Privacy Policy

PRIVACY POLICY OF THE COGNIGUARD.COM

 

  • 1. DEFINITIONS
  1. Controller – Neuromedical sp. z o.o. with its headquarters in Poland.  
  2. Personal data – any information relating to an identified or identifiable natural person, directly or indirectly, on the basis of, among others, an identifier such as name and surname, identification number, e-mail address, telephone number, residential address, location data, online identifier (IP), image, or information collected through cookies and other similar technologies.
  3. Policy – this Privacy Policy.
  4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  5. Service – the website operated by the Controller, available at: cogniguard.com;
  6. User – any natural person who accesses the Service, browses its content or uses the services and functionalities available on it, regardless of the extent and frequency of their use.

 

  • 2. CONTACT WITH THE CONTROLLER

The Controller can be contacted:

  1. at the e-mail address: info@cogniguard.com
  • Natolin 15, 92-701 Łódź
  1. via the contact form available on the Service.

 

  • 3. PURPOSES AND LEGAL BASES FOR THE PROCESSING OF PERSONAL DATA

USE OF THE SERVICE

The Controller processes the Personal Data of Users of the Service:

  1. for the purpose of providing electronic services consisting of making content, functionalities, and services available to Users within the Service – the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR);
  2. for the purpose of preventing abuse – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in detecting and eliminating abuse within the Service;
  3. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in conducting analyses and statistics of Users’ activity within the Service in order to improve the functionalities and services offered by the Controller;
  4. for the purpose of establishing and pursuing possible claims or defending against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in the protection of its rights.

If a User publishes in the Service Personal data of another person, they may only do so if it does not violate applicable law or the personal rights of that person.

 

CONTACT WITH THE CONTROLLER

The Controller processes the Personal data of Users:

  1. for the purpose of handling correspondence and responding to received inquiries – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in responding to inquiries related to its business activity; with respect to data provided voluntarily in such inquiries, the legal basis for processing is consent (Article 6(1)(a) of the GDPR);
  2. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in conducting analyses and statistics of inquiries submitted by Users in order to improve the functionalities and services offered by the Controller and to analyze the quality and effectiveness of the given communication method;
  3. for the purpose of establishing and pursuing possible claims or defending against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in the protection of its rights.

 

CONTACT FORM FOR INVESTORS

The Controller processes the Personal Data of Users:

  1. for the purpose of responding to investor inquiries – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in responding to inquiries related to its business activity; with respect to data provided voluntarily in such inquiries, the legal basis for processing is consent (Article 6(1)(a) of the GDPR);
  2. for the purpose of conducting communication regarding potential investment cooperation – the legal basis for processing is the necessity to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR), in the event that the contract is concluded with the person submitting the inquiry to the Controller; in cases where the inquiry is submitted by a representative of the investor (e.g. a contact person, proxy), the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in undertaking actions aimed at concluding a contract and communicating with investor representatives;
  3. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in conducting analyses and statistics of inquiries submitted by Users in order to improve the services offered by the Controller and to analyze the quality and effectiveness of the given communication method;
  4. for the purpose of establishing and pursuing possible claims or defending against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in the protection of its rights.

 

CLINICAL TRIAL APPLICATION FORM

The Controller processes the Personal Data of Users who have completed a dedicated clinical trial application form made available on the Facebook platform:

  1. for the purpose of enabling Users to express their willingness to participate in clinical trials – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in conducting recruitment activities for future clinical trials, including establishing contact with potential participants interested in participating in such trials; with respect to data provided voluntarily, the legal basis for processing is consent (Article 6(1)(a) of the GDPR); with respect to personal data constituting health data within the meaning of Article 9(1) of the GDPR, the legal basis for processing is the explicit consent of the User (Article 9(2)(a) of the GDPR);
  2. for the purpose of taking steps at the request of the data subject prior to entering into a contract concerning participation in a clinical trial, including conducting preliminary qualification for the trial and providing information on participation conditions – the legal basis for processing is the necessity to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR); with respect to personal data constituting health data within the meaning of Article 9(1) of the GDPR, the legal basis for processing is the explicit consent of the User (Article 9(2)(a) of the GDPR);
  3. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in conducting analyses and statistics of submitted applications in order to improve the services offered by the Controller and to analyze the quality and effectiveness of the chosen recruitment method;
  4. for the purpose of establishing and pursuing possible claims or defending against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in the protection of its rights.


