What is the GDPR?
The European Union General Data Protection Regulation (GDPR) is a regulation that protects European citizens with a unifying set of privacy laws for all EU member states. Made effective in late May 2018, GDPR will not only mean architectural changes to how software providers like Cogsworth treat your data, but also implements a slew of processes and ongoing audits to instill constant vigilance as custodians of user data.
Cogsworth cares about your data security and we are dedicated to compliance with GDPR.
Aren’t you based in Australia? Why do you care?
Cogsworth is a proudly Australian company. However, we provide meeting scheduling and bookings globally, and we can’t control who signs up to our software and where. We already have many users from the EU and we want to ensure that they receive the protection established under GDPR, as we are bound to do.
The GDPR makes a lot of practical and ethical sense, and is considered to be one of the most stringent privacy regulations. So by making sure we are compliant with GDPR we also tick the boxes of many other national regulations.
How will I be affected?
As of the entry into force of this privacy regulation, you will benefit from the GDPR system. Your rights are detailed below.
If you collect customer data using Cogsworth’s service, GDPR may apply to you; be sure to inquire about the implications that this may have for you and your business.
Good security practices
We, at Cogsworth, apply GDPR-compliant organizational and technical security policies and we would recommend you do as well.
For example, all data is encrypted at rest using AWS and we use managed encryption keys to ensure that if the data is compromised it cannot be deciphered. Cogsworth also uses HTTPS connections to ensure that we are always secure.
If you are an individual user, we recommend you follow these security recommendations issued by the University of Berkeley:
All employees of Cogsworth have been made aware of the GDPR compliance practices, and have been provided an updated contract with GDPR statutes included. All future employees will receive such a contract by default. Our contractors are required to sign contracts to ensure that they apply the same level of security as us to your data. By implementing these actions we are ensuring that our staff do not engage in bad practices. Ongoing audits will also maintain these standards.
Data collected by Cogsworth
Cogsworth complies with all applicable data protection laws, and will not use your personal data for other purposes than those listed below.
We collect limited external information from you.
If you need to make specific GDPR enquiries, please get in touch via email@example.com
Cogsworth only collects the data that it needs to provide you with its service. The data we collect is the following:
a) The data about you and your business
- Your name
- Your email
- Your profile picture
- Your business name
- Your business operating addresses
- Your website address
- Your logo
- Your business hours
- The services you provide
- The price you charge for these services
- The duration of these services
- The currency you use
- Your timezone
- Details about the device you use to access our website and service
- place of employment
- telephone number(s)
- date of birth and gender;
- Your individual preferences in respect of the services we provide you;
- Demographic information – normalised through Google Analytics;
- Details as to whether you have taken up any products or offerings we have made;
- Whether you have a connection with others whose personal information we may collect or hold such an employee in your Cogsworth account;
- What, how and when you have dealt with us or expressed an interest in buying from us;
- Any stated preferences for our products or services you have provided to us;
- Custom information which our users set in a custom field in the Cogsworth booking system and which you may be invited to complete as part of requesting a booking or other service.
- Mouse tracking and session recording – may used to track how you interact with our software
b) the data you provide about your customers
- When you use our service, they may complete a customized form with data from participants to the scheduled events. We collect this data in order to schedule the event, and delete it immediately after.
- Our users may request Sensitive Information from you if those users fill in custom fields in a Cogsworth booking page. Our Terms only permit our users to request this information if the information is necessary for their business. Your Sensitive Information may be stored on a central database encrypted.
c) Information from your system
We also collect information from your computer automatically when you browse our Website. This information may include:
- the date and time of your visit;
- your domain;
- operating system;
- the server your computer is using to access our Website;
- search terms you have entered to find our Website or enter on our Website;
- pages and links you have accessed both on our Website and on other websites;
- the pages of our Website you access; and
- your IP Address.
Please note that it may be possible for us to identify you from information collected automatically from your visit(s) to our Website. If you have registered an account with us, we will able to identify you through your user name and password when you log into our website or any applications. Further, if you access our Website via links in an email we have sent you, we will be able to identify you.
We may use statistical analytics software tools such as Google Analytics and software known as cookies which transmit data to third party servers located overseas including in the United States of America. To our knowledge Google Analytics does not identify individual users or associate your IP Address with any other data held by Google.
