Privacy Policy

What is the purpose of our Privacy Policy?

Cogniteev, which manages the website www.oncrawl.com, places great importance on protecting and safeguarding your personal data, which represents for us a guarantee of trust and seriousness.

Our Privacy Policy demonstrates our commitment to complying with applicable data protection rules, in particular the General Data Protection Regulation (“GDPR”).

It aims to inform you about how and why we process your personal data in relation to the services we provide.

Who is this Privacy Policy for?

This policy applies to you, regardless of your place of residence, if you are at least 15 years old, whether a client or a visitor of www.oncrawl.com.

If you are under the legal age, you must obtain prior consent from a parent or guardian and inform us by email at dpo@oncrawl.com.

Why do we process your personal data and on what basis?

How did we obtain your personal data?

Directly from you, or with your prior consent, indirectly via partners or social networks. You are responsible for information you voluntarily post.

What personal data do we process and for how long?

What rights do you have?

All requests must be sent directly to dpo@oncrawl.com. Requests via a third party will not be processed. Proof of identity may be requested. Maximum response time: 3 months.

Who has access to your personal data?

Our teams and technical providers, solely for service operation. We never transfer or sell your data to third parties or commercial partners.

Can your personal data be transferred outside the EU?

Our servers are located in the EU. We ensure that tools used also comply with data protection requirements.

How do we protect your personal data?

We implement all necessary technical and organizational measures to safeguard your data.

Do we use cookies?

WE DO NOT USE ANY ADVERTISING COOKIES. Statistical cookies are used; see our Cookie Policy for more information.

Who can you contact?

For more information, contact our DPO at dpo@oncrawl.com.

How to contact CNIL?

CNIL Complaints Service, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07. Phone: 01.53.73.22.22.

Can the Privacy Policy be modified?

We may modify this policy at any time to comply with legal requirements and new processing activities.

Data Processing Agreement

1. Introduction

The Data Processing Agreement (hereinafter the « Agreement ») aims to govern the use of Personal Data belonging to clients (hereinafter the « Client ») of Cogniteev (hereinafter the « Processor » or « Cogniteev ») when they use the feature of log monitoring and analysis provided by Cogniteev (hereinafter the « Service »).

2. Definitions

The terms “adequacy decision”, “technical and organisational measures”, “data subjects”, “data protection by design”, “data protection by default”, “register”, “joint controller(s)”, “controller”, “processor”, “processing”, “personal data breach” in the Agreement have the meanings described in Articles 4 et seq. of the GDPR.

Other terms are defined below:

3. Contractual relations and terms

The Agreement is an integral part of the Contract signed between the Client and the Processor for the use of the Service.
In the event of any conflict between the Contract and the Agreement, the obligations in the Agreement shall prevail with regard to the GDPR.
The Agreement remains in force for the entire duration of the Contract and may continue beyond that date as long as all obligations set out herein remain applicable.

4. Role of the Parties and scope of application

The Client acts as the data controller and Cogniteev acts as a data processor within the meaning of Article 28 of the GDPR.
The Parties cannot be considered joint controllers.
In case of an error or change of status, the Parties will update the Agreement as soon as possible.

The Agreement exclusively governs processing carried out as a Processor under Article 28 GDPR, excluding processing carried out by Cogniteev as a data controller.

5. Instructions and commitments

The Processor undertakes to process the Client’s Personal Data only according to documented instructions in the appendix.
It will immediately notify the Client if an instruction appears unlawful.
The Processor is not liable if the Client maintains an unlawful instruction.

The Processor complies with the GDPR, keeps a processing record, applies “Data Protection by Design” and “Data Protection by Default”, and will never use the Client’s Personal Data for its own purposes.

The Processor ensures security through adequate technical and organisational measures.
It is never liable for the Client’s breaches as data controller.

6. Assistance with the implementation of DPIA

DPIAs must be conducted by the Client.
The Processor provides necessary information upon written request but does not perform DPIAs.

7. Assistance with data subjects requests

Requests from End Users are forwarded to the Client as soon as possible.
The Processor is not required to keep an inventory of such requests nor responsible for the Client’s failures.

Upon written request, the Processor takes the technical measures allowing the Client to respond to data subjects.
Requests addressed to the Processor as data controller are handled solely by the Processor.

8. Assistance with security measures

The Processor provides all necessary information about technical and organisational security measures related to the Service.

9. Personal Data Breaches

The Processor notifies the Client as soon as possible and no later than 48 working hours after becoming aware of a breach.
The Client acknowledges that its own 72-hour deadline starts only when it becomes aware of the breach.

The Processor is not authorised to notify Supervisory Authorities or End Users on behalf of the Client.

10. Sub-processors

The Client grants general authorisation for Sub-processors, provided it is informed of changes and may object within 8 days.
If objections are admissible, the Processor may withdraw the Sub-processor, implement additional measures, or terminate the Service.

The Processor ensures Sub-processors offer sufficient guarantees and remains liable (within contractual limits) for their breaches.

11. Hosting and transfers outside the European Union

a) Data hosting

The Processor undertakes to host Personal Data exclusively within the EU unless prior approval is obtained and safeguards implemented.

b) Data transfers

Transfers outside the EU are authorised only if Sub-processors comply with the GDPR and transfers rely on adequacy decisions or appropriate safeguards.
Otherwise, prior consent is required.

12. Retention periods and fate of the Client’s Personal Data

Data is retained only for the duration of the Service and deleted at the end of the Contract.
The Client must retrieve data before termination, as deletion is irreversible.
Anonymised data may be retained to improve the Service.

13. Audits

The Client may conduct a yearly written audit questionnaire and, in specific cases, an on-site audit with 30 days’ notice.
Certain areas may be restricted for confidentiality or security.

Discrepancies must be proven and the Processor must remedy them without delay.
In case of dispute, amicable resolution, authority arbitration, or expert review may be proposed.

14. Cooperation with the authorities

The Processor cooperates with the CNIL and informs the Client as soon as possible in case of authority requests concerning the Client’s Personal Data.

15. Contact

Each Party appoints a contact person for this Agreement.
The Processor has appointed Dipeeo SAS as Data Protection Officer:

Email: dpo@oncrawl.com

Postal address: Dipeeo SAS, 95 avenue du Président Wilson, 93100 Montreuil, France

Telephone: 01 59 06 81 85

16. Revisions

The Processor may modify this Agreement if required by legal or Service changes.

Certified compliant by Dipeeo ®

×