Privacy Policy for Cognatio Lab Limited


Effective Date: 1st January 2025

Last Updated: 22nd March 2026

ICO Registration Reference: ZB886925


Cognatio Lab Limited ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, use our services, interact with us in any way, or when we contact you as part of our business development activity.


This policy is written in plain English and is intended to give you a clear understanding of your rights and our obligations under UK GDPR and the Data Protection Act 2018.


1. Information We Collect


We may collect and process the following categories of personal information:


  • Personal Identification Information: Name, email address, phone number, job title, and company information.

  • Payment Information: Billing details and transaction history.

  • Technical Data: IP address, browser type, operating system, and usage data about how you interact with our website.

  • Other Information: Information you provide in surveys, feedback forms, or through other communication channels.


  1. Business Development and Lead Data


As part of our business development activity, we may also collect and process the following information about professional contacts and prospective clients:


  • Professional Profile Data: Your name, job title, employer, and professional background information collected when you connect with us on professional networking platforms.

  • Profile URL: The web address of your public professional profile on any platform where you have connected with us.

  • Connection Date: The date on which a professional connection was established between you and a representative of Cognatio Lab.

  • Communication Data: Messages or communications exchanged with us through professional networking platforms or by email, where relevant to a prospective or existing business relationship.

  • Company and Sector Information: Your employer's name, industry sector, and approximate size, where this information is available from your public professional profile or correspondence.

  • Lead Relevance Score: An internal assessment of the relevance of our services to your professional profile, generated using automated tools. See Section 5 for more detail.

2. How We Use Your Information


We use your information for the following purposes:


  • To provide and improve our products and services.

  • To communicate with you about updates, promotions, and relevant news.

  • To manage billing, payments, and orders.

  • To comply with legal obligations and enforce our terms of service.

  • To analyse website performance and enhance user experience.

  • To record and manage prospective client relationships in our internal contact management system, including logging how and when contact was established.

  • To enrich and structure professional contact information using automated tools, including artificial intelligence services, to ensure our records are accurate and to help us understand how our services may be relevant to you.

  • To log business-related communications (including messages sent or received via professional networking platforms, and relevant email correspondence) against your contact record, to support continuity of service and effective follow-up.

  • To tag and categorise contacts according to the business development campaign through which they were introduced to us, for the purposes of internal reporting and service improvement.


3. Legal Basis for Processing


We process your data based on one or more of the following lawful bases under UK GDPR:


  • Your Consent: Where you have given us clear, informed permission to process your data for a specific purpose, such as subscribing to our newsletter or registering for an event.

  • Contractual Necessity: Where processing is necessary to fulfil a contract to which you are a party, or to take steps at your request before entering into a contract.

  • Legal Obligation: Where processing is required to comply with a legal obligation to which we are subject.


3.1 Legitimate Interests


We rely on Legitimate Interests as our lawful basis for our business development activities, including:


  • Capturing the professional details of individuals who have connected with us on professional networking platforms, where that connection was initiated in a professional B2B context.

  • Storing and managing contact records in our internal CRM system to support organised and timely follow-up.

  • Enriching contact data using automated and AI-powered tools to maintain accurate records and to help us tailor our outreach appropriately.

  • Logging professional communications (messages and emails) against contact records for continuity and service quality.

We have assessed that these activities do not override your rights and freedoms, given the professional B2B context in which data is collected and processed. If you wish to object to processing carried out on the basis of Legitimate Interests, you have the right to do so (see Section 6). Where we cannot demonstrate a compelling legitimate ground that overrides your interests, we will cease that processing.


4. Sharing Your Information


We may share your personal data with:


  • Service Providers: Companies we engage to provide services on our behalf, including technology platforms, payment processors, and marketing tools. All service providers are contractually obligated to process data only on our instructions and in accordance with UK GDPR.

  • Business Partners: Where we run joint events, promotions, or service collaborations with another organisation, limited contact data may be shared with that partner where necessary and with appropriate safeguards in place.

  • Legal Authorities: Where we are required to disclose data by law, regulation, court order, or to protect our legal rights.


We may also engage third-party processors to handle personal data. All processors are contractually obligated to comply with GDPR requirements and ensure data security.


We do not sell or rent your personal data to any third party.


4.1 Categories of Third-Party Data Processors


We use the following categories of third-party processors, all of whom are contractually bound to comply with data protection law and to process data only for the purposes we specify:


  • Professional networking and outreach platforms: We use third-party tools to manage our outreach and engagement activity on professional networking platforms. These tools may receive your professional profile information when processing connection and messaging events on our behalf.

  • Customer Relationship Management (CRM) systems: We store contact records, communication logs, and enrichment data in a cloud-based CRM system to manage our business development pipeline and client relationships.

  • AI-powered data enrichment services: We use third-party artificial intelligence services to help us structure, clean, and analyse professional contact data, for example, to standardise job titles or assess sector relevance. Only the professional data needed for this purpose is shared. Our AI service providers are contractually prohibited from using your data to train their own AI models.

  • Cloud hosting and infrastructure providers: Our automated systems are deployed on cloud infrastructure. Where possible, we select providers with data centres located within the United Kingdom or the European Economic Area (EEA).

  • Email and communication platforms: Where relevant to an existing or prospective business relationship, email communications may be logged against your contact record in our CRM system using email platform integrations.

  • Payment processors: Billing and payment data is handled by specialist payment processing providers. We do not store full card details ourselves.


5. Automated Processing and Artificial Intelligence


We use automated tools and artificial intelligence (AI) services to assist with the management and enrichment of professional contact data as part of our business development activity. This processing may include:


  • Automatically capturing your professional profile information (such as name, job title, and employer) when you connect with a member of the Cognatio Lab team on a professional networking platform.

