Privacy Policy

Please be advised of the following:

COSMOS Cyber Security L.L.C. is a United Arab Emirates based limited liability company operating its services internationally, including the territory of Europe.
This Data Protection Statement, drawn up in accordance with the requirements of the General Data Protection Regulation, is applicable in addition to our Data Protection Statement in accordance the requirements of the ADGM Data Protection Regulations 2021 (DPR 2021). This Privacy Policy is only applicable for our European customers, affiliated (business) partners, service providers and/or or other (Third) parties in Europe that Cosmos Cyber Security L.L.C. Processes Personal data of. If you are located outside Europe, this Data Protection Statement does not apply to you. Please refer in that case to our general Data Protection Statement in accordance with the DPR 2021.

1.Who are we and why this Data Protection Statement

With this Data Protection Statement, we, Cosmos Cyber Security L.L.C. (hereinafter “COSMOS”, “Cosmos Cyber Security”, “Cosmos Cyber Security Limited Liability Company”, “we” or “us”), describe to our Data Subjects (hereinafter “you”, the “client” or “Data Subject”) how we collect and further process your Personal data according to the General Data Protection Regulation (“GDPR”). In this Data protection statement we intend to specifically inform you about us as the Controller, who our Data Subjects are, the Processing of your Personal data, the purposes we exert for Processing your Personal data, the Legal basis on which the Processing of the Personal data is based, the retention period(s) that we apply for your Personal data, the use of cookies and tracking technologies, if and under what conditions Data transfer takes place to other organisations (in other countries), our Data security policy and the specific rights the Data Subject has under the GDPR. This Data Protection Statement is not necessarily a comprehensive description of our complete data processing as this Data Protection Statement supplements our Data Protection Statement in accordance with the DPR 2021. it may depend on the relationship that we have with you; in those cases, we will make sure to have you informed about this completely. We have attempted to incorporate the most relevant topics as carefully and comprehensible as possible. It is, however, possible that, depending on the specific circumstances and/or the business-relationship between the Data Subject and COSMOS, other Data Protection Statements, Disclaimers, General Terms and Conditions, Conditions of Participation and/or similar documents are applicable to the relationship between us.

Our contact information:

Cosmos Cyber Security L.L.C.
11th Floor, Office 14th Al Wahda Commercial Tower, 2278 Abu Dhabi, UAE.
Email: info@cosmoscybertech.com

Please note that any (undefined) term in this Data Protection Statement shall, in case the term is defined in the GDPR, have the exact same meaning as defined in the GDPR. The GDPR in all European languages can be accessed via the following hyperlink (please be advised that this takes you to a Third-party website): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679&qid=1684674510473

2.COSMOS as Controller and our appointed EU-Representative:

The GDPR imposes substantial obligations on COSMOS as the Controller of your Personal data. In terms of the GDPR, COSMOS as Controller is defined as “the legal person which, alone or jointly with others, determines the purposes and means of the Processing of your Personal data” (article 4 sub 7 of the GDPR). In other words, we are primarily responsible for and in ‘control’ of the conduct for Processing Personal data.

If you in any case want to contact us about any data protection related concerns, then please don’t hesitate to contact us via our contact information as provided under Section 1 in this Data Protection Statement.

The GDPR additionally requires that COSMOS appoints a European Representative in a European Member State as we have our principal place of business outside the European Economic Area (“EEA”). For this reason, we have appointed Olofsen Legal Consultancy, a Dutch company with its principal office in The Netherlands, as our Representative for privacy related concerns within the EEA:

Contact details of our Representative:

Olofsen Legal Consultancy (Oleco)
Correspondence address: Bolderweg 2, 1332 AT in Almere (the Netherlands)
Chamber of Commerce registration: 74506994

E-mail: privacy.cosmoscybersecurity@oleco.nl

Please feel free to contact either us (Section 1) or our Representative, whichever is easiest and most convenient for you.

In this Data Protection Statement “Personal data” shall be defined as: any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular, but not limited to, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (article 4, paragraph 1 of the GDPR). We only collect and process Personal data that we essentially need for our specified purposes for Processing, as laid out in Section 5 of this Data Protection Statement. We also periodically review the (Personal) data that we retain of our Data Subjects and delete anything we don’t need or use (anymore).

Please note: if you provide us with Personal data of other individuals (such as co-workers, acquaintances, friends, family members or other individuals), please make sure that the respective individuals are aware of this Data Protection Statement and only provide us with their Personal data if you are allowed to do so and such Personal data is correct.

