Privacy Policy

Streamlining HR Operations

Effective Date: May 20, 2025

C2 All-in-One HRIS Platfom by Agile Futurist (“we,” “us,” or “our”) is committed to protecting the privacy and security of personal data processed through the C2 All-in-One Human Resources Information System (HRIS) Platform (“Platform”). This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you or your organization (“Client”) use our Platform and Services. It also outlines your rights regarding your personal data and how to contact us.

By using the Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform.


1. Scope of This Privacy Policy

This Privacy Policy applies to personal data processed by C2 All-in-One HRIS Platfom as a data processor on behalf of our Clients, who act as data controllers under applicable data protection laws (e.g., GDPR). Personal data includes any information relating to an identified or identifiable individual (“Data Subject”), such as employees, contractors, or job applicants managed by the Client through the Platform.

This Privacy Policy does not apply to:

  • Personal data we process as a data controller for our own business purposes (e.g., marketing or customer relationship management), which is covered by our C2 All-in-One HRIS Platfom General Privacy Policy (#).
  • Data processed by Clients outside the Platform.

2. Information We Collect

We process personal data on behalf of Clients as part of providing the Platform and Services. The types of personal data we may process include:

2.1 Employee Data
  • Identification Information: Name, employee ID, date of birth, gender, nationality.
  • Contact Information: Email address, phone number, home address.
  • Employment Information: Job title, department, hire date, employment status, salary, benefits, performance reviews, disciplinary records.
  • Compliance Information: Tax identification numbers, social security numbers, work permits, background check results.
2.2 Recruitment Data
  • Applicant Information: Resumes, cover letters, education history, work experience, references.
  • Application Details: Interview notes, assessment results, offer letters.
2.3 Usage Data
  • Platform Activity: Login times, IP addresses, device information (e.g., browser type, operating system), and actions taken within the Platform (e.g., pages viewed, features used).
  • Analytics Data: Aggregated data used to improve the Platform, such as usage patterns and error logs.

2.4 Other Data

  • Any additional data provided by the Client, such as emergency contacts, training records, or time-off requests.

3. How We Collect Information

We collect personal data in the following ways:

  • Directly from Clients: Clients input personal data into the Platform to manage their HR functions (e.g., employee onboarding, payroll processing).
  • Automatically: We collect usage data automatically through cookies, server logs, and similar technologies when users interact with the Platform.
  • From Third Parties: We may receive data from third-party integrations (e.g., payroll providers, background check vendors) as directed by the Client.

4. How We Use Information

We process personal data solely to provide the Services as instructed by the Client, including:

4.1 Platform Functionality

  • Managing employee records, payroll, benefits, and performance.
  • Facilitating recruitment, onboarding, and compliance processes.
  • Generating reports and analytics as requested by the Client.

4.2 Support and Maintenance

  • Providing technical support to resolve issues with the Platform.
  • Performing maintenance, updates, and improvements to ensure the Platform operates effectively.

4.3 Security and Compliance

  • Implementing security measures to protect personal data from unauthorized access, disclosure, or loss.
  • Complying with legal obligations, such as responding to lawful requests from authorities.

4.4 Usage Analytics

  • Analyzing usage data to improve the Platform’s performance, features, and user experience (e.g., identifying common errors or optimizing workflows). Such analytics are typically aggregated and anonymized.

We do not use personal data for marketing or any purposes unrelated to the Services unless explicitly authorized by the Client.


5. Legal Basis for Processing (GDPR Compliance)

For Clients subject to the GDPR, we process personal data as a data processor on behalf of the Client (the data controller). The Client determines the legal basis for processing, which may include:

  • Contractual Necessity: Processing is necessary to fulfill employment contracts (e.g., payroll processing).
  • Legitimate Interests: Processing is necessary for the Client’s legitimate interests, such as managing HR operations, provided it does not override Data Subjects’ rights.
  • Legal Obligation: Processing is required to comply with labor laws, tax regulations, or other legal requirements.
  • Consent: Where applicable, the Client may obtain consent from Data Subjects for specific processing activities (e.g., sharing sensitive data).

As a data processor, we act only on the Client’s documented instructions and in compliance with the GDPR.


