Cosine Privacy Notice
Last Updated: April 2022
Cosine respect your privacy. We are committed to safeguarding your privacy and protecting your information against unauthorized use.
This privacy notice (“Notice”) is intended to meet the requirements of both EC Regulation 2016/679 (the EU GDPR) and the Retained Regulation (EU) 2016/679 (the UK GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (both to referred to in this Notice as “GDPR”).
1. Who processes your personal data?
This Notice applies to the processing of personal data by Cosine. For the purpose of this Notice and the GDPR, to the extent any Cosine entity processes your personal data in connection with use cases identified in this Notice, each will be considered a “data controller” of your personal data. Please note that in some cases we may carry out the activities referred to in this Notice in our capacity as a data processor acting on behalf of our clients or as a joint controller. We have made this distinction clear in the Notice.
2. Purpose of this notice
This Notice explains our approach to any personal data that we might collect from you using this website (the “Site”) and any personal data about you we might collect/process in other situations or interactions with us, and the purposes for which we process your personal data. In some instances, this Notice should be read in conjunction with or is superseded by our Workplace Privacy Notice.
This Notice also sets out your rights in respect of our processing of your personal data.
This Notice will inform you of the nature of the personal data about you that is processed by us and how you can request that we delete, update, transfer and/or provide you with access to it or otherwise object to our processing of it for a specific purpose. This Notice is intended to assist you in making informed decisions when using the Site or otherwise providing personal data to us or in other situations where we may process your personal data.
3. How to contact us?
If you have any questions about this Privacy Notice please contact privacy@Cosine-int.com or, if you want to exercise your rights set out in this Privacy Notice by way of submitting a Data Subject Access Request (DSAR), please provide details of your request by completing a DSAR form
4. Type of personal data we collect/process
When we talk about personal data we mean any information which relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, an identification number, location data, an online identifier (such as an IP address) or to other factors that are specific to them, such as their physical appearance. Categories of personal data we may collect and process about you include:
• contact information (e.g. name, physical address, telephone number, email address);
• information for hiring talent and human resources (e.g. work eligibility status, date of birth, qualifications, experience, information relating to your employment and/or education history, skills experience, financial account information, government-issued identification information or dietary requirements) and records of progress through any hiring process we may conduct;
• where we conduct interviews or meetings using virtual meeting facilities, your video images may also be processed;
• any additional data that may identify you which you submit to us including records of correspondence.
For more information about the personal data we collect please refer to the HOW WE USE PERSONAL DATA section below and the OUR USE OF COOKIES AND SIMILAR TECHNOLOGIES section.
5. How we use personal data?
Our primary goal in collecting personal data from you is to:
We set out in more detail below the specific ways in which we may use your personal data.
All Service Enquiries
Our Site allows you to request information about our products and services. Together with details of your request, other contact and personal data that is relevant to your enquiry may be requested. This information is used in order to enable us to respond to your requests.
What is our legal basis for processing?
It is in our legitimate interest to use your personal data in such a way to ensure that we provide the very best customer service we can to you.
Who do we share your personal data with for this purpose?
We may share such personal data with our third party vendors (such as our payment service providers or IT providers), financial institutions, group companies, affiliates, professional advisors, regulatory bodies or other law enforcers or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Client Administration
We may collect personal data about our client and potential client contacts to enable us to respond to client requests, to administer client accounts with us, to conduct credit checks (if permitted by applicable law), and to verify and carry out financial transactions for payments made to us.
What is our legal basis for processing?
It is in our legitimate interests (and those of our clients) to process personal data in this way to ensure we provide the services requested by our clients in an effective and efficient way.
Who do we share personal data with for this purpose?
We may share such personal data with our third-party vendors (such as our payment service providers or IT providers), financial institutions, group companies, affiliates, professional advisors, regulatory bodies or other law enforcers or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Recruitment
If you apply for a job with us or otherwise express an interest in working for us, or we identify you as a potentially suitable candidate for one of our job openings, we will collect contact details and CV or resume information from you through a range of methods including online job sites, via email, in person at interviews and/or by any other method. We use such personal data for the following purposes:
In some Cosine entities, we may operate referral programmes where some of your personal data as detailed above may be shared with us by a third party, typically a current employee. In such cases, we expressly ask the referring third party to confirm that they have your permission to share your details with us.
We use a number of tools (systems and applications) provided by third-party vendors to support with our recruitment processes - the chosen tool(s) may vary depending on the Cosine entity undertaking the recruitment process. We may use technology which is available through these tools to select appropriate candidates for us to consider based on criteria expressly identified by us, or typically in relation to the role for which you have applied. The process of finding suitable candidates using such tools may involve automation, however, any decision as to who we will engage to fill the job opening will be made by our employees.