3.  Categories of concerned Data Subjects

For the performance of our activities, we (may) process the Personal data of the following categories of Data Subjects, in addition to the Data Subjects whose Personal Data is processed within internal employment and/or corporate relations:

  • (Potential, past and current) clients from European-member state(s);
  • Affiliated Partners, Business contacts and/or other (Third) parties from European-member state(s);
  • (Web)users on our website or from different online (social media) platforms (e.g. LinkedIn);
  • Representatives, proxies, contact persons and/or employees involved in the business relationship between any of the above-mentioned categories of Data Subjects and COSMOS.
  • Job applicants.

4.The Collection and Processing of Personal data

We primarily process Personal data that we obtain from our clients and business partners, as well from other individuals in the context of our business relationships with them and/or that we collect from them as (web)users when operating our websites and/or (social media) platforms.

There are various methods by which you can provide us and/or by which we collect/Process Personal data from you. For your information, we only refer in this Data Protection Statement to the most common ways in which Personal data is Processed by us.

Our categories of Data Subjects may provide us with their Personal data by:

  • Visiting our website;
  • Filling in (web)forms/registering for our services;
  • During the communication about and/or the performance of our business relationship (e.g., executing the agreement);
  • By e-mail, telephone or via postal mail;
  • Via electronic communication methods (e.g., e-mail, Teams/Zoom, WhatsApp, et cetera);
  • By responding to our message(s) or sending (a) (private) message(s) on social media platforms;
  • By voluntarily (physically) providing us with your Personal data;
  • Other methods not accounted for herein.

Insofar as it is permitted to us, we may also obtain certain Personal data next to the above-mentioned methods from publicly accessible sources (e.g., debt registers, commercial registers, press, internet, social media) or we may receive such information from affiliated partners within Europe, from authorities or other Third parties that are involved in providing our services.

Apart from the (requested) Personal data you directly provide to us or is provided at your own discretion, the categories of Personal data that COSMOS collects and Processes (either being requested or sourced as specified above) depends on the type of (business) relationship you have with us. Some of the following categories of Personal data might therefore not be applicable to your (business) relationship with us. For transparency, please find the following – non-exhaustive – list of categories of Personal data that we (might) Process during our (business) relationship for which we have a pre-designated Purpose and a Legal basis, as will be further explained in Section 5 of this Data Protection Statement. We furthermore do not Process more (Personal) data than is necessary in regard to the Purpose that we Process your Personal data for. The most common categories of Personal data subsist of:

  1. Company data, (First and last) name, e-mail address, phone number, official (correspondence) address, affiliated partner references, financial/tax information, Identification information (insofar necessary and/or having a (legal) obligation to process such Personal data), signature, Personal Data in correspondence between you and other (Third) parties as well as all other (Personal) data that are necessary, legally required and/or useful during the (business) relationship between us;
  2. Affiliated partner references, financial/tax information, signature, Personal Data in correspondence between you and other (Third) parties as well as all other (Personal) data that are necessary, legally required and/or useful during the (business) relationship between us;
  3. Information (insofar considered Personal data) from or regarding our affiliated partners, distributors and other business partners for the Purpose of providing or delivering our or affiliated partners’ services to you or by you (e.g., file/case references, order numbers/references, e-mail correspondence and/or all other (Personal) data necessary and/or helpful in the performance of the agreement(s) between us or provided by you at your own initiative);
  4. Information/extracts (insofar considered Personal data) from (public or restricted) registers (e.g., national registries of entities)
  5. Information (insofar considered Personal data) in connection with your professional role and activities;
  6. Information (insofar considered Personal data) about you in correspondence and discussions with other (Third) parties;
  7. Credit/debit rating information;
  8. Information (insofar considered Personal data) provided to us by individuals associated with you such as colleagues, consultants, legal representatives and/or in other ways involved (Third) parties (e.g., in the form of references, delivery address(es), powers of attorney, information regarding legal regulations such as anti-money laundering and export restrictions for Purposes such as concluding or executing agreements with you);
  9. Information (insofar considered Personal data) Processed from social media or internet (insofar required in connection to e.g., job applications, media reviews, marketing/sales, personalisation of our (digital) services or products et cetera);
  10. (General) statistical data in connection with your use of our website(s) (e.g., anonymised IP address(es), information regarding your device and settings, (our) Cookies, date and time of your visit, websites/pages and content retrieved, applications used, referring website, localisation data and/or other general statistical data about the use of our website and/or content);
  11. Information (insofar considered Personal data) received in connection with administrative or court proceedings (e.g., in the unlikely event that there is a conflict between us);
  12. In the context of a(n open) job application we might Process Personal data such as contact details, CV, grade lists, reference letters, diplomas, a motivation letter and/or other (job) specific information while assessing for potential employment. For screening Purposes, we may also Process online/publicly available information about you such as your social media profiles;
  13. Information about your appearance (if you visit our office in the UAE) – in the form of images and/or videos of recorded situations – obtained via camera surveillance in order to protect our visitors/clients or employees and/or their/our properties as well to prevent mischief;

