COGNIZENSE LLP
5 South Charlotte Street, Edinburgh, Scotland, EH2 4AN
ICO Registration: 00014276957
Last updated: June 1, 2026
1. About This Policy
This Privacy Policy explains how COGNIZENSE LLP (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our websites or purchase our online training courses. We are a UK Limited Liability Partnership and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy applies to all websites operated by us, including but not limited to bloodbornecertification.com. If you are a California resident, Section 12 contains additional rights that apply to you under the California Consumer Privacy Act (CCPA).
For questions about this policy, contact us at: [email protected]
2. What Data We Collect
We collect only the data necessary to operate our business and deliver our courses. We do not buy, rent, or trade personal data.
2.1 Information you provide directly
Name and email address – when you use the contact form to contact us
2.2 Information collected automatically
IP address – logged temporarily for security and fraud prevention (e.g., blocking abusive traffic)
Browser type, operating system, and referring URL – standard server logs, retained for up to 30 days
Google Analytics – we use Google Analytics to understand how visitors use our site (pages viewed, time on site, broad geographic location at city level). Google Analytics uses first-party cookies. We do NOT have Google’s advertising features (remarketing, demographics, or interest reporting) enabled.
2.3 What we do NOT collect
– We do not engage in remarketing or behavioral advertising
– We do not build marketing profiles or audience segments
– We do not use social media plugins or tracking pixels
– We self-host all website assets including fonts — no third-party font services
– We do not collect sensitive personal data (health, biometrics, political opinions, etc.)
3. How We Use Your Data
We process your personal data on the following lawful bases under UK GDPR:
| Purpose | Lawful Basis |
|———|————–|
| Responding to contact requests | Legitimate interest (Article 6(1)(f)) — providing customer service |
| Server logs for security and diagnostics | Legitimate interest — maintaining service security and availability |
We do not use automated decision-making or profiling.
4. Who We Share Your Data With
We share data only as necessary to operate our business:
| Recipient | Purpose | Location |
|———–|———|———-|
| **Google** | Website analytics (Google Analytics) and advertising conversion tracking (Google Ads). For analytics, Google processes anonymized IP addresses and usage data. For ads, Google processes conversion data when you interact with our advertisements. We do NOT use Google’s remarketing or behavioral advertising features. | USA |
All third-party processors are subject to data processing agreements where required by law. We do NOT sell personal data to anyone.
5. International Transfers
Our website and all data data are hosted on servers in the United States (LightningBase LLC). As a UK-registered data controller, this means personal data is transferred from the UK to the US for processing. We ensure appropriate safeguards are in place, including each processor’s certification under the UK Extension to the EU-US Data Privacy Framework or Standard Contractual Clauses where applicable.
6. How Long We Keep Data
| Data Type | Retention Period |
|———–|—————–|
| Server logs | 30 days |
| Contact emails | 2 years from last correspondence |
We will delete your data earlier upon request where we are not legally required to retain it. See Section 8.
7. Cookies
We use two categories of cookies on our website.
7.1 Essential cookies (no consent required)
These cookies are necessary for the website to function and cannot be disabled in our systems. They are set in response to actions you take, such as logging in or filling out a checkout form.
| Cookie | Purpose | Duration |
|——–|———|———-|
| Session cookie | Maintains your login state and shopping cart during your visit | Expires when you close your browser |
Under UK GDPR (PECR Regulation 6(4)(b)), essential cookies do not require consent.
7.2 Analytics cookies (consent required)
We use Google Analytics to understand how visitors interact with our website — which pages are visited, how long visitors spend, and broad geographic trends. This helps us improve the site.
| Cookie | Purpose | Duration |
|——–|———|———-|
| `_ga` | Distinguishes unique visitors | 2 years |
| `_gid` | Distinguishes unique visitors | 24 hours |
| `_gat` | Throttles request rate | 1 minute |
Google Analytics cookies are set only after you provide consent through our cookie notice. You may withdraw consent at any time by clearing your browser cookies or adjusting preferences through the cookie settings link on our website.
Google processes this data on our behalf under a data processing agreement. IP addresses are anonymized before storage. We do NOT have Google’s advertising features (remarketing, demographics, or interest reporting) enabled. For details on how Google handles Analytics data, see Google’s Privacy Policy: https://policies.google.com/privacy
7.3 How we do NOT use cookies
– We do not use remarketing or behavioral advertising cookies
– We do not use social media tracking cookies
– We do not build advertising profiles or audience segments
7.5 Managing cookies
You can manage or disable cookies through your browser settings. Note that disabling essential cookies may prevent you from logging in or completing purchases. For Google Analytics specifically, you can also use Google’s opt-out browser add-on: https://tools.google.com/dlpage/gaoptout
8. Your Data Protection Rights
Under UK GDPR, you have the following rights:
| Right | What It Means |
|——-|—————|
| **Access** | You can request a copy of the personal data we hold about you. |
| **Rectification** | You can ask us to correct inaccurate or incomplete data. |
| **Erasure** | You can ask us to delete your personal data where there is no compelling reason for us to keep it. |
| **Restriction** | You can ask us to limit how we use your data while a concern is investigated. |
| **Portability** | You can ask us to provide your data in a structured, machine-readable format. |
| **Objection** | You can object to processing based on legitimate interests. You have an absolute right to object to direct marketing at any time. |
To exercise any of these rights, contact us at [email protected]. We will respond within one month.
If you are dissatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/
9. Security
We use industry-standard measures to protect your data, including encrypted connections (HTTPS/TLS), access controls, and secure payment processing through PCI-DSS compliant providers. However, no method of internet transmission is 100% secure, and we cannot guarantee absolute security.
10. Children’s Privacy
We do not knowingly collect data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated by email (if you have an account) or by a notice on our website. Continued use of our services after changes take effect constitutes acceptance of the updated policy.
13. Contact
For any questions about this Privacy Policy or to exercise your data protection rights:
– Email: [email protected]
– Post: COGNIZENSE LLP, 5 South Charlotte Street, Edinburgh, Scotland, EH2 4AN
– ICO Registration: 00014276957