top of page

COGNUS

Privacy Policy

Effective date: 1 January 2025
Last updated: 25 October 2025

1.  WHO WE ARE

 

  • COGNUS LIMITED (“Cognus”, “we”, “us”, “our”) operates this website and provides technology and strategy consulting services.

  • We are a “data user” under Hong Kong PDPO and, where applicable, a “data controller” under the EU/UK GDPR for website and contact interactions.

  • Registered address: Suite 9-11, 16/F Tai Yau Building, 181 Johnston Road, Wanchai, Hong Kong

  • Contact: privacy@cognus.com

 

2.  SCOPE OF THIS POLICY

 

  • Applies to personal data collected through our website, contact forms, newsletters, event sign-ups, downloads, cookies, and related online interactions.

  • Covers processing under:

    • Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) and Data Protection Principles (DPPs)

    • EU General Data Protection Regulation (EU) 2016/679 and UK GDPR (where visitors are in the EEA/UK)

 

3. WHAT WE MAY COLLECT VIA THIS WEBSITE

 

  • Contact details: name, email, phone, company, role, country/region

  • Content you submit: messages, inquiries, meeting requests, file uploads

  • Marketing preferences: newsletter and event opt-ins

  • Technical/usage data: IP address, device/browser type, language, pages viewed, time on page, referring URLs, geolocation (approximate), cookies/SDK identifiers

  • Security logs: timestamps, error logs, consent records

  • Recruitment (if applicable): CV/resume, cover letter, LinkedIn URL

  • Sensitive data: we do not intentionally collect; please avoid submitting sensitive categories. If necessary, we will seek a lawful basis (e.g., explicit consent).

4. HOW WE COLLECT

  • Directly from you via web forms, newsletter sign-up, event registrations, or email links

  • Automatically via cookies, pixels, and similar technologies

  • From third-party providers (analytics, email delivery, form processors) acting on our instructions

 

5. WHY WE USE YOUR DATA (PURPOSE) AND LEGAL BASES

  • Respond to inquiries and provide requested information or demos

    • Legal basis: Contractual necessity (pre-contract steps) / Legitimate interests

  • Manage subscriptions, send newsletters, insights, and event invitations

    • Legal basis: Consent (EEA/UK); PDPO-compliant consent/opt-out in Hong Kong; Legitimate interests where soft opt-in applies

  • Website operation, performance, and security (fraud prevention, diagnostics)

    • Legal basis: Legitimate interests; Legal obligation where applicable

  • Improve content and user experience through analytics and A/B testing

    • Legal basis: Consent for non-essential cookies (EEA/UK); Legitimate interests where permitted

  • Compliance (record-keeping, responding to regulators) and exercise/defense of legal claims

    • Legal basis: Legal obligation; Legitimate interests

  • Recruitment through the website (if enabled)

    • Legal basis: Contractual necessity; Legitimate interests; Consent where required

PDPO alignment:

  • Data is collected for lawful, directly related purposes; is not excessive; used only for stated or directly related purposes; kept accurate; retained no longer than necessary; safeguarded with reasonable security measures; and accessible/correctable per Section 10.

 

6. DIRECT MARKETING

  • We send professional updates and event invitations only with your consent where required. You may opt out at any time via the unsubscribe link or by emailing privacy@cognus.com.

  • Hong Kong: We will not use your personal data for direct marketing without your consent as required by PDPO.

7. RETENTION

  • We retain personal data only as long as needed:

    • Inquiry records: 24 months after last interaction

    • Newsletter subscribers: until you unsubscribe or after sustained inactivity

    • Web analytics data: 14–26 months (per tool configuration)

    • Security logs: 12–24 months

    • Recruitment submissions: up to 24 months (longer with consent)

  • Data is securely deleted or anonymized when no longer needed.

8. COOKIES AND SIMILAR TECHNOLOGIES

  • We use:

    • Strictly necessary cookies (site operation, security, consent storage)

    • Analytics/performance cookies (traffic, usage patterns)

    • Functionality cookies (remember preferences)

  • Non-essential cookies will only be set with your consent in the EEA/UK via our cookie banner. You can change preferences anytime through Cookie Settings or your browser.

