Updated June 30, 2019
Cognito LLC and its affiliates (collectively, "Cognito") are committed to protecting the privacy of our clients and research participants. This privacy policy applies to all client and participant personal information that we collect or use in the course of conducting our business, as well as all client information and research participant data housed at any Cognito facility or stored on the Cognito network and/or computers. Anyone who has access to such information or data must follow this privacy policy.
All inquiries, including (a) requests to opt out of further research or a current research engagement; (b) requests to amend incorrect personal information, change consent status, or delete personal information; (c) requests to file a complaint regarding potential misuse of personal information; and (d) any other concerns related to this policy, should be directed to privacy@cognito-inc.com, unless stated otherwise below.
We treat all information we receive from clients as confidential and do not use the information for any purpose other than to fulfill our obligations to them that are related to a legitimate research purpose. We keep client information secure and strive to prevent the misuse and/or unauthorized disclosure of it by our employees or any third parties.
In order to provide our services to clients, we may at times employ the use of client-provided participant contact lists which contain personal information such as names, email addresses, phone numbers, and/or mailing addresses. On engagements involving participants in the European Union, contact lists will only be used in cases where active consent to be contacted for research purposes has been explicitly granted by the participant.
All responses to our research are confidential. We collect data for the legitimate research purposes of our clients only, and our use of that information is limited to that purpose.
We may at times request from research participants their personal information such as names, email addresses, phone numbers, and/or mailing addresses. In cases of video recorded research, the ability to record facial images may be requested. This collection of personal information from research participants is done solely through the legal basis of informed consent.
We do not knowingly collect personal information under any circumstances from anyone under the age of thirteen (13). If we become aware that we have inadvertently collected personal information from anyone under this age threshold, we will promptly delete such information.
Research participation is voluntary. Participants may decline involvement or "opt out" of the research at any time without penalty or hesitation, including after having previously agreed to participate. If a research participant chooses to "opt out," any information we may have collected about that participant will be deleted upon the participant’s request.
We do not rent, sell or otherwise provide in any way personal information or survey responses to any third party for the purposes of direct or indirect marketing of any products and/or services. In some cases, we may share personal information with third parties that provide research services in support of the research engagement. Any third party that receives personal information is obligated to observe at least the same level of privacy and protection regulations delineated by this policy.
Upon request, we provide research participants access to the personal information we have collected about them as individuals. In response to such requests, we may correct any information that is inaccurate or incomplete, change their consent status, or delete their personal information.
We may share information in the following ways: (a) with our service providers, as necessary to enable them to provide services to us (in which cases such service providers are prohibited from using the information except as necessary to provide such services); (b) with our clients or other sponsors of the research as part of a legitimate research purpose; (c) as reasonably necessary to comply with law or a legal process (including a court or government order or subpoena), to detect, prevent, or otherwise address fraud, security or technical issues, to enforce this privacy policy, and to protect the rights, property or safety of Cognito, our users, and/or the public; (d) if we sell, transfer or otherwise share some or all of our business or assets, including personal information, in connection with a corporate transaction such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this privacy policy; or (e) with the express consent of a research participant.
Cognito maintains necessary physical, electronic and procedural security measures to safeguard client data and personal information. Third parties that provide us with support or other services may at times receive client data or personal information, and we require them to maintain at least the same level of security measures with respect to such information.
Cognito does not warrant or ensure the security of any information provided to us. In the unlikely event of a data breach, loss, and/or unauthorized access, use or disclosure of information under our control, we will take reasonable steps to investigate, and notify those individuals whose personal information may have been compromised. We will further take any other steps deemed necessary in accordance with any applicable laws and regulations.
Cognito will take reasonable steps to ensure that personal information provided to us is accurate, complete, current and relevant to a legitimate research purpose, and is used only as described in the "Data Retention" section below. While we accept responsibility for the management and confidentiality of the personal information collected, please note that we cannot always verify the accuracy of the information provided to us and bear no responsibility for the accuracy of information in such cases.
In general, to determine the appropriate retention period for personal information, we consider (a) the amount, nature, and sensitivity of such information; (b) the potential risk of harm from unauthorized use or disclosure of the information; (c) the legitimate research purposes for which we process the information, and whether we can achieve those same purposes through other means; and (d) the applicable legal requirements concerning retention.