Please note: our services or website do not intend to collect the Personal data of individuals and/or website visitors under the age of 16, unless we have the explicit legal consent from the parent(s) or guardian(s). Unfortunately, we can never confirm whether a visitor is under the age of 16 as the website(s) and/or our accounts on social media platforms are also accessible to minors. For that reason, we recommend that you are involved in the online activities of your children so that it can be prevented that they distribute their Personal data without your consent. If you believe that we have incorrectly Processed the Personal data of a minor, then please contact us or our Representative (Section 1, Section 2) so that we can examine and correct this accordingly.

5.The Purpose(s), Legal basis and Retention period(s) for Processing your Personal data   

We primarily use your Personal data for the Purpose of concluding and executing agreements with our clients and (affiliated) business partners, in particular in connection to carrying out our services and/or delivering our services and/or products in accordance with our agreement(s), to provide our services and content as well as expanding, developing and/or investing into new services, products and/or business opportunities. We might also use your Personal data, insofar we have a Legal basis, for the Purpose of providing (information on) our other service(s) and/or products and for the procurement of services/products from our business partners/contacts, affiliated partners and/or other (Third) parties involved, as well as to comply with our domestic and foreign Legal obligations. It is also possible that you are involved in our data Processing in the capacity of any of the other categories of Data Subjects as stated in Section 3.

To provide you a clear overview, please find hereunder the most common Purposes that we (might) invoke while Processing your (or other individuals) Personal data. In this paragraph, we explain on which Legal basis the Processing of your Personal data relies and which Retention period we apply for the Personal data that is Processed. Please note, however, that this list is not exhaustive; we may also Process your Personal data in the case that we have a Purpose that is compatible with an ‘original’ Purpose as mentioned under this Section 5.

  • Entering into and executing agreements between us:

Your Personal data (Section 4: A, B & C, (sometimes D, F, G, H) may be Processed by us for entering into and executing agreements with you in the context of providing our services, to maintain contact, for invoicing purposes, account management (and other administrative matters) and for maintaining our (business) relationships with you.

We Process the Personal data on the Legal basis of ‘Contractual necessity’ (“performance of a contract”). If we cannot invoke the Legal basis of Contractual necessity, we then may assert the Legal basis of our ‘Legitimate interest’, insofar we have one. We may also Process the Personal data because of our ‘Legal obligation’ or sometimes (e.g., when creating an account) ask for your ‘Consent’. The above-mentioned information is kept for as long as necessary to properly perform the agreement between us and/or delivering our products to you. We then afterwards delete or Anonymise your Personal data, unless we have a Legal obligation to keep (part of) it longer or have another Purpose and/or Legal basis for the continuance of Processing the Personal data. The financial/tax information regarding our business relationship is kept for as long as is necessary to comply with our Legal obligation to keep our (tax) administration.

  • To contact – or reply – to you (after contacting us):

In case you ask us a question, make requests, fill in online (contact) forms or use the alternative messaging options on our online (social media) platforms/website(s), we in that case (may) Process your Personal data (depending on the information you provide us: see Section 4: A – L). With the use of this Personal data, we (try to) get back to you and – depending on the extent of your question, request or registration – address you promptly and accordingly.

We Process this information either under the Legal basis of ‘Contractual necessity’ (“performance of a contract”) or under the Legal basis of our ‘Legitimate interest’ to respond to you and/or to (eventually) conclude the contact with you in case we cannot invoke the Legal basis of Contractual necessity. In some cases, we might ask you for your explicit ‘Consent’. In any case we will keep your Personal data until we think you are satisfied with our response, unless another Purpose or Legal basis justifies a longer Retention period for the use of this Personal data. If you have registered to our services or purchased our products, we then will keep the registration information (Personal data) until the agreement with you has been executed, or longer insofar we can invoke another Purpose and/or Legal basis for the continuance of Processing the Personal data and/or as long is necessary to comply with our ‘Legal obligation’ to keep our (tax) administration for the legal prescribed term.

  • For marketing, advertising and market/opinion research of our services & products:

While visiting Cosmos via our website(s), your Personal data (see Section 4: A D, E, I & J) may be Processed for the marketing and advertising of our content and services and product(s) or those of our (affiliated) business partners/contacts, and/or other (Third) parties, and provided that you have not objected to the use of your Personal data for this Purpose.

We primarily Process this information on the Legal basis of your ‘Consent’. We keep this information as long as we have your Consent and/or may exert (any of) our Legitimate interests. In any case your Personal data for this Purpose will be deleted after three years, unless we have agreed upon a shorter time period or still have an active business relationship with each other after the lapse of the aforementioned term.

