Privacy Policy
Please select your language below:
Norsk | Nederlands | Svenska | Dansk | Español | Deutsch | Italiano | Suomen kieli | French
1. Introduction and General Terms
This Privacy Policy covers the processing of personal data by the Cognism group = (“Cognism”, “we”, “us” or “and” in this policy) when providing its services to its clients. If you have any questions or comments about this Privacy Policy, please contact us at:
Telephone: +44 20 3858 0822
Email: privacy@cognism.com
Cognism is committed to protecting and respecting your privacy. This Privacy Policy explains the basis on which personal data we collect from you or from public sources or third parties will be processed by us. Where we decide the purpose or means for which this personal data is processed, we are the “data controller.” We will comply with all applicable data protection laws, including the General Data Protection Regulation 2016/679 (“GDPR”), the retained version of the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and defined in section 3(10) of the Data Protection Act 2018 (DPA 2018) (“UK GDPR”); the DPA 2018; and the California Consumer Privacy Act and implementing regulations ("CCPA”). You have the right to object to us processing your personal data for direct marketing purposes. Please see paragraph 7 below for more details on how to do this.
Processing activities related to (1) creation, development and maintenance of, and (2) supply of and access to, the Cognism database are controlled by Cognism Limited (UK) and Cognism d.o.o. (Croatia), jointly or independently depending on (a) the specific processing activity and/or (b) the element of the Cognism Database to which the processing activity relates.
Any Cognism group company (Cognism Limited (UK), Cognism Inc (US), Cognism d.o.o (Croatia), NESTAG GmbH (Germany), Mailtastic Limited (UK), KASPR SAS (France)) may be a controller in respect of processing activities related to Cognism group marketing functions, jointly or independently depending on the specific processing activity.
This Privacy Policy explains the following:
- What personal data we may collect about you;
- Why our processing is lawful;
- Who we may share your information with;
- How we will use that information;
- Who we may disclose that information to; and
- Your rights regarding the information.
2. What information will COGNISM collect about me?
We collect and process the following data, which may include your personal data.
Cognism’s Website: If you contact us about our services or request a demo on our website, the forms you complete or the emails you send may include information about you, such as your full name, your email address, the organisation on behalf of whom you are contacting us and your enquiry.
Cognism’s Online Client Platform: In order to provide a Cognism Client with access to our platform and enable them to access our services, we collect the full name, email address and password of each individual authorised by such client to access the platform.
Analytics on the Website and the Platform: Our website and online client platform uses cookies and other mechanisms to collect and log analytical information, to help analyse use, to compile statistical reports on use of our website and to improve our website and marketing. To find out more about the use of cookies and adjust your cookie preferences, please see our cookie policy here.
The following data may be collected:
- number of visitors to our website;
- pages visited while at the website and time spent per page;
- page interaction information, such as scrolling, clicks and browsing methods;
- websites where visitors have come from and where they go afterwards;
- page response times and any download errors; and
- other technical information relating to end user device, such as IP address or browser plug-in.
Cognism Database: Cognism gathers current and historic business contact data.
Cognism collects business contact and similar information related to individuals when they are acting in their professional or employment capacity. Cognism then uses this information to create professional profiles of individuals and profiles of businesses. We provide this information to our clients, who are businesses trying to reach business professionals for their own business-to-business sales, marketing, and recruiting activities. The data collected about individuals on the Cognism Database comprises:
- Name;
- Employer Company & Company Details (including alias);
- Office Location (including City);
- Business Telephone Number;
- Business Email Address;
- Job Title;
- LinkedIn URL
We also hold data in respect of your employer company such as its name, alias, size, industry, website and industry. Where you have moved jobs, we may hold your previous employers and previous titles.
In order to provide certain aspects of its services, Cognism requires a business email address to be recorded against profiles in its database. Where Cognism does not have the business email address of a profile, it may generate a business email address based on the email address structure understood to be implemented by the employer company.
