Contact

Privacy Policy

Kognia Systems S.A.S. (hereinafter, “KOGNIA”) is aware of the importance of personal data privacy and has therefore implemented a data processing policy aimed at providing maximum security in the use and collection of such data, ensuring compliance with the applicable regulations on the matter and establishing this policy as one of the basic pillars of the entity’s lines of action.

While browsing the website www.kognialabs.com, personal data may be requested through the contact form provided for this purpose. Such data will form part of the relevant processing activities according to the specific and determined purpose that justifies its collection.

Below is KOGNIA’s Personal Data Processing Policy:

DEFINITIONS

For the purposes of this Policy, the terms listed below shall have the following meanings in accordance with Law 1581 of 2012 and Decree 1377 of 2013, compiled in Decree 1074 of 2015:

  • Authorization: prior, express and informed consent of the Data Subject to carry out the Processing of personal data.

  • Privacy Notice: verbal or written communication generated by KOGNIA and addressed to the Data Subject, through which they are informed about the existence of this Personal Data Processing Policy of KOGNIA, how to access it and the purposes of the Processing that the company intends to carry out with the personal data.

    The Privacy Notice is used only if KOGNIA is not able to make this Policy available to the public.

  • Database: organized set of personal data subject to Processing.

  • Personal data: any information linked to or that may be associated with one or more identified or identifiable natural persons.

  • Public personal data: data that is neither semi-private, private nor sensitive, and which by its nature may be contained in public records, public documents, official gazettes, official bulletins and/or duly enforceable court rulings that are not subject to confidentiality.

    Public personal data includes, among others, data relating to people’s civil registry, profession or trade and/or their status as merchant or public servant.

  • Private personal data: data that is only relevant to the Data Subject.

  • Semi-private personal data: data whose knowledge or disclosure may be of interest to the Data Subject and to a certain sector or group of people.

  • Sensitive personal data: data that affects the privacy of the Data Subject or whose improper use may lead to discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership of trade unions, social organizations, human rights organizations or organizations promoting the interests of any political party or guaranteeing the rights and guarantees of opposition political parties, as well as data relating to health, sex life and biometric data.

  • Data Processor: natural or legal person, public or private, who, by themselves or in association with others, carries out the Processing of personal data on behalf of the Data Controller.

  • Data Controller: natural or legal person, public or private, who, by themselves or jointly with others, decides on the database and/or the Processing of the data.

  • Data Subject: natural person whose personal data is subject to Processing.

  • Processing: any operation or set of operations performed on personal data, such as collection, storage, use, circulation or deletion.

  • Transfer: occurs when the Data Controller, located in Colombia, sends personal information to a third-party recipient, located inside or outside the country, who in turn acts as Data Controller of such information.

  • Transmission: occurs when the Data Controller, located inside or outside the country, shares personal information for Processing by the Data Processor located inside or outside the country.

DATA CONTROLLER OF PERSONAL INFORMATION

This Policy documents the way in which Kognia Systems S.A.S., with registered office at Carrera 55, 152B 68, Bogotá, Colombia, and Tax ID 901.815.245-4, acting as Data Controller, processes the personal data of users/visitors of its website.

In order to guarantee the protection of personal data, including the right of Data Subjects to know, update and rectify the information stored in the Databases, Kognia states that it is domiciled at Carrera 55, 152B 68, Bogotá, Colombia, registered under commercial registration number 03797424 with the Bogotá Chamber of Commerce, and provides the following contact email address: privacidad@kognia.io.

This Policy reflects the requirements of Colombian legislation and the professional responsibility regarding the way in which KOGNIA collects, stores and uses the personal information it manages.

SCOPE

This Policy regulates all KOGNIA organizational processes involving the Processing of personal data and seeks to inform all persons who have provided, or who may in the future provide, their personal data to KOGNIA, about the Policy applicable to all Databases and the personal data contained therein.

This Policy was prepared based on the provisions contained in Articles 15 and 20 of the Political Constitution, Law 1581 of 2012, which establishes general provisions for the protection of personal data, and its regulatory decrees, compiled in Decree 1074 of 2015, Single Regulatory Decree of the Industry, Commerce and Tourism Sector.

