Your privacy is important to us.
Our Data Practices
Notice to End-Users
Our services are intended for use by our business Customers. Where services are made available to you through a Customer, that Customer is the data controller of your personal data. Cognito is a data processor or sub-processor where it facilitates identity verification, fraud detection, and watchlist screening services at the direction of our Customer.
Our Customers are able to:
- Access and describe your personal data that you provided to them;
- Access and export your personal data processed by them; and
- Amend your personal data, including your end-user profile.
For more information on how we process or sub-process end user information on our Customer’s instructions, please see our End User Privacy Statement (https://cognitohq.com/privacy-statement/).
Our Customer’s Authorized Users
Personal Data We Collect
When you communicate directly with us, we maintain a record of those communications and our responses. We collect information about your internet or electronic activity, including when you click on an email and if you click on any links provided within the email.
When you visit our Sites, we collect:
- information about your internet or electronic activity (where you clicked and how long it took);
- your device and browser data (device model number and browser type); and
- your IP address.
When you subscribe to and receive our marketing emails, we also collect your:
- name; and
- email address.
If you are a prospective customer, we collect your:
- email address;
- phone number; and
- professional information regarding your company or employer.
When you become a Customer, we track what services you have purchased from and we also collect your:
- email address;
- phone number;
- postal address; and
- professional information regarding your company or employer.
As an Authorized User for our Customer, you or our Customer’s administrator provides information to us: when our Customer registers you for access to our services; when you register to access our services; when you contact our customer support; or, when you send us an email or communicate with Cognito in connection with our services.
The information our Customer provides so that we can invite Authorized Users to access our services includes:
- business contact information, including your name, job title, the organization’s name, postal address, and your email address;
- information to authenticate your business, including incorporation documents, business licenses, office leases, and utility records;
- account login credentials, including usernames, passwords, authentication codes, and two-factor identification codes;
- troubleshooting and support data, which is data you provide when you contact Cognito for assistance with our services, including the products you use and details relating to the problem that help us provide support; and
- payment information necessary for our payment processors to process your payment, including credit card numbers, bank account information, associated identifiers, and billing addresses. (Cognito does not store full credit card data.)
How We Collect Personal Data
You or our Customer’s account administrator directly provides Cognito with most of the data we collect. We collect and process data when you:
- Register online, create an account, or submit a service or sales request for any of our services;
- Voluntarily complete a contact form or provide feedback on any of our message boards or via email; and
- Use or view our website, our web applications, or a Customer’s dashboard and our services via your browser’s cookies and similar tracking technologies;
We collect your IP address from your internet service provider.
We may purchase the contact information of prospective customers from data brokers, as part of our legitimate business interest, where applicable and permitted by local privacy laws.
How We Use Personal Data
Cognito collects, uses, and discloses information to provide, market, operate, improve, develop, and protect our services for online businesses, our Customers, that need to comply with regulations necessary to detect and prevent fraud and other malicious behavior on their websites and mobile applications.
We use information we collect to:
- Provide the Cognito Services. We base our processing of your Personal Data on our legitimate interests to operate and administer the Cognito Services. For example, to process transactions with you or with a Customer, we authenticate you when you log in, provide customer support, and operate and maintain the Cognito Services.
- Promote the security of the Cognito Services. We process your Personal Data by tracking use of the Cognito Services, creating aggregated, non-personal information, verifying accounts and activity, monitoring suspicious or fraudulent activity, and enforcing our terms and policies, to the extent this is necessary for our legitimate interest in promoting the safety and security of the Cognito Services, systems, and applications and in protecting our rights and the rights of others.
- Improve and develop the Cognito Services. We use your Personal Data to identify trends, usage, activity patterns, and areas for integration and improvement so that we continually improve the Cognito Services, including adding new features or capabilities that make the Cognito Services smarter, faster, more secure, integrated, and more useful to our Customers and their Authorized Users to the extent it is necessary for our legitimate interests in developing and improving the Cognito Services.
- Communicate with you about the Cognito Services. We send you service, technical, and other administrative or transactional emails, messages, and other types of notifications to assist with our legitimate interests in administering the Cognito Services. These communications are considered part of the Cognito Services and in most cases, you cannot opt-out of them. If an opt-out is available, you will find that option within the communication itself or in your account settings.
- Send you marketing communications. We process your Personal Data to send you marketing information, product recommendations, events, contests, promotions, and other non-transactional communications about us in accordance with your marketing preferences, as necessary for our legitimate interests in conducting direct marketing or to the extent you have provided your consent. You will find opt-out options within the communication itself or in your account settings.