We also hold hashed personal email addresses. Hashing is a method of encryption, whereby the email address itself is confuscated, and replaced with a unique reference instead, called a hash. A hash is one of the means used to allow certain clients or their customers to match email addresses with the data in the Cognism platform, without providing us their data in unencrypted form. We do not reverse the hash or use the personal email address to contact you.
The majority of the personal data we collect about you comes from publicly available sources such as from business and employment-oriented social networks, recruitment websites and company websites.
Information is also gathered from correspondence with you (by email or phone), from our clients, recruiters and licensed from other premium data providers. Cognism does not seek to collect any non-business-related data for the Cognism Database such as date of birth, home address, personal email or home telephone number and Cognism does not collect sensitive personal data.
Anyone added to the Cognism database may request to be removed at any time, via email or web. We will fulfil such requests as promptly as we can, and in any event within any time period that may be required by applicable law.
Cognism Integrations
To enable Cognism to provide the Services, a Cognism Client may integrate Cognism with certain platforms, as such may be added or removed by Cognism from time to time (“Integrations”). During the use of the Integrations, data from a Cognism Client’s CRM tool, browser extension (such as Chrome Web Store) or other software will be transmitted to us, to enable Cognism to match, update, or improve fields for, such data against the data held in the Cognism Database, for example for our Instant Enrich and/or Scheduled Enrich features.
Cognism may also collect data about a Cognism Client and run these through its software to organize, scan, merge and update certain data into an existing business contact data on the Cognism Database, or otherwise improve Cognism’s research processes and the content provided by its Services.
Notwithstanding anything else in this privacy policy, when a Cognism Client provides Cognism with access to their Google email account, for the purpose of using our browser extension, Cognism will treat data from the email as “restricted use data” and only use such access to read, write, modify, or control Google email message bodies, metadata, headers, and settings to enable the software’s functionality and will not transfer this data to third-parties unless doing so is necessary to provide and improve functionality or features, comply with applicable law or regulation, or as part of a corporate reorganisation. Cognism will not, in respect of such data, engage in serving advertisements, selling, or any other purpose except as set out in this privacy policy or as otherwise allowed by mutual written agreement with you and will not allow humans to read this data unless in receipt of Cognism Client’s affirmative agreement for specific messages, necessary for security purposes (e.g., abuse investigation), to comply with applicable law or, in the case of aggregated, anonymised data only, for improving the Services generally.
Cognism leverages the API services of and has entered into a current valid data privacy agreement with, its sub-processor, Nylas Inc., to provide the full functionality of its browser extension.
Where access to Customers Google Workspace email, contacts or calendar is being requested by a Cognism integration, Customers are notified at the time of the access request being made and with a list of permissions and have control over what data is collected, including which email accounts are connected, whether any email attachments or body content is collected, and which accounts or domains should not be collected.
Cognism’ use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
3. Controller and Processor
3.1 When Cognism is a Controller
Cognism acts as a data controller when we collect and use information about data subjects who are visitors to our website and client platform, as well as when we collect and use information about data subjects for purposes of creating and maintaining our database, client platform and providing the services.
3.2 When Cognism is a Processor
When our clients use our services, they are acting as the data controller and are responsible for ensuring that personal information collected about data subjects is being processed lawfully. In those circumstances, we are acting as the data processor, and receive personal information as agents of our clients merely for processing as instructed by our clients. Our clients are solely responsible for determining whether and how they wish to use our services, and for ensuring that all third-party individuals that are a visitor to or user of a website, application, or service on which a client uses our services have been provided with adequate notice regarding the processing of their personal information, have given informed consent where such consent is necessary or advised, and that all legal requirements applicable to the collection, use, or other processing of personal information through our services have been met by such clients. Our clients are also responsible for handling data subject rights requests under applicable law, by their users and other individuals whose data they process through the services. Cognism’s obligations with respect to personal information for which we are solely a data processor are defined in our agreements with our clients and are not covered by this Policy.
