Privacy Policy

Welcome to the Connected Cognition privacy policy (“Privacy Policy”). At Connected Cognition, we are committed to keeping your personal information safe and secure, and handling it in accordance with our legal obligations. 

This Privacy Policy: 

  • ​describes how we collect, use and otherwise handle Personal Information that you provide or make available to us, or that we collect from you, when you use our Websites,
  • explains the circumstances in which we may transfer this to others; and
  • explains about the rights that you have in relation to this Personal Information.  

Our Privacy Notice must be read together with any other legal notices or terms and conditions provided or made available to you on other pages of our Websites or when you download one of our apps.

Please make sure you check it carefully and if you don’t agree with it, then we advise that you shouldn’t visit the website or its associated domains (our “Websites”), purchase or use our products, use our mobile or web applications, seek advice from our team or generally use our services (our “Services”). By using our Services, you confirm that you accept the way in which we process your personal information. This Privacy Policy forms part of our Terms www.connectedcognition.org/terms-and-conditions, and capitalised words and phrases in it have the same meaning as those in our Terms.

If you have any concerns, please contact us at info@connectedcognition.org or via www.connectedcognition.org 

​About this Privacy Policy

This Privacy Policy applies to the personal information we collect about you through our Services, whether in person, by telephone, by post, via our Website or any other digital products, through our social media platforms, from third parties and when you otherwise communicate with us.

This Privacy Policy may change from time to time and, if it does, the up-to-date version will always be available on our Website. We will also tell you about any important changes to our Privacy Policy.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

The websites at connectedcognition.org (our “Website”) are owned and operated by Connected Cognition Limited. 

About Connected Cognition

We are Connected Cognition Limited (and referred to as ‘Connected Cognition’, ‘we’, ‘our’ or ‘us’ in this Privacy Policy). Connected Cognition is a limited company incorporated in England and Wales, with registered company number 12541239 and registered address at Kemp House 152-160 City Road London England EC1V 2NX. We are the Data Controller for the purposes of the personal information processed in accordance with this Privacy Policy.

References to “you” and “your” are to users of our Websites whose personal data we hold or process in accordance with the EU General Data Protection Regulation (the GDPR).

Personal information means any information about an individual from which that individual can be identified (either directly or indirectly).

We have a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights as set out in this privacy policy, please contact the DPO using the following details:

Contact details

Our full details are:

  • Full name of legal entity: Connected Cognition Limited
  • Name or title of DPO:  Dr Anubhav Dhir
  • Email address: info@connectedcognition.org
  • Postal address: Data Protection Officer, Kemp House 152-160 City Road London England EC1V 2NX

The personal information we collect, how we collect it, and why

Personal information means any information about an individual from which that individual can be identified. The following shows information we process about you, and the purpose for which we process that information. There may be more than one reason for which we collect such information and we have only listed the main reasons. If you would like further information, please contact us at info@connectedcognition.org.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  1. Identity Data includes first name, last name, username or similar identifier, marital status, title, date of birth and gender, social media handles.
  2. Contact Data includes billing address, delivery address, email address and telephone numbers.
  3. Financial Data includes bank account and payment card details. 
  4. Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us. 
  5. Technical Data includes internet protocol (IP) address, your login data, browser type and version, device type, time zone setting and location, the web page from which you came, the regions from which you navigate the web page, and the web page(s) you access, access times, browser plug-in types and versions, operating system and platform, additional device information, (sensor data such as location and acceleration) and other technology on the devices you use to access this website. 
  6. Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  7. Usage Data includes information about how you use our website, products and services.
  8. Marketing Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  9. Communications Data includes any correspondence or communication between you and us.
  10. Special Category Data includesdetails about your race or ethnicity, information about your health, and genetic and biometric data

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

​​We collect this information so that we can deliver a more personalised, tailored service, and so that we can continue to understand our customers and develop our Services over time.

We may also use any or all, of the above information to establish, exercise and defend our legal rights.

In respect of all the personal information we collect, our overarching purpose is to enable us to deliver the best data contribution to our customers. We want all of our customers’ information to be secure, but also visible to us so that we can provide them personalised customer service and a customised experience.

How do we use your personal Information?