6. How We Share Information

We may share personal data in the following circumstances:

6.1 With Subprocessors
  • We may engage third-party subprocessors (e.g., cloud hosting providers like AWS in eu-west-1, support ticketing systems) to deliver the Services. A list of subprocessors is available upon request.
  • Subprocessors are contractually bound to process personal data in compliance with this Privacy Policy and applicable laws.
6.2 With Client-Authorized Third Parties
  • We may share data with third parties (e.g., payroll providers, benefits administrators) as directed by the Client through Platform integrations.
6.3 For Legal Reasons
  • We may disclose personal data if required by law, court order, or government authority, or to protect our rights, property, or safety.

6.4 Business Transfers

  • In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity, subject to equivalent privacy protections.

We do not sell personal data to third parties.


7. Data Security

We implement industry-standard technical and organizational measures to protect personal data, including:

  • Encryption: Data is encrypted in transit (using TLS 1.2 or higher) and at rest (using AES-256 encryption).
  • Access Controls: Role-based access ensures only authorized personnel can access personal data.
  • Monitoring and Auditing: Regular security audits and monitoring to detect and respond to threats.
  • Incident Response: In the event of a data breach, we will notify the Client within 72 hours of discovery and take steps to mitigate harm.

8. Data Retention and Deletion

  • Retention: We retain personal data for as long as necessary to provide the Services or as instructed by the Client. Upon termination of the Service Agreement, we provide a 30-day period for the Client to export their data, after which we delete all Client Data from our systems, unless required to retain it by law.
  • Backups: Data in backups may be retained for up to 90 days before being securely deleted.

9. Data Subject Rights

As a data processor, we assist Clients in fulfilling Data Subjects’ rights under applicable laws, such as the GDPR. These rights may include:

  • Access: The right to obtain a copy of their personal data.
  • Rectification: The right to correct inaccurate data.
  • Erasure: The right to request deletion of their data.
  • Restriction: The right to restrict processing in certain circumstances.
  • Portability: The right to receive their data in a structured, machine-readable format.
  • Objection: The right to object to processing based on legitimate interests.

Data Subjects should direct requests to the Client (the data controller). We will assist the Client in responding to such requests as required by law.


10. International Data Transfers

For Clients in the European Economic Area (EEA), personal data may be transferred to and processed in regions outside the EEA, such as the United States, where our subprocessors (e.g., AWS) operate. We ensure such transfers comply with GDPR requirements through:

  • Standard Contractual Clauses (SCCs): We enter into SCCs with subprocessors to ensure adequate protection of personal data.
  • Data Residency: Where possible, we process data within the EEA (e.g., using AWS eu-west-1 region for EEA Clients).

11. Cookies and Tracking Technologies

We use cookies and similar technologies to collect usage data and improve the Platform:

  • Essential Cookies: Necessary for the Platform to function (e.g., session management).
  • Analytics Cookies: Used to understand Platform usage (e.g., Google Analytics, anonymized data only).
  • Settings: Clients can manage cookie preferences through the Platform’s settings, though disabling essential cookies may affect functionality.

12. Third-Party Links

The Platform may contain links to third-party websites or services (e.g., payroll provider integrations). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.


13. Children’s Privacy

The Platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16.


14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify Clients of significant changes via email or through the Platform at least 30 days before the changes take effect. The updated policy will be posted on our website with the new effective date.


15. Contact Us

If you have questions about this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact the Client (your employer) as the data controller. For questions about our role as a data processor, you can reach us at:

C2 All-in-One HRIS Platfom
Email: privacy@cognitis.cloud

Data Protection Officer (DPO): For EEA Clients, our DPO can be reached at dpo@cognitis.cloud.

📩 For questions or clarifications, contact: Contact Form


16. Complaints

If you believe your privacy rights have been violated, you may file a complaint with your local data protection authority. For EEA residents, you can contact the supervisory authority in your country (e.g., the Data Protection Commissioner in Ireland for data processed in eu-west-1).


AI Engine Chatbot
AI Engine
Discuss with
C2 Virtual Assistant:
AI Avatar
Hi! How can I help you?

By using this chatbot, you agree to the recording and processing of your data by our website and the external services it might use (LLMs, vector databases, etc.).