The EU General Data Protection Regulation (GDPR) is the most comprehensive change to EU data privacy law in decades. It will take effect from the 25th May 2018. Cognitia Consulting Limited are working hard to ensure our full compliance by this date.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. For EUR residents, the regulation aims to increase their control over their personal data. For businesses, the GDPR becomes a unifying regulation across the EU. Once the GDPR takes effect on the 25th of May, it will replace the 1995 Data Protection Directive.
Does this affect me?
The GDPR regulation applies to any EU residents’ data, regardless of where the processor or controller is located. This means that if you’re using Cognitia Consulting Limited from the US to reach out to other US corporations, the regulation doesn’t affect you. But if some of your customers or Company or leads are in the EU, you should pay attention to it. In practice, most companies need to take the GDPR into consideration.
How Cognitia Consulting Limited is complying with the GDPR
Even though the GDPR only applies to data from EU residents, we took the decision to apply broadly the
requirement of the regulation. This means we don’t restrict any privacy related feature based on the geographical location of a data subject. Here are some of the actions we’ve taken to ensure we’re compliant:
We’re taking the security of the data we manage very seriously.
The Cognitia Consulting Limited servers are physically secure and may only be accessed by Cognitia Consulting Limited technical or support personnel whose jobs specifically relate to maintaining the integrity of the Cognitia Consulting Limited servers or supporting product-related functions. Such individuals are required to maintain the security of the servers and the confidentiality of the information contained in the servers.
Cognitia Consulting Limited takes all reasonable and appropriate steps to protect your personal information, including by encrypting such information, maintaining readily accessible steps to limit access, working to detect unauthorized access, and not storing such information any longer than we need to.
Our privacy team has analyzed the requirements of the GDPR and is working to enhance our policies, procedures, contracts and platform features to ensure we comply with the GDPR and enable compliance for our customers.
Your data is protected between you and our systems. We take multiple steps to prevent eavesdropping between you and our systems, as well as within our infrastructure. All network traffic runs over SSL/HTTPS, the most common and trusted communications protocol on the Internet. Internal infrastructure is isolated using strict firewalls and network access lists. Each system is designated to a firewall security group by its function. By default, all access is denied and only explicitly allowed ports are exposed.
If we see something, we’ll react quickly and remedy the issue. We’re not resting on our laurels. We’re always looking for potential system interruptions. If we do find something out of place, we’ll address the issue in a manner that it won’t be an issue in the future. We’ve invested in ensuring we can detect and respond to security events and incidents that impact its infrastructure.
We’re relentlessly updating our systems to protect your data. Our virtual systems are replaced on a regular basis with new, patched systems. System configuration and consistency are maintained using a combination of configuration management, up-to-date images and continuous deployment. Through continuous deployment, existing systems are decommissioned and replaced by up-to-date images at a regular interval.
Only people who need access, get access. Data system access is limited to key members of the Cognitia Consulting Limited team.
Don’t just take our word that our systems are secure. We don’t. Even though we’ve designed secure systems and procedures, we regularly perform security tests to identify and remediate potential vulnerabilities. We also conduct periodic penetration tests with expert third-party vendors to help keep our applications safe and secure. These tests cover network, server, database and in-depth testing for vulnerabilities inside Cognitia Consulting Limited applications.
We prevent single points of failure. Even if there is an interruption to one system, the rest of our services stay up and secure. We physically separate the database instances from application servers and heartily believe in the mantra of single function servers. All login pages pass data via SSL/TLS for public and private networks, and only support certificates signed by well known Certificate Authorities (CAs). All email and CRM credential related data is encrypted while in transit as well as at rest using military grade encryption to ensure the security of user IDs and passwords. Cognitia Consulting Limited application passwords are hashed and even our own staff can’t retrieve them. If lost the password must be reset.
- Log retention
To improve, debug or prevent fraud on the service, we keep a variety of logs. We now make sure logs are destroyed at most 3 months after their collection date. We never use those logs of anything else than monitoring and debugging.
- Data portability
The GDPR gives the right to any user to download any data that he provides to a service. This allows for easier migration to other services. We think this is a great idea and Cognitia Consulting Limited has always made it possible for user to download their data.
- Right of erasure
Because we deal with publicly available web data, information removed from a website are also removed from our database. But if a data subject wishes to speed up the removal of any in our index, we offer a simple an efficient way to claim email addresses. It is then possible to either update the data or entirely remove it.
We are committed to safeguarding your privacy. This Policy explains how we collect and use personal information.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.cognitia.co.uk or www.getyourcscscard.co.uk you are accepting and consenting to the practices described in this policy.
For the purpose of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) (GDPR), the data controller is Zoe Phillips.
To contact the data protection officer you should email: firstname.lastname@example.org
The information we collect
This Policy applies to information you give us, through our website or by corresponding with us and information collected by us as you visit or interact with our website.
