Privacy and Personal Data Policy
Last updated: January 1, 2021 · Updated in accordance with GDPR and Portuguese Data Protection Law (LPDP)
The Personal Data Protection Act ("LPDP") and the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") ensure the protection of individuals with regard to the processing of personal data and the free movement of such data.
This Privacy and Data Protection Policy applies to the processing of personal data carried out by Cogniseg Lda and collected through this website (cogniseg.ai), hereinafter referred to as the "Platform".
COGNISEG is committed to protecting the personal data of its customers and users ("Users"), adopting a policy of high privacy standards, with strict confidentiality, loyalty and integrity in the handling of Personal Data.
What is Personal Data?
Personal Data means any information, of any nature and regardless of its medium, including sound and image, relating to an identified or identifiable natural person. A person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identification number or one or more factors specific to their physical, physiological, mental, economic, cultural or social identity.
Key Definitions
- Supervisory Authority — an independent public body established by an EU Member State responsible for monitoring the application of the GDPR. In Portugal, this is the CNPD (Comissão Nacional de Proteção de Dados).
- Consent — a freely given, specific, informed and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of their personal data.
- Data Protection Officer (DPO) — a person or entity appointed to ensure compliance with data protection regulations within an organisation.
- Controller — the natural or legal person that determines the purposes and means of processing Personal Data.
- GDPR — General Data Protection Regulation (EU) 2016/679 of 27 April 2016.
- LPDP — Portuguese Law No. 58/2019 of 8 August, implementing the GDPR in national law.
- Data Subject — the identified or identifiable natural person to whom the collected Personal Data relates.
Who is the Data Controller?
COGNISEG Lda is the Controller of your Personal Data collected through this website. As controller, it reserves the right to subcontract other entities to carry out that Processing on its behalf. COGNISEG is not required to appoint a Data Protection Officer under GDPR and LPDP.
What Personal Data is collected, for what purposes and on what legal basis?
COGNISEG only processes the following categories of Personal Data collected through the website, for the purposes and on the legal bases identified below:
| Data Category | Purpose | Legal Basis |
|---|---|---|
| Identification data: name, email, company | Responding to contact form requests and commercial proposals | Legitimate interest / Pre-contractual steps |
| Contact data: email | Newsletter and informational materials | Consent* |
| Contact data: email | Direct marketing (promotions and commercial proposals) | Consent* |
| Identification and contact data | Responding to judicial or administrative authority requests; fraud prevention | Legal obligation |
| Online interaction data: IP address | Website traffic analysis and security | Legitimate interest |
* The collection form includes a field for the User to expressly give Consent. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.
Data Collected Automatically
Browsing the Platform involves only the collection of the Internet Protocol ("IP") address. The domain server records and stores information normally logged by default: the IP address, date and duration of access, and the referring website URL. This information is used to measure visits to different areas of the Platform and to improve its usefulness for Users.
When do we share Personal Data?
COGNISEG may use other entities for certain services, which may require access to Users' personal data (e.g., consultancy service providers). In such cases, COGNISEG ensures through contracts and data processing clauses that any Subprocessor offers adequate technical and organisational guarantees. Personal data is not normally transferred outside the European Union.
Retention Period
Personal Data is retained only for as long as necessary for each purpose. Legal obligations (e.g., tax) may require longer retention. Data processed on the basis of Consent is retained until that Consent is withdrawn.
Your Rights as a Data Subject
COGNISEG guarantees Users the following rights at any time:
- Right of access — obtain confirmation of processing and access to your data
- Right of rectification — correct incomplete or inaccurate data
- Right to erasure — request deletion when data is no longer necessary, consent is withdrawn, or processing was unlawful
- Right to restriction of processing — request restriction in specific circumstances
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interest or for direct marketing
- Right to withdraw consent — at any time, without affecting prior processing
- Right to lodge a complaint — with the CNPD at www.cnpd.pt
Security Measures
COGNISEG is committed to ensuring the security of personal data provided to us. We have adopted technical and organisational security measures to protect personal data against unauthorised access, loss, misuse, alteration or destruction. All data is processed over a secure SSL connection (128-bit encryption). Users are advised to also adopt additional security measures on their devices.
Changes to this Policy
COGNISEG reserves the right to make adjustments or changes to this Privacy Policy at any time, and such changes will be published on this website.
Contact
To exercise your rights or for any data protection enquiry, contact us:
- Email: dpo@cogniseg.com
- Phone: +351 211 452 334
- Address: Avenida da Liberdade nº129-B, 1250-140 Lisbon, Portugal