LEGAL FRAMEWORK

The following is the legal framework regulating the Processing of personal data in the Republic of Colombia:

a) Political Constitution of Colombia, Article 15.
b) Law 1266 of 2008.
c) Law 1581 of 2012.
d) Decree 1727 of 2009.
e) Decree 2952 of 2010.
f) Decree 1377 of 2013.
g) Decree 1074 of 2015, Single Regulatory Decree of the Commerce, Industry and Tourism Sector.
h) Decree 2157 of 2021.
i) Decree 090 of 2018.
j) Any regulation that repeals, supplements, modifies or adds to the current legislation on the exercise of the right to Habeas Data and personal data protection.

PRINCIPLES

  • Principle of legality in data Processing: Processing is a regulated activity that must comply with the provisions established in the laws and other regulations that develop them.

  • Principle of purpose: Processing must follow a legitimate purpose in accordance with the Constitution and the laws, which must be communicated to the Data Subject.

  • Principle of freedom: Processing may only be carried out with the prior, express and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that waives consent.

  • Principle of truthfulness or quality: the information subject to Processing must be truthful, complete, accurate, up to date, verifiable and understandable. The Processing of partial, incomplete, fragmented or misleading data is prohibited.

  • Principle of transparency: Processing must guarantee the Data Subject’s right to obtain from the Data Controller or Data Processor, at any time and without restriction, information regarding the existence of data concerning them, in accordance with the regulations governing such access.

  • Principle of restricted access and circulation: Processing is subject to the limits arising from the nature of the personal data, the laws and the Constitution. In this regard, Processing may only be carried out by persons authorized by the Data Subject and/or by persons authorized by law. Personal data, except public information, may not be available on the Internet or other mass disclosure or communication media, unless access is technically controllable in order to provide restricted knowledge only to the Data Subjects or authorized third parties.

  • Principle of security: the information subject to Processing by the Data Controller or Data Processor must be handled with the technical, human and administrative measures necessary to provide security to the records, preventing their alteration, loss, consultation, use or unauthorized or fraudulent access.

  • Principle of confidentiality: all persons involved in the Processing of personal data that is not public personal data are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the activities comprising the Processing, and may only provide or communicate personal data when this corresponds to the development of the authorized activities.

PROCESSING AND PURPOSE OF PERSONAL DATA

KOGNIA processes personal information mainly in order to fulfill its functions, always acting in accordance with the purposes established in the laws regulating its operation, in this Policy and in the authorizations previously and expressly granted by the Data Subjects.

To carry out such purposes, KOGNIA may collect, use, share and store the personal information of Data Subjects.

In any case, if necessary, at the time personal data is collected by KOGNIA, the purposes for the specific Processing shall be communicated to the Data Subject before they grant their authorization.

6.1 Processing of personal data of website users

KOGNIA collects, through the contact channels provided on its website http://www.kognia.com, the personal data of those interested in contacting Kognia.

These channels consist of a registration and personal data collection form, as well as an authorization checkbox through which Data Subjects give KOGNIA their consent for their personal data to be processed.

The purposes for which this personal data is used are:

  • To process the request, complaint or claim included in the web contact form message;

  • To send information about KOGNIA, partner companies or information considered to be of interest, for commercial and marketing purposes, via email, text messages (SMS), instant messaging tools or telephone calls to the contact number provided;

  • To respond to requests from authorities in the exercise of their functions;

  • To retain it for statistical and historical purposes and/or to comply with legal obligations regarding the retention of information and documents; and

  • To conduct surveys on knowledge and satisfaction with the service provided.

This personal data shall be disclosed to the Data Subject, to third parties with the express authorization of the Data Subject for such purpose, or when requested by a competent authority.

This information shall be stored digitally in the Database(s) generated for the purposes required by its collection, which are included in KOGNIA’s internal Database inventory, and its Processing shall be carried out:

  • For as long as the purposes that gave rise to its collection remain in force; and/or

  • For as long as the relationship between the Data Subject(s) and KOGNIA remains in force; and/or

  • For as long as the legal obligations incumbent on KOGNIA that gave rise to the collection, storage and Processing of such personal data remain in force.

Subsequently, the personal data shall be deleted if no new conversation or interaction takes place between the parties within one year.

The Processing of sensitive data is not expected.

