Last updated: March 2023
1. Purpose of this Privacy Notice
Dragonfly Eye Ltd (Dragonfly) is committed to protecting the privacy and security of your Personal Data. We want you to be confident that your Personal Data is kept safe and secure, and never misused.
This Privacy Notice (Notice) applies as between you, the User of this Web Site and Dragonfly, the owner and provider of this Web Site, and the controller of your Personal Data under Data Protection Laws. This Notice applies to our use of any and all Personal Data collected by us in relation to your use of the Web Site and any Services or Systems therein. It also covers situations where we collect your Personal Data outside of your interactions with the Web Site.
Dragonfly is a wholly-owned subsidiary of FiscalNote Holdings, Inc., a Delaware corporation headquartered in the United States.
2. Who we are
Dragonfly provides a private intelligence service to decision-makers in the world’s leading organisations. Through a number of separately constituted legal entities Dragonfly delivers SIAS, a subscription service that provides strategic, operational and tactical intelligence for global security decision-makers, Protective Intelligence and Embedded Intelligence services, as well as bespoke advisory support in accordance with the relevant laws of the jurisdictions in which they respectively operate.
Details of the different Dragonfly group entities that provide the Services to clients include Dragonfly Eye Ltd and Dragonfly Eye PTE Ltd. Depending on the Dragonfly entity with which you contract to provide Services, the other listed entities may also be controllers responsible for processing your Personal Data in relation to the Services. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your Personal Data is processed, we apply the same protections described in this Notice.
This Notice explains what we will do with your Personal Data when Dragonfly is processing your Personal Data as a controller; how we collect and process your Personal Data, who we share it with and also sets out your rights in respect of our processing of your Personal Data.
This privacy notice does not address the processing we carry out as processors. If you contact us in respect of processing activities where we act as processors, we will direct you to the client who has the responsibility for your Personal Data as controller.
3. Definitions and Interpretation
In this Notice the following terms shall have the following meanings:
|means collectively all information that you submit to the Web Site or which we collect about you through, or as a result of your visit to, the Web Site or when you contact us by some other means such as phone or email. This includes, but is not limited to, Account details and information submitted using any of our Services or Systems;
|“Data Protection Laws”
|means the UK General Data Protection Regulation (“UK GDPR”) and any applicable implementation of the UK GDPR, the Data Protection Act 2018, Privacy and Electronic Communications Regulations and any other applicable local privacy laws in jurisdictions we operate in, as any of the same may be amended, superseded or replaced from time to time;
|means any Data relating to an identified or identifiable natural person;
|means collectively any facilities, tools, services, products or information, including those made available online, that Dragonfly provides either now or in the future;
|“Special Categories of Personal Data” or “Sensitive Personal Data”
|mean Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data and is subject to special protection under relevant data protection law
|means any online communications infrastructure that Dragonfly makes available through the Web Site either now or in the future. This includes, but is not limited to, web-based email, message boards, live chat facilities and email links;
|“User” / “Users”
|means any third party that accesses the Web Site and is not employed by Dragonfly and acting in the course of their employment; and
|means the website that you are currently using (www.dragonflyintelligence.com) and any sub-domains of this site (e.g. subdomain.www.dragonflyintelligence.com) unless expressly excluded by their own terms and conditions.
4. Data Collected
We may collect Personal Data from you or third parties in the course of our business, including through your use of our Web Site, when you contact or request information from us, when you engage our services or as a result of your relationship with one or more of our staff or clients.
We will collect and process Data about you in the following ways:
Information you provide to us such as when you create an account on the Web Site, sign up to a mailing list, apply for a job vacancy, sign up for an event, use the Services and Systems, get in touch with us by phone, email or otherwise or give us feedback.
Information we receive from other sources. We may receive information about you from event partners if you sign up for an event we are involved in and the registration is through the partner’s site. We may also receive information about you from our clients or from information publicly available via web searches. We also work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies) and may receive information about you from them.
We may hold the following Personal Data for the purposes set out in this Notice:
- date of birth;
- job title;
- contact information such as email addresses and telephone numbers;
- residential address;
- demographic information such as postcode, preferences and interests;
- financial information such as credit/debit card numbers;
- public record information from databases such as nationality, education, corporate interests, professional history, litigation (civil and criminal), bankruptcy/credit information, watchlists;
- audio recordings;
- information about your political opinions; information about your religious and philosophical beliefs;
- IP address (automatically collected);
- web browser type and version (automatically collected);
- operating system (automatically collected);
- a list of URLs starting with a referring site, your activity on this Web Site, and the site you exit to (automatically collected); and
5. Our Use and Storage of Data
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Any Personal Data you submit or which is collected via the Web Site, web searches or from third parties will be retained by Dragonfly for as long as you use the Services and Systems provided on the Web Site and then for a period in accordance with our retention policy. For example, contact details and collected data such as IP address, web browser type and operating system collected when you visit our Web Site will generally be deleted after two years if there is no further engagement with Dragonfly.
