Other privacy policies
FIREFLIES.AI Notetaker Privacy Notice and Usage Guideline
Version 2 /Jul 4, 2024
Purpose:
At Remerge GmbH, we prioritize your privacy and data security. This notice explains how we use Fireflies.ai Notetaker for our meetings and how your personal data is handled, ensuring transparency and compliance with data protection laws. This Privacy Notice informs you about our use of „Fireflies.ai“ for online meetings, teleconferences, discussion rounds, and presentations with Remerge’s Customers and business partners (collectively, „Meetings“).
Controller Information:
The responsibility of Remerge solely covers the services of Fireflies concerning the provision of meeting recordings and transcription services.
- Controller: Remerge GmbH
- Address: Heidestr. 9, 10557, Berlin, Germany
- Contact: privacy@remerge.io
Processor Information:
- Processor: Fireflies.AI Corp
- Address: 5424 Sunol Blvd, Ste 10-531, Pleasanton, CA 94566, USA
- Contact: support@fireflies.ai
In addition to the data processing described in this notice, Fireflies processes further personal data in the apps and on the website https://fireflies.ai/, which is under its own responsibility as an independent data processing controller. We have no influence on this data processing, so Fireflies is solely responsible for it under data protection law.
It is important to mention that Fireflies does not use recorded information to train its AI system, as described here: Police on Keeping Information Safe.
For which purposes is the data processed?
We use Fireflies for the following use cases:
- Meetings with Clients/Product Demonstration
- Meeting with Providers/Partners/Suppliers
- Internal Meetings not related to recruiting, HR activities or employees work performance
Your data is processed for the following purposes:
- To accurately capture meeting details and decisions.
- To improve our services and maintain accurate records.
- To provide a clear and concise summary of the meetings.
- To conduct meetings effectively and simply, to record meetings to save discussions and presentations for later review.
Data Subjects:
The data subjects whose personal data are processed are the employees, customers, prospective customers, suppliers, and partners.
What is the legal basis for the data processing?
The legal basis for processing your data is the consent of attendees, according to Art. 6(1)(a) and Art. 7(3) GDPR.
Which data is collected?
The following data of participants can be while using Fireflies:
Meeting participants
- Name
- Company name,
- E-mail address,
- Physical address,
- Phone number and any other information, if provided
User Content
- Transcription,
- Summaries
- Audio & video recordings
- AskFred chats
- Soundbites and any derivatives of such.
User Metadata
- Calendar metadata
- Meeting participants' emails and names
- Usage logs
- User settings/configuration.
Where and how long will the data be processed?
The data is also processed in the USA. For this reason, we concluded Standard Contractual Clauses (Implementing Decision (EU) 2021/914) according to Art. 46(2)(c) GDPR, Module 2 for Fireflie’s data processing on our behalf.
The data is stored as long as needed to fulfill the above-mentioned purposes. Thus, the data is mainly stored for the duration of a Fireflies account or longer if there are legal obligations or requirements for legal positions to keep the data. The users themselves can delete some data: Fireflies Rules
How is your data secured?
Fireflies.ai secures your data by encrypting it both at rest and in transit. Data at rest, including emails, calendar events, and other personally identifiable information, is protected using 256-bit AES encryption. Data in transit is safeguarded with TLS 1.2 encryption. The database is hosted within a virtual private cloud on AWS, and private storage options are also available for greater data control. For more details, visit their Data Encryption guide.
Remerge conducts regular security assessments and complies with industry standards to protect your data. Fireflies.ai is certified under SOC 2 Type 2 for data security. More information can be found here.
How do Fireflies grant that will only work if a user consents?
Fireflies ensures that recording only occurs with user consent through several mechanisms. It requires users (Account Owners) to notify participants that the meeting will be recorded. Fireflies can also send an email notification to participants an hour before the meeting, allowing them to opt-out if they do not consent. If any participant opts out, Fireflies will not join the meeting. Additionally, Fireflies' presence in a meeting must be explicitly admitted by someone in the meeting, and it can be removed at any time, ceasing the recording immediately. For more details, visit their Responsible meeting recording guide.
What are your rights?
You have the following rights according to the GDPR:
- Right to access (Art. 15);
- Right to rectification (Art. 16);
- Right to erasure (Art. 17);
- Right to restriction of processing (Art. 18);
- Right to object (Art. 21) in the case of data processing whose legal basis is our legitimate interest.
To enforce your rights according to Art. 15 to 21 GDPR, please contact us at the above-mentioned contact e-mail and mention “Fireflies Use” in the title. If the legal requirements are met, we will fulfill your rights.
You also have the right to lodge a complaint with a supervisory authority (Art. 77) if you consider that processing personal data relating to you infringes the GDPR. In this case, please contact a supervisory authority, particularly in the member state of your habitual residence, place of work, or place of the alleged infringement.