What is the difference between our data and your data?
‘Our data’ is the data we hold to keep records on our customers.
‘Your data’ is the data you keep that allows you to run your business and record, Case, Matter and accounts on your customers.
Do we hold any data on you?
Yes, the data held by ourselves is in relation to you as a company, payment records, support incidents and communications between yourselves and Cognito.
Do we hold any of your data?
On occasion, we will take a copy of your database and copy it to our location for further investigation. On completion of any findings and fixes, this data is removed and deleted.
Where is that data stored?
That data would be stored on our Client Database server located at the offices currently in Netherton. This is held in a physically secure building of which the IT infrastructure is secure from the outside world. All our staff undergo refresher sessions on computer security on a regular basis.
Who can access that data?
In reference to the data being at the Cognito location (see above), the data is accessible by Support Personal and Developers.
Is data moved to countries outside the European economic area?
How long is that data kept?
In reference to Cognito investigating your data, the data is held until the resolved issue is fixed. At which point it will be deleted from our systems once the customer is satisfied with the fix.
Do we include client data in our backup schedule?
No. Client data is never backed up by our systems, therefore, once deleted, it is gone for good.
Do we use third parties?
Cognito do not use third parties. With that in mind, FiLOS has a means to hook into GBG which supply the URU data. Cognito have a contract in place with this company, but your company may not. We are currently seeking advice from the company as to confirm if URU users require their own agreement.
Who is our data protection officer?
Do we have data controls and risk management procedures in place?
These are in place and documentation supplied by our parent company who comply with many ISO standards due to work contracts with the MOD.
Do we have security breach notification process in place?
Yes. This also includes notifying customers who at the time of any breach had data held by Cognito.
Are we GDPR compliant ourselves?
Where are your applications and data stored?
This in reference to ‘your’ Applications and data. The server for data held at your location should be known to the IT Company or individual looking after your IT infrastructure.
How secure is our remote access software.
Our ISL application uses 256Bit encryption to deny outside users obtaining any details of the link. That is, they would be unable to see any data transferred between your company and ourselves.