Customer & Partner Privacy Notice

The protection of your personal data is important to us. We take confidentiality and security of your personal data seriously and will ensure that your information is processed according to the General Data Protection Regulation (“GDPR”).

Please read this privacy notice carefully if you are a customer or partner of Cognite. It provides important information about how we use your personal data and your legal rights under the GDPR.

Defined terms in this policy have the same meaning as the corresponding terms in the GDPR.

Customer and partner data

In order to provide you with our services, we will need to process personal data about you from time to time. The sections below highlight the different scenarios where we might process your personal data.

Cognite Data Fusion

When we process personal data as part of our onboarding process, we act as a Data Controller and Data Processor. We act as a Data Controller when we provide customers and partners with technical support, billing, product development and account management services.

When we process personal data as part of delivering CDF, we act as a Data Processor. For the purposes of product delivery, we will process information that we receive from you, including full name, job title, position, IP address, email address and profile photo. This information is obtained from the identity provider (IdP) used to authenticate users of CDF by creating a personal profile. We automatically collect information about how you are using the Cognite applications. Data collected may include information about your account (such as User ID or

Internet Protocol (IP) address), or information about your computer or device (such as browser type). Profile information collected and processed from the IdP is stored in the European Union. We offer the Data Controller the option to determine the collection and use of the personal information, and we will respect the choice you make. Please note that if the Data Controller decides not to provide Cognite with users’ personal information, you may not be able to access certain features of CDF and its applications.

The collection and use of personal data as described above takes place pursuant to art. 6 (1) (b) of the GDPR and our obligations under our Data Processing Agreement with you.

Atlas AI

Atlas AI is Cognite's AI service, which enables building AI agents that the users can interact with. The AI agents have access to tools that enable them to query the knowledge graph (i.e query data in CDF through SDKs/APIs), and present the results back to the users.

The conversation history feature is a feature which will enable a user to see its previous engagements with Atlas AI. It will store all the messages the user sends to the AI agent, along with the response from the agent, which tools are being invoked etc. Conversations can be shared with members of the project.

Customer Relationship Management (CRM) system and operations

We may use the information we have on you in our CRM system in order to provide you with consultancy, data analytics, notification of any changes that may affect the services we provide to you and compliance with contractual obligations.

For the purposes of CRM, service level and general operations, we will process information that we already have about you, including name, position, IP address, email address and telephone number.

The collection and use of personal data as described above takes place under our Data Processing Agreement with you.

Analytics and Product Improvement

We process system usage data and platform interaction metrics to provide technical support, maintain security, and analyze service utilization. This includes event-based data and session activity used to monitor system health and optimize the user experience. To protect your privacy, we apply industry-standard pseudonymization and data masking to ensure that usage metrics are decoupled from specific identifiable individuals. While we may use aggregated, non-identifiable insights to improve our general service offerings, these activities are conducted in a manner that prevents the disclosure of your proprietary industrial configurations or sensitive business logic.

Robotics

Cognite Robotics uses programmable video API for relaying video streams from robots to InRobot users. For the purposes of Robotics, we will process the video stream captured by the Robots. The video is streamed live between the robot and customer. The video is never stored by Cognite or a third-party provider.

The collection and use of personal data as described above takes place under our Data Processing Agreement with you.

When Cognite supports the deployment of humanoid robots, the below privacy notice will be made available via a high-visibility QR code displayed directly on the unit. For more information, please visit the following URL.

Newsletter and Cognite Conferences

We may use your information in order to send you our newsletters, tell you about our products and services, and invite you to our events. For the purposes of newsletters and invitations to Cognite conferences, we will process information that we already have about you, including name, position, email address and telephone number.

If you no longer wish to receive our newsletters, information about our products or invitation to our conferences, you can use the opt-out link provided in the communication. Alternatively, you can also contact us on privacy@cognite.com.

The collection and use of personal data as described above takes place pursuant to art. 6 (1) (a) of the GDPR.