  • Providing, optimising and developing our website:

When you use our website(s) and/or (digital) services on the website(s), we (may) obtain general visitor data (see Section 3: J). We use this data for statistical analyses (e.g., visit and click behaviour) of our website(s). With the use of this data, we try to evaluate our systems, security, stability and comfortable use of the website(s), to ensure a smooth and reliable connection setup, as well as for optimising the functionality of the website(s). We try to Pseudonymise or Anonymise this data as much as possible and do not provide any of this data to other (Third) parties who could use it for their own Purposes, unless explicitly specified in this Privacy policy. In some cases, we or affiliated (business) partners/contacts, and/or other (Third) parties involved may also Process Personal data through the use of Cookies while using our website(s). When that is the case, we will explicitly inform you. See Section 6 for more information on the use of our Cookies and/or similar technologies.

We use this Personal data on the Legal basis of your ‘Consent’ or our ‘Legitimate interest’ while monitoring and improving our website(s) and/or (digital) services and products. Anonymous data (which no longer contains any Personal data) is kept as long as is relevant to us. Personal data collected via our website(s) is kept until you withdraw your Consent, lapse of the retention period (as indicated under Section 6) or we no longer have a use for this data. In any case, unless otherwise specified, your Personal data in this regard will be deleted after five years, unless we have agreed upon a shorter time period or still have an active business relationship with each other after the lapse of the aforementioned term.

  • To enter into or execute agreements with affiliated (business) partners, suppliers, producers and other (Third) parties with whom COSMOS has or will do business:

Personal data (Section 4: A, B, C, D, E & F) may be Processed by us while entering into and executing the agreements between you (the affiliated (business) partner, supplier, producer or other (Third) party/service provider) and COSMOS in context of entering collaborations, providing and/or offering services and or products to us or our clients, and (might) be further used for e.g.: maintaining contact with you about and in regard to the agreement concluded between us, for invoicing/payment Purposes, for account management (and other administrative matters) as well as for maintaining our business relationships with you.

We Process the Personal data for this specific Purpose on the Legal basis of ‘Contractual necessity’ (“performance of a contract”). If we cannot invoke the Legal basis of Contractual necessity, we then may assert the Legal basis of our ‘Legitimate interest’, insofar we have one. Sometimes we may also Process your Personal data based on our ‘Legal obligation’, or on your explicit ‘Consent’. The above-mentioned Personal data is kept for as long as is necessary to properly perform the agreement between us and/or receiving or providing our services and/or products from or to you. We then afterwards delete or Anonymise your Personal data unless we have a Legal obligation to keep (part of) it for a longer period of time or have another Purpose and/or Legal basis for the continuance of Processing the Personal data. The financial/tax information in regard to our business relationship is kept for as long as is necessary to comply with our Legal obligation to keep our (tax) administration.

  • To respond to and/or go through an (open) job application procedure:

We may Process your Personal data (Section 4: A, D, E, F, I, & L) in case you send us a(n) (open) job application. For this Purpose, we may Process Personal data such as, but not limited to, your name, age, contact details, CV, grade lists, (optional) reference letters, (optional) diplomas, a motivation letter and/or other (job) specific information while assessing for potential employment. For screening Purposes, we may also (on the Legal basis of our Legitimate interests) Process online/publicly available information about you such as your social media profiles and use the outcomes for further assessment; this will (afterwards) always be discussed/communicated to you. The results of the screening itself will never be the (sole) reason for which we reject applicants. In some cases, we may refer to the help of external HR consultants in regard to your application; in these instances, we (may) share (some of) your Personal data with them with due observance of the applicable requirements under the GDPR.

The Legal basis on which we Process your Personal data in case of an (open) job application is either ‘Consent’, ‘Contractual necessity’ (“performance of a contract”) (insofar we enter into an agreement) orLegitimate interest’ (to assess whether we are employing you). We do not keep your Personal data for the aforementioned Purposes longer than necessary to perform the job application. If the application process does not conclude to being employed by COSMOS, we will not keep the data for longer than eight weeks after the procedure in case we might still approach you if another candidate doesn’t complete the procedure. In some cases, we may ask you to give Consent to allow us to keep your Personal data for a longer period of time. In that case we will keep your data for the duration of maximum one year after the application Process has ended.