- Protect our legitimate business interests and legal rights. When necessary to protect our legal rights, interests, and the interests of others, or where required by law, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger, or sale of a business.
- Promote our legitimate business interests. With your consent, we use information where you have given us explicit consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Cognito Services, with your permission.
Sharing Personal Data
When we process your request for service, as part of our compliance procedures we may send your data to, and also use the resulting information from, credit reference agencies to prevent fraud.
How We Store and Secure Personal Data
We use data hosting service providers in the United States to host the information we collect, and we use technical measures to secure your data. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
How long we keep information we collect about you depends on the type of information:
We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Cognito Services. After such time, we will either delete or anonymize your information or, if this is not possible, we will securely store your information and isolate it from any further use until deletion is possible.
We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve the Cognito Services. Our retention time frame varies based on our legal obligations.
Where we retain information for Cognito Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of the Cognito Services, not to specifically analyze personal characteristics about you.
Information you share on Cognito Services
If you are an Authorized User and your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow our Customer and your team members or other users to make full use of the Cognito Services. For example, we continue to display messages you sent to the users that received them and continue to display content you provided or decisions you have made regarding using our services.
If the Cognito Services are made available to you through an organization for which we are acting as a processor or sub-processor, we retain your information as long as required by the administrator of your account.
If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in the Cognito Services, such as when you last opened an email from us or ceased using your account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
We would like to send you information about our services. With your consent, we send marketing information, product recommendations, events, promotions, and other non-transactional communications about us in accordance with your marketing preferences. If you have agreed to receive marketing information, you may always opt out at a later date. You have the right at any time to stop Cognito from contacting you for marketing purposes.
What We Share
Who We Share it With (by category)
Your Data Protection Rights
We want to make sure you are fully aware of all of your data protection rights. Where we are using your information because we or a third party such as your employer have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Cognito Services.
If you are an end user to our Customer, on whose behalf we processed your personal information, you should contact our Customer about your privacy concerns instead of Cognito. For more information on how we process or sub-process end user information on our Customer’s instructions, please see our End User Privacy Statement (https://cognitohq.com/privacy-statement/).
Do Not Track Disclosures
Some web browsers may transmit “do-not-track” (“DNT”) signals to mobile applications with which the user communicates. We currently do not change our tracking practices (which are explained in more detail in below in our Cookies Policy section) in response to DNT settings in your web browser.
Our third-party partners, such as web analytics companies and third-party ad networks, may collect information about you and your online activities over time and across our services and other online Sites. These third parties may not change their tracking practices in response to DNT settings in your web browser and we do not obligate these parties to honor DNT settings. We utilize Google Analytics for our web analytics and you can opt out of your usage data being included in our Google Analytics reports by visiting https://tools.google.com/dlpage/gaoptout.
Subject to exceptions or limitations provided by law, if you are located in the EEA or UK, you have rights regarding how personal information collected about you is used. If we have processed or are processing your personal information, you are entitled to exercise the following rights:
- The right to access. You have the right to request copies of your personal data. We may charge you a small fee for this service.
- The right to rectification. You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
- The right to erasure. You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing. You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing. You have the right to object to our processing of your personal data, under certain conditions.
- The right to withdraw consent. You have the right to revoke your consent where or when our processing of your personal information is based on consent.
- The right to data portability. You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party such as your employer have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
If you still want to raise a question to Cognito, or otherwise exercise your rights in respect of your personal information, Cognito has appointed DataRep as its Data Protection Representative for the purposes of the GDPR in the EU/EEA and the Data Protection Act 2018 (as amended) in the UK.
You may contact DataRep by sending an email to moc.peratad@otingoc or by contacting our Data Protection Representative via webform at https://www.datarep.com/cognito.
International Data Transfers
We do not share your Personal Data with third parties, unless it is necessary to carry out your request, to provide you the services, for our professional or legitimate business needs, or as required or permitted by law. Where we do transfer your Personal Data to third parties or service providers, appropriate arrangements will be made in order to ensure correct and secure data processing in compliance with applicable data protection law. Whenever we transfer your information, we take steps to protect it.
We collect information globally and store that information in the United States. Your Personal Data may be processed outside of the EEA and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection as the EEA.
In the event we process your Personal Data in a country not subject to an adequacy decision, we will ensure that the recipient of your Personal Data offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission.
You can obtain more details of the protection given to your Personal Data when it is transferred outside Europe by contacting us below.
