Our Commitment to Privacy
At Cortex Worldwide, the protection and confidentiality of data is paramount. In this policy we outline the different kinds of data and how we protect it in accordance to the General Data Protection Regulation (GDPR).
What is personal data?
- Company names
- Telephone numbers
- Email addresses
- Mail addresses
- Financial Information
- Personal information about sexuality, gender, religion or political position
Why do we process data?
- Accounting purposes
- Contractual purposes
- Cookies from our website
- Sign form on our website
- Job applications
How do we safeguard data?
- We store and transmit data securely
- We don’t share data
- We hold data no longer than necessary
- Our suppliers are GDPR compliant
Why is it important?
Legal compliance - We need to be compliant with applicable privacy and data protection laws, regulations and treaties (“Applicable Laws”). Companies cannot be compliant in one region but do business and be non-compliant in another. If we are found not to have complied with Applicable Laws, this can have serious consequences for Cortex, such as harm to our reputation and financial penalties.
Clients – More multi-national clients are including data protection and privacy terms and requirements in the contracts we sign. Cortex Worldwide understand what these terms mean and how they impact on our existing technology infrastructures. We also understand the implications of these terms when proposing new research techniques, marketing, digital applications or other products to clients that involve personal information.
Consumers – We need to make sure that we always communicate with consumers in an appropriate manner. What is appropriate will vary by country and you should be aware of the legal requirements where you do business. “Appropriate” may mean informing consumers in a timely manner where their information is stored, who can access it and how it is used. Operating companies should communicate with consumers transparently.
General Data Protection Regulation
On the 25th of May 2018 the General Data Protection Regulation (GDPR) came into effect. This regulation ensures Personal Identifiable Information (PII) is protected and the relevant controls are in place for the rights of the data subject. GDPR involves 3 categories of people, the data controller, the data processor and the data subject.
The Data Controller
A data controller presents a central figure when it comes to protecting the rights of the data subject (the individual). The data controller controls the overall purpose and means, or the ‘why’ and ‘how’ the data is to be used.
The Data Processor
The data processor processes the data according to the instructions and purpose given by the data controller.
The Data Subject
A data subject is any person whose personal data is being collected, held or processed. GDPR proposes a set of rules that are meant to help data subjects and enforce their rights against abusive personal data processing.
You (the data subject) have the following rights about the personal data concerning you, that you can assert:
- right of access
- right to rectification
- right to restriction of processing
- right to object to processing
- right to withdraw your consent
- right to receive the data in a structured, commonly used, machine-readable format (‘data portability’) and the right to transfer the data to another controller
Our Processing of Data
For our business to operate there are times that we must process personal data:
The temporary processing of your IP address along with other information, is needed to deliver the website to your device.
In addition to the IP data, cookies are stored in the internet browser of the device you use to access the website. These are small text files with a sequence of numbers that are stored locally on the user’s computer. Cookies require consent from the user.
Our website also contains a contact form, the data we process is the minimum necessary for contact use by our marketing team. The submission process on the website is encrypted using SSL/TLS technology.
If you wish to submit interest in our product through a marketplace, the data we process is the minimum necessary for contact use by our marketing team. The submission process on the website is encrypted using SSL/TLS technology.
We will have to process personal data for the initiation, creation, execution and/or termination of a legal transaction with our company (Art6 GDPR).
We process the data necessary for the application process (contact details) as well as data that you have sent us about relevant work experience and/or academic qualifications, in order to check your suitability for the position.
In the event of an unsuccessful application, the data will be destroyed securely within 30 days.
Upon a successful application process and employment, the personal data will be transferred into our HR system.
In the context of our platform, CortexOne is a data processor and our customers are data controllers. This means our customers are responsible for the data they deploy on our platform. It is our duty in the contractual process to ensure our customers understand how data and where data is stored. Our platform uses Microsoft Azure as a sub processor. Agreement to sub processing on Microsoft Azure is also made in the contractual process.
All of our suppliers have gone through a screening process ensuring they are GDPR compliant. We are obligated to ensure the same level of security and privacy from our suppliers and sub processor as we provide to our customers.