NOTE: Related Articles
This article is part of three topics on data management and minimising which cover:
Contents of this article:
- Data management
- Who controls the data?
- What data can be uploaded to the IRIS Connect platform?
- How long is data stored for?
- What happens to the videos once a member of staff leaves?
- End of Licence
- Deletion Options
Data Management
A part of a data minimisation process is minimising your data retention. This article aims to provide data controllers with information about the data lifecycle within IRIS Connect to help ensure they are compliant with their data processing.
Who controls the data?
In the normal course of use, the user is in control of the data that they capture and upload. The IRIS Connect EULA and Organisation Administrator Agreement outline the controls users have:
4.5 Management of Privacy and Disclosures:
The IRIS Connect system incorporates a privacy by design philosophy which on a day-to-day basis gives Users control of the following:
4.5.1 When reflections are made and deleted
4.5.2 Who has access to reflections and how long for
4.5.3 Your participation in live reflections
4.5.4 The creation of groups and the content thereof
Day-to-day, the data is managed by the user, inducing selecting what to collect, upload, share, edit, store, categorise/tag and delete. However, ultimate ownership and control must reside with their organisation to ensure responsible data management structures.
What data can be uploaded to the IRIS Connect platform?
- Videos - via the Record app, desktop upload, screen capture
- Audio - via call recording
- Images - via profile picture, attachment uploads to groups and reflections
- Files - via attachment uploads to groups and reflections
- Name and email address - via account creation
- Text - via commenting on reflections, writing on discussions and groups
How long is data stored for?
Uploaded data is stored on our system until
- the user deletes it
- the admin deletes it
- the organisation requests it to be deleted
- it is automatically deleted (see below)
Once deleted, data is held in a trashed state for 90 days then a further 180 days in data back-ups.
More information can be found in Section 9 - Erasure and Return of Data of the Organisation Administrator & Data Processing Agreement.
What happens to the videos once a member of staff leaves?
End of Licence
At the end of your licence, if you decide not to renew, you have the option to either keep your data on our system and access it under a basic licence, request it to be deleted, or request it to be returned.
Deletion Options - User/Admin Managed
Users can delete their personal data, but organization administrators have the rights in the hierarchy to delete the user and or elements of their data.
User Managed - Reflections Library
All uploaded reflections are displayed with an uploaded date and by default are displayed in chronological order. Therefore if you need your users to delete reflections older than a certain date it should be very easy for them to locate and delete them.
Admin Managed - Safeguarding tools
Through the use of the safeguarding tools, administrators are able to see a list of what reflections a user has uploaded including the uploaded date. Administrators are able to also delete reflections from this view.
Automatic Deletion
Reflection deletion period can be configured by the user or admin. These features are request-only.
Note - Reflections that are clones or edited clips inherit the same deletion date as set on the parent reflection
Organisation-Controlled - Automatic Deletion
We offer an automatic deletion feature that can be activated upon request.
The feature works by specifying the number of days video data (reflections) can be kept for, e.g. 365 days, and then as soon as the data is older than the specified days it is then deleted. This rule applies to all users within the organisation.
When this feature is enabled an information banner is shown under the Recycle Bin section of the organisation administration panel
Please note, the deletion process is different from the standard delete process as it destroys the data, rather than trashes it, ensuring there is no option to recover the files from the recycle bin. The data will still be present in the system's backup files for 6 months before being completely deleted.
If you are an organisation administrator and would like to request this feature be enabled for your organisation please contact our support team.
User-Controlled - Automatic Deletion
We offer an automatic deletion feature that can be activated upon request. Once this is enabled, users are able to set a future date where they want their reflection to auto delete.
Please note, the deletion process is different from the standard delete process as it destroys the data, rather than trashes it, ensuring there is no option to recover the files from the recycle bin. The data will still be present in the system's backup files for 6 months before being completely deleted.
This is set under the Privacy tab of the reflection and is set on each reflection individually.
Once set it will display like this:
If you are an organisation administrator and would like to request this feature be enabled for your organisation please contact our support team.