Last Revised: January , 2024
PLEASE NOTE: you are not obligated by law to provide us with any Personal Information. You hereby acknowledge and agree that you are providing us Personal Information at your own free will, for the purposes described in this Policy, and that we may retain such information in accordance with this Policy and any applicable laws and regulations.
TO THE EXTENT THAT YOU PROVIDE US WITH ANY INFORMATION RELATED TO ANY THIRD PARTY OR ANY THIRD PARTY THAT IS NOT YOU, INCLUDING INFORMATION RELATED TO YOUR ORGANIZATION, PERSONNEL, COLLEAGUES OR CUSTOMERS, YOU ARE SOLELY RESPONSIBLE TO RECEIVE AND HEREBY REPRESENTING AND WARRANT THAT YOU HAVE RECEIVED AND YOU SHALL HAVE AT ALL TIMES, MAINTAIN THE CONSENT, AUTHORITY, PERMISSION AND APPROVAL OF SUCH THIRD PARTY TO ALLOW DRAGONFLY TO ACCESS, STORE, COLLECT, ANALYZE AND PROCESS SUCH INFORMATION AS DETAILED HEREIN.
Users of our Services may include (i) individuals who use our Solution in their capacity as employees or other personnel of our business customers (our business customers are hereafter a “Customer”) including individuals identifying as a Customer “admin” users or a Customer’s end-users, using or accessing the Services on a Customer’s behalf (each, a “Customer End-User”); (ii) visitors of the website (each, a “Visitor”); and (iii) Candidate(s) (as defined below).
IMPORTANT NOTE: where we process Personal Data of or about Customer End-Users, we do so on behalf of and under the instruction of the respective Customer (where such a Customer may be your employer, or other corporation on behalf of which you perform services, or otherwise are using our Service), Dragonfly does so in our capacity as a “data processor” on behalf of such a Customer. See below for more information about our practices as a data processor and the impact on your Personal Data in our possession.
We collect information from you when you use or interact with our Services. We divide the information we access and collect into two categories: Personal Information and Non-Personal Information. In this section, we describe each of the two categories of information which we may collect, and the applicable circumstances under which such collection is performed.
A. “Non-Personal Information” is un-identified and non-identifiable information pertaining to a user, which may be made available to us, or collected automatically via your use of the Services. Such Non-personal Information does not enable us to identify the person from whom it was collected, and mainly consists of technical and aggregated usage information which is not linked to an identifiable individual.
B. “Personal Information” is information that pertains or relates to a specific individual, where such individual is identified or may be identified with reasonable efforts or together with additional information, we have access to. Personal Information does not include information that has been anonymized or aggregated; provided that such information can no longer be used to identify a specific natural person. Personal Information that is collected by us may include the following types of information: name, email address, IP address, device identifier, organization identifiers, name, position, and other personal information provided or otherwise made available to us in connection with or as part of: (i) Contact us via the Website or otherwise; (ii) use of the Services; and (iii) engagement with our support services. In addition, the Personal Information we may collect also includes Candidates’ Information (as defined below).
Most of the information that we collect when you use or access our Services is Non-Personal Information, however we collect and process different types of Personal Data through the respective methods of collection discussed below.
If we combine Personal Information with Non-Personal Information, the combined information will be treated as Personal Information. Further Personal Information will only be stored and processed if you voluntarily provide it to us, e.g., through a contact form.
More specifically we collect and use the following categories and types of Personal Information in the following respective circumstances:
With your consent: We ask for your agreement to process your information for specific purposes, and you have the right to withdraw your consent at any time.
Compliance with legal obligations: We may use your Personal Data in order to comply with any applicable law, rule, regulation, guidelines, industry standards, or other governmental authority; respond to or defend against legal proceedings brought against us or our affiliates; prevent fraud; or investigate violations, and enforce our policies, including but not limited to our Terms.
We keep the information processed by us in strict confidence and only share your information with third parties in very limited circumstances and for very specific purposes, as described below:
Law enforcement, legal proceedings, and as authorized by law: We may disclose or otherwise allow access to Personal Information pursuant to a legal requirement or request, such as a subpoena, search warrant or court order, or in compliance with applicable laws and regulations. Such disclosure or access may occur with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.
Protecting Rights and Safety: We may share your Personal Information with others, with or without notice to you, in cases of emergency or if we believe in good faith that this will help protect the rights, property or personal safety of our company, any of our Users, or any members of the general public.
For the avoidance of doubt, we may share your Personal Information in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so. Additionally, we may transfer, share or otherwise use Non-personal (including anonymized, statistical or aggregated) Information in our sole discretion and without the need for further approval.
