Privacy Policy

Privacy Policy – How Cognify Partners Protects Your Data

Data Protection & GDPR Policy

1.0 Purpose

To define Cognify Partners Limited’s approach to protecting personal and business data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy ensures that all processing of personal data, including client data, prospect data, and employee data, is lawful, fair, transparent, and secure.

2.0 Scope

This policy applies to:

  • All Cognify Partners employees, contractors, and partners.
  • All systems, software, and platforms used to collect or process data (including Notion, Apollo.io, Xero, n8n, Zapier, and Google Workspace).
  • All personal data processed in the UK or internationally on behalf of Cognify Partners.

It covers both:

  • Operational data processing (client and internal project data)
  • Marketing data processing (B2B outreach and prospecting)

3.0 References

  • UK GDPR (Data Protection Act 2018)
  • ISO 9001:2015 – Clause 7.5 (Documented Information) & Clause 8.5 (Service Provision Control)
  • CP-SOP-001 Document Control & Record Management
  • CP-SOP-010 Lead Generation & Qualification Process
  • CP-SOP-015 Business Audit & Diagnostic Process
  • CP-SOP-020 Client Journey – Discovery to Ongoing Support
  • CP-SOP-009 IT Systems & Data Backup Procedure
  • Cognify Partners Website Privacy Policy (www.cognifypartners.com/privacy-policy)

4.0 Definitions

Personal Data - Any information identifying a living individual (e.g. name, email, IP address).

Processing - Any operation performed on data — collection, storage, analysis, or deletion.

Data Subject - The individual whose data is being processed.

Data Controller - Cognify Partners Ltd, determining the purpose and means of processing.

Data Processor - Third parties processing data on behalf of Cognify Partners (e.g. Apollo.io, Notion).

Legitimate Interest - A lawful basis for processing data where the organisation’s interest is balanced against the individual’s rights.

Sensitive Data - Data revealing racial or ethnic origin, health, or other special categories (not normally processed by Cognify Partners).

5.0 Responsibilities

Managing Director (Data Protection Lead) - Ensures compliance with UK GDPR and oversees data protection strategy.

Quality Manager - Audits data handling processes and maintains records of processing.

Head of Growth - Ensures all outreach activities comply with GDPR and Legitimate Interest assessments.

All Employees & Contractors - Handle data securely and report incidents or suspected breaches immediately.

6.0 Policy Statements

6.1 Lawful, Fair, and Transparent Processing

  • Personal data will only be processed under one of the lawful bases defined in UK GDPR Article 6(1):
    • (a) Consent
    • (b) Contractual necessity
    • (c) Legal obligation
    • (d) Legitimate interest (for B2B prospecting)
  • Data subjects are informed of processing via the company’s Privacy Policy and outreach communications.

6.2 Data Minimisation & Purpose Limitation

  • Only data strictly necessary for operational or marketing purposes will be collected.
  • Data will not be repurposed or shared without lawful basis or consent.

6.3 Accuracy & Retention

  • Data must be accurate and regularly reviewed.
  • Prospect data is deleted after 12 months or upon objection.
  • Client and financial data are retained for 6 years to meet HMRC requirements.

6.4 Security & Access Control

  • All digital systems are password-protected and access-controlled.
  • Two-factor authentication (2FA) is enforced for critical platforms.
  • Backups are managed in accordance with CP-SOP-009 IT Systems & Data Backup Procedure.

6.5 Data Subject Rights

All individuals have the right to:

  • Access their personal data
  • Request rectification or erasure
  • Object to processing
  • Request restriction or portability

Requests should be submitted to info@cognifypartners.com and will be addressed within 30 days.

6.6 International Transfers

Where data is processed outside the UK (e.g. via Apollo.io, Notion, or Zapier), Cognify Partners ensures:

  • The country has an adequacy decision, or
  • Standard Contractual Clauses (SCCs) or other lawful safeguards are in place.

6.7 Data Breach Procedure

In the event of a suspected breach:

  1. Notify the Managing Director within 24 hours.
  2. Contain and assess the incident.
  3. Notify affected individuals and the ICO within 72 hours if required.
  4. Record the breach in the Data Incident Register.

7.0 Marketing and Prospecting

7.1 Outbound Prospecting & Legitimate Interest

Cognify Partners processes publicly available business contact details (e.g. name, role, corporate email, company info) to introduce its B2B services to relevant organisations.

Data Sources:

  • Apollo.io
  • LinkedIn
  • Company websites
  • Google Maps / Google Search
  • ChatGPT enrichment tools
  • Other publicly available directories

Processing is conducted under legitimate interest (Article 6(1)(f)), justified through:

  • A clear relationship between professional role and our services
  • Minimal privacy impact (corporate contact data only)
  • Immediate right to object or opt-out

Prospects can object at any time by replying STOP or emailing info@cognifypartners.com.

Data is deleted within 12 months or sooner upon request.

We never sell, share, or use prospect data for consumer marketing.

7.2 Inbound Data

All inbound enquiries (via website forms or Calendly) are processed under contractual necessity (Article 6(1)(b)) to respond to service requests.

8.0 AI & Automation Tools

Cognify Partners may use AI-enabled systems (e.g. ChatGPT, Notion AI, n8n) to assist in workflow design and data analysis.

All AI use is:

  • Restricted to non-sensitive business information
  • Human-reviewed before client use
  • Compliant with confidentiality and GDPR standards

No personal data is used to train external AI models.

9.0 Records & Retention

Prospect data - 12 months - Notion CRM

Client project data - 6 years - Notion / Drive

Financial & tax records - 6 years - Xero

Employee records - 6 years post-employment - Secure Drive

Data breach logs - 6 years - Secure Register

10.0 Review & Continuous Improvement

This policy is reviewed annually or upon significant regulatory or operational change.

Revisions are controlled through CP-SOP-001 Document Control & Record Management.

Revision - 1.0

Date - 01/09/2025

Description of Change - Initial release aligned with ISO 9001 and UK GDPR

Prepared By - P. Conlan

Approved By - P. Conlan

Frequently Asked Questions

Find quick answers to common questions about Cognify Partners.

How do I get started with Cognify Partners?
What does a partnership with you look like?
What types of businesses do you work with?
How do you ensure compliance with UK regulations?
Do you only use AI tools?
Will we need technical skills for the systems you build?
How quickly will I see results?
What kind of ROI can I expect?

Let’s make your business work smarter, together.

At Cognify Partners, we combine expertise with automation to save you time, cut costs, and strengthen the way you operate. Whether you’re looking to streamline tasks or unlock growth, we’re here to build systems that work for you, not the other way around.

Free Discovery Call