This website (cogitant.co.uk) is owned and operated by Cogitant Limited, a company registered in England and Wales with company number 6756228.
Cogitant is committed to preserving the privacy of visitors to this website, and to treat any personal information provided via this website or otherwise in accordance with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA2018). If you have any questions about this notice or our approach to managing privacy, please contact Mike Boyle. You can contact Mike via our Contact Us page, or by other means as described on our About Cogitant page.
Please read this privacy notice carefully - it describes the scope, purpose and legal basis of any processing of personal data we may perform. We may make minor changes to our processing of your personal data and record these via an update to this privacy notice, so please check back regularly. The date of last update is shown at the bottom of the page. If a change is more significant we'll take other steps to inform you about the change.
You might think this is all a bit longwinded for such a simple website, but as one of the things Cogitant does is advise on data privacy and GDPR, we thought we should include something that would serve as an example of good practice.
What Information do we collect from you, for what purpose, and how long do we keep it?
This website collects limited personal information only, and we only collect information where we have a specific purpose in doing so. We do not collect or store any information that is considered to be sensitive personal data as defined by the GDPR / DPA2018.
All Website Visitors
If you view our website pages, we collect some limited information about your interaction with us, just like pretty well every other website. The circumstances under which some of this data may be considered "personal data" are very limited, but we're telling you about what we do in the interests of transparency.
Data we collect from you as a Website Visitor:
- Server logs: our website hosting partner records details about each page visited including a timestamp, your Internet (IP) address, and information your web browser offers our servers when it connects (browser type, configuration). We use the information to check on website performance and diagnose any faults, and have access to the information for 3 days. Our website hosting partner retains the logs for up to 30 days and uses them to identify and prevent malicious access to our site, as well as to help us with technical support when necessary. The legal basis for our processing is called legitimate interest: we've defined the interests, we need this data to satisfy the interests, and we've considered your interests and rights to privacy as part of the process. We've decided on balance it's OK for us to process your data this way. This is called the three-part test needed to justify legitimate interest as a legal basis.
- Geolocation data (not personal data): we estimate and store an approximate physical location (town, country only) based on the group of Internet (IP) addresses (the subnet) you have connected from. We also record the subnet address to reduce the number of calls we need to do to out geolocation partner. We record this information to understand and share information about the approximate locations of website visitors. The information is typically retained for a few weeks - we store a certain number of visits and when this total is reached older information is deleted. We're only interested in approximate location, so we only process data that's needed to determine this - i.e. subnet address rather than IP address. This is a simple example of privacy by design, i.e. designing a solution that avoids processing personal data wherever possible.
Contact Us users
If you choose to use the "Contact Us" facility on our Website, we collect any personal information you choose to provide:
- Name, email address, any text you enter into the subject and message boxes. We only use this information for the purpose of responding to the questions you raise, and only hold it for as long as is necessary to achieve this. Our legal basis for processing is Legitimate Interest: our interest is in answering your question, we need the data to do this, and you'd expect us to do exactly this with the data so on balance, it's OK for us to do this. Legitimate Interest is a good basis for processing data when what you're doing is exactly what any reasonable person would expect you to do with their data.
Do we disclose your information to third parties?
We will not pass your personal data on to any third parties without your explicit consent. Data may be held on our behalf by third party service providers such as website hosting and email providers. We choose our partners carefully to ensure that their controls meet the required standards. All our data is held within the United Kingdom.
How do we keep your information secure?
We employ a range of security measures to prevent unauthorised access to, or loss of any personal data we are holding.
How can you find out what information we are holding?
You can ask for a copy of your personal information at any time. There is normally no charge for this. Please make your request using the information on the page About Cogitant.
The content management system we use relies on short-term session cookies to remember choices you have made during your visit. At the end of that browsing session, the cookie expires and can't be used again. Our session cookie will have a long hexadecimal strings as its name and its only contents will be another randomly generated string.
When you first visit our site we'll display a banner with a link to this page, and a request that you consent to us using cookies. Once you have clicked 'I Agree' we'll allow some more persistent tracking cookies to be written to your computer. These cookies remain valid after your session finishes, and allow us to link a later visit you make to the site with an earlier one - we don't know who you are, but we know this is a connection from a computer we've encountered before. One of our tracking cookies - fmalertcookies - tells us that you've previously clicked the 'I Agree' button on the cookie banner, otherwise we'd have to show the banner every time you visited. The cookie has a lifespan of 12 months, so after that time you'll see the banner again have to renew your consent.
What happens when I click an external link on your website?
We can't control anything that happens to you after you've left our website, either by clicking on a link we provide or by other means. If you want to know what happens to your information on another website, take a look at their Privacy Notice. If they don't have one, don't provide any personal information to them.
What are my rights under GDPR?
As a data subject you have certain rights under GDPR, and we aim to uphold them as follows. Please note that rights are not absolute and are subject to certain qualification and exceptions.
- Right to be informed: You have the right to receive clear, transparent and understandable information about how we process your data. This Privacy Notice aims to meet this need.
- Right to access: You can ask us for a copy of personal data we hold about you.
- Right to rectification: You can ask us to correct any error you identify in data we hold about you.
- Right to erasure: You can ask us to delete data we hold about you. We will do so unless we have a compelling reason to retain (e.g. legal requirement, prevention of fraud).
- Right to restrict processing: You can ask us to stop using any of your personal data that we are holding.
- Right to data portability: You can ask us to provide your personal data in a form suitable for use by another organisation.
- Right to object: You can object to our processing where we are doing so under the legal basis of Legitimate Interest.
- Right not to be subject to automated decision-making including profiling: we don’t do this so this right has no relevance to us.
If you would like to exercise any of your rights with respect to our processing of your personal data, please use the contact information at the top of this privacy notice. We will aim to respond to your request within 10 working days.