The Federal Trade Commission has jurisdiction over Cognitect’s compliance with the Privacy Shield.
1. Information We Collect
Some of the information we receive from the European Economic Area may qualify as “personal information” or “personal data” (collectively, “Personal Information”) as defined in the Frameworks. This may include names, addresses, IP locations, device types, and contact information. When we process Personal Information on behalf of our enterprise customers, they determine the categories of data they upload in our systems and the purposes of the processing. Accordingly, customers are responsible for providing notice to individuals.
As a data controller, we collect and process EEA Personal Information directly from individuals, either via our publicly available websites, including www.cognitect.com and www.datomic.com, or in connection with our customer, partner, and vendor relationships.
As a data processor, we process and host EEA Personal Information obtained from our customers when providing our Services. In that context, we only process Personal Information on behalf and on the instructions of our customers, which are data controllers.
We commit to subject to the Principles all Personal Information received from the EEA in reliance on the Frameworks (which includes both types of activities).
2. Information You Provide
To register you for the Product or Services, we require you to provide us with certain information, including: (1) your name, location, and your contact information (such as your e-mail address, phone number, billing and physical addresses, and your account password); and (2) payment information (such as your credit or debit card number, bank account routing number, and billing and shipping address). If you communicate with us by, for example, e-mail, telephone, online form, any information voluntarily provided in such communication may be collected. Note, when you make a purchase of our Services, our payment processor directly collects and processes the payment information that you provide, as necessary to complete your purchase. You may, at any time, contact us using the information provided below.
3. Company Information
In order for us to provide our Product or Services, we may ask you to provide information about your company, which includes, but is not limited to: company name, company address, billing and payment information, location, team size, project name(s), project number(s), budgets, client names, holidays, payment information (e.g. payment number and invoice details), and currency.
4. Information We Receive from Third Parties
In order to support your experience using the Product or Services, or in the course of providing Services to EU companies or entities, we may also collect information about you from third party partners and combine it with other information we collect from you.
5. Automatically Collected Information
6. How We Use Information
We may use the information we collect for various purposes, including:
We take reasonable, industry standard steps to ensure that the Personal Information we process is relevant and reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information. These include the use of complex passwords, encryption of data, and evaluating our vendors to ensure they adequate security and privacy policies.
We will not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We will adhere to the Principles for as long as we retain the Personal Information collected under the Frameworks. When we process Personal Information on behalf of our enterprise customers, we process and retain Personal Information as necessary to provide our services to our customers, or as required or permitted under applicable law.
If we disclose your Personal Information to a third party acting as a data controller or as an agent, we will comply with, and protect the Personal Information as provided in, the Accountability for Onward Transfer Principle. We remain responsible for the processing of Personal Information received under the Frameworks and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage. We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
7. Your Rights and Choices
8. Non-US Residents Choices
9. Transborder Transfer
We may transfer or disclose personal information to recipients in countries outside of your country, including the United States, where we are headquartered. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer or disclose your personal information to other countries, we will protect that information as described in this Privacy Notice. We have certified to the EU-U.S. Privacy Shield Framework to provide adequate safeguards for the transfer of personal information to the United States from the European Economic Area (“EEA”).
We are committed to protecting your information. We seek to use reasonable organizational, technical, and administrative measures to protect information within our organization. We also take measures to delete your personal information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it or when you request their deletion. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. Your password protects your user account, so you should use a unique and strong password, limit access to your computer and browser, and log out after having used our Product or Services. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the Contact Us section below.
Our Products and Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16.
12. Updates to this Policy
13. Recourse, Enforcement and Dispute Resolution
If you have any questions or concerns, please write to us at the address listed below. If you are an EEA resident, we will investigate and attempt to resolve reasonable complaints and disputes regarding our use and disclosure of Personal Information in accordance with the Principles. If an issue cannot be resolved via our internal dispute resolution mechanism, EEA individuals may contact or submit a complaint, at no cost, to the International Centre for Dispute Resolution, our US-based third party dispute resolution provider. To find out more, go to https://www.privacyshield.gov/Individuals-in-Europe. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration before the Privacy Shield Panel as detailed in the Principles.
101 West Chapel Hill Street
Durham, NC 27707
Non-HR Recourse Mechanism