  1. To provide you with the service
    • To register and manage your account with us and to ensure your information is accurate and up-to-date
    • To enable users to work together in a safe, secure environment
    • To inform you of alterations, modification, updates and improvements in the service
    • To review, investigate and address issues that may affect your use of our service 
  2. To exercise our legitimate interests
  1. We will use your data to review and assess the quality of our service and make improvements
  2. We need to use your information to provide a responsive service to you and be able to support or respond to your contacts 
  3. We will use your information for internal operations. These might include:
    • to manage our business;
    • to evaluate our performance and to help improve our future services and/or events
    • to respond to your queries, and/or provide the services and/or information that you have requested
    • to communicate with you
    • to enable corporate transactions to take place
    • for record keeping, statistical analysis, internal reporting and research purposes
    • to ensure network and information security
    • to notify you about changes to our services
    • to investigate any complaint you make
    • to provide evidence in any dispute or anticipated dispute between you and us
    • to analyse how our Websites are being used
    • to customise various aspects of our Websites to improve your experience
    • to host, maintain and otherwise support the operation of our Websites
    • for the detection and prevention of fraud and other criminal offences;
    • for risk management purposes
    • for fraud detection and resolution
    • for business and disaster recovery (e.g. to create back-ups)
    • for document retention/storage purposes
    • for database management purposes
    • to protect the rights, property, and/or safety of CMS, its personnel and others; and to ensure the quality of the services we provide to our users
    • for audit and statistical analysis of the app/service
    • for functional testing
    • for data quality checks
  1. To respond to obligatory requirements
  2. We will disclose information if we are requested to do so as part of a reasonable regulatory requirement or in response to a legal request

Sharing your Data

We use your information to support you, for you to record your symptoms, learn more about your condition and as a result, improve your self-management. To do this, we may disclose your information and anonymised information for certain purposes and to third parties, as follows:

  • Healthcare research institutions. We share data with people doing health research, for example people working in the NHS, Universities, Hospitals, Health Charities and other research institutions.
  • Third Party Providers: We use certain companies, agents or contractors (“Third Party Providers”) to perform services on our behalf or to help deliver our services to you. We may contract with Third Party Providers, for example, software or business services for emails and company management, online payment processing, CRM and communications, personalising and enhancing our Services, providing customer service, managing finances or collecting debts, analysing interactions with our business, consumer surveys and other reasonable things which may become necessary in the course of running our business. In the course of providing such services, these Third Party Providers may have access to your personal information. We do not authorise them to use or disclose your personal information except in connection with providing their services to us.
  • Promotions with our partners: We may offer joint promotions, schemes or incentives with our selected partners that, in order for you to participate, may require us to share your information with the relevant partner. In fulfilling these types of promotions, we may share your name and other information in connection with fulfilling the relevant incentive. Please note that our partners are responsible for their own privacy and data protection methods and if applicable you should refer to their relevant privacy policy.
  • To protect legitimate interests: There are certain circumstances where we and our Third Party Providers may disclose and/or make use of your information where a disclosure would be necessary to: (a) satisfy any applicable law, regulation, legal process, or other legal or governmental request or requirement, (b) enforce applicable terms of use, including investigation of any actual or alleged breaches, (c) detect, prevent, or otherwise address illegal or suspected illegal activities (including payment fraud), security or technical issues, or (d) protect against harm to the rights, property or safety of Connected Cognition Limited, its members or the public, as required or permitted by law.
  • Transfers of our business: In connection with any corporate re-organisation, restructuring, external investment, merger or sale, or other transfer of assets, we will transfer information, including personal information, provided that the receiving party agrees to comply with our requirements as set out in this Privacy Policy relating to your personal information.
  • Our affiliated companies: we may share your information with our affiliated companies, such as other companies which we own, or other companies which have shares in Connected Cognition Limited, or other companies which are owned by those companies. We do this so that we can provide you with access to our Services according to our agreement, data storage and processing, providing customer support, making internal choices around business improvements, and for the other purposes set out in this Privacy Policy.
  • We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

​In addition, we may use your Personal Information for further specific purposes made clear at the point of collection on particular pages of our Websites or when you download one of our apps.

