Privacy Policy.

The data controller for all personal data processed through the Direct Intelligence platform (directintelligence.co.uk) is The Contact Institute Limited, trading as Direct Intelligence.

We collect personal data through the following touchpoints on this platform:

We do not collect sensitive personal data (special category data under UK GDPR Article 9) through this platform.

We process personal data under the following lawful bases as defined in UK GDPR Article 6:

Personal data submitted through this platform is used exclusively for the following purposes:

• -Responding to briefing requests and technical enquiries from institutional and sovereign entities.
• -Verifying eligibility for access to restricted intelligence assets (the Dossier Series).
• -Delivering requested dossiers and follow-up communications related to specific engagement requests.
• -Maintaining records of institutional engagement for relationship management purposes.

We do not use personal data submitted through this platform for marketing, advertising, or any form of automated decision-making. We do not sell, rent, or license personal data to any third party.

We do not share personal data with third parties except in the following limited circumstances:

All third-party processors are required to maintain appropriate technical and organisational security measures and are prohibited from processing data for their own purposes.

Data is securely deleted or anonymised upon expiry of the applicable retention period.

Under UK GDPR, you have the following rights in relation to your personal data:

To exercise any of these rights, contact our DPO at gary@directintelligence.co.uk. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office.

Access to the Dossier Series (/briefing-gate, /vault-access) requires submission of verification data confirming CNI-designated or sovereign entity status. This data is processed as follows:

• -Entity classification and contact data is used solely to verify eligibility and deliver the requested dossier.
• -Verification records are maintained for audit purposes for 2 years.
• -Dossier content is classified as confidential. Recipients agree not to distribute, reproduce, or share dossier content without written consent from The Contact Institute.
• -Secure download links expire after 24 hours. Re-verification is required for subsequent access.

This platform uses only technically necessary cookies required for session management and security. We do not use advertising cookies, tracking pixels, or third-party analytics beyond standard server logs.

No consent banner is required as we use only strictly necessary cookies.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

• -TLS encryption for all data in transit.
• -Encrypted storage for personal data at rest.
• -Access controls limiting data access to authorised personnel only.
• -Time-limited secure links for dossier delivery.
• -Regular security assessments aligned to ISO 27001 principles.

In the event of a personal data breach affecting your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware, as required by UK GDPR Article 33.

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR Chapter V. This includes adequacy decisions, Standard Contractual Clauses, or other approved transfer mechanisms.

Our primary infrastructure is hosted within the UK and EEA. Any transfers to third countries are governed by data processing agreements incorporating the relevant transfer mechanism.

For all data protection enquiries, subject access requests, or to exercise your rights under UK GDPR, contact our Data Protection Officer: