Privacy Notice Cognivia

Last update: 1/04/2025

Introduction

At Cognivia, we place great importance on protecting your personal data and being transparent about our practices. This privacy notice aims to clearly inform you about:

  • The types of data we collect when you use our website
  • The reasons why we collect this data
  • How we use and protect your information
  • Your rights regarding your personal data

We are committed to fully complying with current regulations, particularly the European Union's General Data Protection Regulation (GDPR).  We invite you to read it carefully and contact us if you have any questions.

This notice policy applies where we are acting as a data controller with respect to the personal data of our website visitors (namely candidates and prospects) and potential customers, in other words, where we determine the purposes and means of the processing of that personal data.

Please note that this Privacy Notice does not apply to other websites, applications or platforms offered by Cognivia or its affiliates. We advise you to look at the relevant privacy notices when using such websites, applications or platforms.

We also recommend reading our Cookie Policy, which provides additional information about the use of cookies on our website, how you can manage your cookie preferences, and how these preferences may affect your privacy. The Cookie Policy can always be accessed via the link available at the bottom of our website.

This policy was last updated on1.04.2025 and may be periodically modified. We encourage you to consult it regularly to stay informed about our data protection practices.

Information about us

This website is an initiave of Cognivia, a company incorporated and existing under the laws of Belgium with registered address at Rue Granbonpré 11, 1435 Mont-Saint-Guibert and with company number BE0534842954 (referred to as “Cognivia” or “we” or “us”). Cognivia also operates in the US (Cognivia USA Inc., 33 Monmounth street, 315 Red Bank, NJ 07701). You can contact our Data Protection Officer (“DPO”) in writing at the following address: Rue Granbonpré 11, 1435 Mont-Saint-Guibert, Belgium or by sending an email to DPO@cognivia.com

What is personal Data?

Personal data is defined as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

What are my rights?

Under the GDPR, you have the following rights, which we will always work to uphold:

  • Right to Information: You have the right to be fully informed about how we collect and use your personal data. This notice aims to provide comprehensive information, but we're always available to answer any additional questions.
  • Right of Access: You can request details of the personal data we hold about you and obtain a copy of this information.
  • Right to Rectification: If you believe any of your personal data in our possession is inaccurate or incomplete, you have the right to request corrections.
  • Right to Erasure: In certain circumstances, you can ask us to delete your personal data. This right is not absolute and applies only in specific situations, such as when we no longer need your data for the original purpose or when you withdraw consent.
  • Right to Restrict Processing: You can request that we limit the use of your personal data under certain conditions, like when you contest the accuracy of the data or when you've objected to our processing.
  • Right to Object: You have the right to object to our processing of your personal data, particularly when it's based on our legitimate interests. We will cease processing unless we can demonstrate compelling grounds to continue.
  • Right to Data Portability: In some cases, you can request a copy of your personal data in a structured, commonly used, and machine-readable format for transfer to another service provider.
  • Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not engage in such practices with your personal data.

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

For more information about our use of your personal data or exercising your rights as outlined above, we advise you to consult our FAQs (if any) or we advise you to contact our DPO (DPO@cognivia.com). There is in principle no charge for exercising your right. If, however, your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your request within one month after receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection (namely the Belgium Data Protection Authority). You may do so in the country of your habitual residence, your place of work or the place of the alleged infringement. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first.

What personal data do we process?

In this section we have set out:

  • the general categories of personal data that we may process
  • the purposes for which we may process personal data; and
  • the legal bases of the processing.

Depending upon your use of our website, we may collect some or all of the following personal:

Usage Data

We may handle information about your usage of our website, referred to as "usage data." This usage data may include your IP address, geographic location, browser type and version, operating system, referral source, duration of visit, page views, and navigation paths, in addition to details about the timing, frequency, and patterns of your service use. The source of this usage data is our analytics tracking system. We may analyze this information to understand how the website is utilized. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website. However, we may request your consent when using non-essential cookies. For further details, please refer to our cookies policy.