Use by Minors
We do not knowingly collect any personal data from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through our Sites. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce our policy by instructing their child not to provide Personal Data through the Sites without permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through our Sites, please contact us at: moc.qhotingoc@ycavirpand we will use commercially reasonable efforts to delete that information.
We collect certain information (automatically) through the use of “cookies” and similar tracking technologies. Cookies are small text files that are stored in a computer’s browser directory. Cookies help site providers understand how website visitors use a site, remember an Authorized User’s login details, and store site preferences.
- ensure our services function properly;
- detect and prevent fraud;
- understand how visitors use and engage with our Sites; and
- analyze and improve our services.
What types of Cookies we Use
We use both first-party cookies, or cookies placed and read by Cognito directly when you use our services, and third-party cookies, or cookies not set by Cognito, but by other companies for site analytics purposes.
We use Google Analytics for aggregated, anonymized website traffic analysis. We also send Google your IP Address. We use Google Analytics to track aggregated website behavior, such as what pages you looked at and for how long. This information is important to us for improving the user experience and determining site effectiveness.
If you wish to block, erase, or be warned of cookies, please refer to your browser instructions or “help screen” to learn about these functions. If your browser is set to not accept cookies or if you reject a cookie, you may not be able to use our Sites and certain parts of our services.
If you would like access to what browsing information we have, please reach out to us via our form contact. You can opt out of your usage data being included in our Google Analytics reports by visiting: https://tools.google.com/dlpage/gaoptout.
How to Contact Us
BlockScore, LLC D/B/A Cognito
Attn: Privacy Officer
340 S Lemon Ave, Suite 4260
Walnut, CA 91789
EEA and UK Residents
Cognito has appointed DataRep as its Data Protection Representative for the purposes of the GDPR in the EU/EEA and the Data Protection Act 2018 (as amended) in the UK. If we have processed or are processing your personal data, you may be entitled to exercise your rights under GDPR in respect of that personal data. If you are an end user of our Customer, on whose behalf we have processed your Personal Data, is also located the EEA or UK, you should contact our Customer about your Personal Data instead of Cognito’s Data Protection Representative.
UK and EEA residents may direct privacy concerns to DataRep, our Data Protection Representative, by sending an email to moc.peratad@otingoc or via online webform at http://www.datarep.com/data-request.
107-111 Fleet Street
EC4A 2AB, London
Cork, T12 H1XY
Republic of Ireland
Information we collect
Information you provide to us
We collect the personal information you provide to us when you Website Visitors. The categories of information we may collect include:
- Personal Identifiers, including name, email address, postal address, and telephone number
We collect the personal information you provide to us when you Business Prospects. The categories of information we may collect include:
- Personal Identifiers, including name, email address, postal address, and telephone number
- Commercial and Financial Information, including signature
To the extent we process deidentified personal information, we will make no attempt to reidentify such data.
Information collected automatically
We automatically collect internet or other electronic information about you when you visit our website, such as IP address, browsing history and interactions with our website. This data may be collected using browser cookies and other unique personal identifiers.
Information from other sources
We may collect personal information about you from third-party sources, including Data Analytics Providers and Data Brokers.
How long we keep your data
We do not retain data for any longer than is necessary for the purposes described in this Policy.
How we share and disclose information
Information Disclosed for Business or Commercial Purposes in the Last 12 Months, and Categories of Parties Disclosed To
We may disclose the following personal information about you when you Website Visitors:
|Personal Information Disclosed||Recipient (by Category)|
|Personal Identifiers||Governance, Risk & Compliance Software, IT Infrastructure Services, and Web Hosting Services|
|Online Identifiers||Cybersecurity Providers, Data Analytics Providers, IT Infrastructure Services, and Web Hosting Services|
We may disclose the following personal information about you when you Business Prospects:
|Personal Information Disclosed||Recipient (by Category)|
|Personal Identifiers||Business Operations Tool, Collaboration & Productivity Tools, Customer Support Tools, Governance, Risk & Compliance Software, IT Infrastructure Services, Sales & Marketing Tools, and Web Hosting Services|
|Online Identifiers||Business Operations Tool, Cybersecurity Providers, Data Analytics Providers, IT Infrastructure Services, and Web Hosting Services|
|Internet Activity||Ad Networks, Business Operations Tool, and Sales & Marketing Tools|
|Commercial and Financial Information||Business Operations Tool|
California Privacy Notice (CCPA)
This section provides additional information for California residents under the California Consumer Privacy Act (CCPA). The terms used in this section have the same meaning as in the CCPA. This section does not apply to information that is not considered "personal information," such as anonymous, deidentified, or aggregated information, nor does it apply to publicly available information as defined in the CCPA.
