Contents of this article:
- What this Privacy Notice covers
- Information we process on your behalf
- Information we collect
- Table 1 - How we collect, use, store the data we collect
- Third-Party Tracking and Online Advertising
- Use of marketing and third party services
- Contact & Communication
- Email Newsletter
- Your controls
- Contact from IRIS Connect/Unsubscribe
- External Links & Embedded Content
- Protecting your data
- What are your rights?
- Changes to this policy
- Contact
- Resources and further information
Last updated - 31/07/2023 - We added clarifying information about the use of third-party tracking and advertising services such as Google analytics & cookies.
What this Privacy Notice covers
This privacy notice is for any data that IRIS Connect holds on its customers or potential customers. It is served by IRIS Connect Ltd and governs the privacy of its users who choose to use it.
The notice sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users and IRIS Connect. Furthermore, the way IRIS Connect the company, inclusive of the Web Platform and website, processes, stores, and protects user data and information will also be detailed within this notice.
Information we process on your behalf
This covers any data that users upload to their accounts, such as videos, comments, profile pictures, and attachments (images and files).
This data is managed by the user, controlled by their organisation and processed by IRIS Connect as outlined in the Organisation agreement and EULA. Please refer to this for further information (links below).
List of possible data that can be stored on our system:
- User account details - username, email address, password, profile picture, tags
- Video and audio recordings, including edits and thumbnails
- Text, audio and video comments, files, tags added to reflections
- Text, images, files and discussion board responses added to groups
- Form, assignment responses
- Progress and responses on courses such as pathways
Data Location
We use sub-processors to store/process your data. See this section of the Data Processing Agreement for more information
Data Retention
Uploaded data is owned by the user's organisation but managed by the user. Further information can be found here.
IRIS Connect Data Access
IRIS Connect may, for the explicit purpose of investigating a specific technical issue, temporarily access customer data. Access to this data is limited to approved members of the engineering team in strictly controlled conditions.
Administrator Access
IRIS Connect provides a content oversight tool that enables Organisation Administrators to review randomised thumbnail images from videos recorded within the organisation. This tool is designed to enable the identification of inappropriate content. The organisation agrees to only use this tool for this sole purpose. Further information can be found here.
Information we collect
This is information we collect about you when you use our services. In this case, IRIS Connect is the data controller.
What information we collect
We collect data from you, when you fill out a form on our website, use our website or use our web platform. See Table 1 for more information.
How we collect it
This falls into 3 categories:
1) Information you provide via our website/marketing event/use of the System
We collect information you provide when you use our Services or otherwise engage or communicate with us as described below.
- Identity Data, such as your name,
- Contact Data, such as your email address, and telephone number;
- Additional Data You Provide, such as via Hubspot forms, survey responses, competitions, customer support, or other means.
- Account information such as profile picture, account settings and preferences
2) Information We Collect Automatically
As is true of many digital platforms, we also collect certain information about you automatically when you use our Services, as described below.
- Usage Information. We collect information about your activity on our Services, which includes device identifiers (like IP address or mobile device identifiers), pages or features you use, time and date of access, and other similar usage information.
- Location Data. We may collect the GPS location of your mobile device in accordance with your device permissions. You can stop the collection of this precise location information at any time (see the Your Control section below for details). Google uses technologies to approximate your location, including IP address (see Google’s Privacy Policy located at https://policies.google.com/privacy to learn more about how they process this information). We also approximate your location by your IP address.
- Information Collected Through Tracking Technologies. We and our service providers also use technologies, including cookies, to automatically collect certain types of usage and device information when you use our Services or interact with our emails. The information collected through these technologies includes your IP address, browser type, Internet service provider, platform type, device type, operating system, date and time stamp, a unique device or account ID, usage information and other similar information. For information about how to disable cookies, please see the Your Controls section below.
- Cookies - Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
3) Information We Collect from Other Sources
- Publicly Available Data. includes contact information, your interactions with our social media platforms, and other information from publicly available sources, such as public websites.