We may further process data on behalf of third parties who have engaged us and provided us such data. We retain personal information processed on behalf of third parties for as long as is needed to provide services related to the legitimate research purposes concerning those data to the third party in question. Notwithstanding anything above to the contrary, we reserve the right to retain personal information for any period required by law or to comply with any legal obligations, resolve disputes, and/or enforce our agreements.
Our website (https://cognito-inc.com) may contain links to external websites, and areas where you can provide information to third parties. These are provided for your convenience only, and we do not warrant or control the content, privacy and security practices, and/or policies of such third parties or third-party sites. Any personal information you provide in such areas, and on such linked pages, is provided directly to that third party and is subject to that third party’s privacy policy. Please learn about the privacy and security practices and policies of external websites and third parties before providing them with personal information.
Cognito complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Cognito has self-certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.
In compliance with the Privacy Shield Principles, Cognito commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union (EU) with inquiries or complaints regarding our Privacy Shield policy should first contact Cognito at privacy@cognito-inc.com.
Cognito has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.
Cognito may be required to disclose personal information in response to a lawful request by public authorities, including meeting national security or law enforcement requirements. Under certain limited conditions, individuals may invoke binding arbitration before the Privacy Shield Panel created by the U.S. Department of Commerce and the European Commission.
Any data to be transferred for any reason is limited and for specified research purposes only. Any vendors or third parties working with or for Cognito are contractually obligated to comply with Cognito guidelines for confidentiality and data security. When transferring data to a third party, such third parties are obligated to maintain at least the same level of privacy protection as required by the Privacy Shield Framework, GDPR, this policy, and all other relevant regulations. In any case of onward transfer to third parties, Cognito is potentially liable unless it can be proven that we are not responsible for the event giving rise to the damage.
Cognito respects the voluntary nature of research participation and protects our survey participants’ identities when collecting market research responses online.
We may at times process IP addresses for the legitimate business purpose of identifying and preventing duplicate participants in our surveys. Whenever we process data for these purposes, we take reasonable and customary steps to keep your personal data safe and secure.
You have the right to object to this processing. If you wish to do so please send a request to privacy@cognito-inc.com.
All other personal information is only collected when the research participant deliberately and voluntarily provides it, with informed consent. We may at times collect (a) web browsing activity to ensure a stable, error-free survey experience, and/or for legitimate research purposes when an engagement calls for such types of data; (b) telemetry data; and/or (c) application usage data.
The only information we collect from visitors to our website (https://cognito-inc.com) is that which is voluntarily provided by requests for more information about our services, or viewing papers, articles and videos from our content library. Otherwise, the only use of visitors’ web browsing activity is to generate aggregate traffic reporting statistics for the website.
Whether or not we receive Do Not Track request signals from a web browser, we will never use browsing activity information from our survey respondents or other website visitors to provide or offer third-party advertising content.
As a company based in the United States, Cognito is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). If you are concerned about our use of personal or client information, please contact us by email at privacy@cognito-inc.com.
Individuals in the European Union who have concerns about our compliance with the General Data Protection Regulation (GDPR) or any other data privacy/compliance issues should contact us by email at privacy@cognito-inc.com.
We reserve the right to modify this privacy policy at any time. If we decide to change our policy, we will prominently post those changes here and any other place we deem appropriate, so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make any material changes, we will notify you either by way of an email or by a notice on our website. We will use information in accordance with the policy as it was in effect at the time information was collected.
Any arbitration or court trial, whether before a judge or jury or pursuant to judicial reference, related to any claim under this privacy policy will take place on an individual basis, without resort to any form of class or representative action ("Class Action Waiver"). THIS CLASS ACTION WAIVER PRECLUDES ANY PARTY FROM PARTICIPATING IN OR BEING REPRESENTED IN ANY CLASS OR REPRESENTATIVE ACTION REGARDING A CLAIM UNDER THIS PRIVACY POLICY. Regardless of anything else herein, the validity and effect of the Class Action Waiver may be determined only by a court and not by an arbitrator.
Under certain circumstances permitted or required by law (for example, in connection with law enforcement investigations), we may be required to disclose client data or personal information without giving notice.