Privacy Policy

Purpose

Cogito Corporation (hereinafter, "Cogito", "we" or "us") is committed to protecting your privacy. This Privacy Statement (the "Privacy Statement") describes the personal information that we collect, how we obtain the information, how we may use or disclose that information, the security measures we have in place to protect this information, and the rights you have with respect to this information.

Scope

This Privacy Statement covers our privacy practices with respect to the collection, use, and disclosure of information obtained: (i) through the Cogito website at www.cogitocorp.com (hereinafter, our "Website"); (ii) in connection with the use of our hosted software applications (the "Subscription Service") and related support services ("Support Services"), as well as expert services, including professional services, training and certification (the "Expert Services") that we provide to Customers, and (iii) in connection with human resource functions for our employees and prospective employees, as described below.

Use of our Website and our provision of Services are intended only for persons at least 13 years of age and we do not knowingly collect or store personal information from children under the age of 13.

For the purposes of this Privacy Statement:

• “Callers” mean the individuals who communicate or interact with our Customer’s contact centers.
• "Customer" means any entity that purchases a license to any portion or component of the Services.
• "Customer Data" means the personal information uploaded into, or otherwise made accessible to, any portion of the Services by, or for, a Customer or its Users, as further described below.
• “Services” shall mean, collectively, the Subscription Service, Support Services and the Expert Services.
• “User” means an individual authorized by or on behalf of the Customer to access and/or make use of any portion or component of the Services, as further described in the Customer Agreement.
• "Visitor" means a visitor of the Website.
  ##Website
  For all Visitors, Cogito operates as the controller of your personal information. The following information applies to the personal information collected by Cogito from Visitors of our Website. For information with regard to the Cookies we collect on our Visitors, please refer to Cookie Settings. For information with respect to any applicable data access rights, please refer to Your Rights and Choices with Cogito as a Controller of your Personal Information.

What Personal Data do we collect?

The following information reflects information that we have collected about you over the past 12 months.

Information Collected Directly from you

The personal information we collect directly from you includes the following:

• If you express an interest in obtaining additional information about our services, use our “Contact Us” or similar features, request a demo, or download certain content, we may require that you provide to us your contact information such as your name, job title, company name, phone number, or email address.
• When you register or request further information or services from us or participate in interactive features of our Website.
• When you report a problem with our Website.
• If you inquire about, or apply for, a job with Cogito.

Information Collected from third parties

Cogito may collect and use information we receive from service providers in connection with your use of the Website. For instance, Cogito may use a service provider for reporting and analytics to measure the effectiveness of our Website and marketing efforts, and to identify areas for improvement.

Information we collect as you navigate through the Website

As you navigate through the Website, we also collect details about your visits to our Website including, but not limited to, your IP address, usage patterns, traffic data, location data, logs and other communication data and the resources that you access, as well as information about your computer and internet connection, including your operating system and browser type.

Cookies and Other Forms of Automated Collection

What is a Cookie?

When you visit our Website, we, or an authorized third party may place a small text file called a “Cookie” on your computer’s browser directory. Cookies are designed to collect information, which includes personal information, about your online activities over time and across different sites.

Session-based cookies exist only during one session and disappear from your computer when you close your browser or turn off your computer. Persistent cookies remain on your computer or device after you closer your browser or turn off your computer. You can control the use of cookies at the individual browser level, but choosing to disable cookies may limit your use of certain features or functions on our Website.

The following describes how we use different categories of cookies and similar technologies and your options for managing our collection of Cookies.

Different Categories of Cogito Cookies:

The Cookies that Cogito uses fall into the following categories:

Necessary: Without these Cookies, we are unable to provide many services needed for this Website to function (e.g. essential cookies to help protect the security of the Website). Because these Cookies are required for this Website to function, you cannot refuse them.

Performance and Analytics: These Cookies track information about how the Website is being used so we can make improvements and report on the Website’s performance. These cookies are designed to enhance the function, performance and services on the website, and may track behavior of Visitors for analytics and advertising purposes. These Cookies may either be first party Cookies (set by Cogito) or third-party Cookies (set by authorized third parties). Our third-party Cookies include the use of Google Analytics, HotJar, and ShareThis.