6.2 Processing by Data Processors

KOGNIA, in the exercise of its corporate purpose, may rely on third parties that collaborate in the development of its activities, and to that extent shall instruct them so that the collection and Processing of personal information, whatever its nature, is always preceded by all relevant authorizations and includes all necessary security and confidentiality measures according to its nature.

However, in the event of non-compliance with the obligations by such third parties, the obligation shall not be assumed by the company, which acts as a third party in good faith, so that its actions shall always be based on the belief that such third parties have the necessary authorizations to process the information in accordance with the purposes for which it is provided, and that they keep the personal data over which they act as Data Processor under special security and confidentiality measures, in accordance with legal and contractual guidelines.

OBLIGATIONS OF THE DATA CONTROLLER

KOGNIA, as Data Controller, shall comply with the following obligations, without prejudice to the other provisions established in Law 1581 of 2012 and other regulations governing its activity:

  • To guarantee the Data Subject, at all times, the full and effective exercise of the right to habeas data;

  • To request and retain, under the conditions established by law, a copy of the respective authorization granted by the Data Subject;

  • To duly inform the Data Subject about the purpose of the collection and the rights they have by virtue of the authorization granted;

  • To keep the information under the security conditions necessary to prevent its alteration, loss, consultation, use or unauthorized or fraudulent access;

  • To guarantee that the information provided to the Data Processor is truthful, complete, accurate, up to date, verifiable and understandable;

  • To update the information, promptly informing the Data Processor of all changes regarding the personal data previously provided and adopting any other necessary measures so that the information provided remains up to date;

  • To rectify the information when it is incorrect and communicate the relevant changes to the Data Processor;

  • To provide the Data Processor, as applicable, only with personal data whose Processing has been previously authorized in accordance with the law;

  • To require the Data Processor, at all times, to respect the security and privacy conditions of the Data Subject’s information;

  • To process queries and complaints submitted under the terms established by law;

  • To adopt an internal policy and procedure manual to ensure proper compliance with the law and, especially, for handling queries and complaints;

  • To inform the Data Processor when certain information is under dispute by the Data Subject, once the claim has been submitted and the respective procedure has not yet been completed;

  • To inform, at the request of the Data Subject, about the use given to their personal data;

  • To inform the personal data protection authority when breaches of security codes occur and there are risks in the management of Data Subjects’ information.

RIGHTS OF DATA SUBJECTS

In accordance with Article 8 of Law 1581 of 2012, the Data Subject shall have the following rights:

  • To know, update and rectify their personal data before KOGNIA as Data Controller. This right may be exercised, among others, with respect to partial, inaccurate, incomplete, fragmented or misleading personal data, or data whose Processing is expressly prohibited or has not been authorized;

  • To request proof of the authorization granted to KOGNIA, except when expressly exempted as a requirement for Processing, in accordance with Article 10 of the Law;

  • To be informed by KOGNIA, as Data Controller, upon request, regarding the use given to their personal data;

  • To file complaints before the Superintendence of Industry and Commerce for violations of the Law and other regulations that modify, add to or supplement it;

  • To revoke authorization and/or request the deletion of personal data when the Processing does not respect constitutional and legal principles, rights and guarantees. Revocation and/or deletion shall proceed when the Superintendence of Industry and Commerce has determined that, in the Processing, KOGNIA, as Data Controller, has engaged in conduct contrary to the law and the Constitution; and

  • To access, free of charge, their personal data that has been subject to Processing.

The Data Subject may exercise their right to know, update, rectify or delete their personal data and revoke the consent granted to KOGNIA for the Processing thereof by contacting the email address privacidad@kognia.io, fully identifying themselves. The internal Privacy Officer shall be responsible for responding.

PROCEDURES FOR HANDLING PETITIONS, COMPLAINTS AND CLAIMS

KOGNIA, through the Privacy Officer, shall handle all petitions, queries, complaints and/or claims from the Data Subject related to the rights established by law to know, update, rectify and delete their personal data. In accordance with Article 14 of Law 1581 of 2012, the query shall be answered within a maximum term of ten (10) business days from the date of receipt.

When it is not possible to answer the query within that period, the Data Subject shall be informed, stating the reasons for the delay and indicating the date on which the query will be answered, which in no case may exceed five (5) business days following the expiration of the first term.

