Introduction We, at the Qognify group (the “Company”, “we”, “us”, “our”), respect the privacy and data protection rights of our website visitors and business contacts. This Privacy Notice (the “Notice“) describes the personal information we have and the policies and procedures we use regarding personal information, in each of the following contexts – Through our websites qognify.com, community.qognify.com, portal.hxgnsecurity.com, portal.hxgnsecurity.com and theq.qognify.com (the “Websites”) About representatives of our existing and prospective customers, reseller partners, and vendors (the “Representatives”). We are committed to complying with applicable data protection laws, including the EU and the UK General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). This Notice may be amended from time to time. We will post any change to this Notice on our Website a reasonable time in advance of the effective date of the change, and we will also make efforts to proactively notify you by email of the changes to the Notice if we have your email address. Contact Us If you have any questions, comments or concerns regarding this Notice or our processing of your personal information, please contact us at info@qognify.com. What we collect and why Scenario Purposes Categories of information processed Contacting us with an inquiry through the Website Our business development Name, email address, company affiliation, position, phone number, country, and content of inquiry Subscribing to our newsletters, enrolling to conferences in which we present, or webinars we run Promoting and marketing Qognify’s products and services Name, email address, company affiliation, position, phone number, country, and type of activity (conference, webinar, newsletter subscription) Managing the sale contracts and business relationship with reseller partners and end-customers Registering to the partner portal on our Website Administering the business and professional services relationship with customer or reseller Facilitating the provision of support to the customer or reseller Name, email address, company affiliation, position, phone number, country, past communications, products, and services used or expressed interest in Conducting training sessions on Qognify systems to representatives of customers and reseller partners Facilitating use of Qognify’s products and services Name, email address, company affiliation, position, phone number, country, training sessions taken/performed, evaluation of performance in the training Managing the sale contracts and business relationship with vendors and service providers Administering the business relationship with vendors and service providers Facilitating Qognify’s use of vendors and service provider’s products and services Name, email address, company affiliation, position, phone number, country, past communications Use of essential cookies on the Websites Facilitate a website feature that the user specifically requested IP address, pages visited, Website functions used, fields completed in forms Use of non-essential cookies on the Websites Analyze site usage to evaluate and improve its performance, improve user experience on the site, inform and serve personalized ads more relevant to user interests IP address, pages visited, Website functions used, fields completed in forms Methods and sources for collecting your personal information We collect the personal information from several sources: Directly from you as when you provide it to us through email communications, a registration form, or when you give us your business card. You are not legally obligated to provide us your personal information, but if you do not, we will not be able to handle or respond to your inquiry, maintain our business contact with you, or fulfill your request to register to our webinar, conference, or newsletter. If another representative of your organization provides us with your information Through the device you use to access our Website, such as using cookies From our training staff who administer your training sessions on Qognify systems Sharing your personal information We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent. We do not sell your personal information to third parties. Scenario Purposes Categories of information processed We will share your personal information with our service providers who assist us with the internal operations of our business and the Websites. These companies are authorized to use your personal information in this context only as necessary to provide these services to us and not for their own promotional purposes. Operating the Websites and our business NetSuite, Salesforce.com, Microsoft, Zoom, DocuSign, Skype, Docebo. If you abused your rights to use the Websites or violated any applicable law in the course of doing business with us. Responding to, handling, and mitigating suspected violations of law in connection with our business. Competent authorities, legal counsels, and advisors. If a judicial, governmental, or regulatory authority requires us to disclose your information. Complying with a binding request from a competent authority. Competent authorities. If the operation of the Websites or our business is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition). Enabling a structural change in the operation of the Websites and our business. The target entity of the merger or acquisition, legal counsels, and advisors. Third party cookies See Tracker Details Data retention and security We retain your information for the duration we need it to operate the Websites and our business, and interact with customers, reseller partners, and suppliers, and thereafter as needed for record-keeping matters. We will retain your information for the duration needed to support our ordinary business activities operating the Websites and interacting with existing and potential customers, suppliers, and reseller partners. Thereafter, we will still retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish, and defend legal claims and enforce our agreements. The overall period of retention is approximately 7 years. We implement measures to secure your information We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks. Additional information for individuals in the EU or UK Location Name Address EU GDPR Representative UK GDPR Representative United States Qognify Inc. 1 Blue Hill Plaza (7th Floor), Pearl River, NY 10965, United States Qognify GmbH Qognify Limited England Qognify Limited 20-22 Wenlock Road, London, N1 7GU, United Kingdom Qognify GmbH n/a Germany Qognify GmbH Werner-von-Siemens-Str. 2-6, Triwo Technologiepark, Bldg. 5110, 76646 Bruchsal, Germany n/a Qognify Limited Israel Qognify Ltd. 15 Ha’tidhar Street, P.O.B 4033, Ra’anana, Israel Qognify GmbH Qognify Limited Qognify GmbH’s data protection officer (DPO) is Nikolai Haa, CTM-COM GmbH In den Leppsteinswiesen 14 64380 Roßdorf, Germany International data transfers To facilitate processing your information within the companies in our corporate group and by our service providers, we will transfer your information to countries such as the United States, United Kingdom, and Israel. We do so under the terms of a data transfer agreement which contain standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office. Legal basis for processing your personal data Purpose or Scenario Legal Basis Responding to your inquiry Legitimate interests in developing potential leads and responding to business inquiries Subscribing you to our newsletters, enrolling you to conferences in which we present, or webinars we run Double opt-in consent, where the data subject subscribes to newsletters on the website. Legitimate interests in developing potential leads, where the data subject enrolls to a conference or webinar Administering the business and professional services relationship with customer or reseller. Facilitating the provision