As a medical company, we take part, where approved by the relevant authorities, in assisting with studies and medical research. This is to help understand more about your condition and the improvement of future treatments available to you or other people with your condition. To do this we may contact you when these types of opportunities arise. We will ensure that you can consent or opt-out of this type of activity before any further information processing takes place.

Our legal basis for processing personal information

We only ever use your information in line with applicable data protection laws – in particular, the EU General Data Protection Regulation 2016/679 (“GDPR”). In short, this means we only use it where we have a legal basis to do so. With regard to special category data, we only use it where we have a lawful condition to so, in line with Article 6 and 9 (as applicable).

Under GDPR, these are the general legal bases for which we process your personal information. an

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  1. Performance of our contract – processing your personal information is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
  2. Legitimate interests – processing your personal information is necessary for our legitimate interests or those of a third party, provided those interests are not outweighed by your rights and interests (including where processing is required to comply with or enforce a legal obligation).
  3. Where we need to comply with a legal obligation.
  4. Consent – you have given us consent to process your personal information for a specific purpose that we have told you about. Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below. 

Purpose/ActivityType of dataLawful basis for processing including basis of legitimate interest
To register you as a new customer(a) Identity  (b) ContactPerformance of a contract with you
To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us(a) Identity  (b) Contact  (c) Financial  (d) Transaction  (e) Marketing and Communications(a) Performance of a contract with you  (b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey(a) Identity  (b) Contact  (c) Profile  (d) Marketing and Communications(a) Performance of a contract with you  (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to partake in a survey, prize draw or competition.(a) Identity  (b) Contact  (c) Profile  (d) Usage  (e) Marketing and Communications(a) Performance of a contract with you  (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)  (a) Identity (b) Contact (c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you(a) Identity  (b) Contact  (c) Profile  (d) Usage  (e) Marketing and Communications  (f) Technical Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences(a) Technical  (b) Usage 
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you(a) Identity  (b) Contact  (c) Technical  (d) Usage  (e) Profile  (f) Marketing and CommunicationsNecessary for our legitimate interests (to develop our products/services and grow our business)
To collect your health information: For you to understand your health condition/s  To contribute to wider health, public health and scientific research.  Special Category Data (Health, ethnicity).Necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices (Article 9 (2) (i)).  Necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes research purposes (Article 9 (2) (j)).

Communications

Marketing communications

We want to ensure that you are informed and aware of the best services and promotions that we can offer you. By consenting to receive additional communications (by mail, telephone, text/picture/video message, email or otherwise) from us and any named third parties that feature at the point of obtaining consent, we will process your personal information in accordance with this Privacy Policy.

You can change your marketing preferences we have for you at any time by editing your preferences on our Website or contacting us by email. If you choose not to receive this information we will be unable to keep you informed of new services and promotions that may interest you.

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. 

Promotional Offers from Us 

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased [goods or services] from us and you have not opted out of receiving that marketing.

Third-Party Marketing 

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting Out 

You can ask us or third parties to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences OR by following the opt-out links on any marketing message sent to you OR by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.

Service communications

As detailed above, we may send you communications such as those which relate to any service updates (e.g. service availability) or provide customer satisfaction surveys. We consider that we can lawfully send these communications to you as we have a legitimate interest to do so, namely to effectively provide you with the best service we can and to grow our business.

How long do we store your personal information?

We keep your personal information for only as long as is reasonably necessary to provide you with our Services and for our legitimate and necessary business purposes. Such purposes might include maintaining the high standards of service which we strive to uphold, making decisions on how progress our offering, complying with applicable legal obligations, and resolving any disputes which arise during the course of our business.

In accordance with this Privacy Policy, you have the right to request that we delete your personal information, except where we are legally permitted or required to maintain certain personal information. For example:

  • We are legally required to retain financial and transaction data for a minimum period of 7 years for tax, audit, accounting purposes and liability.
  • If we have an unresolved issue with you, then we will retain your personal information until the issue is resolved.

Any Third Party Providers that we engage will keep your personal information stored on their systems for as long as is necessary to provide the relevant services to you or us. If we end our relationship with any Third Party Providers, we will make sure that they securely delete or return your personal information to us.