Cognite Hub (Community & Academy)

Cognite Hub is our unified platform for community collaboration, knowledge sharing, and e-learning. It allows customers, partners, external parties, as well as Cognite employees to share knowledge, connect with peers, and access Cognite Academy’s on-demand and instructor-led training to upskill in industrial digitalization. To provide these services, we process your name, position, and email address pursuant to Art. 6 (1) (a) of the GDPR.

Cognite Community

When managing the community, we act as a Data Controller. Please note that the community aspects of Cognite Hub are public. Your profile and contributions are visible to other users, with the exception of content shared within designated private groups and communities, which remains accessible only to members of those specific groups and communities. Upon request, we may also share an individual’s community contributions with their respective employer or organization.

Cognite Academy

For the purposes of providing you with e-learning, we act as a Data Controller when processing data related to your activities and courses taken. However, we act as a Data Processor when sharing data with customers and partners regarding their employees’ course trajectories on Cognite Academy. In such instances, our obligations are governed by the applicable Data Processing Agreement (DPA).

Customer Survey

We may use your personal data in order to survey you for feedback. The information collected will be used to improve our services and processes.

For the purposes of the customer survey, we will process information that we already have about you, including name, position and email address. The collection and use of personal data as described above takes place pursuant to art. 6 (1) (f) of the GDPR in improving our products and ensuring our solutions meet user needs.

We use this information solely to request feedback on our products and steer future development. These requests are occasional and limited in scope. We do not use this data for marketing or promotional purposes.

You have the right to object to this processing at any time by emailing privacy@cognite.com.

Export of data from the EU/EEA to other countries

While your personal data is primarily stored within the European Union or European Economic Area (EU/EEA), it may be processed in other jurisdictions depending on your residency and the specific terms of our signed customer or partner agreements. For transfers outside the EU/EEA, we ensure a similar level of protection by utilizing EU Standard Contractual Clauses (SCCs) or relying on adequacy decisions, ensuring your data remains secure regardless of where it is processed. . Any such transfer of your personal information will take place in accordance with existing legislation and without impairing your legal rights.

Sharing your data with Third Parties

We will not share your personal data with third parties except when necessary for our business routine operations or to fulfill our obligations in providing you with our services and support to you.

In order to provide you with a better user experience, we may share your data with our partners and sub-processors. Complete list of Sub-processors can be found here.

The disclosure of personal data to third parties as described above takes place pursuant to the obligations set out in our Data Processing Agreement with third parties.

Retention

We only store your personal data for as long as is necessary for the purposes described above. Information related to our service will be stored for 30 daysafter the customer relationship ends. Newsletters, marketing and Cognite conference invitations will be sent out until you opt-out or end your customer relationship with Cognite.

Your rights under the GDPR

You have the right to request additional information from us about how we process your personal information. You may request for us to correct your data if you locate any errors, access all the personal data we have stored about you, and delete your personal data. We willdelete your personal data if we no longer have a legal and legitimate processing purpose. You also have the right to ask us to provide you with your personal data in a structured, commonly used, machine-readable format. Please note that while we will endeavor to accommodate all reasonable requests, technical limitations may prevent us from directly transferring your data to another system.

Furthermore, you have the right to restrict our processing, object to our processing and to export personal data elsewhere. To exercise your rights, please contact us at privacy@cognite.com. We will respond to your inquiry as soon as possible, and at the latest within 30 days. If you wish to exercise your rights, we will require that you confirm your identity by providing additional information, such as a copy of your driving license or passport.

Complaint

If you believe that our collection, storage and use of personal data does not comply with our privacy notice or does not comply with privacy law, you may complain to the local data protection authority here: https://www.datatilsynet.no/

Changes to our Privacy Policy

We may change this statement from time to time in the future. Any such changes will be posted here and, where appropriate, notified to you in writing. We advise you to check back frequently to see any updates or changes.

Definitions

"CDF'' means Cognite Data Fusion, a software system made and implemented by or on behalf of Cognite, the core functionality of which is to collect, process, and store data and to make such data available for consumption. The term "CDF'' shall include CDF API and Extractors. A further description of CDF shall be maintained at https://docs.cognite.com/cdf/.

"Cognite" means Cognite AS and all existing subsidiaries.