Effective date 27/02/22022 - Version 1.3
The goal of this document is to provide anyone that comes in contact with Kognic with an understanding of how we manage personal data. There are many different circumstances when we may collect personal information but as long as you have not “Opted in” we have not collected any information that can identify you.
Since we interface with customers, users, suppliers, applicants and website visitors among others there are a number of different purposes and types of personal data that we might ask to collect from you. Below you can read more about what we collect, how we process data and all your rights with regard to your personal data.
If you want to come in contact with us at Kognic AB our HQ is located at: Lindholmspiren 7, 4117 56, Göteborg you can reach us at firstname.lastname@example.org
Our Data Protection Officer (DPO) is: Name: Daniel Langkilde Mail: email@example.com
The language of GDPR and online privacy might be formal and hard to interpret, the definitions below will provide you with help to understand what we are trying to convey.
- Personal data means any information which directly or indirectly relates to a living, identifiable person. This is a broad concept and includes names, email addresses, IP phone-number, and any other information or a combination of information which, if put together, means that the person can be identified.
- Processing covers all activities relating to the use of Personal data by an organization, collection, storage, analysis, removal and everything in between.
- Data subject is the person whose Personal data is being processed.
- Data controller is the organization that is responsible for processing data and that Personal data is processed in accordance with the law.
Principles for processing Personal data
Data privacy regulation is based on principles. Kognic appreciates and applies these principles and takes our duty to protect your personal data very seriously.
- Lawfulness, fairness, and transparency:
We obey the laws, we only process personal data in a way that you would reasonably expect, and we’re always open about our data protection practices.
- Purpose limitation:
We only process personal data for the specific reason we collected it and nothing else.
- Data minimization:
We don't process any more data than needed.
We make sure that any personal data we hold is adequate and accurate.
- Storage limitation:
We don't store personal data for longer than we need to.
- Integrity and confidentiality:
We always process personal data securely.
We collect personal data based on various legal basis that are explained in the specific Notices you see. We always aim for creating all notices specific, unambiguous and easy to understand. We continually provide you with the relevant notice and adhere to them.
Web visitors and external applications and requests for information: Legitimate interest. Platform user: Agreement. Platform data: Sub-processing as per agreement with customers. Kognic employee data: Agreement and Legitimate interest (depending on data).
You always have the right to withdraw or opt-out at any time.
The Kognic platform is a tool to process data on behalf of our clients, the data entered into the platform to be annotated or analyzed is controlled solely by the client and might contain Personal Data. We have taken contractual and technical precautions to ensure that all data managed through the platform is done so through the highest standards of privacy and security. We require and use EU model clauses, Transfer Impact Assessments and Data Processing Agreements to make business with us to ensure privacy.
Our different privacy notices
We process a lot of different personal data, and how that impacts you is dependent on how you interact with us. The categories are platform users, externals (customers, suppliers, external applicants etc) , employees, and website visitors. We manage this through different Privacy notices and consent forms dependent on the usage.
Customers and suppliers other external individuals
If you are a customer, supplier, or an external individual that has come into contact with us, we have collected your contact information (name, email address, phone number) if you have provided us with it. This is to be able to contact you, we do not sell or transfer your information to third parties, however, we put it into our CRM system Hubspot to keep track of the sales process. The information will be stored for 36 months.
If you have applied for a position through Teamtailor, we will keep the CV and work history information if a suitable position will be available. If not, you can always remove the information and if you forget, Teamtailor will remind you within 3 months.
We process personal data from our users to make the Platform as efficient and user-friendly as possible. We collect and analyze the performance of users, to help you increase the speed and quality of annotations and for the Quality managers to increase productivity. This includes identity (mail/user ID), organization, IP address, time-stamps, user behavior; speed of annotating object/shape and tasks, completed tasks as well as device and browser information.
The collection of user data is essential for the development of the platform and enables us to deliver quality, analytics, insights and in the end safe perception. We do not share the data with any third party except the specific customer that the user works with and our quality team. We use trusted and secure software applications to make this happen.