Functional Cookies: These are Cookies used to enhance the performance of our Website, and to remember information you entered, and choices you made with respect to our Website, but are not essential to your use of the Website. We may use our own technology or third-party technology, including ShareThis to provide functional Cookies.

Advertising Cookies: These third-party Cookies are placed by advertising platforms or networks on our Website in order to track ad performance, and to enable advertising networks to deliver ads that may be relevant to you based upon your activities (referred to as “re-marketing”). Cogito contracts with third parties such as Facebook, and GoogleAds to support the advertising Cookies’ purpose.

How Do We Use Cookies?

The Cookies we collect help us facilitate a safe interaction for you on our Website, enhance the function, performance and services on the Website, provide social media features, and analyze our Website traffic. We also allow authorized third parties to use Cookies to enhance your use of our Website with social media, advertising, and our analytics partners. We use both session-based and persistent cookies on our websites.

Re-Marketing Activities

We use third-party pixels or web beacons on our Website to track activity for web analytics and for re-marketing activities. “Re-marketing activities” means that our third parties will continue to show ads to you across the internet but we will not be collecting any identifiable information about you through this remarketing system. The third-party vendors we use will place cookies on web browsers in order to serve ads based on past visits to our Website. This allows us to make special offers and continue to market our services to those who have shown interest in our service.

You can change your cookie settings and preferences on the Website by clicking on “Cookie Preferences”.

How Do We Use the Information Collected?
We may use information that we collect about Visitors for the following purposes:

• To protect the security of our Website.
• Enable the sharing of content across various social networks.
• Enhance the function, performance, and services on the Website.
• To track the behavior of the users on the Website.
• To present our Website and their contents in a suitable and effective manner for you and for your computer.
• To diagnose and resolve technical problems with our Website.
• To improve our Website.
• To provide you with information, products or services that you request from us.
• To notify you about changes to our Website or obtain any required consent.
• To allow you to participate in interactive features of our Website, when you choose to do so.
• For industry analysis, benchmarking, analytics, marketing, and other business purposes.
• To track your browsing behavior, such as the pages you visited over time.

If you ask us to contact you about our Services, we may use your personal information or permit selected service providers (such as an email service provider) to use your personal information to provide you with such information. Visitors may withdraw consent for use of such personal information, at a later time by clicking on the “unsubscribe” link located in the emails sent by Cogito, or exercising their applicable Data Access Rights.

How Do We Share the Information Collected?

Subject to any applicable data privacy law, or regulation, we may disclose personal information that you provide to us via this Website, to the following third parties:

• To contracted service providers who agree to use the personal information exclusively for our benefit, including email services, website hosting and measurement, job application management, and other necessary functions.
• In the event of merger, acquisition, or any form of sale or transfer of some or all of our assets (including in the event of a reorganization, dissolution or liquidation), in which case personal information held by us about our Visitors will be among the assets transferred to the buyer or acquirer.
• We may also disclose your personal information to third parties to:
  Comply with any court order or other legal obligation.
  Protect the rights, property, or safety of Cogito or others.
  We do not sell, rent or trade information collected through the Website to third parties who are not service providers who assist us in providing our information and services to you.

How long do we keep a Visitor’s personal information?

We may retain a Visitor’s personal information for the period of time which is consistent with the original purposes of collection, as determined in our sole discretion, and in accordance with our record retention policies. When determining the retention of your personal information, we will evaluate the amount, nature, and sensitivity of such personal information processed, the potential risk of harm from the unauthorized use or disclosure of your personal information, and whether we can achieve the purposes of the processing such personal information through other means, as well as applicable legal requirements. Upon the expiration of the applicable retention period, your personal information will be deleted. Any information we are unable to delete entirely from our systems will have measures in place to prevent any further access and use of such data.

Services

For all Customers and Users, Cogito operates as a processor of applicable Customer Data. The following information applies to the personal information collected by Cogito from Customers and Users of our Services. Data subject requests for Customer Data must be made through the applicable Customer as the controller of the data. Cogito will comply with all data subject access requests in accordance with the provisions of the applicable contract between Customer and Cogito.