We may share your Data within the FiscalNote group of companies in order to improve the service offering and range of services we provide, for the good administration and control of the business, marketing, reporting and account management purposes. Each of our group companies are data controllers in their own right. A list of group companies can be found here.
Where you sign up for events we run in collaboration with third-party partners, it may be shared with those partners as well. Where we process Personal Data to deliver Services to our clients we will share your Personal Data with the relevant client.
All Personal Data is stored securely in accordance with the principles of the Data Protection Laws. For more details on security, see Clause 12 below.
Any or all of the above Personal Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Web Site and to deliver the Services to our clients.
Specifically, Personal Data may be used by us for the following reasons:
- internal record keeping;
- provision of the Service;
- improvement of the Service;
- promotion of our Services;
- transmission by email of promotional materials that may be of interest to you (provided we have your consent to do so or, where applicable, you have not opted out of receiving such materials);
- contact you for market research purposes which may be done using email, telephone or mail. Such information may be used to customise or update the Web Site;
- comply with any applicable law, court order or other judicial processes;
- respond to enquiries made by you on the Web Site or in relation to our Services;
- manage and investigate complaints received from you;
- business administration (in connection with a business transaction such as a merger, demerger, restructuring or sale).
6. Third Party Web Sites and Services
Dragonfly may, from time to time, employ the services of third-party subcontractors as processors for dealing with matters that may include, but are not limited to, providers of web hosting services, customer relationship management (CRM) systems, marketing automation services, data analytics, events management, recruitment software (see Job Candidate Privacy Notice here), payment handling, call recording and communication intelligence services, search engine facilities, advertising and marketing (such as B2B lead generation and outbound automation). We may share your Personal Data with the third-party providers of such services to process the Personal Data on our behalf.
Any Personal Data used by such parties is used only to the extent required by them to perform the services that Dragonfly requests. Any use for other purposes is strictly prohibited. Furthermore, we conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal information appropriately and according to our legal and regulatory obligations under Data Protection Laws.
For purposes of clarity, however, please note that your information may be shared with our parent company, FiscalNote or its subsidiaries as contemplated by this policy.
We may also share Personal Data with a variety of the following categories of third parties as necessary:
- Our professional advisers such as lawyers and accountants.
- Government or regulatory authorities.
- Professional indemnity or other relevant insurers.
7. Changes in Business Ownership and Control
Dragonfly may, from time to time, expand or reduce its business and this may involve the sale of certain divisions or the transfer of control of certain divisions to other parties. Personal Data provided by Users will, where it is relevant to any division so transferred, be transferred along with that division and the new owner or new controlling party will, under the terms of this Notice, be permitted to use the Personal Data for the purposes for which it was supplied by you.
In the event that any Personal Data submitted by Users will be transferred in such a manner, you will be informed of the changes.
Dragonfly may, from time to time, expand or reduce its business and this may involve the sale of certain divisions or the transfer of control of certain divisions to other parties. Personal Data provided by Users will, where it is relevant to any division so transferred, be transferred along with that division and the new owner or newly controlling party will, under the terms of this Policy, be permitted to use the Personal Data for the purposes for which it was supplied by you.
In the event that any Personal Data submitted by Users will be transferred in such a manner, you will be contacted in advance and informed of the changes.
8. Lawful grounds for processing your Data
Under Data Protection Laws, there are a limited number of lawful grounds for processing Personal Data, and we are required to inform you of which lawful grounds we are relying upon to process your Personal Data.
Necessary for performance of a contract: where we are using your Personal Data to provide you with access to Services, we will be processing your Personal Data on the basis that it is necessary for us to do so in order to perform a contract between us. We will not be able to provide you with the requested Services if we are not provided with certain basic information about you, which will be indicated by the mandatory fields in online forms.
Legitimate Interests: for most of our processing purposes, we will be relying on the “legitimate interests” ground under Data Protection Laws. This means that the processing of your Personal Data is necessary for the purpose of pursuing our legitimate interests or the legitimate interests of a third party in such a way as to ensure that we provide the Service in the best way that we can. Whenever we rely on this lawful ground, we carry out an impact assessment to ensure that we balance our legitimate interests and the necessity of processing the Personal Data against your interests, rights and freedoms taking into account the particular circumstances. The legitimate interests that we pursue are summarised in Clause 5 above.
Consent: for certain processing purposes, we may request your consent to authorise the processing via the appropriate opt-in box on a contact form or other communication, to provide you with information about our services and any offers you may from time to time be interested in, including those of FiscalNote and its subsidiaries and affiliates. In some cases your organisation may have given consent on your behalf, and we operate under the reasonable assumption that they have a legal right to do so.
