Contents
- Your Data - where we are the data controller:
- Your Data - where we are the data processor (and you are the data controller)
- What this Privacy Notice covers
- Contact & Communication
- Email Newsletter
- External Links & Embedded Content
- Social Media Platforms
- Shortened Links in Social Media
- Contact from IRIS Connect
- Unsubscribe
- How long we keep it
- Where your data is processed and stored
- Protecting your data
- Third Parties
- What are your rights?
- Resources & Further Information
What this Privacy Notice covers
This privacy notice is for any data that IRIS Connect holds on its customers or potential customers. It is served by IRIS Connect LTD and governs the privacy of its users who choose to use it.
The notice sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users and IRIS Connect. Furthermore the way IRIS Connect the company, inclusive of the Web Platform and website processes, stores and protects user data and information will also be detailed within this notice.
Your Data - where we are the data processor (and you are the data controller)
Any data you upload, including videos, comments, profile pictures, attachments etc are managed by the user, controlled by the organisation and processed by IRIS Connect as outlined in the Organisation agreement and EULA. Please refer to this for further information (links below).
Data Location
We use sub-processors to store your data. See this section of the Data Processing Agreement for more information
Data Retention
Uploaded data is owned by the organisation but managed by the user. Further information can be found here.
IRIS Connect Data Access
IRIS Connect may, for the explicit purpose of investigating a specific technical issue, temporarily access customer data. Access to this data is limited to approved members of the engineering team in strictly controlled conditions.
Administrator Access
IRIS Connect provides a content oversight tool that enables Organisation Administrators to review randomised thumbnail images from videos recorded within the organisation. This tool is designed to enable the identification of inappropriate content. The organisation agrees to only use this tool for this sole purpose. Further information can be found here.
Your Data - where we are the data controller
Our Personal Data Protection Policy governs the use and storage of your data.
Action |
Personal Data Collected |
Reason for data collection |
Where data is processed |
Where data is stored |
How long data is kept for |
Basis of Processing |
Use live chat on website/Web Platform |
– Chat transcript – Email address – Name |
Providing technical support |
1. Zendesk
2. Podio
3. Techego |
1. EEA
2. Ireland (AWS)
3. Ireland (Azure) |
Until no longer needed or requested to be deleted
|
For customers – Contract
For non customers – Legitimate Interest |
Request remote support |
Screen recordings from support session |
Providing technical support |
Bomgar |
Locally |
Automatically deleted after 90 days |
Contract |
Use the IRIS Connect Web Platform |
– Name – Email address – Phone number – Email correspondence – Job title – Platform usage and metrics data – Event attendance – General interactions with IRIS Connect
|
Provide account management & respond to queries
System improvements |
1. Podio
2. Gmail / Google Drive
3. IRIS Connect Platform
4. Mailchimp
5. Techego |
1. Ireland (AWS)
2. US/EU*
3. Ireland/US/Sydney (AWS)**
4. USA*
5. Ireland (Azure) |
1. Until no longer needed or requested to be deleted
2. As per the Data Retention Policy 3. Retained whilst organisation remains a customer. If an organisation requests all records to be deleted, data will be anonymised
4. Retained until user account is deleted |
For customers – Contract
For non customers – Legitimate Interest |
Agreeing to marketing communications |
– Email address – Organisation |
To provide newsletter / marketing communications |
1.Mailchimp 2. IRIS Connect Web Platform
3. Hubspot |
1. USA* 2. Ireland/US/Sydney (AWS)**
3. East Coast US (AWS)* |
If requested to delete / unsubscribe |
Consent / Legitimate Interest |
Provide contact details at an event |
– Full name – Organisation |
To provide newsletter / marketing communications |
1.Hubspot 2. Podio 3. Mixmax
4. Techego |
1. East Coast US (AWS)* 2. Ireland (AWS) 3. US* 4. Ireland (Azure) |
Until no longer needed or requested to delete / unsubscribe |
Consent |
Complete form on the website |
– Name – Organisation – Job title |
As per the purpose of the form |
|
1.East Coast US (AWS)*
2. Ireland (AWS)
3. US*
4. Ireland (Azure) |
Until no longer needed or requested to be deleted |
Consent |
Sign up to IRIS Connect hosted event |
– Full name – Organisation |
To provide details for the event and enable booking a place on the event |
1. Event brite
2. Podio
3. Mixmax (non customers)
4. Hubspot (non customers)
5. Techego |
1. US*
2. Ireland (AWS)
3. East Coast US (AWS)*
4. US*
5. Ireland (Azure) |
Until no longer needed or requested to be deleted |
Consent |
*Covered by Standard Contractual Clauses
** Depending on if you are an EU/US or OCE customer
Contact & Communication
Users contacting IRIS Connect do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required, has no use or you request for it to be deleted, in accordance with GDPR. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.