SOCIAL MEDIA

The Controller also processes the Personal Data of persons visiting the Controller’s profiles on social media (Facebook, LinkedIn). Such data are processed for the purposes of:

  1. managing and maintaining social media profiles, including informing about the Controller’s activity and promoting its business and services – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in providing information about the Controller’s activities and promoting them;
  2. responding to inquiries submitted to the Controller via its social media profiles – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in handling inquiries submitted through the Controller’s social media profiles;
  3. establishing and pursuing possible claims or defending against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in the protection of its rights.

 

MARKETING ACTIVITIES

The Controller processes the Personal Data of Users:

  1. where the User has given the relevant consent – for the purpose of carrying out marketing activities by the Controller, consisting in sending Users commercial information via the chosen communication channel, including in the form of a newsletter (via e-mail), containing information about relevant content on the Service or content concerning the Controller’s products and services as well as educational content – the legal basis for processing is the User’s consent (Article 6(1)(a) of the GDPR);
  2. where the User has given the relevant consent – for the purpose of displaying advertising messages to the User on other websites and social media platforms (remarketing) – the legal basis for processing is the User’s consent to the use of tracking technologies based on information about the use of the Service (Article 6(1)(a) of the GDPR);
  3. where the User has given the relevant consent – for the purpose of displaying marketing content to the User corresponding to their interests (behavioral advertising) – the legal basis for processing is the User’s consent to the use of tracking technologies based on information about the use of the Service (Article 6(1)(a) of the GDPR).

 

PERSONALISATION

The Controller processes the User’s Personal data collected in connection with the User’s use of the Service (e.g. within the scope of services and functionalities available on the Service) for the purpose of conducting personalized marketing communication, which constitutes the legitimate interest of the Controller within the meaning of Article 6(1)(f) of the GDPR.

In such case, the User’s Personal data will be processed in an automated manner, and the Controller will analyze selected aspects relating to the User in order to assess their behavior or predict future actions. This will allow for better adjustment of advertising messages to their preferences and interests.

 

  • 4. VOLUNTARY NATURE OF PROVIDING PERSONAL DATA

Providing Personal data is voluntary but necessary to use the services provided by the Controller or to obtain a response to inquiries directed to the Controller.

 

  • 5. RETENTION PERIOD OF PERSONAL DATA

Personal data will be processed for the period necessary to achieve the purposes of processing. As a rule, this period covers the duration of the provision of the given service (e.g. the service of making content available within the Service) or lasts until consent is withdrawn or a valid objection to processing is raised, if the legal basis for processing is the legitimate interest of the Controller.

The retention period may be extended if necessary to establish, pursue or defend against claims. After its expiry, the data will be processed only to the extent required by law. Once processing is completed, Personal data will be permanently deleted or anonymized.

 

  • 6. RECIPIENTS OF PERSONAL DATA

For the purposes of processing referred to in §3 above, Users’ Personal data may be transferred to external entities providing services to the Controller, including IT service providers as well as providers of analytical and marketing services.

Recipients of Users’ Personal data processed in connection with the purposes referred to in §3 above may also include law firms and authorized public authorities and institutions.

The Controller also reserves the right to disclose selected information concerning persons using the Service to competent authorities or third parties who submit a request for such information on an appropriate legal basis (in accordance with applicable law).

 

  • 7. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

The Controller transfers data outside the EEA only when it is necessary and possible with the application of appropriate safeguards. In practice, this means, among others:

  1. cooperating with entities located in countries which – by decision of the European Commission – provide an adequate level of personal data protection. In some cases, it may be necessary for a given entity to participate in international programs recognized by the Commission, which oblige it to apply EU standards (more information available here);
  2. using so-called Standard Contractual Clauses (SCC), which are officially approved by the European Commission. These clauses, together with additional safeguards, ensure that data is protected in a manner comparable to the principles applicable within the EU (details of the SCC are available here).