What is our legal basis for processing?
Where we use personal data in connection with recruitment it will be for the purpose of entering into a contract with you, on the basis of our legitimate interest to use personal data in such a way as to ensure that we can make the best recruitment decisions for Cosine, or to comply with any legal obligations imposed upon us. For specific steps in the recruitment process, particularly if you have applied for a role with us via a third-party site or application, your consent may be requested as the legal basis of processing and to allow your personal data to be shared with or by the applicable third party.
We are unable to control the information that you or authorised third parties share with us about you and so whilst we may not anticipate or seek to process personal data falling into the special categories of personal data (as defined in the GDPR) or personal data relating to criminal convictions or offences, such personal data may nevertheless be provided to us. In such cases, and additionally in those cases where we may seek to process any special categories of personal data or personal data relating to criminal convictions or offences, such processing will only occur in accordance with applicable legislation or with the individual’s explicit consent (where applicable).
Who do we share your data with for this purpose?
We may share such personal data with our group companies, affiliates, third party vendors or professional advisers, clients or such other third parties as indicated in SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Where you apply for a job opening via a recruitment agency, a job site or similar online service provider, you should note that the relevant service provider may retain your personal data and may also request data from us in respect of the progress of your application. In such circumstances, the service provider may be considered a data controller or a data processor of your personal data, depending on the arrangement with us. Any use by the service provider of your data will be in accordance with the service provider's Privacy Notice and the service provider will be subject to the obligations placed on it by applicable legislation.
Marketing communications
We may carry out marketing activities using your personal data. In particular, we may use personal data to form a view on what we think you may want or need, or what may be of interest to you. We may use that information to provide you with marketing information about our events and services we feel may be of interest. We may also provide you with information about media and public relations events.
What is our legal basis for processing?
We rely on our legitimate interest to process your personal data in this way for marketing purposes. However, if you are a consumer, we will not send electronic marketing communications or event invitations to you without your prior consent.
We also provide you with opt out choices regarding personal data uses, particularly around marketing and advertising. To see how you can opt out of marketing communications, please see the section entitled OPT OUT AND UNWANTED COMMUNICATIONS.
Please note if a third party asks us to share personal data so that they can send electronic marketing communications to you, we will obtain your consent prior to sharing the personal data for such purposes.
Who do we share personal data with for this purpose?
We may share your data with our group companies, affiliates, promotions agents, third party vendors (such as our IT providers) or professional advisers or such other third parties as indicated in DATA SHARING section below in connection with this purpose.
Contact Databases
We collect and maintain databases containing information about retailers, SME businesses, on-trade premise and consumers which we use to help provide services to our clients. We may collect this information independently or as data processors acting on behalf of our clients. Such information may include an individual’s name and personal contact information, or business contact details and details of interactions. The type of personal data that we collect may vary depending on the services we are providing to our client. Data collected will always be specific and not excessive to fulfil the data processing task. This information may be information that is purchased by our client or our business, voluntarily supplied to us by those individuals through our Site, during a face to face meeting, or in other situations such as a phone call to our contact centre or via other communication channels such as email, social media or live video contact which may be via a client website, tool or application.
What is our legal basis for processing?
It is in our legitimate interests (or those of our client) to process personal data in this way so that we can provide the services requested by our clients in an effective and efficient way. An additional lawful basis of processing may be determined by our client, the data controller, dependent on the purpose of data processing.
Who do we share personal data with for this purpose?
We may share such personal data with our clients, group companies, affiliates, third party vendors (such as our IT providers) or professional advisers or such other third parties as indicated in SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Business administration and legal compliance
We may use an individual’s personal data for the following business administration and legal compliance purposes:
• to facilitate the operation or effective management of our group of businesses;
• to enforce or protect our legal rights;
• to deal with complaints;
• to protect the rights of third parties (including where health or security of an individual is endangered (e.g. a fire); and
• in connection with a business transition or sale such as a merger, re-organisation, acquisition by another company, or sale of all or a portion of our assets.
What is our legal basis for processing?
Where we use personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we will rely on our obligation to comply with law, such as a court order, to process such personal data.
We will not process any special categories of personal data or personal data relating to criminal convictions or offences except where we are able or required to do so under applicable legislation or with the individual’s explicit consent (where applicable).
Who do we share personal data with for this purpose?
We may share personal data with our clients, group companies, affiliates, agents, partners, third party vendors or professional advisers, emergency service providers or law enforcers or other regulatory bodies (including tax and social security authorities) or such other third parties as indicated in SHARING YOUR PERSONAL DATA section below in connection with this purpose.