- Advertising Data. We collect information in connection with our ad campaigns that surfaced on other platforms, such as the ads you clicked on and other interactions with our ads.
How we use your information
We use the information we collect for purposes described below or as otherwise described to you at the point of collection:
- Maintain and provide the Services, including to process account applications, authenticate your identity, repair our Services, support, process and record transactional information, and handle billing and account management;
- Send you relationship information, including confirmations, invoices, technical notices, customer support responses, software updates, security alerts, support and administrative messages
- Communicate with you about offers and other things we think you will be interested in, such as newsletters, product announcements, partner offerings, surveys, competitions, events or announcements;
- Personalise our Services, such as by suggesting content or customising content or ads we show you;
- Monitor and improve our Services, including analysing usage, research and development;
- Facilitate competitions, and promotions and process and deliver entries and rewards;
- Help protect the safety and security of our Services, business, and users, such as to investigate and help prevent fraud or other unlawful activity;
- Protect or exercise our legal rights or defend against legal claims, including to enforce and carry out contracts and agreements; and
- Comply with applicable laws and legal obligations, such as compliance obligations associated with being a data processor.
How long we keep it
We will store the personal data as long as they are required for the fulfilment of our contractual obligations. If processing depends upon your consent, we will store this data as long as you do not withdraw your consent. We will also store your data only as long as we are obligated by law to store them and as long as claims can be asserted against us.
See Table 1 and the Data Retention Policy for more information on our personal data retention schedule.
Where your data is processed and stored
IRIS Connect have confirmed that any sub-processors we are using to host your data meet GDPR and we have a relevant sub-processor agreement in place.
See Table 1 for a breakdown of this information
Our legal basis for collecting the data
Under the GDPR any collection of personal data needs to have a legal basis. For each data type we are collecting we have documented the 'basis of processing' in Table 1
Who we share it with/Third Parties
We are committed to maintaining your trust, and we want you to understand when and with whom we share information about you. We will only share email address and usage data with our IRIS Connect regional partner which manages your specific area. Access to this data will be restricted to the express purpose of assisting the customer with their training, technology adoption and support requirements. These partners have been certified by IRIS Connect to exclusively represent us in specific regions.
Below is a list of our regional partners:
- SmartMove: East Midlands, North of England
- Impact Matters: South West England, Wales & West Midlands
- Equis Consulting: Central and North London, Home Counties
- DO-IT: the Netherlands and Belgium Flanders
- Roiit: Denmark, Faroe Islands and Greenland
- JAMK: Finland
Additionally, we share information about you in the instances described below.
- Authorised third-party vendors and service providers. We share information about you with third-party vendors and service providers who perform services for us, such as advertising, web hosting, and analytics services. We share this information in an aggregated or otherwise de-identified form that does not reasonably identify you.
- Legal purposes. We disclose information about you if we believe that disclosure is in accordance with, or required by, any applicable law or legal process or to protect and defend the rights, interests, safety, and security of IRIS Connect, our users, or the public.
