Overview
This page summarizes how Cogniroot approaches European data-protection principles. It complements our Privacy Policy and is intended to make GDPR-related information easier to find.
1. Roles
For core platform accounts, payments, support, certificates, and security operations, Cogniroot generally acts as a data controller. For some vendor-managed learner records and uploaded content, Cogniroot may process data on behalf of the relevant vendor according to platform configuration and applicable agreements.
2. Lawful bases
Depending on the activity, we rely on contract performance, legitimate interests, legal obligations, consent, or vital security interests. For example, we process learning records to deliver purchased services and certificate records to verify completion.
3. GDPR rights
Where GDPR applies, you may have rights to access, rectify, erase, restrict, object, withdraw consent, and receive a portable copy of your data. Some rights may be limited by legal obligations, fraud prevention, certificate verification, or records needed to defend claims.
- Access: request a copy of relevant personal data.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request deletion where retention is no longer required.
- Restriction or objection: ask us to limit or stop certain processing.
- Portability: request export of data you provided where applicable.
4. International transfers and processors
Some service providers may process data outside your country. Where required, we use safeguards such as appropriate contractual terms and careful processor selection.
5. Request handling
We may need to verify your identity before fulfilling a GDPR request. We aim to respond within the timeframe required by applicable law and will explain if more time is needed.
6. Contact
Send GDPR or data-protection requests using the contact email shown on Cogniroot. If you are a learner attached to a vendor, we may coordinate with that vendor when appropriate.