IRIS Connect may use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program IRIS Connect operates but only if this was made clear to you and your express permission was granted. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material.
Email Newsletter
IRIS Connect operates an email newsletter program, used to inform subscribers about products and services from IRIS Connect. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user.
All personal details relating to subscriptions are held securely and in accordance with the GDPR.
Email marketing campaigns published by IRIS Connect may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity.
This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.
In compliance with GDPR subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to un-subscribe will be detailed instead.
External Links & Embedded Content
Although IRIS Connect only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout its emails, website or web platform. IRIS Connect is not responsible for the links and content used in the platform added by its users.
External links are clickable text / banner / image links to other websites
Embedded content includes videos from other platforms such as Youtube, Vimeo, Wista etc
IRIS Connect cannot guarantee or verify the contents of any externally linked website or embedded content despite their best efforts. Users should therefore note they click on external links or content at their own risk and this website and IRIS Connect cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that the IRIS Connect platform and IRIS Connect participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This platform nor IRIS Connect will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
IRIS Connect may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened Links in Social Media
IRIS Connect through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls (web addresses).
Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and IRIS Connect. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and IRIS Connect cannot be held liable for any damages or implications caused by visiting any shortened links.
Contact from IRIS Connect
You may receive marketing communications from IRIS Connect. IRIS Connect processes data using the lawful basis of either contract, legitimate interest or consent. If you would prefer not to receive these communications please see the unsubscribe section below.
For customers who unsubscribe, please note that you will still receive service update emails for important announcements. These will not contain any marketing content.
Customers can manage your email preferences of automated platform emails from your account.
Unsubscribe
If you would like to unsubscribe from our newsletter and marketing communications you can do so using this link.
Please note we will keep your details on our system to record that you have unsubscribed.
If you would like your details permanently deleted please email dpo@irisconnect.co.uk.
How long we keep it
Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information. Please see the table below and the Data Retention Policy for more information on our personal data retention schedule.
Where your data is processed and stored
IRIS Connect have confirmed that any sub-processors we are using to host your data meet GDPR and we have a relevant sub-processor agreement in place.
Protecting your data
IRIS Connect takes data protection and security very seriously. Your data will only be available to staff who need access to it, we only use sub-processors who use market leading cloud data security processes.
Further information about our processes we have in place for protecting your data can be found in our
Data Retention and Secure Disposal Policy
Data Breach Response and Notification Procedure
Personal Data Protection Policy
Third Parties
We will only share email address and usage data with our IRIS Connect regional partner which manages your specific area. Access to this data will be restricted to the express purpose of assisting the customer with their training, technology adoption and support requirements. These partners have been certified by IRIS Connect to exclusively represent us in specific regions.
Below is a list of our regional partners:
- SmartMove: East Midlands, North of England
- Impact Matters: South West England, Wales & West Midlands
- Equis Consulting: Central and North London, Home Counties
- DO-IT: the Netherlands and Belgium Flanders
- Roiit: Denmark, Faroe Islands and Greenland
- JAMK: Finland
What are your rights?
Under GDPR you may request a copy of personal information held about you. If you would like a copy of the information held on you please see our Data Subject Access Request procedure
Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted. Please contact us through the Data Subject Access Request procedure
In the event that you wish to complain about how we have handled your personal data, please contact the Data Protection Officer at dpo@irisconnect.co.uk or in writing at IRIS Connect, Unit 11, Hove Business Centre, Fonthill Road, Hove, BN36HA. Our Data Protection Officer will then look into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Information Commissioner’s Office and file a complaint with them.