What Customer Data do we collect?
We collect the following personal information from and/or about our Customers, Users, and Callers (collectively, the “Customer Data”), including:

• General information, including a Customer’s company name and address, and the Customer’s representative’s contact information including name, email address, and telephone number (“General Information”) for billing and contracting purposes.
• Information and correspondence our Customers and Users submit to us in connection with the use of our Services, including the phone number and/or phone extensions of the User and the Caller, the User identification numbers (which may be employee identification numbers).
• Server logs in support of the Services, which may contain device identification numbers.
• The personal information contained in audio files and related metadata for phone calls processed by the Subscription Service. Such audio files include customer service, sales and operations phone calls between Users and the “Callers”. We also collect metadata relating to these calls, which constitutes call-related statistics and identifiers. This metadata may contain personal information of the Users and the Callers including Caller phone numbers and User names.
  We also collect non-personal information in providing the Services to Customers such as: (1) behavioral and statistical usage data derived and/or generated from the operation of the Subscription Service, including behavioral signals and models derived from audio data processed by the Subscription Service as well as the performance results for the Subscription Service; and (2) quantitative data derived from our Customers and Users use of the Subscription Service and/or provided by our Customers, for example and without limitation, business and operational metrics related to our Customer’s business. Other than fulfilling specific data processing and/or reporting obligations for our Customers pursuant to Customer Agreements, all of this data collected, used, and disclosed will be in aggregate form only and will not identify any Customer or its Users, unless otherwise provided in a Customer Agreement.

How do we use Customer Data?
We use Customer Data to provide, maintain and improve the Services, including providing Support and Expert Services. Notwithstanding anything else to the contrary in this Privacy Statement, we will not use, disclose, review, share, distribute, transfer or reference any Customer Data except as permitted in the Customer Agreement, or as required by law.

What Cookies do we use with the Services?
When you use the Subscription Service, we use Cookies to:

• Authenticate your access to the Subscription Service
• Route a browser request to a specific node when multiple nodes are assigned
• Recognize you when you return to the Subscription Service

A User may refuse to accept the “remember me” cookie, which will then require a User to provide their username and password to log into the Subscription Service.

How Do We Share the Personal Information Collected?

As a Processor of Customer Data, we only share the personal information collected in accordance with the Customer’s instructions, as permitted in the applicable Customer Agreement. Subject to any applicable data privacy law and regulation, we may disclose Customer Data to third parties solely to:

• To contracted service providers who agree to use the personal information exclusively for our benefit, including email services, website hosting and measurement, job application management, and other necessary functions.
• Comply with any court order or other legal obligation.
• Enforce or apply the terms of the definitive agreement between Customer and Cogito pursuant to which the Customer purchased access to any portion or component of the Services (the “Customer Agreement”).
• Protect the rights, property, or safety of Cogito, our Customers, Users or others.
• In the event of merger, acquisition, or any form of sale or transfer of some or all of our assets (including in the event of a reorganization, dissolution or liquidation), in which case personal information held by us about our Visitors will be among the assets transferred to the buyer or acquirer.
  We do not sell, rent or trade Customer Data with third parties.

How long do we keep Customer Data?

We may keep Customer Data for the period of time which is agreed upon in Customer Agreement.

Communication Preferences and Choices and Accessing and Correcting Your Personal Information

Since each Customer is the controller of the personal information submitted to Cogito as a processor (including any personal information it collects from its Users and individuals that communicate or interact with Customer’s contact centers, how that information is used and disclosed, and how that information can be changed), Users and such individuals must contact the applicable Customer administrator with any inquiries about how the Customer uses and discloses personal information and how to access or correct personal information contained in Customer Data. Cogito will comply with all obligations agreed to between the relevant Customer and Cogito to effectuate any data access rights a User or Caller may have with respect to the Cogito’s processing of the relevant personal information.

Employee and Applicant Information

How Do We Obtain and Use Employee and Applicant Personal Information?

