Last update on 9th of January, 2019
Cobalt’s Commitment To Your Privacy
At Cobalt, we are committed to protecting and respecting the privacy of visitors to our website (this “website” or this “site”) and customers of our products and services (collectively, “Services”). We take responsibility for complying with the Data Protection Act 1998 (DPA), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), and the more recent General Data Protection Regulation (GDPR), which applies from 25 May 2018.
For any questions that may not be answered in this Policy, you can contact us at any time by emailing email@example.com or writing to the Cobalt privacy team at 575 Market St, 4th Floor, San Francisco, CA 94105-4210 USA.
- Who is responsible for your Personal Information
- What Personal Information we collect
- How Personal Information is collected
- How we process and/or disclose your Personal Information, and the legal basis for such activities
- Transferring your Personal Information
- Security of your Personal Information
- How long do we keep your Personal Information
- Your right to access, update, object to our processing of, retrieve, erase, and/or withdraw consent to our processing of your Personal Information
- Changes to this Policy
- Cookies Policy
Who is responsible for your Personal Information?
Cobalt is responsible for your Personal Information. Cobalt comprises Cobalt Labs, Inc. (a Delaware corporation registered to do business in California and doing business at 575 Market St, 4th Floor, San Francisco, CA 94105-USA, and its affiliate, Cobalt Labs Germany GmbH a legal entity registered to do business in Germany, and doing business at Friedrichstraße 68, 10117 Berlin, Germany (referred to collectively as "Cobalt.io", “Cobalt”, or "we" or "our" or “us”). For the purposes of applicable data protection law (in particular, the General Data Protection Regulation (EU) 2016/679 (the "GDPR")), your data will be controlled by the Cobalt affiliate or subsidiary undertaking that you have instructed or that is providing Services to you or communicating to you, and each such entity is regarded as an independent data controller of your Personal Information. This Policy applies to all such entities.
We may also retain the services of external suppliers to help meet our business needs and may share your data with these suppliers. These suppliers have been selected after a rigorous evaluation process and chosen for their security, reliability and competence. They will process your data only under our instructions. Some of these suppliers may be based in non-EU countries. Where this is the case, the transfer of your Personal Information to these countries is carried out in compliance with the guarantees provided by law. Please contact us at firstname.lastname@example.org if you wish to receive information about these suppliers.
What Personal Information We Collect
We may collect and process the following Personal Information from you:
- Identity and Contact Data, including your name, address, telephone number, job title and function, and other Personal Information concerning your preferences relevant to our Services;
- Financial and Payment Data, including your bank account and other data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Business Information, including information provided in the course of the contractual or customer relationship between you or your organization and Cobalt, or otherwise voluntarily provided by you or your organization;
- Physical Access Data, relating to details of your visits to our premises.
Information about other people
If you provide information to us about any people other than yourself, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
How do we collect your Personal Information?
The circumstances in which we may collect Personal Information about you include:
- when you or your organization seeks information from us or use any of our Services;
- when you or your organization offer to provide, or provides, services to us;
- when you correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us, including in conversation with our employees and/or service providers;
- when you or your organization browse, complete a form or make an inquiry or otherwise interact on our website or other online platforms;
- when you attend our seminars or other events or sign up to receive Personal Information from us, including training; and
- by making inquiries from your organization, other organizations with whom you have dealings, or from third party sources such as government agencies, a credit reporting agency, information service providers or from publicly available records.
How will we use your Personal Information?
We may use your Personal Information only for the following purposes:
- to register you as a customer or user of Cobalt;
- to provide and administer services or solutions, or enable you to provide services through the Site as instructed by you or your organization;
- to administer and manage our relationship with you, including processing payments, accounting, auditing, billing and collection and taking other steps linked to the performance of our business relationship;
- compliance with our legal obligations.
- to analyze and improve our services and communications and to monitor compliance with our policies and standards;
- to manage access to our premises and for security purposes;
- to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
- for insurance purposes;
- to exercise or defend our legal rights, or to comply with court orders;
- for any other purposes related and/or ancillary to any of the above or any other purposes for which your Personal Information was provided to us;
- to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our services and solutions (including briefings, newsletters and other information), events and initiatives; to send you details of customer surveys, marketing campaigns, market analysis, or other promotional activities; and
- to collect information about your preferences to personalize and improve the quality of our communications with you.
We may process your Personal Information in connection with any of the purposes set out above on one or more of the following legal grounds:
- because it is necessary for us to do so to perform your instructions or another contract with you or your organization;
- to comply with our legal obligations as well as to keep records of our compliance processes or tax records;
- because our legitimate interests, or those of a third party recipient of your Personal Information, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms;
- because you have expressly given us your consent to process your Personal Information in that manner.
We will provide you with marketing-related information (including newsletters and/or promotional materials) only after you have, where legally required to do so, opted in to receive those communications and having provided the opportunity for you to opt out at any time.
We will not use your Personal Information for taking any automated decisions affecting or creating profiles other than as described above.
Disclosure of your Personal Information
We may share your Personal Information:
- with our affiliates, if any. We will provide you with information regarding such affiliates (if any) upon request.