Retention of Personal data
We take the principle of storage limitation seriously and only retain personal data the shortest possible time for the intended use. In general we:
- Store Personal information for contact purposes 24 months after the last correspondence.
- Platform user Personal Information for 36 months.
- External applications 3 months.
We de-anonymize as much personal information as possible as soon as possible. We have some detailed guidelines and automated processes that can be further studied in detail here.
Who we share Personal data with
As default we don’t share personal data with anyone, however there are circumstances when we need to, these circumstances can be read in the specific consent but here is a re-cap.
- Platform user behaviour and performance information is shared with the customer of the projects as well as quality management team.
International transfers of personal data
We use carefully selected companies (BPOs) that process our customer’s data through the platform. The customer is solely responsible for the data and the BPOs are located in different places in the world (India, Philippines). We have taken all necessary precautions to ensure privacy for all. We perform all procedures and make sure that the BPOs meets the standards of the applicable laws and regulations, this is mainly done by:
- Data processing agreements with EU model clauses.
- Transfer Impact Assessments.
- We ensure adherence and compliance with EU GDPR.
- Require the highest level of IT security from our BPOs.
- We use the highest level of IT and data transfer technology.
We believe and adhere to Data rights developed through the EU GDPR, we have built processes and structures to enable you to exercise your rights:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure (known as "the right to be forgotten").
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights in relation to automated decision-making.
To exercise your right you just contact us and we will accommodate, there are no specific formal requirements, send an email to; firstname.lastname@example.org with your request.
If you have any complaints about how we manage personal data, the Swedish Authority for Privacy Protection is the overseeing government agency, you can contact them here.
Information for California Consumers
This section applies to California consumers, and it describes how we collect, use and share Personal Information of California consumers in operating our business, and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA. Under the CCPA, Personal Information is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
Collect, Use, and Share Your Personal Information
Kognic collects the following statutory categories (as defined by CCPA) of Personal Information directly from you or automatically from your device:
- Identifiers, such as your name, email address, phone number, company name and role, device identifier, IP address, unique browser ID, cookies, beacons, pixel tags, account login, and other unique identifiers,
- Professional or employment-related information, such as information about your business and your role,
- Inference data, such as information about your preferences;
- Commercial information, such as your service subscription records, and site engagement, Internet or network information, such as platform usage and website browsing and history,
- Financial information with regard to billing,
- Geolocation data, such as city, state, and country based on IP address.
California Privacy Rights
California law grants California residents consumers certain rights and imposes restrictions on particular business practices as set forth below.
- You may request access to, or for a copy of the personal information Kognic has collected, used, disclosed and disclosed about you over the past twelve (12) months.
- You may request for us to disclose the purposes for which Kognic use the personal information collected.
- You may request the categories of sources from which Kognic have collected your personal information.
- You may request that Kognic delete certain personal information collected from you.
- You have a right not to receive discriminatory treatment for the exercise of your CCPA privacy rights.
- California consumers have the right to opt-out of the sale of their personal information. Kognic does not and will not sell your personal information. Kognic may provide third parties with certain personal information to provide or improve our products and services, for example to deliver products or services at your request. In such cases, Kognic requires those third parties to handle the information in accordance with applicable laws and regulations.
Exercise Your California Privacy Rights
If you are a California consumer seeking to exercise your CCPA rights, or if you are an authorized agent wishing to exercise CCPA rights on behalf of someone else, please e-mail us at email@example.com. We will respond to verifiable requests received as required by law.
Please note that to protect your personal information, Kognic will verify your identity by a method appropriate to the type of request you are making. Kognic may also request that your authorized agent has written permission from you to make requests on your behalf, and may also need to verify your authorized agent’s identity to protect your personal information.
California Civil Code Section 1798.83 permits users of our Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org If you have questions about your rights under CCPA, please send us an email to email@example.com
Changes to our policy
If there are any changes in our different GDPR notices regarding how and what data we process you will get notified with a new Notice, we will not start to process your data in a new way until you know about it.
We encourage you to from time to time review this policy to understand how we process your information.