Privacy policy

PRIVACY POLICY

Dragonpass Privacy Policy

1. General

1.1. Welcome to Dragonpass International Limited’s (“Dragonpass”) Privacy Policy (“Privacy Policy”) page.

1.2. When you read this Privacy Policy, please note that the terms “you”, “your” and “User(s)” refer to the person(s) named on the Card(s). The terms “we”, “our”, “us” and “Dragonpass” refer to Dragonpass International Limited and its affiliates, successors and assigns. If you are the individual requesting us to issue the Card(s) to you, you will be known as the “Dragonpass Member” and you will have an account with us called the “Card Account”.

1.3. Dragonpass is committed to protecting and respecting your privacy. This Privacy Policy, together with our Terms of Use and any other documents referred to in it and herein, sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us.

1.4. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

1.5. If you are under 18 (eighteen) years old, please do not send any Personal Data about yourself to us.

1.6. Under the United Kingdom General Data Protection Regulations (“UK GDPR”), Dragonpass will be construed as a Data Controller in relation to your Personal Data provided to Dragonpass for your receipt of Dragonpass’ service.

1.7. By definition:

1.8. a “Data Controller” is a person or entity which determines the manner of which any personal data is, or is to be, processed; and

1.9. “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”), an identifiable natural person being one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. What Information Do We Collect from You?

2.1. In order to provide a better service to you, we may collect and process the following data about you:

2.1.1. Information that you provide by filling in forms on our main/official website or associated white label site(s), mobile application(s), or other relevant platforms through which we provide our services, products and/or information (collectively and severally, “Our Sites”). The above includes information provided at the time of registering to use any of Our Sites (including without limitation the Dragonpass App), subscribing to any of our Services, procurement of any of our products or services, posting material or requesting further services. Dragonpass may also ask you for information at other times, for example in connection with a promotion or if you report a problem with any of Our Sites or any of our other services or products;

2.1.2. If you contact us, we may keep a record of that correspondence;

2.1.3. We may also ask you to complete surveys from time to time that we use for research purposes, although you do not have to respond to them;

2.1.4. Details of transactions you carry out through any of Our Sites;

2.1.5. Details (including your Personal Data) required for the fulfilment of your orders and the provision of the Services; and

2.1.6. Details of your visits to any of Our Sites, our service providers’ or Participating Merchant Outlets’ sites (including their physical locations, such as airport Lounges and Fast Track lanes), and the resources that you access.

2.2.We only retain Personal Data for so long as it is necessary, pursuant to legitimate business or legal purposes. Personal Data may be archived as long as the purpose for which the Personal Data was used still exists (including for accounting or audit purposes, reconciliation, or to assist with any requests or potential claims that you may have after your membership or transaction with us ends). This is currently 3 (three) years from the date your membership, booking or transaction expires/ends.

3. Why Do We Collect This Information?

3.1. The purposes for which information may be used by us inside and outside of the United Kingdom (“UK”) include:

3.1.1 In order for us to be able to provide to you our Service or product, which you have purchased, requested or agreed to;

3.1.2. Ensuring that content from the Dragonpass Website or App or other platform is presented in the most effective manner for you;

3.1.3. Providing you with alerts, newsletters, educational materials or information that you have requested or signed up for;

3.1.4. Allowing you to participate in interactive features of our Services, when you voluntarily choose to do so;

3.1.5. Complying with laws and regulations applicable to us or any of our affiliates inside or outside of the UK;

3.1.6. Legal proceedings, including but not limited to collecting overdue amounts and seeking professional advices; and

3.1.7. Researching, designing, and/or launching Services or products, including seminars, events, and forums.

3.2. Dragonpass collects the minimum amount of Personal Data necessary in order to process the tasks described above. No irrelevant or unnecessary Personal Data is stored on our systems.

4. Who Might We Share Your Data With?

4.1. We will keep the Personal Data we hold confidential but may provide information to:

4.1.1. Personnel, agents, advisers, auditors, contractors, financial institutions, and/or service providers in connection with our operations or Services (pursuant to legitimate business or legal purposes, whether located in the UK or overseas) and under a duty of confidentiality/data protection to us;

4.1.2. Immigration clearance authorities and officers (in the event that you use our Fast Track Service at participating airports);

4.1.3. Our overseas offices, affiliates, business partners and counterparts (if any), where relevant to our provision of products or Services to you or to service your requests (including without limitation administrative or operational aspects thereto such as hosting services and audits);

4.1.4. Persons to whom we are required to make disclosure under applicable laws and regulations in or outside of the UK; and/or

4.1.5. Actual or proposed transferees or participants (including without limitation Participating Merchant Outlets and service providers) of our Services in or outside the UK.