Why we collect this data
We need the data we collect for the following reasons:
- To deliver our products and services to you;
- To respond to individual and company requests;
- In connection with your attendance or participation in scheduled events
- To manage our relationship with you, evaluate our business performance and build our customer database;
- To provide you with relevant information about our products, services, functions, events or activities;
- To process transactions;
- To enable you to participate in promotions, competitions, surveys and / or enable you to subscribe to mailing lists/newsletters and interact or follow our social media pages, including Twitter, Facebook and Instagram;
- To ask for your feedback and to address any requests you may regarding our services;
- To conduct research, compile or analyse statistics relevant to the operations of our business;
- To facilitate our internal business operations, including fulfilment of any legal and regulatory requirements;
- To create backups of our business records;
- To maintain a customer database or similar record;
- For direct marketing purposes;
- To manage and optimize our Website. This helps us run our Website more efficiently and give you a better experience online. further improve your experience in using our Website;
- To enable our users to offer the Cogsworth service to their customers or potential customers, including for making bookings and reservations
If you choose not to provide us with the data we request, you may experience the following inconveniencies:
- You may not be eligible for latest offers
- You may not be able to upgrade or take advantage of latest plans and features
- You may have sections of the app locked away from you
- You may risk having your account not being backed up
When we collect your data
We collect data about you at the following events:
- When you contact us over the phone, email or chat;
- When we provide you with our services via telephone, our website or via Cogsworth;
- When we provide you with assistance or support for our products or services;
- When you participate in our functions, events, activities or social media pages;
- When you request that we provide you with information concerning our products or services; and
- You complete any forms requesting information from you, complete any survey or provide feedback to us concerning our products or services.
- Where practicable we will only collect information from you personally.
How long we keep your data
Form data is stored on AWS in a GDPR compliant fashion, and erased shortly after valid appointments have taken place.
Exercising your GDPR rights
If you wish to exercise your right to:
- Obtain a copy of your data
- Rectify your data
- Erase your data
- Restrict processing or your data
- Portability of your data
- Object to the processing of your data
- Limited automated decision making / profiling
please contact firstname.lastname@example.org from the email address that is the owner of your Cogsworth account, stating your requests clearly.
If you wish to contact us in relation to personal data matters, please write to us – at your convenience on one of the following addresses:
Cogsworth International Pty Ltd
C/- Piper Alderman Lawyers
Level 23, Governor Macquarie Tower
One Farrer Place, Sydney NSW 2000
or by email to email@example.com
You may also contact the supervisory authority of your place of residence.
Third Party Service Providers and Data controllers
Our integration with Google and Office 365 calendar uses the secure OAuth 2.0 authentication protocol.
Cogsworth is hosted on Amazon Web Services. We are constantly improving our architecture and security and may on occasion employ penetration testers to help ensure our systems are suitably secure.
We use information from third party services such as Google Analytics to help
For more information on how AWS keeps your data safe, you can read their terms here.
We also agree to only transfer your data outside of the European Union, where we have taken measures to ensure GDPR compliance within the areas where this information is being transferred.
In case of a data breach
Should you suspect any unlawful or otherwise unauthorized activity in relation to your cogsworth account, please email us immediately:
In the unlikely event that Cogsworth or its third party affiliates suffers a data breach, we will notify the competent supervisory authority within 72 hours of becoming aware of it; we will also notify you in compliance with the GDPR rules.
The information we provide to the Supervisory authority will be:
- The type of personal data breach, including:
- The type and estimated number of individuals affected; and
- The type and estimated number of personal data records concerned.
- The name and contact details of a point of contact where further information can be obtained, such as that of the data protection officer (DPO);
- The possible outcomes of the personal data breach; and
- A list of measures taken or being taken to deal with the breach and appropriate measures taken to mitigate any adverse effects.
Further important information about Cogsworth’s activity
Cogsworth is not a service intended for children, and is not meant to be used by children. We also do not show or trade any explicit content that would be objectionable to children should they stumble upon the site.
No sensitive data collected
Cogsworth does not collect sensitive data by default as defined by articles 9 and 10 of the GDPR and we do not expect to receive any.
You, as a Cogsworth customer may use the custom form builder to collect data that is compliant with GDPR laws. Cogsworth is HIPAA compliant, and does take extra steps to purge all custom form data collected 24 hours after a scheduled appointment has taken place.
Everytime we create a feature or add functionality that is outside of the consent you provided us, we will prompt you to agree to the updated consent conditions; explicitly and in simple English.
In compliance with GDPR, we only transfer your data to countries that have a level of protection of personal data equivalent to GDPR and approved by the European commission.
Third Party affiliates who process data for Cogsworth
Below are list of the services that we use to run Cogsworth and their respective locations. We ensure safe harbour between these providers.