4. Grounds of Processing
4.1 Consent
On some occasions, Cognism processes your data with your consent. Your consent may be obtained by third parties on Cognism’s behalf. You have the right to withdraw such consent at any time and we will cease to process data after consent is withdrawn.
4.2 Legitimate interest
Cognism processes your personal data when it is in our or our clients’ legitimate interest to do so and when these interests are not overridden by your rights. Our and our clients’ legitimate interests include: having information about potential business customers organised in one searchable database, having access to up-to-date and complete information, being able to identify the individual that occupies a certain role within a B2B lead; enabling clients to only reach out to relevant contacts, being able to generate and contact potential B2B leads in order to undertake forms of B2B marketing, having access to aggregated statistical insights for the purpose of understanding patterns and trends.
4.3 Necessary because of a legal obligation
Cognism may process your data to comply with our legal and regulatory obligations e.g. preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies.
4.4 Necessary to fulfil an obligation under a contract
Cognism may process your data where we have a contract with the individual and we need to process their personal data to comply with our obligations under the contract.
5. Data Sharing
We will share your information with the following:
5.1 Our companies
Access to personal data within Cognism and our group of companies is restricted to those individuals who have a need to access the information for our business purposes.
5.2 Cognism clients
We may share personal data with our clients or their customers as part of the offering of our services. Cognism provides limited access of its database. Cognism clients or their customers may use the data to contact individuals on their business telephone, at their business email address, through other electronic mail or through targeted display ads on social networks in order to market products and/or services. Business Data from Cognism may be disclosed to a client’s CRM, MAT, or sales enablement software as requested or directed by our clients.
By remaining in our database, you may be contacted by our clients when they are conducting their business-to-business sales, marketing, and recruiting activities. Communications you receive from our clients may be relevant to your profession or employment role, but we cannot guarantee that you will find such communications to be relevant or of interest to you.
Please note that in making available the data to its clients, Cognism is at times processing such data as a processor on behalf of the client, who is acting as the controller. Clients will act as controllers and have their own privacy policies and opt-out options, and we recommend you review them. Where Cognism has made personal data available to its clients, the client privacy policy should list Cognism as a data source.
5.3 Suppliers, subcontractors, service providers
We keep your information confidential, but may disclose it to suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this privacy policy. However, this is on the basis that they have agreed to safeguard this information.
This includes external third-party service providers, such as accountants, auditors, experts, lawyers and other outside professional advisors; IT systems, support and hosting service providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.
5.5 Government authorities
In addition, we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
5.6 Potential acquirers or investors
If we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email, account message and/or a prominent notice on our website of any change in ownership or uses of this information, as well as any choices you may have regarding this information.
6. How we will use information we collect about you
Cognism Website and Cognism Client Platform: We may process your personal data for the following purposes:
- to administer platform log-ins (where applicable) and to deliver our services to our clients or their customers under the agreed terms of service;
- to process your enquiries to reply and provide support, including providing you and/or your organisation with information about the services Cognism offers;
- to consider persons for possible employment with Cognism, and communicate about employment opportunities or submitted employment applications;
- to keep you updated via our mailing list with information on news, offers, and updates about Cognism (see below for how to unsubscribe);
- to send technical notices, updates, security alerts, and support and administrative messages;
- to facilitate contests, sweepstakes, and promotions, process entries, and deliver rewards;
- to provide and maintain the website, and to compile reports on how visitors use the Cognism website and improve the website;
- to conduct remarketing for Cognism, which allows us to show Cognism ads to people who’ve previously visited our website;
- to conduct advertising on social networks for Cognism, which means that if you link to one of our social media platforms you may be subject to targeted marketing displaying Cognism ads via that site.
We work with the third-party advertising networks and social media platforms as set out in our cookie policy here. If you would like to find out more about the way these third parties collect and process your information, please refer to their respective privacy policies.