In connection with the purposes described in this Policy, Users’ Personal data is transferred outside the EEA in the following cases:

  • in connection with the use of the Google Analytics tool, Users’ Personal data is transferred to Google LLC, based in the USA. The transfer of Personal data to this provider is carried out on the basis of the adequacy decision referred to in point a above, due to the provider’s self-certification under the Data Privacy Framework;
  • in connection with the use of the Yandex tool, Users’ Personal data is transferred to companies belonging to the Yandex group, based in Russia. The transfer of Personal data to this provider is carried out on the basis of the Standard Contractual Clauses (SCC) referred to in point b above;
  • in connection with the use of the Semrush tool, Users’ Personal data is transferred to Semrush Inc., based in the USA. The transfer of Personal data to this provider is carried out on the basis of the Standard Contractual Clauses (SCC) referred to in point b above;
  • in connection with the use of the Mailchimp tool, Users’ Personal data is transferred to Intuit Inc. and The Rocket Science Group LLC d/b/a Mailchimp, based in the USA. The transfer of Personal data to this provider is carried out on the basis of the adequacy decision referred to in point a above, due to the provider’s self-certification under the Data Privacy Framework;
  • in connection with the use of the Hotjar tool, Users’ Personal data is transferred to the provider’s subprocessors based in the USA and Canada. The transfer of Personal data is carried out on the basis of the Standard Contractual Clauses (SCC) referred to in point b above – in the case of subprocessors based in the USA – or on the basis of the adequacy decision referred to in point a above – in the case of subprocessors based in Canada.

 

  • 8. USERS’ RIGHTS

Persons whose data we process have the right to:

  1. withdraw their consent at any time, if the legal basis for processing Personal data is consent (withdrawing consent will not affect the lawfulness of processing carried out prior to its withdrawal);
  2. access their Personal data and receive a copy thereof;
  3. rectify or supplement their Personal data;
  4. request the erasure of their Personal data in cases provided for by law;

 

  1. request restriction of the processing of their Personal data;
  2. object to the processing of data based on the Controller’s legitimate interest – on grounds relating to their particular situation;
  3. object to the processing of data for marketing purposes;
  4. receive from the Controller their Personal data in a structured format and transfer such data to another controller;
  5. lodge a complaint with a supervisory authority (in Poland: the President of the Personal Data Protection Office).

To exercise these rights, one should contact the Controller using the contact details indicated in §2 above.

 

  • 9. COOKIES

In order to provide services through the Service, to ensure their quality and improvement, as well as to enable profiling of Users who have consented to profiling, the Controller uses cookies.

Cookies are digital data, in particular small text files, that are stored on the User’s end device (such as a laptop, tablet, or smartphone) when visiting the Service. They may be used both by the Controller and by its trusted partners, listed in detail in §11 below.

Cookies store information generated through interaction with the User’s end device. Cookies used on the Service primarily ensure the proper functioning of the site, including maintaining login sessions. If the User provides separate consent for the installation of other types of cookies, they will also be used to adjust website settings for analytical purposes.

Below, the Controller provides detailed information about the specific categories of cookies used. In the section “COOKIE SETTINGS MANAGEMENT” in §10 of the Policy, information is provided on how to manage these settings.

On the Service, the Controller uses the following categories of cookies:

  1. NECESSARY – used by the Controller to provide the User with access to the content and functions available on the Service, including ensuring its proper functioning. The legal basis for processing the User’s Personal data is the necessity to perform the contract for the use of the Service (Article 6(1)(b) of the GDPR). Necessary cookies are installed only by the Controller via the Service.
  2. ANALYTICAL – used by the Controller to understand how the User interacts with the Service, including where traffic originates and which content is most frequently visited. The use of these cookies enables statistical analyses, e.g. regarding the number of visits to the Service, which allows for its improvement and the introduction of new functions. To install analytical cookies, the prior consent of the User is required. Analytical cookies may be installed both by the Controller and by its trusted partners. The legal basis for processing the User’s Personal data is consent (Article 6(1)(a) of the GDPR).

Detailed information regarding the specific cookies used within each category (including their name, purpose, and retention period) is available to the User after clicking the “Cookie Settings” button located in the Service’s footer. After clicking the button, the User will see the cookie banner on the Service, and should then select and expand the cookie category of interest.