Job application Data

Your contact information, resume, and cover letter ("Job application data") may be processed by us. Your name, address, phone number, email address, profile photographs, gender, date of birth, relationship status, interests and hobbies, educational background, and career history are all possible pieces of information that may be included in your job application.

The Job application data may be processed for the following purposes: assess your skills, qualifications, and suitability for the role, communicate with you about the recruitment process, and keep records related to our hiring processes.

The legal basis for processing Job application data is the performance of the contract. The processing is necessary for the execution of pre-contractual measures and the establishment of the contractual relationship between Cognivia and the candidate.

We may retain personal data from your job application for as long as it is necessary for our recruitment process but not longer than one year. In case we would like to keep it longer, we will request your consent. You may withdraw your consent at any time by sending an email to DPO@cognivia.com and we will remove your data from our database.

Cognivia will always ask for your explicit consent to contact your previous and current employers and/or the contacts you have indicated for background check.

Enquiry Data

Information about our business and/or services that you provide to us through an inquiry or registration form may be processed by us ("enquiry data"). To provide, market, and sell you pertinent services, the inquiry data may be processed. Additionally, this is true if you sign up for a webinar or enter a contest. Our genuine interest serves as the legal foundation for this process.

Notification Data

We may collect and process information that you provide to us when you subscribe to our newsletters or when you are in contact with Cognivia, referred to as "notification data." This notification data may be used to send you the appropriate notifications and/or newsletters. The legal basis for this process is our legitimate interest.

Customer Relationship Data

We may handle information related to our customer relationships, which includes customer contact details, referred to as "customer relationship data." This data may encompass your name, employer, job title or role, contact information, and any information from communications between you (or your employer) and us. The source of this customer relationship data is you or your employer. We may process this data to manage our relationships with customers, facilitate communication, maintain records of those interactions, and promote our products and services. The legal basis for this processing is our legitimate interests, specifically the effective management of our customer relationships.

Supplier Relationship Data

We may collect and process information related to our relationships with suppliers, which includes supplier contact details, referred to as "supplier relationship data." This data may consist of your name, employer, job title or role, contact information, and any information from communications between you (or your employer) and us. The source of this supplier relationship data is you or your employer. We may use this data to manage our relationships with suppliers and partners, facilitate communication with them, and maintain records of those interactions. The legal basis for this processing is our legitimate interests, specifically the effective management of our supplier relationships.

Board of directors & shareholders Data

We may collect and process information related to our board of directors and shareholders, referred to as “Board members and Shareholders data”. The Board of directors and shareholders' data may include the following personal data: name, surname, residence/address, date of birth, nationality, tax numbers, email address, phone numbers, professional experience, studies, number of shares the shareholders have.

This personal data may be processed for the purposes of appointing board members and the publication of the information in the Belgian Official Gazette, assessing competences and suitability of board members, organizing board meetings, and shareholders meetings The legal basis for this processing is our legitimate interest and our legal obligation.

Handling of Third-Party Information

In certain circumstances, we may need to process personal information related to individuals other than our direct customers or users. This could occur in situations where we need to establish, exercise, or defend legal claims, whether through court proceedings or alternative dispute resolution methods. Our legitimate interest in protecting and asserting legal rights - ours, yours, and those of others - serves as the legal basis for such processing.

We might also need to process personal data for insurance-related purposes, risk management, or when seeking professional guidance. Again, our legitimate business interests in safeguarding our operations against potential risks justify this process.

Beyond these specific scenarios, we may process personal data when required to comply with legal obligations or to protect the vital interests of an individual, whether that's you or someone else. We kindly request that you refrain from providing us with personal information about other individuals unless we specifically ask you to do so.

Management of your data

Engagement of Third-Party Data Processors

Our company reserves the right to utilize external data processing services, which may include affiliates within our corporate group. These third-party processors are entities or individuals who handle personal data on our behalf, acting under our directives as the data controller. We ensure that all data processors maintain strict security and confidentiality standards for the data they manage. We may employ processors for various functions, including but not limited to:

  • Hosting services
  • Administrative tasks
  • Marketing initiatives
  • Data analysis
  • Communication management

To safeguard your personal information, we have implemented robust contractual agreements with our processors. These contracts mandate adherence to the highest privacy standards and data protection practices. Our processors are obligated to maintain the utmost level of data security and confidentiality in all their operations.