Cognism Database: We may use your personal data on the Cognism Database for the following purposes:
- to provide, maintain and build our sales intelligence database to enable our clients or their customers to generate and manage sales leads in respect of businesses;
- to deliver, maintain and improve our services;
- to enable our clients or their customers to serve relevant display ads on social networks (such as Facebook, LinkedIn and Instagram) and other services;
- to verify, cleanse, update and maintain information provided through our services;
- to enable our clients or their customers to enrich their existing customer relationship management records and receive timely updates of changes;
- to undertake research and compile statistical aggregated reports based on data held in Cognism’s sales intelligence database (which may include inferred non-personal data, or anonymized or pseudonymized data (rendered non-personal and non-identifiable), which we or our business partners or clients may use to provide and improve our respective services;
- to run our own marketing campaigns and promote our services.
General:
We also process personal data to comply with our necessary legal and regulatory obligations. These include preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies, protecting the rights and property of Cognism and our clients, and responding to rights requests under applicable law.
If you send us objectionable content or otherwise behave in a disruptive manner when using our website, we may process personal data included in your messages to respond to and stop such behaviour. Where we reasonably believe you are or may be in breach of the law (for instance, because content you send amounts to harassment or is defamatory), we may use your personal data to inform relevant third parties such as your email/internet provider or law enforcement agencies about the content.
7. Marketing Opt-Out Options
If you’d like to permanently erase your data from the Cognism Database, please complete this form here or contact us using the above contact details. Please note that we need the information included in this form to be able to locate you in our database and action your request. The information provided will only be used to process and action your request. Your request will be processed in the shortest time possible and within the timeframes set forth in GDPR.
Where you receive a marketing email from us, and you would like to be removed from that mailing list please let us know by clicking unsubscribe at the bottom of any marketing email that you receive from us.
8. The App
Additional Limits on Use of Your Google User Data:
Notwithstanding anything else in this Privacy Policy, if you provide the App access to the following types of your Google data, the App’s use of that data will be subject to these additional restrictions:
8.1 App’s use and transfer to any other app of information received from Google Accounts will adhere to Google API Services User Data Policy, including the Limited Use requirements, which is available at the following link: https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes. Please note that these are Google policies, and as such, Cognism does not have any control or interference on the same. We recommend you to visit Google´s policies directly for further details on their procedures and future updates.
8.2 The App will only use access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
8.3 The App will not use this Gmail data for serving advertisements.
8.4 The App will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the App’s internal operations and even then only when the data have been aggregated and anonymized.
9. Hotjar
Notwithstanding anything else in this Privacy Policy, please note that we use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users' experience and this enables us to build and maintain our service with user feedback. Hotjar stores the information on our behalf in a pseudonymized user profile and is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the 'about Hotjar' section of Hotjar's support site.
10. Your rights in relation to personal data which we process relating to you
You have the following rights over the way we process personal data relating to you. We aim to comply without undue delay, and within one month at the latest.
To make a request, please contact us using the above contact details, addressed to the Data Protection Officer.
10.1 You have the right to request a copy of the personal data we hold about you and to have any inaccuracies corrected.
We will use reasonable efforts to the extent required by applicable law to supply, correct or delete personal data held about you on our files (and with any third parties to whom it has been disclosed to).
10.2 Object to us processing data about you
You can ask us to restrict, stop processing, or to delete your personal data if:
- you consented to Cognism processing the personal data, and have withdrawn that consent;
- Cognism no longer needs to process that personal data for the reason it was collected;
- Cognism is processing that personal data because it is in the public interest or in order to pursue a legitimate interest of Cognism, you don’t agree with that processing, and there is no overriding legitimate interest for us to continue processing it;
- the personal data was unlawfully processed; or
- you need the personal data to be deleted in order to comply with a legal obligation.