If the Data Subjects or their successors consider that the information contained in a KOGNIA Database is subject to correction, updating or deletion, or if they consider that the company is not complying with its obligations established in Law 1581 of 2012, they may file a claim addressed to the Privacy Officer, which shall be processed under the following rules:

  • The claim shall be submitted by means of a request addressed to the Data Controller, including the identification of the Data Subject, the description of the facts giving rise to the claim, the address, and attaching the documents they wish to rely on. If the claim is incomplete, the Data Subject shall be required within five (5) days following receipt of the claim to correct the deficiencies. If two (2) months elapse from the date of the request without the applicant submitting the required information, it shall be understood that they have withdrawn the claim.

  • If the person receiving the claim is not competent to resolve it, they shall transfer it to the appropriate person within a maximum term of two (2) business days and shall inform the Data Subject of the situation.

  • Once the complete claim has been received, a note stating “claim in process” and the reason for the claim shall be included in the Database within no more than two (2) business days. This note shall remain until the claim is decided.

  • The maximum term to handle the claim shall be fifteen (15) business days from the day following the date of receipt. When it is not possible to handle the claim within that period, the Data Subject shall be informed of the reasons for the delay and the date on which the claim will be handled, which in no case may exceed eight (8) business days following the expiration of the first term.

DATABASES

KOGNIA stores the personal data it collects for the purposes mentioned in this Policy and in the respective authorizations in physical and/or digital Databases, which are identified within an internal inventory generated in compliance with the principle of demonstrated accountability.

If it is an obligated subject under the provisions of the Superintendence of Industry and Commerce, KOGNIA shall register the Databases for which it acts as Data Controller with the National Database Registry, as well as any monthly, semiannual and/or annual reports that may be required.

The Databases, as well as the information contained therein, shall be available according to the execution of the activities for which they were collected, and in accordance with the Processing and storage parameters informed in the previous section and the exercise of the rights of Data Subjects.

SECURITY MEASURES

In accordance with the principle of security established in the current regulations on privacy and personal data protection, KOGNIA shall adopt the technical, human and administrative measures necessary to provide security to the records, preventing their alteration, loss, consultation, use or unauthorized or fraudulent access.

In particular, all employees, contractors and Data Processors of KOGNIA involved in the Processing of personal data that is not public personal data are obliged at all times to guarantee the confidentiality of the information.

NATIONAL AND INTERNATIONAL TRANSFER AND TRANSMISSION OF PERSONAL DATA

In the event that KOGNIA carries out the national and/or international Transfer or Transmission of personal data, in addition to having the express and unequivocal authorization of the Data Subject, it shall ensure that it signs a contract or agreement with the Data Controller or Data Processor located inside or outside the national territory, and that the country to which the personal data is transferred or transmitted provides adequate levels of protection, in accordance with the list of countries considered safe harbors established by the Superintendence of Industry and Commerce in its Single Circular.

RESTRICTIONS ON THE USE OF THIS POLICY

This Policy is for the exclusive use of KOGNIA; therefore, its copying, reproduction, distribution, assignment, publication and/or translation is prohibited, for security reasons and in respect of intellectual property, as a creation protected by national and international legislation.

CURRENT REGULATIONS

This Policy is governed by Law 1581 of 2012, Decree 1377 of 2013 and any other regulations that modify them.

EFFECTIVE DATE OF THE POLICY

This Policy enters into force as of June 2, 2026. The personal data processed by KOGNIA shall remain in its Database until it fulfills the purpose for which it was collected.

This Policy has been reviewed and updated in JUNE 2026.

MODIFICATIONS

This Policy may be modified by KOGNIA in accordance with Decree 1377 of 2013.

Any substantial change shall be communicated in a timely manner to the Data Subjects in an efficient way, no later than the time when the new Policy is implemented.

Contacto

CX Insights

Quality analysis and business intelligence reports.

AlanX

Cognitive copilot for human advisors

Real-time assistance for human agents.

HiveAcademy

AI-powered agent training platform

Continuous training and performance improvement for human agents and the system.

Kira

Metahuman AI agent

Metahuman assistant for query resolution.

SideKick

Customer support copilot

Cognitive support for complex case resolution and decision-making.

Charli

Text-based conversational agent

End-to-end support across digital channels.

Voxi

Cognitive voice agent

Voice-based support with autonomous reasoning and full query resolution.