Privacy policy

Effective as of: May 16, 2024

About this Policy

This Privacy Policy describes how we process your personal data at Neural Assembly Int AB, the provider of Cogmed. From now on, we'll call it the 'Policy'.

This Policy is not the Cogmed Terms of Service, which is a separate document. The Terms of Service outline the legal contract between you and Neural Assembly Int AB for using the Cogmed Service. It also describes the rules of Cogmed and your user rights

Your personal data rights and controls

Privacy laws give certain rights to individuals over their personal data.

The table below explains:

  • your rights
  • circumstances when they apply
  • how to use them

 It is your right to...

Be informed
Be informed of the personal data we process about you and how we process it.
We inform you:
- through this Policy
- by answering your specific questions and requests when you contact us.
Know/Access
Request to know and access the personal data we process about you.
To request a copy of your personal data from Cogmed you can contact us.

When you download your data you will receive the information about your data that Cogmed has to provide under applicable laws.
Correction
Request that we amend or update your personal data where it’s inaccurate.
You can edit your User Data under ‘Settings’ in your account or by contacting us.
Deletion
Request that we delete certain of your personal data.
You can also contact us to request deletion.
Right to Opt-Out
Request to opt out of the processing of your personal data for ‘sharing’ or ‘targeted advertising’ purposes, as defined under certain privacy laws. .
You can exercise your right to opt out by contacting us.
Data portability
Request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service.
You can request a copy of your personal data by contacting us.
Not be subject to automated decision making
Not be subject to a decision based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.
Neural Assembly Int AB does not carry out this type of automated decision making in the Cogmed Service.
Withdrawal of consent
Withdraw your consent to us collecting or using your personal data.

You can do this if Cogmed is processing your personal data solely based on your consent.
To withdraw your consent, you can:
- adjust the relevant control on Cogmed
- contact us

How?

Personal data we collect about you

These tables set out the personal data we collect from you

 Categories

User Data
Personal data that we need to create your Cogmed account and that enables you to use the Cogmed Service.

The types of data collected and used depends on the type of Service Option you have. It also depends on how you create your account and, the country you are in.

This may include your:
- profile
- name
- username
- email address
- password
- phone number
- date of birth
- gender
- street address
- country
- find-coach data
- time zone
Collected when you sign up for the Cogmed Service or when you update your account.

Description

Usage Data
Collected and processed about you when you’re accessing or using the Cogmed Service and website.
Information about how you use Cogmed
Examples include:
- information about your Service Option
- your actions with the Cogmed Service (including date and time), such as:account settings
- training data

Your technical data
Examples include:
- URL information
- online identifiers such as cookie data and IP addresses
- browser type

When

We receive some of the data mentioned above from third parties. The below table describes the categories of those third parties.

 Categories of Third  Parties

Technical service partners
We work with technical service partners that give us certain data. This includes mapping IP addresses to non-precise location data (e.g., country or region, city, state). This makes it possible for Cogmed to provide the Cogmed Service, content, and features.

We also work with security service providers who help us protect user accounts.
User Data

Usage Data

Description

Advertising and marketing partners
Usage Data
We receive inferences from certain advertising or marketing partners. These inferences are the partners’ understanding of your interests and preferences.
This allows us to deliver more relevant ads and marketing.

Data Categories

Our purpose for using your personal data

The table below sets out:

  • our purpose for processing your personal data
  • our legal justifications for processing your personal data
  • categories of personal data which we use for each purpose

 Purpose for processing  your data

To provide the Cogmed Service in accordance with our contract with you.
For example, when we use your personal data to:
- set up an account for you
- perform the training program
Contract with you
User Data
Usage Data

Legal justifications

To provide certain additional voluntary features of the Cogmed Service. When this is the case, we will clearly ask for your consent.
User Data
Usage Data
Find Coach Data
Consent
To diagnose, troubleshoot, and fix issues with the Cogmed Service.
Contract with you
User Data
Usage Data
To evaluate and develop new features, technologies, and improvements to the Cogmed Service.
For our own justifiable interest
User Data
Usage Data
For marketing or advertising where the law requires us to collect your consent.
For example, when we use cookies to understand your interests or the law requires consent for email marketing.
Consent
User Data
Usage Data
To comply with a legal obligation that we are subject to.
Legal Obligation
User Data
Usage Data
To conduct business planning, reporting, and forecasting.
For example, when we look at aggregated user data like the number of new sign ups in a country in order to plan new locations to launch our products and features in.
For our own justifiable interest

Categories of personal data used for the purpose

User Data
Usage Data
To conduct research and surveys.
For example, when we contact our users to ask for your feedback.
For our own justifiable interest
User Data
Usage Data

Disclosing your personal data

See this table for details of who we disclose to and why:

 Categories of recipients

Service providers
User Data
Usage Data
So they can provide their services to Cogmed.
These service providers include those we hire to:
- give customer support
- operate the technical infrastructure we need to provide the Cogmed Service
- assist in protecting and securing our systems and services

Categories of data

Researchers
User Data
Usage Data

Reason for disclosing

For activities such as statistical analysis and academic study, but only in a pseudonymized format.

Data retention

We keep your personal data only as long as necessary to provide you with the Cogmed Service and for Cogmed’s legitimate and essential business purposes, such as:

  • maintaining the performance of the Cogmed Service
  • making data-driven business decisions about new features and offerings
  • complying with our legal obligations

Here are some of the categories of our retention periods, and the criteria we use to determine them:

  • Data retained until your Cogmed account is deleted
    We keep data until your Cogmed account is deleted. Examples of this include your Cogmed username and account information. We also typically keep training data for the life of an account, for example, to provide view-my-data in the Coaching Ccenter. When your Cogmed account is deleted, this category of data is deleted or de-identified.
  • Data retained for extended time periods for limited purposes
    After your account is deleted, we keep some data for a longer time period but for very limited purposes. For example, we may be subject to legal or contractual obligations that require this. These may include mandatory data retention laws, government orders to preserve data relevant to an investigation, or data kept for the purposes of litigation.

Transfer to other countries

Because of the global nature of our business, Cogmed transfers personal data internationally with Cogmed group companies, subcontractors and partners when carrying out the activities described in this Policy.

Whenever we transfer personal data internationally, we use tools to make sure the data transfer complies with applicable law.

We also identify and use additional protections as appropriate for each data transfer. For example, we use:

  • technical protections, such as encryption and pseudonymization
  • policies and processes to challenge disproportionate or unlawful government authority requests

Keeping your personal data safe

We're committed to protecting our users' personal data. We put in place appropriate technical and organizational measures to help protect the security of your personal data. However, be aware that no system is ever completely secure.

We have put various safeguards in place to guard against unauthorized access and unnecessary retention of personal data in our systems. These include pseudonymization, encryption, access, and retention policies.

Changes to this Policy

We may occasionally make changes to this Policy.

When we make material changes to this Policy, we'll provide you with prominent notice as appropriate under the circumstances. For example, we may display a prominent notice within the Cogmed Service or send you an email or device notification.

How to contact us

For any questions or concerns about this Policy, contact us via email at privacy@cogmed.com