In addition, in line with applicable law and where appropriate, we may exert the Legal basis of ‘Legitimate interest’ to process your (or other individuals’) Personal data for the following purposes:

  • Ensuring, providing and developing our services, products, website(s), apps and other (social media) platforms;
  • For communication with (Third) parties and administering of their requests (e.g., inquiries from legal representative(s));
  • To maintain, explore and grow business/customer-relationships;
  • To send information to you regarding changes to our Terms of Service, this Data Protection Statement (including the Cookie policy), and/or other legal agreements or important announcements;
  • For reviewing and optimising procedures regarding a “needs assessment” for the Purpose of direct customer approach as well as for customer acquisition (e.g., analysing activity from users on (our) Social media connected to our products, services or business as a whole);
  • To carry out administration, marketing, planning, product and service development, and quality control;
  • Asserting legal claims and (acquiring evidence in regard to our, our clients or our Affiliated (business) partner’s) defence in legal disputes and official proceedings;
  • Prevention and investigation of criminal- or contractual offences and other misconduct (e.g., through the use of: system/file logging, conducting internal investigations, data analysis to eliminate fraud and/or loss prevention activities);
  • Ensuring the operation of our IT-department, website(s), apps and other IT-related matters;
  • Acquisition and sale of business divisions, companies or parts of companies and other corporate transactions and the transfer of Personal data related thereto as well as measures for business management and compliance with legal and regulatory obligations as well as the internal regulations of COSMOS.;
  • Any other purposes compatible with an ‘original’ purpose as mentioned in the above list.

In the event that we require additional Personal data from you for a specific Purpose while we do not have or cannot invoke a compatible Purpose, or while we have not communicated the Processing of the specific Personal data beforehand, we in that case will contact you at the moment that we require the additional Personal data and will provide you with the necessary information so that you can decide whether you want to provide us with the additional requested Personal data, insofar we do not hold this Personal data not already yet under another Purpose. We will in that case also explicitly request your Consent, insofar necessary, before initiating the Processing of this additional Personal data.

Insofar we have not provided an exact Retention period for Processing your Personal data for a particular Purpose, Cosmos then Processes and retains your Personal data as long as is required for the performance of our Contractual necessity, our Legitimate interest and/or compliance with our Legal obligations, as well as for other Purposes we pursue while Processing. For example, we keep your Personal data for the duration of the entire business relationship (from the initiation, during the performance of the Agreement, for invoicing Purposes, up until it is terminated and/or) as well as beyond this duration in accordance with our Legitimate interests, your Consent, the period of limitations of (legal) actions and/or documentation/administration obligations, unless we have specifically agreed upon a different term. Personal data may furthermore be retained for the period during which claims can be asserted against our company, insofar as the Personal data serves a particular (evidential) purpose. Furthermore, your Personal data can be retained insofar our affiliated (business) partner’s or other affiliated parties’ Legitimate interests require further Retention (e.g. for evidence and documentation Purposes). As soon as your Personal data is no longer required for any of the Purposes under Section 5 of this Data Protection Statement, the relevant Personal data will be deleted or Anonymised to the greatest extent possible. In general, shorter Retention periods of no more than twelve months apply for operational data (e.g. system logs insofar they involve Personal data).

Please note: If you have given us your ‘Consent’ to Process your Personal data for certain Purposes, we will then only Process your Personal data within the scope of, and based on, this given Consent, unless we have another Legal basis (and/or Purpose), provided that we require one. Given Consent can be withdrawn at any time. This, however, does not affect the Personal data Processed prior to the withdrawal of your Consent. Please be advised that the withdrawal of (your) Consent may in some cases result in us not being able to provide/deliver certain services/products to you and/or us not being able to guarantee any longer the correct execution of an agreement between us. In case you want to withdraw your Consent (other than for Cookies), please send us an e-mail to info@cosmoscybertech.com telling us for which Purpose and/or Processing of your Personal data you wish to withdraw your Consent for.

6.The use of Cookies and similair technologies

We may use ‘Cookies’ and similar techniques on our website(s) which, after obtaining your Consent, allow for identification of your browser or device, to personalise content and to e.g., allow (generally) analysing traffic on the website(s).

A Cookie is a small text file that is sent to your computer and automatically saved by the web browser on your computer or mobile device, when visiting our website(s). If you revisit our website(s), we may ‘recognise’ your device through the use of Cookies, even if we do not know your identity. Besides Cookies that are only used during a session and deleted after your visit on the website(s) (“session Cookies”), we may also use Cookies in order to save user configurations and other information for a certain time period (“persistent Cookies”). We may also use persistent Cookies for the Purpose of saving user configuration (e.g., language, remembering your cookie preferences and/or to create a session-ID in order to understand how you use our services and content and to enable us to show you our customised content which may also happen on the websites of our (business)partners or other companies). Certain Cookies are provided by us, while others are distributed through from our business partners with whom we collaborate. Notwithstanding the foregoing, you may configure your browser settings in a way that it rejects Cookies, only saves them for one session or deletes them right away. If you block Cookies or do not Consent to them, it is possible that certain functions (such as, language settings) on the website are no longer available, but the website will at all times remain available to you without having to consent to the use of Cookies.