Table 1 - How we collect, use, store the data we collect
Action |
Personal Data Collected |
Reason for data collection |
Where data is processed |
Where data is stored |
How long data is kept for |
Basis of Processing |
Use live chat on website/Web Platform |
– Chat transcript – Email address – Name |
Providing technical support |
1. Zendesk
2. Podio
3. Techego |
1. EEA
2. Ireland (AWS)
3. Ireland (Azure) |
Until no longer needed or requested to be deleted
|
For customers – Contract
For non customers – Legitimate Interest |
Request remote support |
Screen recordings from support session |
Providing technical support |
Beyond Trust |
Locally |
Automatically deleted after 90 days |
Contract |
Use the IRIS Connect Web Platform |
– Name – Email address – Phone number – Email correspondence – Job title – Platform usage and metrics data – Event attendance – General interactions with IRIS Connect
|
Provide account management & respond to queries
System improvements |
1. Podio 2. Gmail / Google Drive
3. IRIS Connect Platform
4. Mailchimp
5. Techego |
1. Ireland (AWS) 2. US/EU*
3. Ireland/US/ Sydney (AWS)**
4. USA*
5. Ireland (Azure) |
1. Until no longer needed or requested to be deleted
2. As per the Data Retention Policy 3. Retained whilst organisation remains a customer. If an organisation requests all records to be deleted, data will be anonymised
4. Retained until user account is deleted |
For customers – Contract
For non customers – Legitimate Interest |
Agreeing to marketing communications |
– Email address – Organisation |
To provide newsletter / marketing communications |
1.Mailchimp 2. IRIS Connect Web Platform
3. Hubspot |
1. USA* 2. Ireland/US/Sydney (AWS)**
3. East Coast US (AWS)* |
If requested to delete / unsubscribe |
Consent / Legitimate Interest |
Provide contact details at an event |
– Full name – Organisation |
To provide newsletter / marketing communications |
1.Hubspot 2. Podio 3. Mixmax
4. Techego |
1. East Coast US (AWS)* 2. Ireland (AWS) 3. US* 4. Ireland (Azure) |
Until no longer needed or requested to delete / unsubscribe |
Consent |
Complete form on the website |
– Name – Organisation – Job title |
As per the purpose of the form |
1.Hubspot
2. Podio
3. Mixmax
4. Techego |
1.East Coast US (AWS)*
2. Ireland (AWS)
3. US*
4. Ireland (Azure) |
Until no longer needed or requested to be deleted |
Consent |
Sign up to IRIS Connect hosted event |
– Full name – Organisation |
To provide details for the event and enable booking a place on the event |
1. Event brite
2. Podio
3. Mixmax (non customers)
4. Hubspot (non customers)
5. Techego |
1. US*
2. Ireland (AWS)
3. East Coast US (AWS)*
4. US*
5. Ireland (Azure) |
Until no longer needed or requested to be deleted |
Consent |
*Covered by Standard Contractual Clauses
** Depending on if you are an EU/US or OCE customer
Third-Party Tracking and Online Advertising
We use third-party advertising and analytics services to better understand your online activity and serve you targeted advertisements. For example, we use Google Analytics and you can review the “How Google uses information from sites or apps that use our services” linked here: http://www.google.com/policies/privacy/partners/ for detailed information about how Google processes the information it collects. These companies collect information about your use of our Services and other websites and online services over time through cookies, device identifiers, or other tracking technologies.
The information collected includes your web browser, mobile network information, pages viewed, time spent, links clicked, and conversion information. We use this information to, among other things, analyse and track data, determine the popularity of content, and deliver advertisements targeted to your interests on our services and other platforms, as well as to provide advertising-related services to us such as reporting, attribution, analytics, and market research.
We use the offer of Google Ads, in order to draw attention to our services and features with the help of advertising (so-called Google Ads) on external web pages. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting to you and to achieve a fair calculation of advertising costs.
These advertising materials are supplied by Google via so-called “ad servers”. To do this, we use ad server cookies, from which certain performance metrics such as ads or user clicks can be measured. If you access our website through a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days and should not serve to personally identify you. As a rule, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wants to be addressed) are usually stored as analysis values for this cookie.
These cookies allow Google to recognize your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer may discover that the user clicked on the advertisement and was redirected to that page. Each Ads customer is assigned a different cookie. Thus cookies cannot be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We receive only statistical evaluations provided by Google. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify the users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence over the scope of the data collected by the employment of this tool by Google and the further use of such data, and inform you therefore according to our level of knowledge: By including Ads Conversion, Google receives the information that you have accessed the relevant part of our website or have clicked on an advertisement from us. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find out your IP address and store it.
For more information about interest-based ads, including to learn about options for opting out of having your web browsing information used for targeted advertising purposes, please visit www.aboutads.info/choices. You should also review your mobile device settings and controls for features that allow you to opt out or opt in to having certain information collected for behavioural advertising purposes.
