Contact us Not a customer? Login
Contact us Not a customer? Login

Data Management - Data Retention

Support
  • Updated

NOTE: Related Articles

This article is part of three topics on data management and minimising which cover:

 

Contents of this article:

Data Management

A part of a data minimisation process is minimising your data retention. This article aims to provide data controllers with information about the data lifecycle within IRIS Connect to help ensure they are compliant with their data processing.

 

Who controls the data?

In the normal course of use, the user is in control of the data that they capture and upload. The IRIS Connect EULA and Organisation Administrator Agreement outline the controls users have:

4.5 Management of Privacy and Disclosures:
The IRIS Connect system incorporates a privacy by design philosophy which on a day-to-day basis gives Users control of the following:

4.5.1 When reflections are made and deleted
4.5.2 Who has access to reflections and how long for
4.5.3 Your participation in live reflections
4.5.4 The creation of groups and the content thereof

Day-to-day, the data is managed by the user, inducing selecting what to collect, upload, share, edit, store, categorise/tag and delete. However, ultimate ownership and control must reside with their organisation to ensure responsible data management structures.

 

What data can be uploaded to the IRIS Connect platform?

  • Videos - via the Record app, desktop upload, screen capture
  • Audio - via call recording
  • Images - via profile picture, attachment uploads to groups and reflections
  • Files - via attachment uploads to groups and reflections
  • Name and email address - via account creation
  • Text - via commenting on reflections, writing on discussions and groups

 

How long is data stored for?

Uploaded data is stored on our system until 

- the user deletes it

- the admin deletes it

- the organisation requests it to be deleted 

- it is automatically deleted (see below)

Once deleted, data is held in a trashed state for 90 days then a further 180 days in data back-ups.

More information can be found in Section 9 - Erasure and Return of Data of the Organisation Administrator & Data Processing Agreement.

 

What happens to the videos once a member of staff leaves?

There are a few options:
1) Accounts can be deactivated - this means the user is locked out from accessing the data, but their data is not deleted. Deactivated users can later be deleted.
2) Users can be deleted.  If a user is deleted, then all data (including videos) is deleted in line with our data destruction policy (Data is held in a trashed state for 90 days then a further 180 days in data back-ups).
3) With the correct permissions and policies in place, you can clone selected data into another account before deactivating or deleting a user.

 

End of Licence

At the end of your licence, if you decide not to renew, you have the option to either keep your data on our system and access it under a basic licence, request it to be deleted, or request it to be returned

 

Deletion Options - User/Admin Managed

Users can delete their personal data, but organization administrators have the rights in the hierarchy to delete the user and or elements of their data.  

User Managed - Reflections Library

All uploaded reflections are displayed with an uploaded date and by default are displayed in chronological order. Therefore if you need your users to delete reflections older than a certain date it should be very easy for them to locate and delete them.  

mceclip0.png

Admin Managed - Safeguarding tools

Through the use of the safeguarding tools, administrators are able to see a list of what reflections a user has uploaded including the uploaded date. Administrators are able to also delete reflections from this view.

 

Automatic Deletion 

Reflection deletion period can be configured by the user or admin. These features are request-only.

Note - Reflections that are clones or edited clips inherit the same deletion date as set on the parent reflection

 

Organisation-Controlled - Automatic Deletion 

We offer an automatic deletion feature that can be activated upon request.

The feature works by specifying the number of days video data (reflections) can be kept for, e.g. 365 days, and then as soon as the data is older than the specified days it is then deleted. This rule applies to all users within the organisation. 

When this feature is enabled an information banner is shown under the Recycle Bin section of the organisation administration panel

mceclip0.png

 

WARNING! Data is destroyed not trashed

Please note, the deletion process is different from the standard delete process as it destroys the data, rather than trashes it, ensuring there is no option to recover the files from the recycle bin. The data will still be present in the system's backup files for 6 months before being completely deleted.

If you are an organisation administrator and would like to request this feature be enabled for your organisation please contact our support team. 

 

User-Controlled - Automatic Deletion

We offer an automatic deletion feature that can be activated upon request. Once this is enabled, users are able to set a future date where they want their reflection to auto delete.

WARNING! Data is destroyed not trashed

Please note, the deletion process is different from the standard delete process as it destroys the data, rather than trashes it, ensuring there is no option to recover the files from the recycle bin. The data will still be present in the system's backup files for 6 months before being completely deleted.

This is set under the Privacy tab of the reflection and is set on each reflection individually. 

mceclip1.png

Once set it will display like this:
mceclip2.png

If you are an organisation administrator and would like to request this feature be enabled for your organisation please contact our support team. 

 

 

 

Related articles