10.3 Obtain a machine-readable copy of your personal data, which you can use with another service provider:
- If we are processing data in order to perform our obligations to you, or because you consented, if that processing is carried out by automated means, we will help you to move, copy or transfer your personal data to other IT systems.
- If you request, Cognism will supply you with the relevant personal data in CSV format. Where it is technically feasible, you can ask us to send this information directly to another IT system provider if you prefer.
10.4 Make a complaint to a Supervisory Authority
- If you are unhappy with the way Cognism is processing your personal data, please let us know.
- If you do not agree with the way we have processed your data or responded to your concerns, or if you do not think we are handling your personal data adequately, you have the right to lodge a complaint with your local supervisory authority. the supervisory authority for Cognism Limited is the Information Commissioner’s Office. Further information, including contact details, are available at https://ico.org.uk. The supervisory authority for Cognism d.o.o. is the Croatian Personal Data Protection Agency (AZOP). Further information, including contact details, are available at https://azop.hr/.
11. Data Retention
We will hold your personal data for as long as is necessary for the relevant purpose.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
12. Children
We do not knowingly solicit data from or market to children under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at privacy@cognism.com. We will delete such information from our files within a reasonable time.
13. Security
Cognism is committed to keeping your personal data safe and secure from unauthorised access to or unauthorised alterations, disclosure or destruction of information that we hold. We will take all reasonable technical and organisational precautions to prevent the loss misuse or alteration of your personal data.
Our security measures include:
- hashing and encryption of our services and data;
- regular review of information collection;
- encryption of our services and data;
- restricted access of data to employees, contractors and agents; and
- internal policies setting out our data security.
Please be aware that, although we endeavour to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
14. Changes
We will notify you of any changes to this Privacy Policy by email and/or notice on the website, as appropriate.
15. International Data Transfers
Your personal data which you supply to us is generally stored and kept inside the UK, Switzerland and the European Economic Area (together, the “EEA”). However, due to the nature of our global business and the technologies required, your personal data may be transferred to third party service providers outside the EEA, in countries where there may be a lower legal level of data protection.
Where we transfer your data outside of the EEA, we transfer the minimum amount of data necessary, anonymise it where possible and we have agreements in place with those parties which include standard data protection clauses to ensure that appropriate safeguards are in place to protect your personal data in accordance with this Privacy Policy and the European levels of data protection. If you would like to find out more about these safeguards, please contact us.
16. California Residents & CCPA
If you are a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, you have certain rights in respect of the personal information we hold about you.
If you have questions or concerns about our privacy policies and practices, please contact us at the details set out at the top of this Policy.
Please see above for:
- the date on which this Policy was last updated (see paragraph 1)
- categories of personal information collected about you (see paragraph 2)
- categories of sources from which the personal information was collected (see paragraph 2)
- purposes for collecting and selling personal information (see paragraph 5)
- categories of third parties with whom we share personal information (see paragraph 4)
- where you have a profile on our database, a list of categories of personal information sold about you in the last 12 months (see paragraph 2)
- where you have a profile on our database, a list of categories of personal information sold about you in the last 12 months (see paragraph 2)
We have disclosed and sold personal information to third parties within the last 12 months.
We do not sell the personal information of minors under 16 years of age without affirmative authorization.
You can designate an authorised agent to make a request under the CCPA on your behalf. The authorized agent must submit proof that they have been authorized by you to act on your behalf and proof of their own identity.
You have the right to:
- request access to your personal information and request that Cognism disclose what personal information it collects, uses, discloses, and sells;
- request deletion of your personal information collected or maintained by us;
- opt-out of the sale of your personal information (fill in your details here: Do Not Sell My Info);
- not be discriminated against for exercising any of your rights under the California Consumer Privacy Act of 2018 (CCPA).
To make a verifiable request, please contact us using the above contact details, addressed to the Data Protection Officer or call us on 001 8338291090 We may verify your request by asking for proof of identity.
Last updated – 11 January 2024