Last Updated: January 2021
You can find out more detailed information below, but here are some key summary points we think you might want to know:
- Cognyte includes Cognyte Software Ltd. and its global group of companies. We give you more information in Who are we?
- We operate in the business-to-business market, so we may collect personal information relating to employees or agents of business customers, partners, prospective customers and other businesses, where required to support our operations
- Your personal information is, where appropriate, shared within our global group
- We use third party vendors, where appropriate, who are located in different countries across the world to store and process personal information to support our business activities
- We do not sell your personal information
- We do send business-to-business direct marketing where we are allowed to, and this could include event and webinar invitations, knowledge leadership, and information on our solutions
- We use personal information to support our global operations, including sales, finance, customer service and other business operations
- Our websites and apps are not intended for children and we do not knowingly collect personal information relating to children
- We never keep your personal information for longer than is necessary
Who are we?
When we say ‘we’ or ‘us’ in this policy, we are referring to the companies that make up the Cognyte Software Ltd. group of companies. Cognyte Software Ltd. is a company publicly listed on the NASDAQ (NSDQ: CGNT). A list of our affiliates is published annually as part of our regulatory filings.
Depending on the circumstances, the region, and the purpose of processing, the legal entity which may be considered a data controller may vary. In some cases, multiple entities could be considered joint-controllers. Usually, the primary data controller is Cognyte Technologies Israel Ltd., of 33 Maskit St., Herzliya, 4673333, Israel
We are not responsible for the privacy, information or other practices of any third parties, including any third party operating any site to which our websites contain a link. The inclusion of a link on any of our websites does not imply endorsement of the linked site by us.
Does this policy cover circumstances where Cognyte is a service provider and data processor to customers, i.e. delivering services?
No. Where we are a service provider and data processor for our customers (in a B2B context), the applicable details on the processing operations we undertake for our customers is set out in the relevant DPA which forms part of our customer contract.
What personal information do we collect and hold, and what do we use this for?
Marketing and Business Development
- Information such as your name, address, email, job title, and telephone number which you provide to us through form submissions, events, feedback, and enquiries
- Information about the services that we provide to you, including event and webinar registrations, white paper downloads and other information we share with you and you share with us as part of any related registrations
- If you register for a paid event this information will be collected through a trusted third-party provider and we will not receive your payment information
- Your account login details for our websites and apps, including your username and chosen password
- Information about whether or not you want to receive marketing communications from us and what your communication preferences are
- Information on how you interact with any of our emails or other communications, including if you have opened and engaged with the emails or other communications
- Information related to our social media and website activities, including how you use our websites to help us improve your experience. See the Cookies section below for additional information
- Information we get from third parties, including event organizers, our partners, service providers, your colleagues, and publicly available information. To ensure the data we hold is up-to-date we may periodically ask you to confirm this information or we may supplement this information with additional data we collect from other sources
Sales, Finance, Business Operations and Delivering Services
- We deliver services to customers and you may be an employee or representative of those customers who is involved in some aspect of the relationship we have with our customer
- Information you, your company or our partner provide to us such as your name, address, email, job title, and telephone number so we can deliver our services, provide proposals during a sales cycle and negotiate agreements, manage customer accounts and process and fulfil orders
- Information about training or other services we deliver to you
- Information we collect as part of partner on-boarding, including information we obtain from third parties to complete on-boarding compliance checks
- Information we collect to deliver support to our customers, including ticketing information and details of the support request
- Information we obtain from you to improve our services
- Information captured by our CCTV if you visit any of our premises, visitor logs and other information we collect to ensure our premises remain safe and secure
- We may record calls, correspondence and other communication channels, including screen capture, for compliance, quality, training and other purposes
- We may video record or screen capture training seminars, presentations, webinars for compliance, quality, training and other purposes
- We may aggregate, anonymize and/or de-identify personal information such that it is no longer personal information for the purposes of enhancing our services and business practices
- Where we demonstrate our services and solutions to you, we may collect your personal information as part of a trial or test
What is our legal basis for processing your personal information?
Where we process your personal information, we do so in accordance with applicable privacy laws. The most common legal bases we rely on are:
- Consent: You have told us you are happy for us to process your personal information for a specific purpose
- Legitimate Interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights
- Performance of a contract: We must process your personal information in order to be able to provide you with one of our products or services
Although less common, there may be circumstances when other legal bases are appropriate:
- Vital interests: The processing of your personal information is necessary to protect you or someone else’s life
- Legal obligation: We are required to process your personal information by law
Who might we share your personal information with?
