This DPA forms part of the Terms of Service between Cognity SIA (“Processor”) and the customer (“Controller”) and applies to processing of personal data under GDPR.
1. Roles
- Controller: the Customer
- Processor: Cognity SIA (Cognity)
2. Subject Matter and Purpose
Processor processes personal data only to provide the Platform and related support, including hosting, forecasting, simulations, reporting, and security.
3. Processor Obligations
- Process personal data only on documented instructions of the Controller.
- Ensure confidentiality of personnel with access to personal data.
- Implement appropriate technical and organizational security measures.
- Assist Controller with data subject requests where applicable.
- Notify Controller of personal data breaches without undue delay (where required).
4. Subprocessors
Processor may engage subprocessors (e.g., hosting and payment providers) to deliver the Platform. Processor will ensure subprocessors are bound by appropriate data protection obligations.
5. Data Retention and Deletion
Upon termination, Processor will delete or return personal data as requested by the Controller, unless retention is required by law. Default retention for export purposes is up to 30 days.
6. International Transfers
Where personal data is transferred outside the EEA, appropriate safeguards will be used (e.g., Standard Contractual Clauses where applicable).
7. Contact
For DPA requests: info@cognityapp.com