Information Collection and Consent
Cogniciti collects personal information in order to provide its assessment and testing services and to operate and manage its Website. The types of personal information collected include information about your personal characteristics (e.g., gender, age), personal contact information (e.g., e-mail address, phone number) and health (e.g. health history, health conditions).
You are under no obligation to provide personal information, with the caveat that your refusal to do so may prevent you from using certain portions of the Website. Cogniciti does not collect, use or disclose personal information without your consent, except as required by law or as set out below.
Cogniciti will identify the purposes for which personal information is collected at or before the time it is collected. If Cogniciti seeks to use personal information that has been collected for a purpose not previously identified, it will seek your consent prior to use, unless it is otherwise required by law.
Automatic Information Collection
Whenever you interact with our Website, Cogniciti automatically collects, receives and records information on our server logs from your browser including browsing actions and patterns. The information includes your internet protocol (IP) address, cookie information, the page you requested and test data results, login data, browser type and version, location and operating system and platform.
Some Web browsers may be configured to send Do Not Track signals to websites, or users may use similar mechanisms, to indicate a user’s preference that certain web technologies not be used to track the user’s online activity. The Website does not accept or process such Do Not Track signals or similar mechanisms.
How We Use Your Personal Information
Cogniciti uses your personal information to provide you with assessment and testing services and to enable you to use our Website tools. We also use personal information to manage and improve our Website and our assessment and testing services.
In addition, with your consent, we may use personal information to contact you in relation to our Brain Health Registry or with notices about our services or the services of our third party partners.
If you would like to opt out of future electronic communications from Cogniciti, you may indicate this preference by selecting the unsubscribe instructions at the end of our electronic communications. Please note that if you opt out of messages from us, we may continue to send you account-related updates so as to continue to support your account.
Use of Aggregate Data and Research
Cogniciti uses non-identified (anonymized) aggregate information, and may share this information with its research partners and other organizations to measure and quantify the effectiveness of its assessment programs and to develop new healthcare solutions. The aggregate data may also be used to develop marketable treatments, devices, new drugs or patentable procedures. This data is non-identified and used in aggregate form; i.e. it has no reference to data that could link test results to you or to any other test taker.
Limiting Disclosure of Your Personal Information to Third Parties
Cogniciti does not disclose your personal information, except with your consent or as required by law. For example, Cogniciti may be required by law to disclose personal information in response to a subpoena, court order, or other legal mechanism.
Cogniciti makes reasonable efforts to ensure that any personal information you provide is maintained in a secure environment. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. While we strive to protect your personal information, Cogniciti cannot warrant the security of any personal information you transmit to us or from our on-line services, and you do so at your own risk.
Cogniciti has implemented and maintains reasonable and appropriate security measures, procedures and practices to protect against the loss and unauthorized access, use, modification, destruction or disclosure of your personal information while it is in our custody or under our control. For example, we use SSL encryption, firewalls, anti-virus and system security monitoring.
We also limit access to your personal information to those employees, contractors and agents who have a business need to know.
Cogniciti processes and stores personal information using our server(s) based in Canada.
Children's Online Privacy Protection
Cogniciti understands the importance of protecting children's privacy, especially in an online environment. The Website is not designed for or directed at children. It is our policy not to knowingly collect or maintain information about anyone under the age of 18.
Links to Third Party Websites
The Website may contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. Cogniciti neither owns nor controls these third-party websites and accordingly assumes no responsibility for the information practices of those websites. You should inform yourself with the privacy policies (if any) of those third-party websites.
We will retain your information for as long as your account is active or as needed to provide you with our assessment services, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Withdrawal of Consent
If you wish to cancel your account or withdraw (revoke) your consent for the collection, use or disclosure of your personal information at any time, please contact us at firstname.lastname@example.org. Your withdrawal of consent is not retroactive, since Cogniciti may already have used your information for the purposes described here; it will be applied on a go-forward basis.
Notice to California Residents
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To request a copy of this information or to opt out of these disclosures, please contact our Privacy Officer as indicated below.
European Economic Area (EEA) Notice
Transfers of Personal Information
Cogniciti is a data controller and responsible for your personal information, which Cogniciti processes and stores in Canada. The European Commission has decided that Canada ensures an adequate level of protection of individuals’ personal information.
Your Legal Rights
Under certain circumstances, you may have rights under the data protection laws in relation to your personal information, including the right to:
- Request access to your personal information.
- Request correction of your personal information.
- Request erasure of your personal information.
- Object to processing of your personal information.
- Request restriction of processing your personal information.
- Request transfer of your personal information.
- Right to withdraw consent.
If you wish to exercise any of these rights or for more information about your rights, please contact our Privacy Officer and/or click here.
Contact Our Privacy Officer
Registered users may contact us with requests that we delete their personal information from our systems, or to request access or correction to their personal information. We will attempt to accommodate such requests to the extent possible. If all such information is deleted from our systems, your account may become deactivated. In any event, we may retain an archived copy of your records as required by law or for legitimate business purposes.
The Privacy Officer may be contacted at:
Kimel Family Building, Baycrest Health Sciences
3560 Bathurst Street
Toronto, Ontario Canada M6A 2E1
Telephone: (416) 785-2500 ext. 2008
You may also contact the Privacy Commissioner of Canada at: http://www.priv.gc.ca/ or by telephone at: 1-800-282-1376.
[Last Revised: August 1, 2018]
European Economic Area (EEA) section
Your Legal Rights
Right to request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Right to request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
Right to request erasure of your personal information. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
Right to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
Right to request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal information but we need to verify whether we have overriding legitimate grounds to use it.
Right to request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Information for EU residents who wish to exercise their legal rights
No Fee Usually Required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we my charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What We May Need From You
We may need to request specific information from you to help us to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
UK Supervisory Authority
The UK supervisory authority for data protection issues is the Information Commissioner’s Office www.ico.org.uk.