Your privacy is important to us.
Our Data Practices
Notice to End-Users
Our services are intended for use by our business Customers. Where services are made available to you through a Customer, that Customer is the data controller of your personal data. Cognito is a data processor where it is facilitating identity verification, watchlist screening, and antifraud screening services at the direction of our Customer.
Our Customers are able to:
- Access and describe your personal data that you provided to them;
- Access and export your personal data processed by them; and
- Amend your personal data, including your end-user profile.
For more information on how we process end user information on our Customer’s instructions, please see our End User Privacy Statement (https://cognitohq.com/privacy-statement/).
Our Customer’s Authorized Users
Personal Data We Collect
When you communicate directly with us, we maintain a record of those communications and our responses. We collect information about your internet or electronic activity, including when you click on an email and if you click on any links provided within the email.
When you visit our Sites, we collect:
- information about your internet or electronic activity (where you clicked and how long it took);
- your device and browser data (device model number and browser type); and
- your IP address.
When you subscribe to and receive our marketing emails, we also collect your:
- name; and
- email address.
If you are a prospective customer, we collect your:
- email address;
- phone number; and
- professional information regarding your company or employer.
When you become a Customer, we track what services you have purchased from and we also collect your:
- email address;
- phone number;
- postal address; and
- professional information regarding your company or employer.
As an Authorized User for our Customer, you or our Customer’s administrator provides information to us: when our Customer registers you for access to our services; when you register to access our services; when you contact our customer support; or, when you send us an email or communicate with Cognito in connection with our services.
The information our Customer provides so that we can invite Authorized Users to access our services includes:
- business contact information, including your name, job title, the organization’s name, postal address, and your email address;
- information to authenticate your business, including incorporation documents, business licenses, office leases, and utility records;
- account login credentials, including usernames, passwords, authentication codes, and two-factor identification codes;
- troubleshooting and support data, which is data you provide when you contact Cognito for assistance with our services, including the products you use and details relating to the problem that help us provide support; and
- payment information necessary for our payment processors to process your payment, including credit card numbers, bank account information, associated identifiers, and billing addresses. (Cognito does not store full credit card data.)
How We Collect Personal Data
You or our Customer’s account administrator directly provides Cognito with most of the data we collect. We collect and process data when you:
- Register online, create an account, or submit a service or sales request for any of our services;
- Voluntarily complete a contact form or provide feedback on any of our message boards or via email; and
- Use or view our website, our web applications, or a Customer’s dashboard and our services via your browser’s cookies and similar tracking technologies;
We collect your IP address from your internet service provider.
We may purchase the contact information of prospective customers from data brokers, as part of our legitimate business interest, where applicable and permitted by local privacy laws.
How We Use Personal Data
Cognito collects, uses, and discloses information to provide, market, operate, improve, develop, and protect our services for online businesses, our Customers, that need to comply with regulations necessary to detect and prevent fraud and other malicious behavior on their websites and mobile applications.
We use information we collect to:
- Provide the Cognito Services. We base our processing of your Personal Data on our legitimate interests to operate and administer the Cognito Services. For example, to process transactions with you or with a Customer, we authenticate you when you log in, provide customer support, and operate and maintain the Cognito Services.
- Promote the security of the Cognito Services. We process your Personal Data by tracking use of the Cognito Services, creating aggregated, non-personal information, verifying accounts and activity, monitoring suspicious or fraudulent activity, and enforcing our terms and policies, to the extent this is necessary for our legitimate interest in promoting the safety and security of the Cognito Services, systems, and applications and in protecting our rights and the rights of others.
- Improve and develop the Cognito Services. We use your Personal Data to identify trends, usage, activity patterns, and areas for integration and improvement so that we continually improve the Cognito Services, including adding new features or capabilities that make the Cognito Services smarter, faster, more secure, integrated, and more useful to our Customers and their Authorized Users to the extent it is necessary for our legitimate interests in developing and improving the Cognito Services.
- Communicate with you about the Cognito Services. We send you service, technical, and other administrative or transactional emails, messages, and other types of notifications to assist with our legitimate interests in administering the Cognito Services. These communications are considered part of the Cognito Services and in most cases, you cannot opt-out of them. If an opt-out is available, you will find that option within the communication itself or in your account settings.