Cookie pop- up box while visiting our website(s) for the first time

When you visit our website(s) for the first time, we display a pop-up message explaining the use of Cookies with a referring link to this Privacy policy (Section 6). Insofar applicable, we have made agreements with other businesses that place Cookies on our website(s) about their use of these Cookies. However, we do not have full control over what they do with the Cookies themselves. It is for this reason advised that you also pay attention to their Privacy policies. In any case COSMOS will store Cookies on your device that are strictly necessary for the operation of our website(s) or provide us with general statistical information about the use of our website(s) and/or services.

If you Consent to all our Cookies, we also use marketing/tracking Cookies that enables us to show you customised offers and advertisement, which may also happen on websites of other organisations. Should your identity be known to us, such companies will not acquire your identity from us. They will only know that the same user (ID) that previously visited a certain website is visiting the website again.

CHANGE MY COOKIE CONSENT

Please check our Cookie table below for more detailed information about our (use of) Cookies, the Purposes they serve and which Retention period we have set for these Cookies while using them.

Cookie table

Our Cookies

 

Name of cookie

Provider

Purpose / categories of Personal data

Retention period

Type of Cookie

_ga (First party)

Google

The _ga Cookie from Google Analytics records a unique ID for our web visitors that is used to generate statistical data about how the visitor uses the website. We have set our Google Analytics Cookies as privacy-friendly as possible. This Cookie collects information such as: the number of visitors to the website, where visitors come from and the pages they have visited.

Maximum 2 years

HTTP

_gat_gtag_xxxxx (First party)

Google

This cookie registers a unique ID that is used to generate statistical data on how the visitor uses the website.

Session

HTML

CookieConsent (First party)

COSMOS

Stores the user’s cookie consent state for the current domain.

Maximum 31 days

HTPP

_gid (First Party)

Google

This cookie registers a unique ID that is used to generate statistical data on how the visitor uses the website

Maximum 1 minute

HTTP

As can be seen from the Cookie table in Section 5, most Cookies have a pre-set expiration date. They expire automatically after a set period of time and will from that point no longer record any data. Please see our Cookie table for the specific Retention period for each type of Cookie. You can also choose to delete the Cookies manually before the expiration date. If you wish to do so, please read the instructions of your browser on how to do this.

  • Third-party providers of Cookies used on the website(s) and other (Third) party providers involved with the services and/or products of COSMOS

Googly Analytics | Google Analytics | We use Google Analytics on our website. These are services provided by Third parties, which may be located in any country worldwide (in the case of Google Analytics, Google LLC is in the U.S.A., www.google.com) and which allow us to measure and evaluate the use of our website(s) (on an Anonymised basis). For this Purpose, permanent Cookies are used, which are set by the service provider. The service provider does not receive (and does not retain) any Personal data from us, but the service provider may in their own capacity track your use of the website, combine this information with data from other websites you have visited, which are also tracked by the respective service provider and whom may Process this information for its/their own Purposes (e.g., personalising advertisements). We have arranged the settings for Google Analytics to be as privacy friendly as possible for your Personal data and have concluded a Processing agreement with Google. If you have registered with the service provider, the service provider will also know your identity. In this case, the Processing of your Personal data by the service provider will be conducted in accordance with their data protection regulations. The service provider only provides us with data regarding the use of the website(s) (but not any Personal data about you). Furthermore, in no way do we have influence on what these Third parties do with the (Personal) data that they acquire/Process from you during their services. For this reason, we suggest in order for you to be fully informed, that you also take notice of the Privacy policy (or Policies) (also known as Privacy Statement, Privacy data protection statement or an abbreviation of that) of these Third parties. The Processing of your Personal data via Google Analytics is based on your ‘Consent’ or our ‘Legitimate interest’ in obtaining general statistics (e.g. (Anonymised) IP addresses from our website visitors). For more information about Google’s Privacy policy, please go to https://policies.google.com/privacy or find the specific Privacy policy applicable to the Cookies of Google Analytics here https://support.google.com/analytics/answer/9019185?hl=nl&ref_topic=2919631.

