team or the Privacy Team at [email protected] if they wish to exercise these rights.

Applicant Information

As a controller of our prospective employee’s personal information, we collect personal information and sensitive personal information provided to us by applicants which may include, without limitation, name, address, email address, date of birth, gender, ethnicity, physical address, phone number, birth date, citizenship, education, employer (current or former), title, driver’s license number, spouse or dependents, compensation, payment instructions, and EEOC data only for legitimate business purposes, including (1) the recruiting and hiring of job applicants, (2) performing background checks and verifying references, (3) communications with the applicant, (4) assessing applicant qualifications and performance, (5) determining applicant compensation or payment, (6) other general human resources purposes. For information with respect to any applicable data access rights, please refer to “Your Rights and Choices with Cogito as a Controller of your personal data”.

How Do We Share Employee and Applicant Personal Information Collected With Third Parties?

Employee Personal Information

Employee personal information will never be disclosed to third parties except as follows: (1) to those retained by Cogito as agents for the purposes set forth above, (2) where required pursuant to an applicable law, governmental or judicial order, law or regulation, or to protect the rights or property of Cogito, (3) where authorized in writing by the employee, and (4) where the employee voluntarily provides personal information and the context makes it clear that such information will be provided to a third party.

Applicant Personal Information

Applicant personal information will only be disclosed to third parties as follows:

Disclosure to our Service Providers: We use third party service providers to process your personal data to assist us in business and technical operations for applying for employment with Cogito. Cogito has data processing agreements with such service providers which provide specific instructions for processing and accessing an applicant’s personal data.

Required Disclosure:  We may release personal information about you to comply with a law or a subpoena, bankruptcy proceeding, or similar legal process. Such disclosure may include disclosing personal information about you, such as your name and contact information, to enforce our contractual rights, or to protect the rights and safety of Cogito, our Customers, Users, and others, or as is reasonably necessary for litigation purposes.

Disclosure in Event of  Merger/Acquisition/Sale: If Cogito is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred to the acquiring entity as part of the transaction, such transfer subject to applicable personal data protections.

How long do we keep your employee personal information?

We may retain an employee’s personal information for the period of time which is consistent with the original purposes of collection, as determined in our sole discretion, and in accordance with our record retention policies; provided, however, that the use of such data is retained in accordance with a legitimate business purpose.  When determining the retention of your personal information, we will evaluate  the amount, nature, and sensitivity of such personal information processed, the potential risk of harm from the unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing such personal data through other means, as well as applicable legal requirements.  Upon the expiration of the applicable retention period, your personal information will be deleted.  Any information we are unable to delete entirely from our systems will have measures in place to prevent any further access and use of such data.

How long do we keep your applicant personal information?

We may retain an applicant’s personal information for the period of time which is consistent with the original purposes of collection, as determined in our sole discretion, and in accordance with our record retention policies.  When determining the retention of your personal information, we will evaluate  the amount, nature, and sensitivity of such personal information processed, the potential risk of harm from the unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing such personal data through other means, as well as applicable legal requirements.  Upon the expiration of the applicable retention period, your personal information will be deleted.  Any information we are unbale to delete entirely from our systems will have measures in place to prevent any further access and use of such data.

International Transfers of Data

Where personal data is transferred from the EU or Switzerland to the US in the context of the employment relationship, we will cooperate in investigations by and to comply with the advice of the competent EU or Swiss Authorities, as applicable.  See further details below.

General

International Transfers
Cogito complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. Cogito has certified that it follows the Privacy Shield Principles, which will supersede and govern should there be any conflict with this Privacy Statement.  Please visit the official Privacy Shield website for more information and to view Cogito’s certification: https://www.privacyshield.gov.