- with third parties including certain service providers we have retained in connection with the services we provide;
- on a confidential basis with third parties for the purposes of collecting your feedback on the Services, to help us measure our performance and to improve and promote our Services;
- with companies providing services for fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such Personal Information is shared;
- with courts, law enforcement authorities, regulators, government officials or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defense of a claim, or for the purposes of a confidential alternative dispute resolution process;
- with service providers who we engage within or outside of Cobalt, domestically or abroad, e.g. shared service centers, to process Personal Information for any of the purposes listed above on our behalf and in accordance with our instructions only; and
- if we sell or buy any business or assets, in which case we may disclose your Personal Information to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations
Legal Basis or Bases For Processing and/or Transferring Your Personal Information
Purchases: In some cases, the provision of your Personal Information for the above activities is a contractual obligation. In such cases, you are free to communicate your data or not, but in the absence of the requested data, it may not be possible to finalize or execute a particular contract and your requests. This means that while you will continue to be able to browse this site, you will not be able to purchase Services, and you will not be able to use certain features of the site. When you purchase Services, we are required to process your Personal Information to meet our legal obligations in accordance with the tax provisions and other statutory rules that apply. You are free to decide whether or not to purchase Services from us, but if you do make a purchase, this use of your data will be necessary to meet our legal obligations. When you make a purchase at the site, we will use some of your Personal Information to carry out anti-fraud activities: we have a legitimate interest in carrying out this activity to prevent and prosecute any fraudulent activity.
Site Management: Whether or not you make a purchase on the site, our use of your personal information is necessary for our legitimate interest in ensuring that the Site is managed correctly, and that your experience visiting the site is a good one.
Marketing Communications: When you request that we send you marketing communications, newsletters, and/or promotional materials, our use of your personal information is necessary for our legitimate interest in fulfilling your request to receive such marketing communications, including information about products and/or services that may be of interest to you.
Transferring Your Personal Information
When we transfer your information to other countries, we will use, share and safeguard that information as described in this Policy. To provide the Services, we may transfer the personal information we collect to countries outside of the United States or Europe which do not provide the same level of data protection as the country in which you reside and are not recognized as providing an adequate level of data protection. We transfer personal information to these countries only when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defense of legal claims or subject to safeguards that assure the protection of your personal information, such as European Commission approved standard contractual clauses.
All Cobalt offices throughout the world ensure a level of data protection at least as protective as that required in the United States.
For further information, including obtaining a copy of the documents used to protect your information, please contact us using our contact form.
For EU and UK Individuals: Data Transfers under Privacy Shield
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Cobalt is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and UK individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Cobalt’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Cobalt remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Cobalt proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, Cobalt commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union or United Kingdom individuals with Privacy Shield inquiries or complaints should first contact Cobalt by email at email@example.com.
Cobalt has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Security of your Personal Information
We have put in place appropriate security measures designed to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
We have also put in place procedures to deal with any suspected Personal Information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long we keep your Personal Information
We will retain your Personal Information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for Cobalt to assert or defend against claims, until the end of the relevant retention period or until the claims in question have been settled.
To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you want to learn more about our specific retention periods for your Personal Information established in our retention policy, you may contact us at firstname.lastname@example.org.
Following the applicable retention period, we will securely destroy your Personal Information in accordance with applicable laws and regulations.
Updating Personal Information about you
If any of the Personal Information that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate Personal Information about you, please let us know by contacting us at email@example.com. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Information that you provide to us.
You have various rights with respect to our use of your Personal Information:
- Access: You have the right to request a copy of the Personal Information that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal Personal Information about another person, or if we are legally prevented from disclosing such information. You are entitled to see the Personal Information held about you. If you wish to do this, please contact us at firstname.lastname@example.org.
- Accuracy: We aim to keep your Personal Information accurate, current, and complete. We encourage you to contact us at email@example.com to let us know if any of your Personal Information is not accurate or changes, so that we can keep your Personal Information up-to-date.
- Objecting: In certain circumstances, you also have the right to object to processing of your Personal Information and to ask us to block, erase and restrict your Personal Information. If you would like us to stop using your Personal Information, please contact us at firstname.lastname@example.org.
- Porting: You have the right to request that some of your Personal Information is provided to you, or to another data controller, in a commonly used, machine-readable format.
- Erasure: You have the right to erase your Personal Information when the Personal Information is no longer necessary for the purposes for which it was collected, or when, among other things, your Personal Information have been unlawfully processed.
- Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy through the courts.
You may, at any time, exercise any of the above rights, by contacting us at email@example.com together with a proof of your identity, i.e. a copy of your ID card, or passport, or any other valid identifying document.
Right to withdraw consent
If you have provided your consent to the collection, processing and transfer of your Personal Information, you have the right to fully or partly withdraw your consent. To withdraw your consent please follow the opt-out links on any marketing message sent to you or contact us at firstname.lastname@example.org.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise, or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of Personal Information for the provision of our services.
We reserve the right to update and change this Policy from time to time in order to reflect any changes to the way in which we process your Personal Information or changing legal requirements. Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Policy.
Web Beacons: Our site may contain electronic images known as Web beacons (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our site is used and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications and marketing campaigns.
The information below explains more about the cookies we use on our site, and why we use them:
- Authentication: we use these cookies to verify your account and determine when you’re logged in.
- Security: we use these cookies to help keep your account safe and secure. We also use these cookies to combat activity that violates our policies or otherwise degrades our ability to operate our website.
- Google Analytics cookies: we use these cookies to collect information about how visitors use our website, including details of the site where the visitor has come from and the total number of times a visitor has been to our website. We use the information to improve our website and enhance the experience of its visitors.
- Analytics and research: we use these cookies to better understand how people use the website so that we can improve our service.
You can enable or disable cookies by modifying the settings in your browser. You can find out how to do this, and find more information on cookies, at: https://www.allaboutcookies.org/.