Privacy Policy
COGNIZENSE LLP
5 South Charlotte Street, Edinburgh, Scotland, EH2 4AN
ICO Registration: 00014276957
Last updated: May 29, 2026
1. About This Policy
This Privacy Policy explains how COGNIZENSE LLP (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our websites or purchase our online training courses. We are a UK Limited Liability Partnership and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy applies to all websites operated by us, including but not limited to bloodbornecertification.com. If you are a California resident, Section 12 contains additional rights that apply to you under the California Consumer Privacy Act (CCPA).
For questions about this policy, contact us at: info@cognizense.com
2. What Data We Collect
We collect only the data necessary to operate our business and deliver our courses. We do not buy, rent, or trade personal data.
2.1 Information you provide directly
- Name and email address — when you register for an account or purchase a course
- Payment information — when you make a purchase. We do NOT store your full credit card or payment details. Payments are processed by Stripe, PayPal, Airwallex, and NowPayments who act as independent data controllers for payment processing. We receive only a transaction confirmation and the last four digits of your card or your payment account email.
- Support requests — when you contact us for help
2.2 Information collected automatically
- IP address — logged temporarily for security and fraud prevention (e.g., blocking abusive traffic)
- Browser type, operating system, and referring URL — standard server logs, retained for up to 30 days
- Course progress and completion status — stored so you can resume where you left off and we can issue certificates
- Google Analytics — we use Google Analytics to understand how visitors use our site (pages viewed, time on site, broad geographic location at city level). Google Analytics uses first-party cookies. We do NOT have Google’s advertising features (remarketing, demographics, or interest reporting) enabled.
- Google Ads conversion tracking — when you arrive on our site by clicking one of our ads and complete a purchase or sign-up, a conversion cookie measures campaign effectiveness. We do NOT use these cookies for remarketing or behavioral targeting.
2.3 What we do NOT collect
- We do not engage in remarketing or behavioral advertising
- We do not build marketing profiles or audience segments
- We do not use social media plugins or tracking pixels
- We self-host all website assets including fonts — no third-party font services
- We do not collect sensitive personal data (health, biometrics, political opinions, etc.)
3. How We Use Your Data
We process your personal data on the following lawful bases under UK GDPR:
| Purpose | Lawful Basis |
|---|---|
| Creating your account and delivering purchased courses | Performance of a contract (Article 6(1)(b)) |
| Processing payments and issuing certificates | Performance of a contract |
| Responding to support requests | Legitimate interest (Article 6(1)(f)) — providing customer service |
| Sending certificate expiry reminders and discount offers | Legitimate interest — maintaining the customer relationship. You may opt out at any time. |
| Occasional hand-picked promotional emails about new courses or features | Legitimate interest — direct marketing to existing customers. You may opt out at any time. |
| Detecting and preventing fraud | Legitimate interest — protecting our business and customers |
| Server logs for security and diagnostics | Legitimate interest — maintaining service security and availability |
We do not use automated decision-making or profiling.
4. Who We Share Your Data With
We share data only as necessary to operate our business:
| Recipient | Purpose | Location |
|---|---|---|
| Stripe, PayPal, Airwallex, NowPayments | Payment processing. They receive your name, email, transaction amount, and payment method details. | USA and/or UK, depending on the processor |
| LightningBase LLC | Website, email and course platform hosting. All website data, server logs, and course content are hosted on their servers in the United States. | USA |
| Website analytics (Google Analytics) and advertising conversion tracking (Google Ads). For analytics, Google processes anonymized IP addresses and usage data. For ads, Google processes conversion data when you interact with our advertisements. We do NOT use Google’s remarketing or behavioral advertising features. | USA |
All third-party processors are subject to data processing agreements where required by law. We do NOT sell personal data to anyone.
5. International Transfers
Our website and all customer data are hosted on servers in the United States (LightningBase LLC). Our payment processors (Stripe, PayPal, Airwallex) are US-based or have US operations. As a UK-registered data controller, this means personal data is transferred from the UK to the US for processing. We ensure appropriate safeguards are in place, including each processor’s certification under the UK Extension to the EU-US Data Privacy Framework or Standard Contractual Clauses where applicable.
6. How Long We Keep Data
| Data Type | Retention Period |
|---|---|
| Account and course records | Duration of your account plus 6 years from last activity (to comply with UK tax and contract law) |
| Certificate and completion records | Indefinitely — your certificate remains valid and verifiable |
| Server logs | 30 days |
| Support emails | 2 years from last correspondence |
| Payment records | 6 years (UK tax record-keeping requirement) |
We will delete your data earlier upon request where we are not legally required to retain it. See Section 8.
7. Cookies
We use two categories of cookies on our website.
7.1 Essential cookies (no consent required)
These cookies are necessary for the website to function and cannot be disabled in our systems. They are set in response to actions you take, such as logging in or filling out a checkout form.