Visiting our premises
If an individual visits any of our premises we may collect contact information as part of our sign-in process. We may also capture their image on our surveillance camera or CCTV.
What is our legal basis for processing?
It is in our legitimate interests to process personal data in this way for security reasons.
Who do we share personal data with for this purpose?
We may share such personal data with our clients, group companies, affiliates, recruitment partners or agents, third-party vendors (such as our IT providers) or advisers or law enforcers or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
6. Sharing your personal data
Please note, the types of third parties we share your personal data with is non-exhaustive and there may be circumstances where we need to share personal data with other third parties in order to operate our Sites and to provide our services.
We may share your personal data with any of our group affiliates, or with our agents, partners, clients, contractors, third party vendors, professional advisors or government or regulatory bodies for the following purposes:
(a) provide our services to clients or otherwise receive assistance in processing transactions;
(b) fulfilment of requests for information, receiving and sending communications, updating marketing lists, analysing data;
(c) provision of IT and other support services;
(d) to facilitate the operation and effective management of our group of businesses, including recruitment;
(e) comply with a legal obligation or in connection with a legal claim or dispute or to otherwise protect our legal rights; and
(f) assistance in other ancillary to the operation of tasks, from time to time.
Our agents, partners and contractors will use your information to the extent necessary to perform their functions.
Where a third party is appointed as a data processor, unless required by applicable legislation, the appointed data processor will be obliged by agreement and written instructions provided by us process your personal data only in accordance with our instructions.
We will not sell your personal data to other companies and we will not share it with other companies for them to use without your consent, except in the circumstances listed above or in connection with the sale or merger of Cosine or the division or office responsible for the services.
We will notify you of any other circumstances where we would share your information on a case by case basis.
7. Data transfers outside of the European Economic Area (EEA) or the UK
We may transfer personal data outside the EEA or the UK for storage or processing to certain categories of third parties (as listed above in HOW WE USE PERSONAL DATA) and more specifically to our Parent Company Omnicom in the US or in other locations globally.
In particular when transferring your personal data outside the EEA or the UK, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented:
(a) we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or the UK as applicable; or
(b) we may use specific contracts approved by the European Commission or the UK referred to as the “model clauses” or “standard contractual clauses” which help to safeguard your privacy rights and give you remedies in the unlikely event of misuse of your personal data.
8. How do we obtain your consent?
Where our use of your personal data requires your consent, we will request you provide such consent:
• at the time we collect your personal data following the instructions provided; or
• by informing us by e-mail using the CONTACT DETAILS set out in this Privacy Notice.
9. Our use of cookies and similar technologies
ANALYTICAL COOKIES
Every time a user visits our Site, web analytics software provided by a third party generates an anonymous analytical cookie. These cookies can tell us whether or not you have visited the Site before. Your browser will tell us if you have these cookies, and if you don’t, we generate new ones. This allows us to track how many individual unique users we have, and how often they visit the Site. Unless you have previously downloaded content or subscribed to one of our newsletters on our Site, these cookies are used for statistical purposes only and cannot be used to identify individuals. If you have previously subscribed or downloaded content from our site, we will know the details you gave us for this, such as name and email address.
Cookies used include:
Google Analytics
HubSpot Analytics
The expiration date is varying on different analytics tools between 1 and 3 years.
User data tied to cookies and advertising IDs is also used to detect and prevent ad fraud and ensure that users don’t see ads that they’ve blocked in the past. In these cases, or in cases where Google stores this data on behalf of its customers (e.g. in Google Analytics), data may be stored for periods longer than those specified above. Further information about our use of cookies and similar technologies can be found in our COOKIE POLICY.
SOCIAL MEDIA COOKIES
Social Media providers use electronic tools including ‘Cookies’, ‘Social Plugins’ and ‘Tracking Pixels’ to track your browsing habits, likes and social interactions across the internet in order to build up a profile about you. We enable these on our site to facilitate social sharing.
Facebook
Twitter
LinkedIn
The expiry date for Twitter and LinkedIn cookies is 30 days and 90 days for Facebook cookies.
Further information about our use of cookies and similar technologies can be found in our COOKIE POLICY.
10. Opt out and unwanted communications
To opt-out of any future promotional or marketing communications or any other commercial communications from us, you should send a request to us using our CONTACT DETAILS.
11. Third-party links and services
Our Sites contain links to third-party websites and services. Please remember that when you use a link to go from our Sites to another website or you request a service from a third party, this Privacy Notice no longer applies.