- Send you marketing communications. We process your Personal Data to send you marketing information, product recommendations, events, contests, promotions, and other non-transactional communications about us in accordance with your marketing preferences, as necessary for our legitimate interests in conducting direct marketing or to the extent you have provided your consent. You will find opt-out options within the communication itself or in your account settings.
- Protect our legitimate business interests and legal rights. When necessary to protect our legal rights, interests, and the interests of others, or where required by law, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger, or sale of a business.
- Promote our legitimate business interests. With your consent, we use information where you have given us explicit consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Cognito Services, with your permission.
Sharing Personal Data
What We Share
Who We Share it With (by category)
When we process your request for service, as part of our compliance procedures we may send your data to, and also use the resulting information from, credit reference agencies to prevent fraud.
How We Store and Secure Personal Data
We use data hosting service providers in the United States to host the information we collect, and we use technical measures to secure your data. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
How long we keep information we collect about you depends on the type of information:
We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Cognito Services. After such time, we will either delete or anonymize your information or, if this is not possible, we will securely store your information and isolate it from any further use until deletion is possible.
We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve the Cognito Services. Our retention timeframe varies based on our legal obligations.
Where we retain information for Cognito Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of the Cognito Services, not to specifically analyze personal characteristics about you.
Information you share on Cognito Services
If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Cognito Services. For example, we continue to display messages you sent to the users that received them and continue to display content you provided.
If the Cognito Services are made available to you through an organization, we retain your information as long as required by the administrator of your account.
If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in the Cognito Services, such as when you last opened an email from us or ceased using your account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
We would like to send you information about our services. With your consent, we send marketing information, product recommendations, events, promotions, and other non-transactional communications about us in accordance with your marketing preferences. If you have agreed to receive marketing information, you may always opt out at a later date. You have the right at any time to stop Cognito from contacting you for marketing purposes.
Your Data Protection Rights
We want to make sure you are fully aware of all of your data protection rights. Where we are using your information because we or a third party such as your employer have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Cognito Services.
If you are an end user to our Customer, on whose behalf we processed your personal information, you should contact our Customer about your privacy concerns instead of Cognito. For more information on how we process end user information on our Customer’s instructions, please see our End User Privacy Statement (https://cognitohq.com/privacy-statement/
Do Not Track Disclosures
Some web browsers may transmit “do-not-track” (“DNT”) signals to mobile applications with which the user communicates. We currently do not change our tracking practices (which are explained in more detail in below in our Cookies Policy section) in response to DNT settings in your web browser.
Our third-party partners, such as web analytics companies and third-party ad networks, may collect information about you and your online activities over time and across our services and other online Sites. These third parties may not change their tracking practices in response to DNT settings in your web browser and we do not obligate these parties to honor DNT settings. We utilize Google Analytics for our web analytics and you can opt out of your usage data being included in our Google Analytics reports by visiting https://tools.google.com/dlpage/gaoptout.
Under the California Consumer Privacy Act (the “CCPA”), and subject to exceptions or limitations provided by law, if you are a California resident you have certain rights with respect to the information we have collected about you that constitutes personal information under the CCPA.
You have the right to:
- Request information regarding the categories and specific pieces of personal information we may have collected about you in the prior 12 months (including the sources of that information and the business purpose for collecting it);
- Request deletion of personal information;
- Opt-out of any sale of your personal information, if applicable; and
- Not be discriminated against for exercising these rights.
Upon request, we will delete any personal information that is not critical to the normal business operation from our records and direct all of our service providers to do the same. We consider data to be critical to our business operation if they are used to:
- Provide goods or services to you;
- Detect and resolve issues related to security or functionality; or
- Comply with legal obligations.
You may designate someone as an authorized agent by providing written permission for the agent to act on your behalf in making a request under CCPA; the agent will need to verify their identity with us. Agents authorized by power of attorney are exempt from having to provide written permission, but must show documentation that power of attorney has been granted. We will deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.
You may exercise your consumer rights under the California Consumer Privacy Act (CCPA) via our online form. You can also contact us as provided in the “Contact Cognito” section below to exercise your data protection rights, where applicable. You may be required to provide additional information required to verify your identity before we can respond to your request.