  • Passing your professional profile data to an AI-powered service that structures and analyses the information, for example, to standardise your job title, identify your industry sector, or generate an internal relevance score based on how our services may apply to your professional context.

  • Automatically logging messages or emails exchanged with us against your contact record in our CRM system.

  • Tagging your contact record with information about how and through which channel you were introduced to us.


This processing is carried out on the basis of our Legitimate Interests (see Section 3.1). It does not involve fully automated decision-making that produces legal or similarly significant effects on you. The outputs, such as a relevance score or sector tag, are used only to help our team prioritise and personalise their outreach; a human is always involved in any substantive decision about how to engage with you.


You have the right to object to this automated processing at any time. If you do so, we will cease processing your data in this way unless we can demonstrate compelling legitimate grounds. See Section 6 for how to exercise your rights.


5A. Providing Your Personal Data: What Happens If You Don't?


Where you provide personal data directly to us, for example, when enquiring about our services, entering into a contract, or completing a form, we will tell you at the point of collection whether providing that data is a statutory or contractual requirement, and whether you are obliged to provide it.



In general:


  • Contact information such as your name and email address is necessary for us to respond to your enquiry or to deliver our services. Without it, we may be unable to engage with you.

  • Where we have collected your professional contact data as part of our business development activity (for example, following a connection on a professional networking platform), providing this data was not a requirement you were asked to fulfil. You are entitled to ask us to stop processing it or to delete it at any time (see Section 6).

  • Payment information is required where you are entering into a paid engagement with us. Failure to provide it will mean we cannot complete the transaction.


6. Your Rights


Under applicable data protection laws, including UK GDPR, you have the following rights in relation to your personal data:


  • Right of Access: The right to request a copy of the personal data we hold about you.

  • Right to Rectification: The right to ask us to correct any inaccurate or incomplete data we hold.

  • Right to Erasure: The right to ask us to delete your personal data where there is no compelling reason for us to continue processing it.

  • Right to Restriction: The right to ask us to restrict how we process your data in certain circumstances.

  • Right to Object: The right to object to our processing of your data where we rely on Legitimate Interests as our lawful basis, including the right to object to automated processing as described in Section 5.

  • Right to Data Portability: The right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller, where processing is based on consent or contract.

  • Right to Withdraw Consent: Where processing is based on your consent, the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

  • Right to Complain: The right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.


To exercise these rights, please contact us at info@cognatio-lab.com. We will respond within one calendar month of receiving your request.


7. Data Retention


We retain your personal data for as long as is necessary to fulfil the purposes outlined in this Privacy Policy, or as required by law:


  • Website visitor data: Retained for up to 24 months from last interaction, unless required for legal purposes.

  • Client and contractual data: Retained for the duration of the relationship plus up to 7 years, in line with legal and accounting obligations.

  • Business development and CRM contact data: Retained for as long as there is a reasonable prospect of a business relationship, or until you exercise your right to erasure. Records are reviewed periodically and removed where they are no longer relevant.

  • AI enrichment and processing data: Enrichment outputs are stored as part of your CRM record and subject to the same retention approach as CRM contact data. Data sent to AI processing services is not retained by those services beyond the immediate processing transaction.

  • Communication logs: Retained as part of the contact record for the duration of the prospective or active client relationship.


8. Data Security


We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:


  • Encrypting data in transit using industry-standard protocols (TLS/HTTPS).

  • Restricting access to personal data to authorised personnel only, on a need-to-know basis.

  • Using cloud services and hosting providers that offer robust security controls and maintain relevant certifications.

  • Verifying the authenticity of automated data feeds using cryptographic signature checks to prevent unauthorised data injection.

  • Conducting periodic reviews of our data processing activities and the security posture of third-party providers.


9. Data Breaches


Cognatio Lab Limited will promptly investigate and report any data breaches to the Information Commissioner's Office (ICO) within 72 hours, if required, and notify affected individuals where necessary.


10. Cookies and Tracking


Our website uses cookies and similar tracking technologies to enhance your experience and analyse how our website is used. You can manage your cookie preferences through your browser settings or through our cookie consent tool. For more detail, please see our separate Cookie Policy.


11. Third-Party Links


Our website and communications may contain links to third-party websites, including professional networking platforms. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information.


12. International Data Transfers


Some of the third-party service providers we use, including providers of CRM systems, AI processing services, and cloud infrastructure, may be based outside the United Kingdom or the European Economic Area (EEA), including in the United States.


Where your data is transferred to a country that does not benefit from a UK adequacy decision, we ensure it is protected by one or more of the following mechanisms:


  • Standard Contractual Clauses (SCCs) approved by the relevant supervisory authority.

  • UK International Data Transfer Agreements (IDTAs), where applicable.

  • Other lawful transfer mechanisms approved under UK GDPR.


We take care to select third-party providers that maintain high data protection standards and, where possible, offer EU or UK data residency options to minimise the need for international transfers.


13. Changes to This Privacy Policy


We may update this Privacy Policy from time to time to reflect changes in our practices, the tools we use, or our legal obligations. The latest version will always be available on our website with the effective date shown at the top.


Where a change is material (for example, where we introduce a new category of processing that significantly affects your rights), we will take reasonable steps to bring it to your attention.


14. Contact Us


If you have questions, concerns, or requests regarding this Privacy Policy, please contact us at:


Data Controller

Cognatio Lab Limited

ICO Registration Reference: ZB886925

Email: info@cognatio-lab.com


You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.


By using our services, you agree to the terms of this Privacy Policy. Thank you for trusting Cognatio Lab Limited with your personal information.