Updated June 30, 2019
All inquiries, including (a) requests to opt out of further research or a current research engagement; (b) requests to amend incorrect personal information, change consent status, or delete personal information; (c) requests to file a complaint regarding potential misuse of personal information; and (d) any other concerns related to this policy, should be directed to firstname.lastname@example.org, unless stated otherwise below.
We treat all information we receive from clients as confidential and do not use the information for any purpose other than to fulfill our obligations to them that are related to a legitimate research purpose. We keep client information secure and strive to prevent the misuse and/or unauthorized disclosure of it by our employees or any third parties.
In order to provide our services to clients, we may at times employ the use of client-provided participant contact lists which contain personal information such as names, email addresses, phone numbers, and/or mailing addresses. On engagements involving participants in the European Union, contact lists will only be used in cases where active consent to be contacted for research purposes has been explicitly granted by the participant.
All responses to our research are confidential. We collect data for the legitimate research purposes of our clients only, and our use of that information is limited to that purpose.
We may at times request from research participants their personal information such as names, email addresses, phone numbers, and/or mailing addresses. In cases of video recorded research, the ability to record facial images may be requested. This collection of personal information from research participants is done solely through the legal basis of informed consent.
We do not knowingly collect personal information under any circumstances from anyone under the age of thirteen (13). If we become aware that we have inadvertently collected personal information from anyone under this age threshold, we will promptly delete such information.
Research participation is voluntary. Participants may decline involvement or "opt out" of the research at any time without penalty or hesitation, including after having previously agreed to participate. If a research participant chooses to "opt out," any information we may have collected about that participant will be deleted upon the participant’s request.
We do not rent, sell or otherwise provide in any way personal information or survey responses to any third party for the purposes of direct or indirect marketing of any products and/or services. In some cases, we may share personal information with third parties that provide research services in support of the research engagement. Any third party that receives personal information is obligated to observe at least the same level of privacy and protection regulations delineated by this policy.
Upon request, we provide research participants access to the personal information we have collected about them as individuals. In response to such requests, we may correct any information that is inaccurate or incomplete, change their consent status, or delete their personal information.
Cognito maintains necessary physical, electronic and procedural security measures to safeguard client data and personal information. Third parties that provide us with support or other services may at times receive client data or personal information, and we require them to maintain at least the same level of security measures with respect to such information.
Cognito does not warrant or ensure the security of any information provided to us. In the unlikely event of a data breach, loss, and/or unauthorized access, use or disclosure of information under our control, we will take reasonable steps to investigate, and notify those individuals whose personal information may have been compromised. We will further take any other steps deemed necessary in accordance with any applicable laws and regulations.
Cognito will take reasonable steps to ensure that personal information provided to us is accurate, complete, current and relevant to a legitimate research purpose, and is used only as described in the "Data Retention" section below. While we accept responsibility for the management and confidentiality of the personal information collected, please note that we cannot always verify the accuracy of the information provided to us and bear no responsibility for the accuracy of information in such cases.
In general, to determine the appropriate retention period for personal information, we consider (a) the amount, nature, and sensitivity of such information; (b) the potential risk of harm from unauthorized use or disclosure of the information; (c) the legitimate research purposes for which we process the information, and whether we can achieve those same purposes through other means; and (d) the applicable legal requirements concerning retention.
We may further process data on behalf of third parties who have engaged us and provided us such data. We retain personal information processed on behalf of third parties for as long as is needed to provide services related to the legitimate research purposes concerning those data to the third party in question. Notwithstanding anything above to the contrary, we reserve the right to retain personal information for any period required by law or to comply with any legal obligations, resolve disputes, and/or enforce our agreements.
In compliance with the Privacy Shield Principles, Cognito commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union (EU) with inquiries or complaints regarding our Privacy Shield policy should first contact Cognito at email@example.com.
Cognito has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.
Cognito may be required to disclose personal information in response to a lawful request by public authorities, including meeting national security or law enforcement requirements. Under certain limited conditions, individuals may invoke binding arbitration before the Privacy Shield Panel created by the U.S. Department of Commerce and the European Commission.
Any data to be transferred for any reason is limited and for specified research purposes only. Any vendors or third parties working with or for Cognito are contractually obligated to comply with Cognito guidelines for confidentiality and data security. When transferring data to a third party, such third parties are obligated to maintain at least the same level of privacy protection as required by the Privacy Shield Framework, GDPR, this policy, and all other relevant regulations. In any case of onward transfer to third parties, Cognito is potentially liable unless it can be proven that we are not responsible for the event giving rise to the damage.
Cognito respects the voluntary nature of research participation and protects our survey participants’ identities when collecting market research responses online.
We may at times process IP addresses for the legitimate business purpose of identifying and preventing duplicate participants in our surveys. Whenever we process data for these purposes, we take reasonable and customary steps to keep your personal data safe and secure.
You have the right to object to this processing. If you wish to do so please send a request to firstname.lastname@example.org.
All other personal information is only collected when the research participant deliberately and voluntarily provides it, with informed consent. We may at times collect (a) web browsing activity to ensure a stable, error-free survey experience, and/or for legitimate research purposes when an engagement calls for such types of data; (b) telemetry data; and/or (c) application usage data.
The only information we collect from visitors to our website (https://cognito-inc.com) is that which is voluntarily provided by requests for more information about our services, or viewing papers, articles and videos from our content library. Otherwise, the only use of visitors’ web browsing activity is to generate aggregate traffic reporting statistics for the website.
Whether or not we receive Do Not Track request signals from a web browser, we will never use browsing activity information from our survey respondents or other website visitors to provide or offer third-party advertising content.
As a company based in the United States, Cognito is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). If you are concerned about our use of personal or client information, please contact us by email at email@example.com.
Individuals in the European Union who have concerns about our compliance with the General Data Protection Regulation (GDPR) or any other data privacy/compliance issues should contact us by email at firstname.lastname@example.org.
Under certain circumstances permitted or required by law (for example, in connection with law enforcement investigations), we may be required to disclose client data or personal information without giving notice.