  • Data collected may include IP address, device IDs, and usage metrics.

9. DISCLOSURES (WHO WE SHARE WITH)

 

  • Service providers (processors): hosting/CDN, email and marketing platforms, analytics, security, form processing, CRM—bound by data processing agreements and confidentiality

  • Professional advisors (legal, compliance), regulators, courts, or law enforcement when required

  • Event partners or counterparties for events/content you choose to attend or access

  • Corporate transactions (merger, acquisition, restructuring), subject to appropriate safeguards

  • We do not sell your personal data.

10. YOUR RIGHTS


Hong Kong (PDPO):

  • Request access to and correction of your personal data. A reasonable fee may be charged for access (not correction) where permitted.

  • Submit requests to privacy@cognus.com. We may need proof of identity.

EEA/UK (GDPR):

  • Rights to access, rectification, erasure, restriction, portability, and objection (including to marketing and processing based on legitimate interests)

  • Right to withdraw consent at any time (without affecting prior processing)

  • Right to lodge a complaint with your supervisory authority

11. INTERNATIONAL TRANSFERS

  • Hosting and processing may occur in Hong Kong and other jurisdictions.

  • For transfers from the EEA/UK to countries without adequacy decisions, we use:

    • EU Standard Contractual Clauses and, where applicable, the UK Addendum

    • Transfer impact assessments and supplementary measures (e.g., encryption, access controls)

  • We ensure purpose limitation and security for all transfers.

12. SECURITY

  • We apply appropriate technical and organizational measures: encryption in transit, access controls, least-privilege permissions, network security, backups, vendor due diligence, staff training, and incident response.

  • We will notify authorities and affected individuals where legally required in case of a data breach.

13. CHILDREN

 

  • Our website targets business users. We do not knowingly collect data from children under 16. If you believe a child has provided data, contact us to remove it.

 

14. THIRD-PARTY LINKS AND SOCIAL MEDIA

 

  • Our site may link to third-party websites or social platforms. Their privacy practices are separate; review their policies before submitting data.

15. CONTROLLERS, REPRESENTATIVES AND CONTACT

  • Controller/Data User: COGNUS LIMITED, Suite 9-11, 16/F Tai Yau Building, 181 Johnston Road, Hong Kong

  • Email: privacy@cognus.com

  • EU/UK representative (if Article 27 applies): [Insert details or “to be appointed”]. Contact us for current information.

16. CHANGES TO THIS POLICY

  • We may update this policy periodically. Material changes will be posted on this page with a new effective date. Continued use of the website indicates acceptance of the updated policy.

17. HONG KONG PERSONAL INFORMATION COLLECTION STATEMENT (PICS) — Website

  • Purposes: handle inquiries, manage subscriptions/events, deliver content, analytics, website security, direct marketing with consent.

  • Classes of transferees: hosting and cloud providers, email/analytics vendors, event partners, professional advisors, regulators (where required).

  • Obligation to supply: providing contact details is necessary to process your inquiry or subscription; without them we may be unable to respond.

  • Access/Correction: submit a Data Access Request (DAR) or Data Correction Request (DCR) to privacy@cognus.com.

18. KEY DEFINITIONS

  • “Personal data” has the meaning under PDPO and includes “personal data” under GDPR.

  • “Processing” means operations performed on personal data (collection, use, disclosure, storage, deletion).

ANNEX A — Data Subject Request (DSR) instructions

  • Email privacy@cognus.com with:

    • Your full name, contact email, and country

    • Your request type (access, correction, deletion, restriction, objection, portability, marketing opt-out)

    • Details to help locate your data (e.g., forms submitted, dates)

    • Proof of identity (we will provide secure submission instructions)

  • Timelines: within one month under GDPR (extendable as allowed) and within a reasonable period under PDPO. We will explain any exemptions or limitations that apply.

 

ANNEX B — Cookie categories (example)

  • Strictly necessary: session management, load balancing, security, consent

  • Analytics: aggregated usage statistics (configured with IP masking where available)

  • Functionality: language and preference remembrance

If you have questions about this policy or your data, contact us at privacy@cognus.com.

bottom of page