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Maintains your login state and shopping cart during your visit | Expires when you close your browser |
| Stripe/PayPal checkout cookies | Set by our payment processors to prevent fraud during checkout | Session to 30 minutes |
Under UK GDPR (PECR Regulation 6(4)(b)), essential cookies do not require consent.
7.2 Analytics cookies (consent required)
We use Google Analytics to understand how visitors interact with our website — which pages are visited, how long visitors spend, and broad geographic trends. This helps us improve the site.
| Cookie | Purpose | Duration |
|---|---|---|
_ga | Distinguishes unique visitors | 2 years |
_gid | Distinguishes unique visitors | 24 hours |
_gat | Throttles request rate | 1 minute |
Google Analytics cookies are set only after you provide consent through our cookie notice. You may withdraw consent at any time by clearing your browser cookies or adjusting preferences through the cookie settings link on our website.
Google processes this data on our behalf under a data processing agreement. IP addresses are anonymized before storage. We do NOT have Google’s advertising features (remarketing, demographics, or interest reporting) enabled. For details on how Google handles Analytics data, see Google’s Privacy Policy.
7.3 Advertising cookies (consent required)
We use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. When you click on one of our ads and complete a purchase or sign-up, a conversion cookie helps us understand which ads are working.
| Cookie | Purpose | Duration |
|---|---|---|
_gcl_au | Google Ads conversion linker — connects ad clicks to on-site actions | 90 days |
IDE / ANID | Google/DoubleClick — used for campaign measurement and frequency capping (not remarketing) | 13 months / 24 hours |
These cookies are set only after you provide consent through our cookie notice. You may withdraw consent at any time through the cookie settings link on our website or by clearing your browser cookies. We do NOT use these cookies for remarketing, behavioral targeting, or building advertising profiles.
7.4 How we do NOT use cookies
- We do not use remarketing or behavioral advertising cookies
- We do not use social media tracking cookies
- We do not build advertising profiles or audience segments
7.5 Managing cookies
You can manage or disable cookies through your browser settings. Note that disabling essential cookies may prevent you from logging in or completing purchases. For Google Analytics specifically, you can also use Google’s opt-out browser add-on.
8. Your Data Protection Rights
Under UK GDPR, you have the following rights:
| Right | What It Means |
|---|---|
| Access | You can request a copy of the personal data we hold about you. |
| Rectification | You can ask us to correct inaccurate or incomplete data. |
| Erasure | You can ask us to delete your personal data where there is no compelling reason for us to keep it. |
| Restriction | You can ask us to limit how we use your data while a concern is investigated. |
| Portability | You can ask us to provide your data in a structured, machine-readable format. |
| Objection | You can object to processing based on legitimate interests. You have an absolute right to object to direct marketing at any time. |
To exercise any of these rights, contact us at info@cognizense.com. We will respond within one month.
If you are dissatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): ico.org.uk/make-a-complaint
9. Security
We use industry-standard measures to protect your data, including encrypted connections (HTTPS/TLS), access controls, and secure payment processing through PCI-DSS compliant providers. However, no method of internet transmission is 100% secure, and we cannot guarantee absolute security.
10. Children’s Privacy
Our courses are designed for adult professionals. We do not knowingly collect data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated by email (if you have an account) or by a notice on our website. Continued use of our services after changes take effect constitutes acceptance of the updated policy.
12. California Residents — CCPA Notice
This section applies solely to California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
12.1 Categories of personal information collected
In the past 12 months, we have collected the following categories of personal information:
| Category | Collected? | Sold or Shared? |
|---|---|---|
| Identifiers (name, email, IP address) | Yes | No |
| Commercial information (purchase records) | Yes | No |
| Internet activity (browser type, pages visited, time on site) | Yes — via Google Analytics | No — analytics only; not shared for cross-context behavioral advertising |
| Geolocation data (derived from IP address at city level only) | Yes | No |
12.2 We do NOT sell or share personal information
We do not sell personal information as defined under CCPA. We do not share personal information for cross-context behavioral advertising. We have no actual knowledge of selling or sharing personal information of consumers under 16 years of age.
12.3 Your CCPA rights
To exercise these rights, email us at info@cognizense.com with “CCPA Request” in the subject line. We will verify your identity before processing your request, typically by matching the information you provide with data we already hold.
12.4 Authorized agents
You may designate an authorized agent to exercise your CCPA rights on your behalf. We will require written proof of the agent’s authority and may verify your identity directly.
13. Contact
For any questions about this Privacy Policy or to exercise your data protection rights:
- Email: info@cognizense.com
- Post: COGNIZENSE LLP, 5 South Charlotte Street, Edinburgh, Scotland, EH2 4AN
- ICO Registration: 00014276957