We only ever share personal information if we have appropriate confidentiality and data protection agreements in place.
Within our group
We are a global organization and our professionals who use personal information for the purposes outlined in this policy may be employed by any of our entities.
With our partners
We may deliver our services through a partner or assist a partner in their provision of services to you. Where required to deliver these services we may need to share information with our partners. EXCEPT IN JURISDICTIONS WHERE EXPRESSLY DEEMED SO, WE ARE NOT RESPONSIBLE OR LIABLE FOR THE USE OF YOUR PERSONAL INFORMATION BY SUCH BUSINESS PARTNERS.
With our vendors
- Marketing and Business Development: to deliver our marketing and business development campaigns we may share data with digital marketing providers, social media and advertising companies, market research partners, webinar hosts, venues, event organizers and registration providers, and other trusted vendors who assist in the performance of our marketing campaigns.
- Sales, Finance, Business Operations and Delivering Services: we use (a) third-party sales tools to track pipeline activity and order information, (b) finance and invoicing tools to assist in managing orders, customer billing and fulfillment, (c) legal and compliance tools to assist in our contracting and compliance activities, (d) consultants, contractors and other specialists to provide professional services, and (e) other vendors which support our business operations.
Law enforcement and legal compliance
We also use and disclose personal information, as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our Affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our Affiliates, you or others; (g) if we are involved in any discussions related to the sale of all or part of our business, and (h) to allow us to pursue available remedies or limit the damages that we may sustain.
How do we secure your data?
We use appropriate technical and organizational measures to protect personal information under our control. We implement security measures appropriate to the nature of the processing and regularly review these measures to ensure they remain appropriate.
If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the Contact us section below.
Do we transfer your data internationally?
Our main international jurisdictions we transfer data to are Israel, UK, EEA, USA, India and other jurisdictions. When we do this, your personal information will continue to be subject to one or more appropriate safeguards set out in the law. These might be to a jurisdiction recognized as ‘adequate’ or through the use of standard contractual clauses in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators.
How long do we keep your data for?
The criteria used to determine our retention periods includes:
- The length of time we have an ongoing relationship with you and provide services to you or our customer (for example, for as long as you have a business relationship with us);
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
You may have a number of rights under applicable privacy laws which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you. These may include:
- the right to access a copy of the personal information we hold about you;
- the right to correction of inaccurate personal information we hold about you;
- the right to restrict our use of your personal information;
- the right to be forgotten;
- the right of data portability; and
- the right to object to our use of your personal information.
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are seeking to exercise any of these rights, please contact us using the details in the Contact us section below. Please note that we may need to verify your identity before we can fulfil any of your rights under data protection law. This helps us to protect personal information against fraudulent requests.
You may have the right to complain to a competent regulator or supervisory authority in your jurisdiction.
All our marketing emails include an ‘unsubscribe’ option and offer you the ability to manage your email preferences.
Data Protection Officer(s) and EU and UK Representatives
Data Protection Officers
Global: Our companies, where required by applicable law, have appointed a data protection officer, who can be contacted through the Contact us section below.
Germany only: Syborg Informationssysteme b.h. oHG of Saarpfalz-Park 15, 66450 Bexbach, Germany, has appointed Michael Schmitt who can be contacted through the Contact us section below.
UK and EU Representatives
- If you are located in the EEA, please note that if the data controller which is processing your personal information is located outside the EEA, we have authorized our company in the EEA as our designated representative: Cognyte Netherlands BV, of Blauw-roodlaan 154, 2718 SK Zoetermeer, Netherlands. You can get in contact through the Contact us section below.
- If you are located in the UK, please note that if the data controller which is processing your personal information is located outside the UK, we have authorized our company in the UK as our designated representative: Cognyte Software UK Limited, of 241 Brooklands Road, Weybridge, KT13 0RH, UK. You can get in contact through the Contact us section below.
If you would like to exercise one of your rights as set out in the Your rights section, or you have a question or a complaint about this policy, or the way your personal information is processed, please contact us by email at firstname.lastname@example.org or write to the following address.
Cognyte Software Ltd.
33 Maskit St., Herzliya, 4673333, Israel
We can only process requests received with sufficient information to enable us to process your request. We may need to request additional information in order to complete your request. If you do not provide sufficient information initially and do not respond to our request for additional information, we may be unable to complete your request. Please note that email communications are not always secure, so please do not include any sensitive information in your emails to us.