Do Not Sell My Info
We do not sell any information that identifies you, such as your name or contact information. However, we do allow Ad Networks to collect your IP address, electronic activity while on our website, and information about your device (such as the name and model number of your device) through cookies and similar tracking technologies on our website. They use this information to advertise to you after you leave our website. This is called “retargeted advertising.” Under the CCPA’s broad definition of what it means to “sell” personal information, this form of advertising may be considered a “sale” of your information.
If you do not want us to provide this information to advertisers, you may opt out here: https://optout.aboutads.info/.
Subject to exceptions or limitations provided by law, if you are located in the EEA or UK, you have rights regarding how personal information collected about you is used. If we have processed or are processing your personal information, you are entitled to exercise the following rights:
- The right to access. You have the right to request copies of your personal data. We may charge you a small fee for this service.
- The right to rectification. You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
- The right to erasure. You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing. You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing. You have the right to object to our processing of your personal data, under certain conditions.
- The right to withdraw consent. You have the right to revoke your consent where or when our processing of your personal information is based on consent.
- The right to data portability. You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party such as your employer have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
If you still want to raise a question to Cognito, or otherwise exercise your rights in respect of your personal information, Cognito has appointed DataRep as its Data Protection Representative for the purposes of the GDPR in the EU/EEA and the Data Protection Act 2018 (as amended) in the UK.
International Data Transfers
We do not share your Personal Data with third parties, unless it is necessary to carry out your request, to provide you the services, for our professional or legitimate business needs, or as required or permitted by law. Where we do transfer your Personal Data to third parties or service providers, appropriate arrangements will be made in order to ensure correct and secure data processing in compliance with applicable data protection law. Whenever we transfer your information, we take steps to protect it.
We collect information globally and store that information in the United States. Your Personal Data may be processed outside of the EEA and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection as the EEA.
In the event we process your Personal Data in a country not subject to an adequacy decision, we will ensure that the recipient of your Personal Data offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission.
You can obtain more details of the protection given to your Personal Data when it is transferred outside Europe by contacting us below.
Use by Minors
We do not knowingly collect any personal data from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through our Sites. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce our policy by instructing their child not to provide Personal Data through the Sites without permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through our Sites, please contact us at: email@example.com we will use commercially reasonable efforts to delete that information.
We collect certain information (automatically) through the use of “cookies” and similar tracking technologies. Cookies are small text files that are stored in a computer’s browser directory. Cookies help site providers understand how website visitors use a site, remember an Authorized User’s login details, and store site preferences.
- ensure our services function properly;
- detect and prevent fraud;
- understand how visitors use and engage with our Sites; and
- analyze and improve our services.
What types of Cookies we Use
We use both first-party cookies, or cookies placed and read by Cognito directly when you use our services, and third-party cookies, or cookies not set by Cognito, but by other companies for site analytics purposes.
We use Google Analytics for aggregated, anonymized website traffic analysis. We also send Google your IP Address. We use Google Analytics to track aggregated website behavior, such as what pages you looked at and for how long. This information is important to us for improving the user experience and determining site effectiveness.
If you wish to block, erase, or be warned of cookies, please refer to your browser instructions or “help screen” to learn about these functions. If your browser is set to not accept cookies or if you reject a cookie, you may not be able to use our Sites and certain parts of our services.
If you would like access to what browsing information we have, please reach out to us via our form contact. You can opt out of your usage data being included in our Google Analytics reports by visiting: https://tools.google.com/dlpage/gaoptout.
How to Contact Us
BlockScore, Inc. D/B/A Cognito
Attn: Privacy Officer
340 S Lemon Ave, Suite 4260
Walnut, CA 91789
EEA and UK Residents
Cognito has appointed DataRep as its Data Protection Representative for the purposes of the GDPR in the EU/EEA and the Data Protection Act 2018 (as amended) in the UK. If we have processed or are processing your personal data, you may be entitled to exercise your rights under GDPR in respect of that personal data. If you are an end user of our Customer, on whose behalf we have processed your Personal Data, is also located the EEA or UK, you should contact our Customer about your Personal Data instead of Cognito’s Data Protection Representative.
UK and EEA residents may direct privacy concerns to DataRep, our Data Protection Representative, by sending an email to firstname.lastname@example.org or via online webform at http://www.datarep.com/data-request.
107-111 Fleet Street
EC4A 2AB, London
Cork, T12 H1XY
Republic of Ireland