The data you provide may include:
- Your name
- Your email
- Your contact details
- National Insurance number (for registration with Awarding Bodies and the Learner Record Service)
The data we collect about you may include, but is not limited to:
- Your IP address
- Information about your browser and operating system
- Information about your visit, this may include, but is not limited to, pages looked at, visit duration, errors encountered and interaction with the pages.
How we use your information
Any personal information we collect from this website is used in accordance with the General Data Protection Regulation (EU) 2016/679) and other applicable laws.
The information you provide allows us to do the following:
- If you have made an enquiry, then we will use your contact details to respond to your enquiry.
- If you opted in to our newsletter then we send you our newsletter.
- To provide you with the information, products and services that you request from us.
- To provide you with the information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
- To notify you about changes to our services.
- To protect keep our website safe and secure.
- To improve our website and personalise it for you and your computer.
- To provide an efficient service, certain functions such as hosting, storage and disaster recovery are provided by third parties.
- To provide interactive features.
- To measure the effectiveness of our advertising.
- Register you for the qualification you have purchased.
- To take payment information in order to purchase products & services from us.
It is our policy to ensure that your personal data is not made accessible to unauthorised individuals. We have taken reasonable steps to protect both the digital and physical storage of data.
We strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk.
Your data may be kept if it is required for legal or accounting reasons.
Disclosure of your information
Analytics and search engines providers that assist us in the improvement and optimisation of our site may collect data about your IP and computer set up.
How long do we keep your data
We will not retain your personal information longer than necessary.
If legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions, we may also retain some of your information for a limited period of time as required, even after it is no longer needed to provide services to you.
Cookies are small pieces of information that are stored by your browser on your device’s hard-drive. They are used to distinguish individual users and help us improve our website.
Access to your personal information
If you would like to update or remove the data, we have about you please submit a request to the data protection officer.
If you wish to unsubscribe from our email newsletter you should use the unsubscribe link at the bottom of the email. Should this not work please contact the data protection officer, using the details at the start of this policy.
If you would like to request access to the data, we have about you please submit a request to the data protection officer.
If an access request is deemed by us to be unfounded or excessive we may charge a reasonable fee. If you request further copies of your data, then we may charge for administrative fees.
If you wish to make a complaint about our use of your data, please contact the data protection officer.
Updates to this policy
This Policy was last updated in June 2018.
Any changes we make to this policy will be posted to this page.
In this policy, unless it is obvious that they have some other meaning, the words “we”, “our” and “us” refers to www.cognitia.co.uk & www.getyourcscscard.co.uk and its owners Cognitia Consulting Limited
To contact the data protection officer you should email email@example.com
Cookies – what are they?
Cookies are small text files which are stored on your computer’s hard drive. They can be used by websites to track the user, remember preferences, allow the user to login to secure areas of websites, store items in virtual shopping baskets and a whole host of other tasks.
We may use anonymous analytics Cookies to track the number of users we have, the pages they visit, the duration of the visit, and a whole host of other useful information about how our users browse and engage our website.
Knowing this information allows us to understand our audience reach, audience demographics, the success our marketing campaigns, which areas of our website are most popular, and clearer picture of how to design and implement new changes to our website and business going forward.
We are not able to identify you as an individual using analytics Cookies.
We may use such Cookies to perform tasks such as storing the items you have added to your online shopping cart, the information you filled into a form, your credentials to keep you logged into a secure area of the website, and to remember various other preferences.
Cookies from third-parties
An example of this which is widely used across the Web is social media buttons which allow users to like, share and comment about what they find on websites and may result in Cookies being set.
We cannot view or change third-party cookies, in the same way third-parties cannot view or change cookies set by us.
Turning Cookies off in your browser
If you decide to turn Cookies off in your browser, you should be aware that certain areas and features of our website may not work as expected.
The majority of mainstream, up-to-date browsers allow you to disabled Cookies. Usually you can find where to do this by going to the options or preference tab within your browser. We offer some links below which may help you:
Firefox: Enable and disable cookies that websites use to track your preferences https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences.
Internet Explorer: Block or allow cookies http://windows.microsoft.com/en-GB/windows-vista/block-or-allow-cookies.
Google Chrome: Enable or disable cookies https://support.google.com/accounts/answer/61416?hl=en .
For users worried about Cookies used by advertisers, you can learn much more about them and how to disable them by visit the Your Online Choices http://youronlinechoices.eu.
You can email the data protection officer if you require any further information about Cookies.
Cancellation and Refund Policy
If you wish to cancel a course booking, you must notify us by email to firstname.lastname@example.org
Course cancellations are subject to fees in accordance with the following table of charges (No. of Days Before Course Start Date):
- More than 20 working days – 25% of course fees
- Between 11 and 20 working days – 50% of course fees
- 10 or fewer working days – Full course fees
Certificates will be held until payment is received.
Once the leaner has been enrolled on the NVQ and received access to their e-portfolio there will be no refund issued.
Learners can be replaced/updated subject to an administration fee which varies with each NVQ, ONLY if the past learner has not submitted any assessments.