4.2. As an entity, Dragonpass operates businesses both inside and outside of the UK. These other factions/related companies of our business are based in China, Hong Kong, Japan, Singapore and South Africa (and any other locations that our business may expand to from time to time). We require all our Participating Merchant Outlets and service providers to process your information in a secure manner which is in accordance with applicable data protection regulations. We utilise standard means permitted under the UK GDPR (and/or other applicable data protection laws depending on locale and residency) to legitimize data transfers outside of the UK (and/or other locations in which our business operations may be based).

5. What Do We Do with Your Data?

5.1. All information you provide to us is stored on our secure servers outside of the UK. Any payment transactions will be encrypted using TLS technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Services or platforms, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

5.2. Unfortunately, the transmission of information via the internet is not completely secure. Whilst we encrypt your Personal Data, if you are using a network which is unsecure or accessing the internet, this is out of our control, and we therefore cannot guarantee the security of your Personal Data transmitted to our site. Accordingly, any transmission is at your own risk and you agree not to hold us responsible for any breach of security while accessing the internet outside of our control. Once we have received your information, we will use and employ strict procedures and security features to prevent unauthorised access in relation thereto.

5.3. We may disclose your information to third party partners and Participating Merchant Outlets for the purposes set out in this Privacy Policy related to the function of our Services. We require all third parties to have appropriate technical and operational security measures in place to protect your Personal Data, in line with the UK GDPR (and/or other data protection laws as may be applicable depending on locale and residency).

6. How Long Do We Keep Hold of Your Information?

6.1. Once your Personal Data is held on our systems, we intend to hold this data for 3 (three) years after the date of membership, booking or transaction expiry/completion, for legitimate business and legal purposes (including but not limited to audits, reconciliations, potential follow-ups, and/or any potential claims). Customers may request deletion of their Personal Data from Dragonpass by contacting us on the phone number or email set out hereinbelow at Section 11.

7. What Rights Do You Have with Regards to the Information Dragonpass Holds about You?

7.1. Under the UK GDPR, individuals have the right:

7.1.1. To check whether we hold Personal Data about you and to access such data;

7.1.2 To require us to correct, as soon as reasonably practicable, any data relating to you that is inaccurate;

7.1.3. To ascertain our policies and practices in relation to Personal Data and the kind of Personal Data held by us;

7.1.4. To object to the use of your Personal Data for marketing purposes (if you had previously consented thereto). We shall not use your Personal Data for marketing purposes after you communicate your objection (or revoke your prior consent) to us; and

7.1.5. To request the deletion of any Personal Data which we are holding (subject however to inevitable consequences as further described in Clause 7.3 below).

7.2. Please send requests for any objections, access to your Personal Data, correction of your Personal Data, information regarding policies, practices and your Personal Data held by us, questions and/or complaints to the contact details set out hereinbelow in Section 11.

7.3. You can at any time choose to delete your account in-App, however, thereafter deletion, you will no longer be able to access any of our Services and products, we may not be able to fulfil any transactions that you have already requested from us (even if payment has already been made), and no refunds or other compensation of any kind will be provided to you.

7.4. In accordance with the terms of the UK GDPR, we have the right to and may charge a reasonable fee for processing any data access request that is manifestly unfounded or excessive, and where such a fee is chargeable, we will inform you beforehand for your agreement thereto. Otherwise, for most other requests no fee will be chargeable.

7.5. We reserve the right to amend and update the terms of this Privacy Policy at any time in our sole discretion without notice. We will however communicate any material amendments/updates to you as soon as reasonably possible.

8. Payment Information

8.1. When making a payment with Dragonpass you do so through the Ingenico Checkout Gateway (“Ingenico”).

8.2. In order to make a payment you will be required to provide your card number, expiry date and CVV code through this gateway.

8.3. None of your card details will be stored on the Dragonpass systems. This information will be solely retained in an encrypted format by Ingenico.

9. Cookies

9.1. Our Sites use cookies to distinguish you from other Users of Our Sites. This helps us to provide you with a good experience when you browse Our Sites and enables us to improve Our Sites.

9.2. We use the following cookies:

9.2.1. Strictly Necessary Cookies:

a) These are cookies that are required for the operation of Our Sites (including without limitation our website and mobile application).

b) These cookies include, for example, cookies that enable you to log into secure areas of our Website and App, use a shopping cart, or make use of e-billing services; and

9.2.2. Analytical/Performance Cookies:

a) These cookies allow us to recognise and count the number of visitors to Our Sites and to see how visitors move around Our Sites (including without limitation our main/official Website and App) when they use them.

b) These cookies help us to improve the way Our Sites (including without limitation our main/official Website and App) work, for example, by ensuring that Users are finding what they are looking for easily.

9.3. Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies, although we cannot guarantee this.

9.4. You can block cookies by activating the relevant setting on your browser or in your App that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or some or parts of Our Sites.