of support to the customer or reseller. Training to facilitate use of Qognify’s products and services. Legitimate interests in administering and performing the contractual obligations with resellers and end-customers Administering the business relationship with vendors and service providers Facilitating Qognify’s use of vendors and service provider’s products and services Legitimate interests in administering contractual obligations with vendors Cookies that facilitate a website feature that the user specifically requested Legitimate interests in the proper operation of the website Cookies that analyze site usage to evaluate and improve its performance, improve user experience on the site, inform and serve personalized ads more relevant to user interests Consent Responding to, handling, and mitigating suspected violations of law in connection with our business Legitimate interests in defending and enforcing against violations and breaches that are harmful to our business Complying with a binding request from a competent authority Legitimate interests in complying with mandatory legal requirements imposed on us Enabling a structural change in the operation of the Websites and our business Legitimate interests in our business continuity Data subject rights If you are in the EU or the UK, you have the following rights under the GDPR: Right to Access and receive a copy of your personal information that we process. Right to Rectify inaccurate personal information we have concerning you and to have incomplete personal information completed. Right to easily and at any time withdraw your consent to us processing your personal data to email you our newsletters or to the use of non-essential cookies on our Websites. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Right to Data Portability, that is, to receive the candidate personal information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your candidate personal information transmitted directly from us to the person or entity you designate. Right to Object to our processing of your candidate personal information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such candidate personal information for the establishment, exercise, or defense of legal claims. Right to Restrict us from processing your candidate personal information (except for storing it): (a) if you contest the accuracy of the candidate personal information (in which case the restriction applies only for a period enabling us to determine the accuracy of the candidate personal information); (b) if the processing is unlawful and you prefer to restrict the processing of the candidate personal information rather than requiring the deletion of such data by us; (c) if we no longer need the candidate personal information for the purposes outlined in this Notice, but you require the candidate personal information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours). Right to be Forgotten. Under certain circumstances, such as when you object to our processing of your candidate personal information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your candidate personal information. However, notwithstanding such request, we may still process your candidate personal information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defense of legal claims. If you wish to exercise any of these rights, please contact us through the channels listed in this Notice. When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason. Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here. If you are in the UK, you can lodge a complaint to the Information Commissioner’s Office (ICO) pursuant to the instructions provided here. Additional information for individuals in California If you are an individual residing in California, we provide you the following information pursuant to the California Consumer Privacy Act (CCPA). This is also the information we have collected in the past 12 months. We do not sell your personal information and have not done so in the past 12 months. Categories of personal information (under the CCPA) Specific types of personal information collected Business Purposes under the CCPA for which the information is used Identifiers Name, email address. Providing customer service Processing or fulfilling orders and transactions, verifying information, processing payments, auditing related to a current interaction with you Detecting security incidents and protecting against malicious, deceptive, fraudulent, or illegal activity Undertaking internal research for technological development and demonstration. Undertaking activities to verify or maintain the quality of the service and to improve, upgrade or enhance the service. Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards Debugging to identify and repair errors Other information that identifies, relates to, describes, or is capable of being associated with, the individual Company affiliation, position, phone number, country, past communications with you and content of your inquiry. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies Products and services used or expressed interest in. Professional information Training sessions taken/performed, evaluation of performance in the training. Participation in conference, webinar, or newsletter subscription Internet or other electronic network activity information IP address, pages visited, Website functions used, fields completed in forms. Your rights under the CCPA if you are a resident of California Knowing the personal information we collect about you You have the right to know: The categories of personal information we have collected about you. The categories of sources from which the personal information is collected. Our business or commercial purpose for collecting personal information. The categories of third parties with whom we share personal information, if any. The specific pieces of personal information we have collected about you. Right to deletion Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will: Delete your personal information from our records; and Direct any service providers to delete your personal information from their records. Please note that we may not delete your personal information if it is necessary to: Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity. Debug to identify and repair errors that impair existing intended functionality. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law. Comply with the California Electronic Communications Privacy Act. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent. Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us. Comply with an existing legal obligation. or Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information. Protection against discrimination You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. Exercising your CCPA rights If you would like to exercise any of your CCPA rights as described in this Notice, please contact us through the channels indicated in this Notice. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you, by using a two or three points of data verification process, depending on the type of information you require. Disclosures to third parties California Civil Code Section 1798.83 (and other, similar state statutes) permits our customers who are California residents (or residents of states with similar legislation) to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to Legal@Qognify.com. Please note that we are only required to respond to one request per customer each year. Do Not Track Our Do Not Track Notice. We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of Personal Data about a User’s online activities over time and across third-party web sites or online services. We do allow third parties who provide us with analytics tools, as described in Section 1, to collect Personal Data about a User’s online activities when a User uses the Website.