Google Tag Manager | Our website uses Google Tag Manager. Google Tag Manager Cookies allow us to measure traffic and user behaviour, understand the effect of online advertisements and social channels, use remarketing and target group marketing, and test and improve our site. The Processing of your data via Google Tag Manager is based on your ‘Consent’. We have made the settings for Google Tag Manager as privacy friendly as possible for your Personal data. When you have registered yourself (on your own initiative) with the service provider, the service provider may also know your identity. In this case, the Processing of your Personal Data will be carried out by the service provider in accordance with their data protection regulations. The service provider only provides us with data about the use of the website, but no Personal data. Furthermore, we have no influence in any way on what these Third Parties do with the (Personal) data that they (independently) obtain/Process from you during their services. Read more information about Google’s Privacy policy here. (https://policies.google.com/privacy)

7.Data transfer and Transfer of data abroad

In the context of our business activities, products, (digital) services, and in line with the Purposes of the data Processing set out in Section 5, we may Transfer Personal data to other (Third) parties, insofar as such a Transfer is permitted, necessary and deemed appropriate, in order for them to Process Personal data for us or, as the case may be, their own Purposes. In this context, the most common categories of Recipients are: 

  • Our service providers (within COSMOS group or externally, affiliated (business) partners as well as e.g., banks, insurances, hosting provider et cetera), including Processors (e.g. IT providers);
  • Our affiliated (business) partners;
  • Suppliers, subcontractors, and other (Third) parties (in particular in connection with (providing) our services, products and content as well as expanding, developing and/or investing into new services and/or products or content);
  • Clients (e.g., Personal data of our affiliated (business) partners in context of a relationship between the affiliate (business) partners and the Client(s));
  • Domestic and foreign authorities or courts;
  • Other (Third) parties not taken into consideration herein, but which are used/necessary in the context of our purpose(s).

(Together: “Recipients”).

Certain Recipients of your Personal data may be within the UAE or within Europe (EEA) (and insofar applicable, have appointed a suitable Data Protection Officer), but they may also be located outside Europe. In particular, you must anticipate your data to be transmitted to any country in which we are represented by affiliated (business) partners, affiliates, branches or other offices (e.g., Switzerland as well as to other countries in Europe and the USA) where our service providers are located.

If we Transfer data to any of the above specified parties, we ensure an appropriate level of protection as legally required and we will conclude an appropriate (Processor) agreement with those parties insofar as required. If we Transfer your data to non-EEA Processors, we will only do so on the basis of the standard contract clauses issued by the European Commission, binding corporate rules and while relying on the statutory exceptions of Consent, Contractual necessity or Legitimate interest (such as the establishment, exercise or enforcement of legal claims, publicly accessible Personal data or because it is necessary to protect the integrity of the individuals concerned), provided that the privacy regulation is adequate and comparable to the GDPR and solely when we are convinced that sufficient safeguards and measures have been put in place to ensure data protection.

We do not sell, trade, or otherwise Transfer Personal data to other (Third) parties for commercial purposes. We only Transfer Personal data after providing you with an advance notice, having your explicit Consent and adequate legal data protection is guaranteed by the party that is receiving such Personal data. This includes website hosting partners and other parties who assist us in operating our website(s), conducting our business or services and/or products, as long as those parties comply with the GDPR and agree to keep this information confidential. We may also release your Personal data when we believe releasing this data is appropriate to comply with the law, enforce our policies, protecting our or others’ rights, property, or safety. Non-personally identifiable (visitor) information, containing no Personal data, may be provided to other parties for marketing, advertising or for other Purposes.

  • Our IT service providers processing Personal data on our behalf

Hosting Provider | Our website and e-mail services are hosted via Namecheap ([https://www.namecheap.com). Namecheap Processes Personal data from our website(s) on our behalf and does not use your data for its own Purposes. However, this (Third) party can collect metadata about the use of its services. This is not  considered Personal data. Namecheap has taken appropriate technical and organisational measures to prevent loss and unauthorised use of your Personal data. We have concluded a Processing agreement with Namecheap  in which the responsibilities and obligations of both parties have clearly been set out. Namecheap is obligated to observe secrecy on the basis of the Processing agreement. For more information about Namecheap Privacy practice, please check out: https://www.namecheap.com/legal/general/privacy-policy/

Data Security

COSMOS has taken appropriate technical and organisational security measures to reliably protect your Personal data from unauthorised access, loss, destruction, distortion, manipulation, unauthorised copying, unauthorised access and/or other data Processing offenses in accordance with ‘Privacy by design’ and ‘Privacy by default’.

COSMOS has different internal policies in place such as a Data breach protocol, a Processing register, clear privacy directives with or for affiliated (business) partner, service providers and/or other involved (Third) parties. The workforce of COSMOS is furthermore regularly updated and informed with the latest privacy developments and/or privacy legislation.

As for technical measures, COMSOS has made sure that there are IT and network security solutions in place such as access controls and restrictions (e.g. password protection on our IT systems), physical access measures and organisational measures for access security, security of network connections via Transport Layer Security (TLS) technology, encryption of data (carriers) and transmissions, Pseudonymisation and/or Anonymisation of Personal data, regular inspections, quality assurance and other technical and organisational (security measures) while Processing your Personal data.