To use analytical cookies, the User must give separate consent. User consent is not required only for cookies that are necessary to provide access to the Service. Without these cookies, the Controller cannot provide the Service access service. The User may give separate consent for the use of analytical cookies via the cookie management platform (i.e., the “Cookie Settings” button in the Service footer or the cookie banner displayed upon entering the Service).

 

  • 10. MANAGING COOKIE SETTINGS

The User may manage the consents granted, including withdrawing them, at any time. To withdraw or give consent, the User should click the “Cookie Settings” button in the footer of the Service, then move the slider for the selected category of cookies and click “Save.” If the User wishes to consent only to necessary cookies, they should click the “Reject” button. If, on the other hand, the User wishes to consent to all cookies (including analytical cookies), they should select the “Accept” button.

Additionally, the User may delete cookies at any time from their browser settings. Instructions on how to do this in various browsers can be found below:

The User may also check the status of their current privacy settings in the browser they are using at any time through the tools available at the following links:

Detailed information about the specific tools used by the Controller and its trusted partners can be found in the section “ANALYTICAL TOOLS USED ON THE SERVICE” below.

 

  • 11. ANALYTICAL TOOLS USED ON THE SERVICE

The Controller and its trusted partners use various tools and solutions for analytical purposes. Basic information about these tools is provided below. Detailed information can be found in the privacy policy of each partner.

  • Google Analytics

Google Analytics cookies are used by Google to analyze how the user interacts with the Service, to create statistics, and to generate reports on the functioning of the Service. Google does not use the collected data to identify the user, nor does it combine this information to enable identification. Detailed information about the scope and principles of data collection under this service is available here: https://policies.google.com/technologies/ads?hl=pl.

  • Hotjar

Hotjar is a tool that allows the Controller to analyze user behavior on the Service, e.g., by conducting surveys, satisfaction studies, and collecting anonymous data on clicks on specific elements of the Service. This tool does not enable user identification. Detailed information about the data collected by Hotjar and instructions on how to disable user monitoring can be found here: https://www.hotjar.com/privacy/ or by using the opt-out option for cookies described in this Policy.

  • GetResponse

GetResponse is a Polish marketing platform that enables the creation and sending of automated email campaigns, building subscriber lists, and analyzing the effectiveness of marketing activities. It also offers tools for creating landing pages, webinars, and automating sales processes. It is dedicated to companies of all sizes that want to communicate effectively with customers and grow their online business. Detailed information on the scope and principles of data collection under this service is available here: https://www.getresponse.pl/informacje-prawne/polityka-prywatnosci.

  • Yandex

Yandex Metrica is an analytical tool provided by Yandex LLC that enables monitoring of user behavior on the website, including traffic sources, clicks, scrolling, and conversions. With features such as heatmaps and session recordings, it supports UX optimization and the effectiveness of marketing activities. Detailed information on the scope and principles of data collection under this tool is available here: https://yandex.com/legal/confidential/.

  • Senuto

Senuto is a Polish SEO tool offered by Senuto sp. z o.o. that enables the analysis of website visibility in search engines, keyword research, SEO audits, and content planning based on Google search data. The tool supports website owners and marketers in optimizing organic activities and increasing online visibility. Detailed information on personal data processing is available here: https://www.senuto.com/pl/polityka-prywatnosci/.

  • Semrush

Semrush is a comprehensive marketing platform provided by Semrush Holdings, Inc., based in the USA, used for SEO analysis, website audits, competitor monitoring, content planning, and managing advertising campaigns. The tool allows tracking search engine visibility, analyzing backlinks, and optimizing online activities. Detailed information on the privacy policy is available here: https://www.semrush.com/company/legal/privacy-policy/.

  • Mailchimp

Mailchimp is an email marketing platform provided by The Rocket Science Group LLC (USA), which enables the creation, sending, and automation of email campaigns, subscriber base management, and analysis of campaign results. The tool also supports remarketing activities and audience segmentation. Details on the processing of personal data, including data transfer outside the EEA, can be found here: https://mailchimp.com/gdpr/.

 

  • 12. FINAL PROVISIONS

This Policy is regularly reviewed and updated when necessary. The current version of the Policy was adopted and has been in effect since 11.2025.