Your browsing and interaction on any other websites, or your dealings with any other third-party service provider, is subject to that website’s or third-party service provider’s own rules and policies. We do not monitor, control, or endorse the privacy practices of any third parties. We encourage you to become familiar with the privacy practices of every website you visit or third-party service provider that you deal with and to contact them if you have any questions about their respective privacy policies and practices. This Privacy Notice applies solely to personal data collected by us through our Service and does not apply to these third-party websites and third-party service providers.
12. How long do we keep your personal information for?
We hold your personal data only as long as we have a valid lawful reason to do so, which includes providing you with the services you have requested, meeting our legal and regulatory obligations, resolving disputes and enforcing our agreements. After the defined retention period, your data will be securely and permanently deleted.
The length of time for which we keep different types of personal data can vary, depending on why we originally obtained them, the reason we process them and the legal requirements that apply to them. If any personal data is only useful for a short period (e.g. for a specific marketing campaign or in relation to recruitment), we will delete it at the end of that period.
Please note that if you are an unsuccessful candidate for a job with us, we may keep your information for a short period.
If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list so that we know not to send you further marketing communications in the future.
13. Confidentiality and security of your personal information
We are committed to keeping the personal data you provide to us secure and we will take reasonable precautions to protect your personal data from loss, misuse or alteration.
We have implemented information security policies, rules and technical and organisational measures across Cosine and adopted best practices to drive privacy-by-design in our operational processes to protect the personal data that we have under our control from:
• unauthorised access;
• improper use or disclosure;
• unauthorised modification; and
• unlawful destruction or accidental loss.
All of our employees, data processors (i.e. those who process your personal data on our behalf, for the purposes listed above) and any other third parties who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of the personal data of all users of our Services.
14. How to access your information and your other rights?
You have the following rights in relation to the personal data we hold about you:
Your right of access
If you ask us, we’ll confirm whether we’re processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
Your right to rectification
If the personal data we hold about you is inaccurate or incomplete, you’re entitled to have it rectified. If we’ve shared your personal data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.
Your right to erasure
You can ask us to delete or remove your personal data in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If we’ve shared your personal data with others, we’ll let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.
Your right to restrict processing
You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us processing it. It won’t stop us from storing your personal data though. We’ll tell you before we lift any restriction. If we’ve shared your personal data with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.
Your right to data portability
You have the right, in certain circumstances, to obtain personal data you’ve provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Your right to object
You can ask us to stop processing your personal data, and we will do so, if we are:
• processing your personal data for direct marketing.
Your rights in relation to automated decision-making and profiling
You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
Your right to withdraw consent
If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.
Your right to lodge a complaint with the data protection supervisory authority
If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal data, you can report it to the data protection authority for the relevant jurisdiction. Following, we have listed the details of the data protection supervisory authorities for the jurisdictions in which we operate:
Benelux
o Belgium - The Data Protection Authority / Autorité de protection des données / Gegevensbeschermingsautoriteit at https://www.autoriteprotectiondonnees.be/citoyen
o Netherlands - The Dutch Data Protection Authority / Autoriteir Persoonsgegevens (AP) at https://autoriteitpersoonsgegevens.nl/
o Luxembourg - National Commiussion for Data Protection / Commission nationale pour la protection des données / Nationale Kommission für den Datenschutz at https://cnpd.public.lu/fr.html
15. Enforcement rights and mechanisms
We will ensure that this Notice is observed and duly implemented. Violations of the applicable data protection legislation in the EEA or the UK may lead to penalties and/or claims for damages.
If at any time you believe that your personal data has been processed in violation of this Notice, or if you have any inquiries or complaints about the use or limitation of use of your personal data, please make contact with us using our CONTACT DETAILS.
Please note that if you have a complaint about our privacy practices, you may contact the data protection supervisory authority for the relevant jurisdiction, details of which are available in this Notice. We are committed to cooperating with data protection supervisory authorities and to comply with their dispute resolution procedures in cases of complaints. We are also committed to complying with any regulations or guidelines that data protection supervisory authorities may issue from time to time in accordance with EEA and Member State or UK data protection legislation. We undertake to register and/or keep our registration updated as a data controller and/or processor where required to do so in jurisdictions where we maintain entities.
16. Changes to this privacy notice
We may make changes to this Privacy Notice from time to time.
To ensure that you are always aware of how we use your personal data we will update this Privacy Notice from time to time to reflect any changes to our use of your personal data. We may also make changes as required to comply with changes in applicable law or regulatory requirements. We will notify you by e-mail of any significant changes. However, we encourage you to review this Privacy Notice periodically to be informed of how we use your personal data.