This Privacy Policy explains how Cognati Ltd (trading as Cubiq Cloud) ("Cubiq Cloud", "we", "us") collects and uses personal data and the rights of individuals under UK data protection law.
We are committed to protecting personal data and complying with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.
1. Who We Are
Company: Cognati Ltd (trading as Cubiq Cloud)
Registered number: 13081108
Registered office: 20 Egerton Close, London, HA5 2LP, United Kingdom
Email: info@cubiqcloud.com
We are a UK-based provider of healthcare customer relationship management and practice management software.
2. Our Role
We act in two capacities:
- As a Data Processor when we provide the Cubiq Cloud platform to healthcare practices and other organisations. In this context, our customers are the Data Controllers.
- As a Data Controller for our own business operations, including sales, marketing, billing, supplier management, and our website.
This Privacy Policy applies to personal data for which we act as Data Controller. Where we act as Data Processor, processing is governed by our Data Processing Agreement with the relevant customer.
3. Personal Data We Collect
Depending on your relationship with us, we may collect and process:
- Identity and contact details (name, job title, organisation, email, phone number)
- Account and login information
- Billing and payment details
- Communications with us (emails, support requests)
- Website usage data (IP address, device, pages visited)
- Marketing preferences
We do not determine the content of patient records or clinical data held in the Cubiq Cloud platform. That data is controlled by our customers.
4. Sources of Personal Data
We collect personal data directly from you (for example when you contact us or create an account) and from your organisation. We may also receive business contact details from publicly available sources and professional networks.
5. How We Use Personal Data
We use personal data to:
- Provide, administer, and support our services
- Manage customer and supplier relationships
- Respond to enquiries and provide customer support
- Send service communications (such as system notices and contractual updates)
- Carry out billing, payments, and accounting
- Improve and secure our products and services
- Manage our website and online presence
- Market our services where permitted by law
6. Lawful Bases for Processing
| Purpose | Lawful Basis |
|---|---|
| Providing and administering services | Performance of a contract |
| Customer and supplier management | Performance of a contract |
| Billing and accounting | Legal obligation |
| Responding to enquiries and support | Legitimate interests |
| Product improvement and security | Legitimate interests |
| Marketing communications | Consent or legitimate interests (where permitted) |
| Website analytics | Legitimate interests or consent (via cookies) |
Where we rely on legitimate interests, we have balanced those interests against individuals' rights and freedoms.
7. Marketing and Communications
We may send marketing communications to business contacts about our services where permitted by the Privacy and Electronic Communications Regulations (PECR). You can opt out at any time using the unsubscribe link or by contacting info@cubiqcloud.com. Service communications are not marketing and cannot be opted out of.
8. Who We Share Data With
We may share personal data with:
- Hosting and infrastructure providers
- Email and communications providers
- Analytics and monitoring services
- Professional advisers
- Regulators and authorities where required by law
All providers act under contract. We do not sell personal data.
9. International Transfers
We host data using Amazon Web Services. Personal data may be stored or accessed outside the UK or EEA. Authorised personnel in Indonesia may access systems for development and support. Where transfers occur, we use the UK IDTA and/or UK SCC Addendum and maintain Transfer Risk Assessments.
10. Data Retention
We retain personal data only as long as necessary:
- For the duration of a contractual relationship
- For up to 90 days after account closure
- Longer where required by law
Marketing data is retained until you opt out.
11. Your Rights
You have the right to access, rectify, erase, restrict, object, port data, withdraw consent, and complain to the ICO.
Note: Where we act as Processor, requests should be directed to the relevant healthcare provider.
12. How to Exercise Your Rights
Email: info@cubiqcloud.com
We may need to verify your identity.
13. Mandatory Data
Where we require personal data to enter into a contract with you or your organisation, failure to provide that data may mean we are unable to provide our services.
14. Automated Decision-Making
We do not carry out solely automated decision-making or profiling that produces legal or similarly significant effects.
15. Children's Data
Our services are intended for use by professionals. We do not knowingly collect personal data directly from children.
16. Cookies and Tracking
Our website uses cookies for functionality, analytics, and marketing where permitted. You can manage preferences via your browser or site tools.
17. Complaints
You may contact us first or lodge a complaint with the Information Commissioner's Office:
Website: ico.org.uk
Telephone: 0303 123 1113
18. Changes
We may update this Policy from time to time. The latest version will be published on our website.
By using Cubiq Cloud, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.