“Cozee”, “We” or “Us” means The Cosy Initiative Ltd, trading as Cozee, a private limited company incorporated in England and Wales (Registered No. 14175731) and whose registered office is at 2F.207, 60 Gray’s Inn Road, WC1X 8LU, London;
“Personal Data” means any data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, Cozee (or its representatives or service providers). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of Cozee or any other person in respect of an individual.
Who we are and what this applies to
We collect, use and are responsible for certain Personal Data about you. When we do so we are regulated by all applicable data protection and privacy legislation in force from time to time in the United Kingdom including the Data Protection Act 2018 (“DPA 2018”) (and regulations made thereunder), the UK GDPR (as defined in the DPA 2018) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended and we are responsible as ‘controller’ of that Personal Data for the purposes of those laws.
Throughout our website we may link to other websites owned and operated by certain trusted third parties to make additional products or services available to you. These other third party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third party websites, please consult their privacy policies as appropriate.
Our collection and use of your Personal Data
- information we receive through our websites;
- information we receive through our online products; and
- information we receive through our support or cloud-based services.
We collect this Personal Data from you either directly, such as information about you that you provide to us or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below).
The Personal Data we collect about you depends on the particular activities carried out and services and products provided through our website. Such information may include:
- your name, date of birth, nationality, city of birth;
- profession, address, location, tax relevant information and contact details;
- copy of your passport, proof of address and a photo of yourself;
- bank account details and payment details;
- information on the property you want to purchase;
- information on the entities and individuals you want to purchase the property with;
- details of any third party advisers you are using;
- details of any feedback you give us by phone, email, post or via social media;
- information about the products or services we provide to you; and
- your account details such as username and login details.
We use this Personal Data:
- to create and manage your account with us;
- to verify your identity;
- to provide products and services to you;
- to notify you of any changes to our website or to our products and services that may affect you;
- to improve our products and services;
- to better understand how Cozee’s visitors use its website;
- to monitor and improve the products and services that we provide to you,
including screen recordings of activity on our websites to assist in customer
- to seek input from you (in the form of, for example, a questionnaire response) in order to facilitate improvements in our products and services;
- for ongoing review and improvement of the information provided on the Cozee website to ensure it is user friendly and to prevent any potential disruptions or cyber attacks;
- to conduct analysis required to detect malicious data and understand how this may affect your IT system;
- for statistical monitoring and analysis of current attacks on devices and systems and for the on- going adaptation of the solutions provided to secure devices and systems against current attacks;
- to send you select direct marketing communications to ensure that you are aware of new products and special offers that may be of interest to you;
- for in-depth threat analysis;
- for the management and administration of our business;
- in order to comply with and in order to assess compliance with applicable laws, rules and regulations, and internal policies and procedures; and
- for the administration and maintenance of databases storing Personal Data.
This website is not intended for use by children and we do not knowingly collect or use Personal Data relating to children.
Our legal basis for processing your Personal Data
When we use your Personal Data we are required to have a legal basis for doing so. There are various different legal bases upon which we may rely, depending on what Personal Data we process and why.
The legal bases we rely on are:
- Contract: where our use of your Personal Data is necessary in order to provide products or services to you under a contract we have with you, or because you have asked us to take specific steps before entering into such a contract;
- Comply with a legal obligation: where our use of your Personal Data is
necessary for compliance with a legal and/or regulatory obligation that we are subject to, including but not limited to, establishing, exercising or defending our legal rights or for the purpose of legal proceedings; and
- Legitimate interests: where our use of your Personal Data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your Personal Data which overrides our legitimate interests).
We rely on the following legitimate interests to collect and process your Personal Data, including, to:
- develop and improve our products and services;
- market our products and services to you;
- manage, administer and
- develop our business;
- maintain compliance with internal policies and procedures;
- monitor the use of our intellectual property; and
- maintain the security of our online platform.
Who we share your Personal Data with
We may share your Personal Data within Cozee for the purposes described above.
We may also share your Personal Data outside Cozee with third parties, including the below, for the following purposes:
- with our business partners and referral partners. For example, this could include our partners from whom you purchased products and/or services, partners we contract with for the purpose of providing our products and/or services or partners who we refer you to for the provision of additional products and/or services in addition to the products and/or services provided by us. Personal Data will only be transferred to a business partner or referral partner who is obliged to comply with appropriate data protection obligations and the relevant privacy and confidentiality legislation;
- companies and organisations for the purposes of fraud protection and credit risk reduction;
- to the extent required by law, for example if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators), or to establish, exercise or defend our legal rights;
- if we sell our business or assets, in which case we may need to disclose your Personal Data to the prospective buyer for due diligence purposes; and
- if we are acquired by a third party, in which case the Personal Data held by us about you will be disclosed to the third party buyer.
This data sharing enables us to:
- comply with our legal obligations;
- deliver our products and services; and connect you, upon your request, with third parties who can provide additional products and services;
- protect the rights, property or safety of Cozee employees, Cozee or its customers.
Some of those third party recipients may be based outside the European Economic Area — for further information including on how we safeguard your Personal Data when this occurs, see ‘Transfer of your information out of the EEA’. We will share Personal Data with law enforcement or other authorities if required by applicable law.
Whether information has to be provided by you, and if so why
- where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe, unless the recipient country has been deemed to provide an adequate level of protection for Personal Data by the European Commission; or
- in other circumstances the law may permit us to otherwise transfer your Personal Data outside Europe.
If you would like further information please contact us (see ‘How to contact us’ below) and we can, if applicable, provide a copy of the standard data protection clauses we would enter into with recipients of your Personal Data on request. We will not otherwise transfer your Personal Data outside of the United Kingdom or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
For further information on cookies generally visit www.aboutcookies.org or www.allaboutcookies.org.
Retention of your Personal Data
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements which may set a minimum period for which we have to keep your Personal Data.
You have a number of important rights and, in most cases, you can exercise them free of charge. In summary, those include rights to:
- the right to obtain information regarding the processing of your Personal Data;
- the right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation;
- require us to correct any mistakes in your information which we hold;
- require the erasure of Personal Data concerning you in certain situations. Please note that there may be circumstances where you ask us to erase your Personal Data but we are legally entitled to retain it;
- receive the Personal Data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to a third party in certain situations; and where this is technically feasible. Please note that this right only applies to Personal Data which you have provided directly to Cozee;
- object at any time to processing of Personal Data concerning you for direct
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
- the right to object to, or request that we restrict, our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your Personal Data but we are legally entitled to refuse that request; and
- the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the DPA 2018.
If you would like to exercise any of those rights, please email, call or write to us (see ‘How to contact us’ below).
Keeping your Personal Data secure
We have appropriate security measures in place to prevent Personal Data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
As a condition of employment, Cozee employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive Personal Data is limited to those employees who need to access it to perform their roles. Unauthorised use or disclosure of confidential client information by a Cozee employee is prohibited and may result in disciplinary measures.
When you contact a Cozee employee about your file, you may be asked for some Personal Data. This type of safeguard is designed to ensure that only you, or someone authorised by you, has access to your file.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, Cozee will provide you with the contact information for that regulator.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
You, or someone acting on your behalf, have the right to opt out of receiving some or all of the marketing communications we may send you at any time and can do so by (i) selecting the opt out option in any marketing emails you receive, or (ii) emailing us at email@example.com.
How to contact us
The Cosy Initiative Ltd
60 Gray’s Inn Road
WC1X 8LU London