Complaints

In accordance with the Privacy Shield Principles, Cogito commits to resolving complaints about its data collection and use of your personal information.  We can be contacted by email at [email protected] with regard to any inquiries or complaints and we are committed to responding to your inquiry in a timely manner. Cogito has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States, at no cost to you. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit the website https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Transfers

Cogito may transfer personal information received under the Privacy Shield to a third party. In such instances, the third party’s access, use, and disclosure of the personal data must also comply with our Privacy Shield obligations.  However, Cogito is ultimately liable for ensuring that the third party remains compliant with our obligations unless we prove that we are not responsible for the event giving rise to the damage.

 

Your Rights and Choices with Cogito as a Controller of your personal data

Where Cogito is considered a controller of your personal information under relevant data protection laws, you have certain rights relating to the personal information we collect about you, subject to the applicable data protection laws.  These rights are detailed below.

Specifically, if you are located in the EEA, or are a resident of California, you may have the following rights:

  • Right of Access: A right to access the personal information we have collected about you
    • As a resident of California, this right may include the right to receive specific information we collected about you, the business purpose for that collection, and the categories of any third parties we shared your personal information, if applicable.
  • Right of Erasure: A right to erase or delete the personal information we collected about you, subject to applicable verifiability requirements below.

 

The following rights are related to personal information that we have collected about you if you are located in the EEA:

  • Right to Reconciliation: You have the right to ensure your personal information is complete, and to rectify it, where needed.
  • Right to Restrict Processing: You have the right to request a restriction on our processing of your personal information.
  • Right to data Portability: You have the right to transfer your personal information to another controller, to the extent possible.
  • Right to Object: You have the right to object to any processing of your personal information carried out on the basis of legitimate interests.  Where we process your personal information for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.
  • Rights related to automated decision-making and profiling: You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects. (Cogito does not participate in automated decision-making and profiling at this time.)
  • Right to Withdraw Consent: If we collect, process, and share your personal information based on your consent, you have the right to withdraw such consent at any time.  This withdrawal will not affect the lawfulness of the processing based on such consent before its withdrawal.
  • Right to lodge a complaint with the data protection authority: If you believe that we have not assisted with a complaint or concern related to your data privacy rights, you have the right to lodge a complaint with the competent EEA supervisory authority.

 

If you are a resident of California, we will not engage in any of the following discriminatory acts against you for exercising your rights related to our collection of your personal information, in accordance with the California Consumer Protection Act (“CCPA”).  The acts we will not engage in include:

  • Denying you goods or services;
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties;
  • Providing you a different level or quality of goods or services;
  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Exercising Access, Data Portability, and Deletion Rights

To exercise your access, data portability, and/or deletion rights, please submit a verifiable customer request to us emailing us at [email protected].

CCPA Rights Request

If you are a resident of California, only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.  You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period.  The verifiable consumer request must: (1) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and (2) describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.  We will only use personal information provide din a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Security Statement
Cogito maintains reasonable and appropriate measures to protect the personal information obtained from loss, misuse and unauthorized access, disclosure, alteration and destruction. Please report any known or suspected violations at [email protected].

Third Party Websites and Applications
This Website may link to websites that are not owned or controlled by Cogito. As such, this Privacy Statement does not apply to information collected on any third‑party site or by any third‑party application that may link to or be accessible from the Website. This Privacy Statement also does not cover the use or disclosure of any information stored in the Subscription Service when hosted by the Customer.

Changes to Our Privacy Statement
Cogito reserves the right to update or change this Privacy Statement from time to time. If Cogito’s Privacy Statement is updated, we will notify you by posting the new Privacy Statement on this web page and updating the revision date below (and obtain your consent where required). Except where express consent is required by applicable law, Customer Agreements or End User License Agreements, your continued use of the Website and/or Services is deemed to be acceptance of any updates or changes we make to this Privacy Statement.  Accordingly, we ask that you review the Privacy Statement periodically for any updates or changes that we may have made.

Contact Information
If you have any questions about this Privacy Statement or our privacy practices contact us at:
Cogito Corporation
100 High Street, Floor 7
Boston, MA 02210
Attn: Data Privacy
[email protected]

 

Cogito’s Data Protection Officer can be reached at:
Lucid Privacy Group
1050 Page Street,
San Francisco, CA 94117
[email protected]