8.Third-party website(s)

Please be advised that this Privacy policy and Cookie section do not apply to any other (Third-)party website(s) linked to- or from our website through hyperlinks. We have no overview and/or influence and can therefore not guarantee that these other (Third) parties handle your Personal data in a reliable, safe manner and in accordance with the GDPR. Please read the Privacy policies of these other (Third) parties before sharing Personal data with them.

9.Obligation to Provide Personal data To Us

In the context of our business relationship, we ask you to provide us with any Personal data that is necessary for the conclusion and performance of our business relationship and the performance of our contractual/Legal obligations. As a rule, however, no statutory requirement (or Legal obligation) exists to provide us with your Personal data. Do be advised that, without certain information, we will usually not be able to enter into- or carry out an agreement with you (or the entity or individual you represent).

10.Profiling and automated individual decision-making

In establishing, and while carrying out, a business relationship or while using our website(s), we do not use any automated individual decision-making (such as pursuant to article 22 of the GDPR). Should we decide to use such methods, we will then inform you separately on this and advise you of your relevant rights insofar required by law.

We may, however, partially Process your Personal data automatically with the Purpose of evaluating certain personal aspects (Profiling). In particular, Profiling allows us to inform and advise you more accurately about products and services possibly relevant to you. For this Purpose, we may use evaluation tools (Cookies) that enable us to communicate with you and advertise to you, including market and opinion research (see also Section 5 & 6 of this Privacy policy).

11.Your rights under the GDPR

In accordance with and as far as provided by the GDPR, a Data Subject has different rights in regard to COSMOS Processing your Personal data. In addition to the possibility to withdraw Consent, you also have the:

  • Right of access: This right grants the Data Subject insight in the Personal data concerning him or her and into other important information such as the Purposes of the Processing or the period for which the data is retained;
  • Right to rectification: This right gives the Data Subject the possibility to have inaccurate Personal data concerning them rectified;
  • Right to erasure: This right entails the possibility for the Data Subject to have Personal data in possession of the Processor/Controller erased under the conditions as set out in art. 17 of the GDPR;
  • Right to restriction of Processing: This right gives the Data Subject the possibility to (temporarily) forfends further Processing of Personal data concerning the Data Subject. A restriction of the Processing of Personal data mainly occurs at the stage of examining other exercises of rights by the Data Subjects;
  • Right to data portability: This right entails the possibility for Data Subjects to receive their Personal data (after submitting a request) from the Processor/Controller in a commonly used, machine-readable format and have this data Transferred to another Controller or Processor;
  • Right to object: This right includes the possibility for Data Subjects to object to the further Processing of their Personal data. Please note that we reserve the right to enforce statutory restrictions on our part, for example if we are obligated to retain or Process certain data, have an overriding interest (insofar as we may invoke such interests) or need the Personal data for asserting claims.

In the exceptional situation that exercising certain rights will incur costs for you, we will make sure to notify you thereof in advance. In general, exercising these rights requires that you are able to prove your identity. In some cases, we might ask you to identify yourself in order to prevent us from sending you incorrect Personal data. In order to assert these rights, please contact us at the address provided in Section 1.

We attempt to reply to your request, question or complaint as soon as possible, but no later than one month after sending us your communication. If you have a complaint about the (manner of) Processing of your Personal data, we are always at your disposal to find a correct solution to any question or remark regarding your privacy. Should you nevertheless not be able to reach a solution with us, we then would like to point out that you always have the opportunity to file a complaint with the Data protection authority (see hereunder).

  • Complaints and the Supervisory authorities

While we are at all times at your disposal for any privacy related matter, every Data Subjects has the right to enforce his/her rights in court or to lodge a complaint with the competent Supervisory Authority. As most of our clients are based in the UAE, the GCC and Europe, each data subject has the right to fill a complaint with their national competent supervisory authority. Furthermore, a Data Subject can also lodge a complaint with the ADGM Office of Data Protection. Please visit https://www.adgm.com/operating-in-adgm/office-of-data-protection/for-individuals and see our general Data Protection Statement for more information.

12. Amendments of this Data Protection Statement

COSMOS may amend this Privacy policy at any time without prior notice. The current version published on our website is the most current version and applies to all the relationships between COSMOS and the Data Subjects. If the Privacy policy is part of an agreement with you, we will notify you by e-mail or other appropriate means in case of an important amendment of this Privacy policy. When important modifications have been made to the current version of the Privacy policy, we will notify you by publishing a notice on our homepage. To keep yourself updated with the latest version of our Privacy policy, it is suggested that you check this Privacy policy on a regular basis.