In addition to Ads Conversion, we use the Google remarketing application, which enables you to see our ads after visiting our website as you continue to use the internet. This is done by means of cookies stored in your browser, through which your usage behaviour when visiting various websites is recorded and evaluated by Google. This is how Google determines your previous visit to our website. Consolidation of the data collected during the remarketing with your personal data, which may be stored by Google, does not occur by Google according to its own statements. In particular, according to Google, pseudonymization is used in remarketing.
With the use of remarketing, information about your browsing behaviour is collected for marketing purposes in anonymous form and stored on your computer using cookies (targeting / retargeting). Based on an algorithm, we can then show you targeted product recommendations as personalised banner ads on other websites (so-called publishers). If you do not want this to occur, you can disable it via the Ads Preferences Manager (https://www.support.google.com/ads/answers/2662922?HL=EN).
We may use other web analysis tools that are built into the IRIS Connect website to measure and collect anonymous session information.
If you follow links to any third-party websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Bing
Bing Ads collect user information (including personally identifiable information) from Microsoft online properties, apps and other technologies like tags, pixels or unique tracking codes (“Bing Ads User Data”). Microsoft uses Bing Ads User Data for purposes of delivering Bing Ads including, where applicable, retargeting and conversions. Microsoft uses Bing Ads User Data for its own purposes, including to improve its services. To learn more about how Microsoft collects, uses and processes personally identifiable information, including information on how to control the use of your data for interest-based advertising from Microsoft, please see its Privacy Statements at https://privacy.microsoft.com/en-us/privacystatement.
Use of marketing and third party services
HubSpot
We use HubSpot forms on the website for users to submit info in order to download content, subscribe to newsletters, get in touch and other communications.
We also use HubSpot for our Marketing Automation system/Content Management system, for sending marketing communications regarding IRIS Connect news, services and events to subscribers. If you would prefer not to receive these communications you can unsubscribe using this link or via the unsubscribe option in the emails.
Mailchimp
We use Mailchimp for sending communications to our customers regarding IRIS Connect news, services, product updates, events, support, etc. If you would prefer not to receive these communications you can unsubscribe using this link or via the unsubscribe option in the emails.
Wistia
We use Wistia to host certain videos on our site. Information collected by Wistia in connection with videos played on this website is covered by Wistia’s Privacy Policy, available at https://wistia.com/privacy.
YouTube
YouTube videos are incorporated into our websites. The videos are stored at www.youtube.com and can be played directly from our websites. These videos are incorporated in such a way that no personal data related to you as the user is sent to YouTube if you do not play the videos.
If you do play the videos, YouTube cookies will be stored on your computer and data will be sent to Google Inc. For more information about how YouTube uses your data, view their privacy policy here: https://www.google.at/intl/policies/privacy/.
Zendesk
For purposes of communicating and responding to inquiries, we use Zendesk, a real-time live chat software. When you engage with a consultant via Live Chat on the IRIS Connect website/platform, we will collect personal data in order to communicate with you and respond to your inquiries. Specifically, we will collect your personal identifiers (name and email), and any additional information you choose to disclose in your correspondence with an IRIS Connect consultant (including the content of your messages).
In addition to the information you provide directly to us, we may also collect information from you automatically via cookies as you utilise the live chat feature. This information includes the following internet and other electronic network activity information: usage information (start and end, duration).
We collect and use the personal data to enable Live Chat to function properly, diagnose and repair errors, to analyse trends, and to conduct analytics to improve our website and product functionality. We process your personal data in order to fulfil our contractual obligations or to respond to (pre)contractual inquiries. In all other cases, the processing is based on your consent and/or on our legitimate interests in responding to the inquiries. Zendesk’s privacy policy is available at https://www.zendesk.co.uk/company/agreements-and-terms/privacy-notice/.
Podio & Techego
We use Podio as our internal CRM system. Any interaction with our marketing, sales, technical support or account management team will be logged in Podio. We store phone call summaries, email communications, live chat transcripts, order information and name, job title, email address, phone number of people we have interacted with.