Collection and Disclosure of Personal Information
The personal information we collect is described above in Information we collect. The personal information we disclose for business or commercial purposes is described above in How we share and disclose information. The length of time for which we retain personal information is described above in How long we keep your data.
Business and Commercial Purposes for Collection
We collect personal information for the following business purposes:
- Advertising and Marketing
- Provide Products or Services
- Quality Assurance
We also "sell" (as defined in the CCPA) personal information for commercial purposes, including to advertise and market our products.
Information “Sharing” and “Selling”
We use third party data analytics providers and this may be considered a “sale” of information under the CCPA.
You may opt-out of these data practices here.
We do not knowingly sell or share (for cross-context behavioral advertising) the personal information of consumers under 16 years of age.
Your CCPA rights are described below. You can make a Request to Know or a Request to Delete under the CCPA by submitting a Privacy Request at the top of this page, or by clicking here, or by emailing us at moc.qhotingoc@ycavirp.
Right to Know
You have the right to request to know the following about the personal information we have collected about you in the past 12 months:
- the categories and specific pieces of personal information we have collected about you
- the categories of sources from which we collect personal information about you
- the business and commercial purposes for which we collect personal information
- the categories of third parties with whom we share the information
- the categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose
The information we would provide to you in response to a Request to Know Categories is contained in this Privacy Notice. To access the specific personal information we have about you, submit a Request to Know via the link above. If you make a Request to Know more than twice in a 12-month period, we may require you to pay a small fee for this service.
Right to Delete
You have the right to request that we delete any personal information about you that you have provided to us. We will permanently delete from our records any personal information that is not necessary for our business operations and direct our service providers to do the same.
We consider information to be necessary for our business operations if it is used to:
- Complete an obligation to you that you have requested
- Detect and resolve issues related to security or functionality
- Comply with legal obligations
- Enable solely internal uses
Right to Non-Discrimination
If you exercise your CCPA consumer rights:
- We will not deny goods or services to you
- We will not charge you different prices or rates for goods or services, including through the use of discounts or other benefits or penalties
- We will not provide a different level or quality of goods or services to you
Right to Opt-Out
You have the right to opt-out of any selling and sharing of your personal information.
You may exercise your right to opt-out here.
Opt-Out Preference Signals. Your browser settings may allow you to automatically transmit the Global Privacy Control (GPC) signal to online services you visit. When we detect such signal, we place a U.S. Privacy String setting in your browser so that any third party who respects that signal will not track your activity on our website. GPC is supported by certain internet browsers or as a browser extension. You can find out how to enable GPC here.
Right to Correct
You have the right to correct inaccuracies in your personal data, taking into account the nature of the data and our purposes for processing it.
Before we can respond to a Request to Know or Request to Delete, we will need to verify that you are the consumer who is the subject of the CCPA request. Verification is important for preventing fraudulent requests and identity theft. Requests to Opt-Out do not require verification.
Typically, identity verification will require you to confirm certain information about yourself based on information we have already collected. For example, we will ask you to verify that you have access to the email address we have on file for you. If we cannot verify your identity based on our records, we cannot fulfill your CCPA request.
For a request that seeks specific personal information, we ask that you sign a declaration stating that you are the consumer whose personal information is the subject of the request, as required by the CCPA.
In some cases, we may have no reasonable method by which we can verify a consumer's identity. For example:
- If a consumer submits a request but we have not collected any personal information about that consumer, we cannot verify the request.
- If the only data we have collected about a consumer is gathered through website cookies (i.e. the consumer visited our website but had no other interaction with us), we are unable to reasonably associate a requester with any data collected; therefore, we cannot verify the request.
- If we process a consumer’s information as a service provider to another organization, we are not permitted to respond in a substantive way to that consumer’s CCPA request. We will, however, assist the organization in fulfilling your privacy request.
A California resident's authorized agent may submit a Request to Know or a Request to Delete under the CCPA by emailing us at moc.qhotingoc@ycavirp. Requests submitted by an authorized agent will still require verification of the person who is the subject of the request in accordance with the process described above. We will also ask for proof that the person who is the subject of the request authorized an agent to submit a privacy request on their behalf. An authorized agent that has power of attorney pursuant to California Probate Code section 4121 to 4130 must submit proof of statutory power of attorney, but consumer verification is not required.
If you have trouble accessing this notice, please contact us at moc.qhotingoc@ycavirp.
If you have any privacy-related questions, please send them to moc.qhotingoc@ycavirp.