Information regarding the Users will be maintained, processed and stored by us and by our affiliates and service providers in the US and/or Europe (or with respect to Users of the Services in the region selected by you). Where Dragonfly processes Personal Data on behalf of a Customer (including without limitation, Personal Data of Customer End-Users), such Personal Data will be processed in the locations as permitted and required by the Customer (as further described below).
By providing your information, you expressly consent to the place of storage and transfer described above, including transfers outside of the jurisdiction in which the information was provided.
We retain the Personal Information we collect or receive from you only for as long as needed in order to provide you with the Services and as otherwise necessary to comply with applicable laws and regulations. If you withdraw your consent to us processing your Personal Information, we will delete your Personal Information from our systems (except to the extent such data in whole or in part is required to comply with any applicable rule or regulation and/or to respond to or defend against legal proceeding bought against us or our affiliates), except where we process your information as a Processor on behalf of our Customer (such as your employer is a Customer who makes use of our Services, in which case data retention is subject to such Customer’s instructions).
If you are submitting to the Website and/or Services any personal information pertaining to any third party, you hereby represent and warrant and have received all the necessary legal consents or approvals and have the actual authority and legal right to upload, submit, disclose or otherwise share the Non-personal Information and/or Personal Information and/or any other form of sensitive information, on the third party’s behalf.
We welcome qualified candidates (“Candidates”) to apply to any of the open positions posted on our Website by sending us your contact details and CV or resume (“Candidate Information”). Since privacy and discreetness are very important to our candidates, we are committed to keep Candidate Information private and will use it solely for our internal recruitment purposes (including for identifying candidates, evaluating their applications, making hiring and employment decisions, and contacting candidates by phone or in writing). Please note that we may retain Candidate Information submitted to us even after the applied position has been filled or closed for a reasonable time period. This is done so we could re-consider candidates for other suitable positions and opportunities at Dragonfly; so we could can use the Candidate Information as a reference for future applications; and in case the candidate is hired, for additional engagement and business purposes related to their engagement with us. If you previously submitted your Candidate Information to us, and now wish to access it, update it or have it deleted from our systems, please contact us at firstname.lastname@example.org.
We take great care in implementing and maintaining the security of the Services and of your Personal Information. We employ industry standard procedures and policies to ensure the safety of your information, reduce the risks stemming from loss of information and prevent unauthorized use of any such information. Your Personal Data is stored on secure servers and is not publicly available. We limit access of your Personal Data only to those employees, third-party Service Providers or other partners on a “need to know” basis, and strictly in order to enable us to perform our agreement with you. However, we cannot guarantee absolute information security or eliminate all risks associated with Personal Data, and security breaches may happen. If there are any questions about security, please contact us at email@example.com.
If the law applicable to you grants you such rights, you may ask to access, correct, delete, or transfer your Personal Information that is stored in our systems. You may also ask for our confirmation as to whether or not we process your Personal Information. Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any Personal Information whose accuracy you contest while we verify the status of that data. To the extent set forth in the applicable law, you may also be entitled to obtain the Personal Information you directly provided us (excluding data we obtained from other sources) in a structured, commonly used, and machine-readable format and may have the right to transmit such data to another party.
If you wish to exercise any of these rights, contact us with an explicit request at firstname.lastname@example.org when handling these requests, we may ask for additional information to confirm your identity and your request.
Please note, upon request to delete your Personal Information, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our affiliates.
To find out whether these rights apply to you and for any other privacy-related matters, you can contact your local data protection authority if you have concerns regarding your rights under local law.
Under various privacy, data protection or similar laws, regulations, or additional legal frameworks, such as the GDPR or the CCPA, two separate roles for parties involved in the processing Personal Data typically apply:
Dragonfly is the “data processor” of personal data contained in Customer End-Users’ Personal Data, as submitted or otherwise provided to us by our Customers and/or Customer End-Users. We process such data on behalf of our Customer (who, in turn, is the “data controller” of such data) and in accordance with its reasonable instructions, and our commercial agreements with such Customer.
Our Customers are solely responsible for determining whether and how they wish to use our Services, and for ensuring that all individuals using the Services on the Customer’s behalf or at their request, as well as all individuals whose personal data may be included in any Personal data processed through the Services, have been provided with adequate notice and given informed consent to the processing of their personal data, where such consent is necessary or advised, and that all legal requirements applicable to the collection, use or other processing of data through our Services are fully met by the Customer. Our Customers are also responsible for handling data subject rights requests under applicable law, by their Customer End-Users and other individuals whose data they process through the Services (and accordingly, if you are a Customer End-User or other individual whose Personal Data was provided to us in connection with Customer’s use of the Services, Dragonfly does not provide to you the rights set forth in Section 11 above).
If you would like to make any requests or queries regarding personal data we process as a data processor on our Customer’s behalf, including accessing, correcting, or deleting your data, please contact the Customer and/or an applicable Customer End-User directly.