10. Use of Artificial Intelligence

10.1. Our Service includes an AI chatbot (powered by a GPT-based language model) (the “Chatbot”) available on both our Website and App to assist you during your Service experience. This section describes how we handle data when you interact with the Chatbot, in compliance with applicable European and Asian data protection standards.

10.2. No Personal Data (PII) Collected:

10.2.1. The Chatbot is not designed to collect or process personally identifiable information (“PII”).

10.2.2. We do not require you to provide your name, contact details, payment information, or other Personal Data to use the Chatbot. In fact, Users are advised not to share any personal information in chat messages. (Examples of PII to avoid include names, email or home addresses, phone numbers, passport or ID numbers, financial details, etc.).

10.2.3. Our Chatbot is intended for general inquiries and assistance, and we purposely instruct it not to solicit sensitive Personal Data. If you nonetheless voluntarily provide personal information, we will treat it in accordance with this Privacy Policy and applicable law and will take appropriate steps to remove or anonymize such data from our records when possible.

10.3. Data Storage within Internal Infrastructure:

10.3.1. All chat conversations and data exchanged with the Chatbot are stored securely on our internal servers and are not shared with third-party platforms. In other words, your chat data stays within Dragonpass’ controlled infrastructure and is not exposed to external AI providers or unauthorized parties.

10.3.2. We maintain strict access controls and encryption to protect these chat logs.

10.3.3. By keeping Chatbot data on our own infrastructure (as opposed to public servers), we ensure that European user data remains under GDPR-compliant protections and Asian User data under equivalent local protections, minimizing risks of unauthorized disclosure.

10.3.4. We do not use Chatbot interaction data for any purpose outside of serving you, improving the Chatbot service, and ensuring security. This data is never sold or used for third-party advertising.

10.4. Limited Data Retention:

10.4.1. We retain Chatbot interaction data only for as long as necessary to serve your needs and to fulfil the purposes described. This means your chat logs are kept no longer than needed to assist you and improve our Services, after which they are deleted or anonymized.

10.4.2. We adhere to the GDPR principle of “Storage Limitation”, which requires that Personal Data be kept only as long as needed for the purposes collected.

10.4.3. Similarly, under laws like Singapore’s Personal Data Protection Act (“PDPA”), organizations must stop retaining Personal Data once it is no longer needed for the purpose for which it was collected. In practice, we periodically review and purge Chatbot data. Any data that is not required for ongoing customer service or legitimate business purposes is erased or anonymized.

10.4.4. This policy ensures that we do not keep your Chatbot data indefinitely or unnecessarily.

10.5. Compliance with EU and Asian Data Protection Laws:

10.5.1. Our handling of Chatbot data is designed to meet the privacy expectations of the EU GDPR and relevant Asian data protection frameworks.

10.5.2. We implement privacy by design in our Chatbot system, meaning we minimize data collection and use secure processing to protect your information at all stages.

10.5.3. No Personal Data is processed without a proper legal basis – since we do not actively collect PII through the Chatbot, consent is generally not required for chat usage, but if any personal information is incidentally provided, we rely on legitimate interest (customer service provision) or your consent as appropriate under GDPR and analogous laws. We also uphold your rights under these regulations: for example, if you ever wish to access or delete Personal Data that may have been captured in a chat record, you can contact us to make a request, and we will respond in accordance with GDPR and applicable Asian laws (such as the PDPA or other national privacy laws).

10.5.4. We maintain transparency about the Chatbot’s operations and will promptly address any privacy concerns that you may have. Rest assured that whether you are in the EU or in an Asian jurisdiction, your data is handled lawfully, fairly, and transparently, consistent with regional requirements and our commitment to privacy.

10.6. By using our AI Chatbot, you acknowledge this privacy disclosure. We are committed to protecting your privacy and ensuring that our Chatbot service remains safe and compliant. If you have any questions or requests regarding your data and privacy in the Chatbot, please refer to the contact information provided in our broader Privacy Policy to reach our Data Protection Officer or Customer Service team for assistance.

11. How to Contact Us

11.1. If you have any queries or concerns regarding our Privacy Policy or your Personal Data held with us, please contact us using the below stated contact information:

11.1.1. Email: dpo@dragonpassuk.com;

11.1.2. Telephone: +44 (0)161 929 8844;

11.1.3. Addressed to: Data Protection Officer;

11.1.4. Address: 173a Ashley Road, Hale, Cheshire, WA15 9SD, United Kingdom

11.2. In the event that, despite our best efforts to resolve your concerns, you are still unsatisfied with our responses, you may contact the Information Commissioner’s Office (“ICO”).

11.3 Further information can be found at: https://ico.org.uk/for-the-public/getting-copies-of-your-information-subject-access-request/what-to-do-if-dont-get-a-response-or-youre-unhappy-with-it/

Last updated: 24/06/2025