Employee Information

As a controller of our employee’s personal information, we collect personal information and sensitive personal information provided to us by you which may include, without limitation, name, address, email address, date of birth, gender, ethnicity, physical address, phone number, birth date, citizenship, education, employer (current or former), title, passport number, driver’s license number, spouse or dependents, compensation, personal health information, payment instructions, credit card information, and EEOC data only for legitimate business purposes, including (1) the management and operations of our company, its functions and activities, (2) employee communications, including employee surveys, (3) maintaining a global directory, (4) carrying out obligations under employment contracts and employment, tax and benefits laws, and in connection with other working relationships or arrangements, (5) development and training programs, (6) assessing employee qualifications and performance, (7) managing employee performance, (8) determining employee compensation or payment, (9) managing the employee termination process, and (10) other general human resources purposes. Our European Union and Swiss Employees at the time of their employment are notified in detail how their personal information will be used. Employee information on health, performance evaluations, and disciplinary actions and other sensitive employee matters, whether it is stored manually or electronically, is accessible by other Cogito employees only if necessary with respect to legitimate human resource functions or issues, and in accordance with applicable laws. Cogito will obtain affirmative consent from an employee before using such employee’s personal information for any purpose other than described above. Employees may decline to provide this consent, and employees may withdraw their consent at any time.

Employees may choose to voluntarily disclose personal information about family members, in which cases, such personal information shall be treated, for the purposes of this Privacy Statement, the same as an employee’s personal information. Employee personal information is never sold, leased, or rented to any third party.

In accordance with applicable law, employees may have the right to opt-out of disclosing their personal information provided that Cogito does not need such personal information for a legitimate business purpose. Employees can contact the People Team or the Privacy Team at [email protected] if they wish to exercise these rights.

Applicant Information

As a controller of our prospective employee’s personal information, we collect personal information and sensitive personal information provided to us by applicants which may include, without limitation, name, address, email address, date of birth, gender, ethnicity, physical address, phone number, birth date, citizenship, education, employer (current or former), title, driver’s license number, spouse or dependents, compensation, payment instructions, and EEOC data only for legitimate business purposes, including (1) the recruiting and hiring of job applicants, (2) performing background checks and verifying references, (3) communications with the applicant, (4) assessing applicant qualifications and performance, (5) determining applicant compensation or payment, (6) other general human resources purposes. For information with respect to any applicable data access rights, please refer to “Your Rights and Choices with Cogito as a Controller of your Personal Information”.

How Do We Share Employee and Applicant Personal Information Collected With Third Parties?

Employee Personal Information

Employee personal information will never be disclosed to third parties except as follows: (1) to those retained by Cogito as agents for the purposes set forth above, (2) where required pursuant to an applicable law, governmental or judicial order, law or regulation, or to protect the rights or property of Cogito, (3) where authorized in writing by the employee, and (4) where the employee voluntarily provides personal information and the context makes it clear that such information will be provided to a third party.

Applicant Personal Information

Applicant personal information will only be disclosed to third parties as follows:

Disclosure to our Service Providers: We use third party service providers to process your personal information to assist us in business and technical operations for applying for employment with Cogito. Cogito has data processing agreements with such service providers which provide specific instructions for processing and accessing an applicant’s personal information.

Required Disclosure: We may release personal information about you to comply with a law or a subpoena, bankruptcy proceeding, or similar legal process. Such disclosure may include disclosing personal information about you, such as your name and contact information, to enforce our contractual rights, or to protect the rights and safety of Cogito, our Customers, Users, and others, or as is reasonably necessary for litigation purposes.

Disclosure in Event of Merger/Acquisition/Sale: If Cogito is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred to the acquiring entity as part of the transaction, such transfer subject to applicable personal information protections.

How long do we keep your employee personal information?

We may retain an employee’s personal information for the period of time which is consistent with the original purposes of collection, as determined in our sole discretion, and in accordance with our record retention policies; provided, however, that the use of such data is retained in accordance with a legitimate business purpose. When determining the retention of your personal information, we will evaluate the amount, nature, and sensitivity of such personal information processed, the potential risk of harm from the unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing such personal information through other means, as well as applicable legal requirements. Upon the expiration of the applicable retention period, your personal information will be deleted. Any information we are unable to delete entirely from our systems will have measures in place to prevent any further access and use of such data.

How long do we keep your applicant personal information?