We may retain personal information about you for statistical purposes. Where information is retained for statistical purposes it will always be anonymised, meaning that you will not be identifiable from that information.

Our current data retention policy is to delete or destroy (to the extent we are able to) personal data after the following periods

  • Records relating to a contract with us – 7 years from either the end of the contract  or the date you last use our services or placed an order with us, being the length of time following a breach of contract in which a contract party is entitled to bring a legal claim. 
  • Marketing a contact records – 3 years from the date of your last interaction with us. 

For a category of personal data not specifically defined in this notice, unless otherwise specified by applicable law, the required retention period for any personal data will be deemed to be 7 years from the date of receipt by us of that data.

Security of your personal information

We are committed to securing and protecting your personal information, and we make sure to implement appropriate technical and organisational measures to help protect the security of your personal information. We and our Third Party Providers will implement policies to guard against unauthorised access and unnecessary retention of personal information in our systems.

The information that we collect from you may be transferred to, and stored at, a destination outside of the European Economic Area (EEA). When we transfer and store your personal information outside of the EEA we will take steps to ensure that the information is transferred in accordance with this Privacy Policy and applicable data protection laws. We will ensure that appropriate contractual, technical, and organisational measures are in place with any parties outside the EEA such as the Standard Contractual Clauses approved by the EU Commission.

Unfortunately, the transmission of your personal information via the internet is not completely secure and although we do our best to protect your personal information, we cannot guarantee the security of your information transmitted to us over the internet and you acknowledge that any transmission is at your own risk.

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Children

You must be 18 years of age or older to use our Services.

We do not knowingly collect personal information from individuals under 18 years of age. If you are under that age limit, then please do not use Connected Cognition or provide any personal information to us.

If you are a parent or legal guardian of a child under the applicable age limit, and you become aware that your child has provided his/her personal information to us, please contact us at info@connectedcognition.org. If we learn that we have collected personal information of a child under the age of 18, then we will take all reasonable steps to delete that information from our systems.

In any case, we will only process personal information in line with GDPR and our legal obligations.

Third-Party Links 

Our Website (or any other digital products we may operate) may contain links to websites, plug-ins and applications, operated by third parties. This Privacy Policy only applies to the personal information that we collect from you and we cannot be responsible for personal information collected and stored by third parties. If you follow or click on a link, please understand that the relevant third party websites have their own terms and conditions and privacy policies, and we do not accept any responsibility for the content of those third party websites or third party terms and conditions or policies. When you leave our website, we encourage you to read the privacy policy of every website you visit before you submit any personal information to these websites.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Change of Purpose 

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.​

Your rights and choices

Under the GDPR, as a user of our Services, you are entitled to certain rights. There are circumstances in which your rights may not apply. You have the right to request that we:

  • provide you with a copy of the information we hold about you;
  • update any of your personal information if it is inaccurate or out of date;
  • delete the personal information we hold about you – if we are providing services to you and you ask us to delete personal information we hold about you then we may be unable to continue providing those services to you;
  • restrict the way in which we process your personal information;
  • stop processing your data if you have valid objections to such processing; and
  • transfer your personal information to a third party.

For more information on your rights and how to use them, or if you would like to make any of the requests set out above, please contact us at info@connectedcognition.org

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

As explained in the section on Communications, you have the right to ask us to stop processing your personal information for such purposes. Please note that we reserve the right to charge a fee for responding to requests where we reasonably determine that they are manifestly unfounded or onerous or being made in bad faith.

Contacting Us

If you have any questions or concerns about how we handle your personal information, please contact us by email to info@connectedcognition.org.

If you are unsatisfied with our response to any data protection issues you raise with us, you have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO is the authority in the UK which is tasked with the protection of personal information and privacy. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Cookies

We may use cookies which help us monitor your use of Connected Congition, and in turn improve it based on how our customers interact with us. You can choose to accept or turn off cookies within your browser settings.

General

You may not transfer any of your rights under this Privacy Policy to any other person. We may transfer our rights under this privacy policy where we reasonably believe your rights will not be affected.

If any court or competent authority finds that any provision of this Privacy Policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Policy will not be affected.

Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

This Privacy Policy will be governed by and interpreted according English law and if necessary, by the English courts.