Beyond Trust
We use Beyond Trust to remotely connect to user’s devices to provide technical support. This can either be to a mobile device or computer. These connections are only done when initialed first by the user. We will collect screen recordings and IP address.
Contact & Communication
Users contacting IRIS Connect do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required, has no use or you request for it to be deleted, in accordance with GDPR. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.
IRIS Connect may use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program IRIS Connect operates but only if this was made clear to you and your express permission was granted. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material.
Email Newsletter
IRIS Connect operates an email newsletter program, used to inform subscribers about products and services from IRIS Connect. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user.
All personal details relating to subscriptions are held securely and in accordance with the GDPR.
Email marketing campaigns published by IRIS Connect may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity.
This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.
In compliance with GDPR subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to un-subscribe will be detailed instead.
Your controls
Account profile: You can update certain account profile information, such as name, email address and avatar by logging into your account. Click here
Communications preferences: You can set your email and notification preferences by logging into your account. Click here
Cookie controls. Many web browsers are set to accept cookies and similar tracking technologies by default. If you prefer, you can set your browser to delete or reject these technologies. If you choose to delete or reject these technologies, this could affect certain features of our Services. Furthermore, if you use a different device, change browsers, or delete the opt-out cookies that contain your preferences, you may need to perform the opt-out task again.
You can adjust cookie and marketing consent under your account:
Device Access: Access to your device data. You may disconnect our mobile app’s access to certain stored device information through your device’s settings. For instance, you can withdraw permission for the app to know your location.
Contact from IRIS Connect/Unsubscribe
You may receive marketing communications from IRIS Connect. IRIS Connect processes data using the lawful basis of either contract, legitimate interest or consent. If you would prefer not to receive these communications you can unsubscribe using this link or via the option in the emails.
Please note we will keep your details on our system to record that you have unsubscribed.
If you would like your details permanently deleted please email dpo@irisconnect.co.uk.
For customers who unsubscribe, please note that you will still receive service update emails for important announcements. These will not contain any marketing content.
Customers can manage their email preferences of automated platform emails from their accounts.
External Links & Embedded Content
Although IRIS Connect only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout its emails, website or web platform. IRIS Connect is not responsible for the links and content used in the platform added by its users.
External links are clickable text / banner / image links to other websites
Embedded content includes videos from other platforms such as Youtube, Vimeo, Wista etc
IRIS Connect cannot guarantee or verify the contents of any externally linked website or embedded content despite their best efforts. Users should therefore note they click on external links or content at their own risk and this website and IRIS Connect cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that the IRIS Connect platform and IRIS Connect participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This platform nor IRIS Connect will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
IRIS Connect may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened Links in Social Media
IRIS Connect through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls (web addresses).
Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and IRIS Connect. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and IRIS Connect cannot be held liable for any damages or implications caused by visiting any shortened links.
Protecting your data
IRIS Connect takes data protection and security very seriously. Your data will only be available to staff who need access to it, we only use sub-processors who use market leading cloud data security processes.
Further information about the processes we have in place for protecting your data can be found in our
- Data Retention and Secure Disposal Policy
- Data Breach Response and Notification Procedure
- Personal Data Protection Policy
What are your rights?
Under GDPR you may request a copy of personal information held about you. If you would like a copy of the information held on you please see our Data Subject Access Request procedure
Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted. Please contact us through the Data Subject Access Request procedure
In the event that you wish to complain about how we have handled your personal data, please contact the Data Protection Officer at dpo@irisconnect.co.uk or in writing to:
IRIS Connect, Unit 3, Adur Dock, 104 Albion Street, Southwick, BN42 4DP.
Our Data Protection Officer will then look into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Information Commissioner’s Office and file a complaint with them.
Changes to this policy
This Privacy Policy will evolve with time, and when we update it, we will revise the date above and post the new Policy and, in some cases, we provide additional notice (such as adding a statement to our website or sending you a notification). To stay informed of our privacy practices, we recommend you review the Policy on a regular basis as you continue to use our Services.
Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to dpo@irisconnect.co.uk. This includes to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information.