We may retain an applicant’s personal information for the period of time which is consistent with the original purposes of collection, as determined in our sole discretion, and in accordance with our record retention policies. When determining the retention of your personal information, we will evaluate the amount, nature, and sensitivity of such personal information processed, the potential risk of harm from the unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing such personal information through other means, as well as applicable legal requirements. Upon the expiration of the applicable retention period, your personal information will be deleted. Any information we are unable to delete entirely from our systems will have measures in place to prevent any further access and use of such data.

General

Data Protection Officer

Cogito has appointed a data protection officer at Lucid Privacy Group who has direct access to the highest level of management in the organization and is responsible for the organization's individual privacy protection program. Our appointment of Lucid Privacy Group is based on deep professional experience, in particular, expert knowledge of data protection law and practices and the ability to fulfill the tasks required of a Data Protection Officer. The Data Protection Officer is selected by Cogito’s VP Legal after a review of the Data Protection Officer’s qualifications and expert knowledge of data privacy laws and practices. Cogito’s VP Legal is responsible for periodically reviewing, at least annually, the qualifications and expert knowledge of the Data Protection Officer.

International Transfers

For international transfers of personal information (also known as personal data), Cogito ensures the protection of personal information by obtaining written agreement from each third-party processer of your personal information to a written data protection agreement which contains the contractual clauses for data protection approved by the EU Commission.

Complaints

Cogito commits to resolving complaints about its data collection and use of your personal information. We can be contacted by email at [email protected] with regard to any inquiries or complaints and we are committed to responding to your inquiry in a timely manner. Inquiries or complaints may also be submitted to our Data Protection Officer at Lucid Privacy Group by sending an email to [email protected]. European data subjects maintain the right to contact their respective country-specific Data Protection Authority for any EU-specific complaints.

Transfers

Cogito may transfer personal information it receives to a service provider to assist in our processing of that data for the purposes described in this Privacy Statement. In such instances, the third party’s access, use, and disclosure of the personal information must also comply with the written data protection agreement we have in place with that service provider, which contains the contractual clauses for data protection approved by the EU Commission. However, Cogito is ultimately liable for ensuring that the third party remains compliant with our obligations unless we prove that we are not responsible for the event giving rise to the damage.

EU Residents: Rights and Choices with Cogito as a Controller of your Personal Information

Where Cogito is considered a controller of your personal information under relevant data protection laws, you have certain rights relating to the personal information we collect about you, subject to the applicable data protection laws. These rights are detailed below.

Specifically, if you are located in the EEA, or are a resident of California, you may have the following rights:

• Right of Access: A right to access the personal information we have collected about you
  As a resident of California, this right may include the right to receive specific information we collected about you, the business purpose for that collection, and the categories of any third parties we shared your personal information, if applicable.

• Right of Erasure: A right to erase or delete the personal information we collected about you, subject to applicable verifiability requirements below.
  The following rights are related to personal information that we have collected about you if you are located in the EEA:

• Right to reconciliation: You have the right to ensure your personal information is complete, and to rectify it, where needed.

• Right to restrict processing: You have the right to request a restriction on our processing of your personal information.

• Right to data portability: You have the right to transfer your personal information to another controller, to the extent possible.

• Right to object: You have the right to object to any processing of your personal information carried out on the basis of legitimate interests. Where we process your personal information for direct marketing purposes or share it with service providers to assist us with direct marketing, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.

• Rights related to automated decision-making and profiling: You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects. (Cogito does not participate in automated decision-making and profiling at this time.)

• Right to withdraw consent: If we collect, process, and share your personal information based on your consent, you have the right to withdraw such consent at any time. This withdrawal will not affect the lawfulness of the processing based on such consent before its withdrawal.

• Right to lodge a complaint with the data protection authority: If you believe that we have not assisted with a complaint or concern related to your data privacy rights, you have the right to lodge a complaint with the competent EEA supervisory authority.

Exercising European Data Subject Rights

To exercise your applicable data protection rights, please use one of the options:

• Submit a verifiable customer request to us by emailing us at [email protected];
• If you are a Cogito Client, please see our Cogito Client Data Subject Rights Request Form
• If you are not a Cogito Client, please see our Cogito Privacy Request Form: Non-Client
• Calling our toll-free number 1-855-4Cogito (1-855-426-4486) and dialing “0” for operator
• You may also submit a request to our Data Protection Officer at Lucid Privacy Group by sending an email to [email protected].
  California Consumer Disclosure
  Definitions

The terms “Business Purpose(s)”, “Personal Information”, “Sell” (or “Sale”), “Service Provider(s)” and “Third Parties” have the meanings given in the California Consumer Privacy Act of 2018 (CCPA). These term references and disclosures are limited to this section of the Privacy Policy and designated exclusively for California Consumers.

