1. Introduction
1.1 Commitment to Privacy
We are committed to safeguarding the privacy of our business contacts and website visitors. This Privacy Policy explains how Cognition AM Ltd ("we", "us", or "our") collects, uses, and protects your personal data.
1.2 Scope of Policy
This policy applies where we act as a data controller, determining the purposes and means of processing personal data.
1.3 Data Collection Practices
We collect and store personal data during normal business processes, including emails, events, meetings, website engagement, employment correspondence, contract negotiations, and financial transactions.
1.4 Your Rights and Data Processing Choices
Your rights concerning how we handle your data are set out below. Our interactions with you include links to this privacy policy and provide opt-in and opt-out mechanisms.
1.5 Contact Information
For more details about us, refer to Section 19.
2. How We Use Your Personal Data
2.1 Categories of Data and Processing Purposes
We may process personal data for the following purposes:
- Customer Data: Includes your name, employer, job title, contact details, and communications. This data is used for managing customer relationships and service provision, based on our contract with you.
- Marketing Data: Collected via third parties (e.g., TicketTailor, Cvent) to promote events and services. You can unsubscribe anytime.
- Financial Data: Managed partially via Sage and Stripe for transactions with our company. Includes name, email, phone, accounting records, invoices, and receipts.
- Legal Compliance & Risk Management: Personal data may be used to establish, exercise, or defend legal claims, obtain insurance, or manage business risks.
- General Compliance: We may process your personal data to comply with legal obligations or protect vital interests.
2.2 Third-Party Involvement
We collaborate with trusted third-party service providers for event management, payment processing, and cloud storage. These providers comply with relevant data protection regulations.
3. Providing Your Personal Data to Others
3.1 Data Sharing with Event Suppliers
We may share customer and marketing data with third-party event suppliers where necessary.
3.2 Legal & Insurance-Related Disclosures
Personal data may be disclosed to insurers or legal advisers when required for legal claims or risk management.
3.3 Payment Processing
Financial transactions are processed via HSBC, Worldpay, and PayPal, with whom we share transaction data for processing payments and refunds.
3.4 Legal Requirements
We may disclose personal data as necessary to comply with legal obligations or to protect vital interests.
4. International Data Transfers
4.1 Transfers Outside the EEA
We may transfer customer data to third parties such as Regonline (Cvent), which complies with GDPR regulations under the Privacy Shield framework.
5. Data Retention and Deletion
5.1 Retention Policies
- Customer Data: Retained for up to six years after last active contact.
- Marketing Data: Retained until you request deletion.
- Financial Data: Retained for a maximum of six years after the last transaction.
5.2 Compliance-Based Retention
We may retain personal data where legally required or necessary for the protection of vital interests.
6. Security Measures
6.1 Technical & Organisational Security
We use secure servers, encryption, password protection, and restricted access for data security.
6.2 Manual and Electronic Security Measures
- On-site electronic data is stored in password-protected systems with encrypted backups.
- Manual records are stored in locked cabinets.
6.3 Internet Transmission Risks
Unencrypted internet data transmission carries inherent security risks beyond our control.
7. Policy Amendments
7.1 Updates and Notifications
We may update this policy periodically. Significant changes will be posted on the website or communicated via email.
7.2 Reviewing This Policy
Please check this page regularly for updates.
8. Your Data Protection Rights
8.1 Summary of Rights
- Access: Obtain a copy of your personal data.
- Rectification: Correct inaccurate data.
- Erasure: Request deletion of your data.
- Restriction: Limit processing under certain conditions.
- Objection: Object to processing based on legitimate interests.
- Data Portability: Request your data in a machine-readable format.
- Complaint: Lodge a complaint with the ICO.
- Withdraw Consent: Where applicable, withdraw consent at any time.
8.2 Exercising Your Rights
To exercise these rights, contact our GDPR compliance team as outlined in Section 20.
9. Third-Party Websites
9.1 External Links
Our website may contain links to third-party sites. We are not responsible for their privacy practices.
10. Contact Information
10.1 Our Details
Cognition AM Ltd, Unit 3, Curo Park, Frogmore, St Albans, Hertfordshire, AL2 2DD, UK
10.2 Contact Us
Website: www.cognition-am.com
Phone: +44 (0)1727 876020
Email: admin@cognition-am.com
11. Data Protection Registration
11.1 UK ICO Registration
We are registered with the UK Information Commissioner's Office under registration number Z7619865
12. GDPR Compliance Officer
12.1 Contact Details
While we are not legally required to appoint a named GDPR Compliance Officer, any concerns about GDPR compliance can be directed to:
Email: admin@cognition-am.com
Phone: +44 (0)1727 876020