Effective: May 25, 2018
Cognition Financial Corporation and its affiliate Cognition Lending Corporation (together, "Cognition Financial," "our," "we" or "us") comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Frameworks (together the "Privacy Shield Principles"), as set forth by the U.S. Department of Commerce, regarding the collection, use and retention of Personal Data (as defined below) transferred from European Union (EU) member countries and Switzerland to the United States. We have certified that we adhere to the Privacy Shield Principles with respect to such data. If there is any conflict between this privacy shield policy (this "Privacy Shield Policy") and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern.
To learn more about the Privacy Shield program and to view our certification page, please visit https://www.privacyshield.gov/.
With respect to Personal Data that it receives or transfers pursuant to the Privacy Shield Principles, Cognition Financial is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Please also see our User Privacy Statement for more information regarding our data handling practices.
In this Cognition Financial Privacy Shield Policy:
"Guest" means an individual who accesses and uses the Services and who resides in the EU or Switzerland.
"Personal Data" means any information relating to a Guest that identifies or can be used to identify that Guest, either separately or in combination with other data readily available to us, that we receive in the U.S. from the European Union or Switzerland in connection with the Services, including information received offline.
"Services" means our hosted loan origination software applications and related support services available only to Guests of the Websites.
We commit to comply with the Privacy Shield Principles with respect to Personal Data received from Guests in connection with the use of the Services. This Privacy Shield Policy does not apply to Personal Data transferred under Standard Contractual Clauses or any approved derogation under EU data protection law.
Privacy Shield Principles
We commit to processing Personal Data in accordance with the Privacy Shield Principles as follows:
Prior to collecting Personal Data, we notify Guests covered by this Privacy Shield Policy about the categories of Personal Data that Cognition Financial collects and the purposes for collection and use of their Personal Data. This notice occurs when a Guest saves a loan application on one of the Websites. We will only process Personal Data in ways that are compatible with the purpose for which we collected it or for other authorized purposes.
The types of Personal Data the we collect from Guests depends on the purpose for which each Guest chooses to use the Services.
All Personal Data is collected to operate, manage, improve, and ensure the technical functionality and security of the Services. Before we use Personal Data for a purpose that is materially different from the purpose for which we collected it (as set forth in this Privacy Shield Policy) or that was later authorized, Cognition Financial will provide Guests with the opportunity to opt out.
PLEASE SEE OUR USER PRIVACY STATEMENT FOR MORE INFORMATION.
To the extent Cognition Financial collects a Guest’s Personal Data on any one or more of the Websites, we will obtain opt-in consent whenever Privacy Shield requires, including if we disclose Personal Data to non-agent third parties or before Personal Data is used for a different purpose than that purpose for which it was collected or later authorized.
Please send requests to limit the uses or disclosures of Personal Data to email@example.com.
3. Accountability for Onward Transfer
Cognition Financial shares Personal Data collected through the Services as follows:
PLEASE SEE THE COGNITION FINANCIAL USER PRIVACY STATEMENT FOR MORE INFORMATION.
If we transfer Personal Data covered by this Privacy Shield Policy to a third party, we take reasonable and appropriate steps to ensure that each third-party transferee processes Personal Data transferred in a manner consistent with our obligations under the Privacy Shield Principles. We will ensure that each transfer is consistent with any notice provided to Guests and any consent they have given. We require a written contract with any third party receiving Personal Data and ensure that the third party processes the Personal Data for limited and specified purposes consistent with any consent provided by Guests and provides at least the same level of protection as is required by the Privacy Shield Principles. We take reasonable and appropriate steps to ensure that third parties process Personal Data in a manner consistent with our obligations under the Privacy Shield Principles. If it is determined that the third party cannot meet its obligations, it is required to take reasonable and appropriate steps to remediate or cease processing Personal Data.
Under certain circumstances, we may be required to disclose Personal Data (i) in response to valid requests by public authorities, including for national security, law enforcement, or regulatory requirements, (ii) in response to any legal process served on Cognition Financial or any applicable lender, (iii) to protect the rights or property of Cognition Financial or any applicable lender.
Cognition Financial remains liable under the Privacy Shield Principles if a third-party performing services on our behalf processes Personal Data that we transfer to them that is covered by this Privacy Shield Policy in a manner inconsistent therewith unless we can prove we were not a party to the events giving rise to any damages.
We take appropriate measures to protect Personal Data covered by this Privacy Shield Policy from loss, misuse and unauthorized access, disclosure, alteration, unavailability and destruction. In determining these measures, we consider the risks involved in the processing and the nature of the Personal Data.
5. Data Integrity and Purpose Limitation
We adhere to the Privacy Shield Principles for as long as we retain Personal Data in identifiable form. We take reasonable and appropriate measures to comply with the requirement under the Privacy Shield to retain Personal Data in an identifiable form only for as long as it serves a purpose of processing.
We limit the collection of Personal Data covered by this Privacy Shield Policy to information that is relevant for processing. We do not process Personal Data in a way that is incompatible with the purpose for which it was collected or later authorized by a Guest.
A Guest whose Personal Data is covered by this Privacy Shield Policy has the right to access his or her Personal Data and to correct, amend, limit use of or delete the Personal Data if the Personal Data is inaccurate or processed in violation of the Privacy Shield Principles. Notwithstanding the foregoing, we are not required to grant the rights to access, correct, amend and delete Personal Data if the burden or expense of providing access, correction, amendment or deletion is disproportionate to the risks to the Guest’s privacy or if the rights of persons other than the Guest are or could be violated.
Please submit requests for access, correction, amendment or deletion to firstname.lastname@example.org.
7. Recourse, Enforcement, and Liability
In compliance with the Privacy Shield Principles, we commit to resolve complaints about Guests’ privacy and our collection or use of Personal Data transferred to the United States pursuant to the Privacy Shield Principles. European Union and Swiss Guests with inquiries or complaints about the Privacy Shield Principles should first contact us at email@example.com.
We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If a Guest does not receive a timely acknowledgment their complaint, or if their complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge.
If a complaint cannot be resolved through the above channels, under certain conditions, a Guest may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
We commit to periodically review and verify our compliance with the Privacy Shield Principles and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. We acknowledge that our failure to provide an annual self-certification to the U.S. Department of Commerce will remove us from the Department’s list of Privacy Shield participants.
Changes to this Cognition Financial Privacy Shield Policy
Cognition Financial may amend this Privacy Shield Policy, including notice about any amendment, consistent with the requirements of the Privacy Shield Principles.
How to Contact Cognition Financial
If a Guest has any questions about this Privacy Shield Policy or would like to request access to their Personal Data, please contact us as follows:
Cognition Financial Corporation
200 Clarendon Street, 3rd Floor
Boston, MA 02116
Attention: Information Security