Categories of Personal Information

Identifiers and personal information including name, job title, company, email addresses, phone numbers, postal addresses, cookie identifiers, and IP addresses.

Job applicants may provide additional personal demographic information including education, work history, and professional affiliations.

Purposes for collection and use of Personal Information

We use personal information to facilitate our website, customer account services, and for marketing or communications.

Categories of sources from which Personal Information is collected

Websites, advertising services, technology platforms, customer support services, and directly from the consumer.

Categories of Personal Information we sell

We do not sell personal information. However, we enable third-party advertising services to use cookies with our website visitors.

We have no actual knowledge that we have sold the personal information of minors under 16 years of age.

Purposes for selling personal information

We do not sell personal information. However, third-party advertising services use cookies associated with our website visitors to facilitate ads to our visitors on other websites.

Categories of Third Parties to whom Personal Information is sold

We do not sell personal information. However, third-party advertising services use cookies associated with our website visitors.

Categories of third parties to whom information was shared for a business purpose

Advertising services, technology platforms, website and customer communications services.

California Consumer Rights & Options

Access or Delete Your Personal Information

You have the right to access or delete the personal information we maintain about you by:

• Emailing [email protected]
• Submitting a request through our “California Privacy Rights Form”
• Calling our toll-free number 1-855-4Cogito (1-855-426-4486) and dialing “0” for operator

Please note we may not accept a request to modify or erase your personal information where we cannot verify your personal information, where we require it to comply with a legal obligation or in relation to a legal claim.

Authorized Agents

If you wish to submit a request to know or delete through an authorized agent, we require one of the following before we can process the request:

• A copy of your signed permission authorizing the agent to make the request.
• That you verify your identity directly with us.
• Direct confirmation from you that you provided the agent permission to submit the request.

If your authorized agent has a valid power of attorney under California Probate Code sections 4121 to 4130, we may request proof of the power of attorney instead of the foregoing.

We may deny a request from an agent that does not submit proof you authorized them to act on your behalf.

Opt-Out of Sales or Exercise Your “Do Not Sell My Personal Information” Right Under CCPA

We do not sell your personal information. However, you may opt-out from the third-party advertising services by visiting the Digital Advertising Alliance's ("DAA") opt-out page here.

Security Statement

Cogito maintains reasonable and appropriate measures to protect the personal information obtained from loss, misuse and unauthorized access, disclosure, alteration and destruction. Please report any known or suspected violations at [email protected].

Cogito has formally appointed a qualified Data Protection Officer, reporting to senior management, who is directly and fully responsible for the privacy of personal information. See “Contact Information”, below.

Third Party Websites and Applications

This Website may link to websites that are not owned or controlled by Cogito. As such, this Privacy Statement does not apply to information collected on any third-party site or by any third-party application that may link to or be accessible from the Website. This Privacy Statement also does not cover the use or disclosure of any information stored in the Subscription Service when hosted by the Customer.

Changes to Our Privacy Statement

Cogito reserves the right to update or change this Privacy Statement from time to time. If Cogito’s Privacy Statement is updated, we will notify you by posting the new Privacy Statement on this web page and updating the revision date below (and obtain your consent where required). Except where express consent is required by applicable law, Customer Agreements or End User License Agreements, your continued use of the Website and/or Services is deemed to be acceptance of any updates or changes we make to this Privacy Statement. Accordingly, we ask that you review the Privacy Statement periodically for any updates or changes that we may have made.

Contact Information
If you have any questions about this Privacy Statement or our privacy practices contact us at:

Cogito Corporation
100 High Street, Floor 7
Boston, MA 02210
Attn: Data Privacy
[email protected]

Cogito’s Data Protection Officer can be reached at:
Lucid Privacy Group
1050 Page Street,
San Francisco, CA 94117
[email protected]