If we process Sensitive Personal Data about you, as well as ensuring that one of the lawful grounds for processing mentioned in this clause applies, we rely on one or more of the grounds for processing Sensitive Personal Data: processing which relates to Personal Data about you that you have manifestly made public.
9. Your Rights
You have the right to ask us not to process your Personal Data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your Personal Data, by clicking on the “unsubscribe” link in any communications you receive or by contacting us at either of the addresses shown below.
Rights of Rectification, Erasure, Restriction and Portability: Subject to the limitations set out in Data Protection Laws, you have the following additional rights in relation to Personal Data we hold about you:
- the right to have inaccurate Personal Data rectified and to have incomplete Personal Data completed;
- the right to have your Personal Data erased in certain circumstances (e.g. if the Data is no longer necessary in relation to the purposes for which they were collected);
- the right to restrict our processing to limited purposes in certain circumstances (e.g. whilst a challenge to the accuracy of the Personal Data is verified);
- the right to access your Personal Data (see Clause 10 below); and
- the right to receive your Personal Data in a structured, commonly used and machine-readable format
Withdrawal of consent: to the extent that we are relying on your consent to process Personal Data, you have the right to withdraw your consent at any time.
If you give us your explicit consent to use your sensitive personal information as outlined above, you may withdraw your consent at any time, but this will not affect the lawfulness of any use of this information which took place before you withdrew your consent.
Right to Object: Where we are processing your Personal Data on the basis of our legitimate interests (see Clause 8 above), you have the right to object at any time to our processing, and we will be obliged to stop processing your Personal Data unless there are compelling legitimate grounds for us continuing to do so, and where such grounds override your right to object. In addition, you have the right to object at any time to our use of your Personal Data for direct marketing purposes.
10. Accessing your own Data
Data Protection Laws give you the right, free of charge, to access Personal Data held by us about you, and to be provided with information about matters such as the purposes of the processing, the categories of Personal Data, third-party recipients and the Data retention period.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
To exercise any of the rights referred to above, please contact our Data Protection Officer using the contact information provided below in Clause 16.
11. Inform us of changes
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us. You may access your Account at any time to view or amend the Personal Data. You may need to modify or update your Personal Data if your circumstances change. Additional Data as to your marketing preferences may also be stored and you may change this at any time.
Data security is of great importance to Dragonfly and to protect your Personal Data we have put in place suitable physical, electronic, organisational and managerial procedures to safeguard and secure Personal Data collected and processed by us.
13. Cross-border Transfers
When you contact us or use our Services or Systems, we may need to transfer your Personal Data to locations outside the jurisdiction in which we received it for the purposes of receiving third-party services such as those identified in Clause 6 above (e.g. customer relationship management (CRM) systems, marketing automation services, data analytics) or to access legal, sales, marketing and IT support from our parent company, FiscalNote Holdings Inc, in the USA.
If we transfer any of your Personal Data outside the jurisdiction in which we received it, we shall ensure that lawful transfer mechanisms are in place in accordance with Data Protection Laws, such as standard contractual clauses and a UK International Data Transfer Addendum. We also undertake Transfer Risk Assessments, where necessary, to identify if any additional safeguards are required.
The transmission of Personal Data between different group companies is covered by a data-sharing agreement which is based on standard contractual clauses to ensure we will comply with our legal and regulatory obligations to put appropriate safeguards in place to ensure an adequate level of protection for the Personal Data.
14. Links to third-party websites
The Web Site contains links to other sites whose information practices may be different than ours. Visitors should consult the other sites’ privacy notices as we have no control over information that is submitted to, or collected by, these third parties.
15. Changes to this Notice
Dragonfly reserves the right to change this Privacy Notice as we may deem necessary from time to time or as we may be required by law. To ensure that you are always aware of how we use your Personal Data we will update this Privacy Notice from time to time to reflect any changes to our use of your Personal Data. We may also make changes as required to comply with changes in applicable law or regulatory requirements.
16. Our Contact and Data Protection Officer details
We have appointed a data protection officer (DPO) who is responsible for making sure that our business processes and decision-making are in line with data protection laws within the UK and other jurisdictions in which we operate. Our DPO is The DPO Centre Limited.
If you have any questions about this Privacy Notice, how we handle your Personal Data or wish to exercise any of your rights, please contact the DPO at firstname.lastname@example.org or via our postal address, 25 Southampton Buildings, London, WC2A 1AL. Please address the envelope to ‘Data Protection Officer’. You can telephone us at +44 20 3653 0010.
If you have a concern about any aspect of our data protection practices, including the way we’ve handled your Personal Data, you should raise these with us in the first instance by contacting our DPO using the email address above. You can also raise complaints with the relevant supervisory authority for data protection matters in your jurisdiction.
The UK supervisory authority is the Information Commissioner’s Office (ICO). The ICO’s contact details can be found on their website: www.ico.org.uk.