Sharing Personal Information with External Parties

Beyond the specific instances outlined in this section, there are other circumstances under which we may share your personal information:

  • Legal Proceedings: We may disclose your data if it's essential for establishing, exercising, or defending legal claims. This applies to court cases, administrative procedures, or out-of-court settlements.
  • Regulatory Compliance: If we're legally obligated to do so, we may share your information to comply with applicable laws and regulations.
  • Protection of Vital Interests: In rare cases, we might disclose your data if it's necessary to protect your fundamental interests or those of another individual.

These disclosures are always conducted in accordance with relevant data protection laws and our privacy policies. We strive to ensure that any third parties receiving your data maintain appropriate security measures and use the information only for the specified purposes.

We may disclose AGM data for the purpose of providing assistance in the management of participation and voting procedures, and for analyzing the composition of the shareholder base of Cognivia.

International transfers of your data

Under specific conditions, we might retain or send all or part of your personal information to nations outside the EEA. This could be the case, for example, when we employ processors that use sub-processors. These are referred to as "third countries" and could not have as robust data protection regulations as the EEA. As a result, we will take the following extra measures to guarantee that your personal information is handled as securely and safely as it would be under the EEA and the Data Protection Legislation:

We send your personal information to third parties whose data protection laws are considered "adequate" by the Swiss Federal Council, the UK government, or the European Commission. Additional details can be found on the websites of the FDPIC, ICO, and the European Commission.

For the transfer of personal data to third countries, we employ particular agreements with outside parties that have been authorized by the European Commission. The same standards for protecting personal data that would be required by the GDPR, UK GDPR, and Swiss FADP must be met under these contracts.

Similar limitations apply if you live outside the EEA.

For more information on the specific data protection procedures, we employ when sending your personal information to a third country, please get in touch with us.

How long we keep your data

Type of data Period
Usage Data Please check our cookies policy for the detailed retention periods
Enquiry Data 6 months
Job Application Data 3 months after the end of the recruitment process and maximum 1 year
Customer/Supplier relationship Data 10 years after the end of the contractual relationship
Board members and shareholders Data 5 years and maximum 10 years after the company has been liquated.

Retention periods for your personal information may not always be predetermined. While we strive for transparency, certain circumstances require flexibility in our data retention practices. This is particularly true when we face legal obligations or when the protection of crucial interests is at stake. In such cases, we may need to retain your data for longer than our standard periods. This extended retention could be necessary to comply with our legal responsibilities or to safeguard essential interests - whether they're yours or those of another individual. Rest assured, any such retention is carried out in accordance with applicable data protection laws and our commitment to privacy.

Protection of your Data

Safeguarding your personal information is our top priority. We implement robust technical and organizational measures to ensure the protection of your data. Our comprehensive approach includes:

  • Regularly updated policies and procedures
  • State-of-the-art IT security systems
  • Strict confidentiality and data integrity protocols

We continuously adapt our security framework to align with evolving regulations and industry best practices. Access to personal data within our organization is tightly controlled. We adhere to a stringent 'need-to-know' principle, granting data access exclusively to authorized personnel whose activities are closely monitored. This approach minimizes the risk of data misuse and ensures that your information remains secure at all times.

Third party websites

Our website contains connections to external websites through clickable links and informational references. It's important to note that we do not have any authority over or influence on the privacy practices and policies implemented by these third-party entities.

As such, we cannot be held accountable for how these external websites handle personal information or maintain user privacy. We encourage our users to review the privacy policies of any external sites they visit through our platform to understand how their data may be collected, used, or shared.

Changes to this Privacy Notice

We may periodically revise this Privacy notice to reflect changes in our practices, legal requirements, or the features of our website that impact data protection. Any modifications will be promptly published on our site.

We encourage you to review our Privacy Notice regularly to stay informed about how we handle your personal information.