How to contact us
- Data Protection Manager: Tom Darnell
- Address: 21 Knightsbridge, London SW1X 7LY, UK
- Email: [email protected]
Current version: January 2020
What personal data do we collect?
Users – In relation to all users of the App (“User“), we will collect information relating to your usage of the App such as time and date of using the App and the songs and other audio content that were played in the App (“Usage Data“). If you do not register an account with us (“Unregistered User“) we will assign a random number to identify you and collect your Usage Data under that number. If you register an account with us (“Registered User“) then we will collect from you your name, email address, account ID and password to create your account and process the Usage Data under your account.
Why do we process your personal data, how is it lawful and how long do we keep it for?
The legal basis we rely for this processing of your personal data is either:
- for our legitimate interests i.e. we have good, sensible, practical reasons for processing your personal data which is in the interest of Iris. In this case, we use Usage Data to better understand how our App is used and continuously find ways to improve our offering.
We have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. You can object to any of the processing that we carry out on the grounds of legitimate interests (see the section “Your Rights” to find out how).
For Registered Users, we keep your personal data whilst your account is active and if your account is closed, we will delete your personal data within 18 months from the account closure.
For Unregistered Users, if we notice that you have not used the App for two (2) continuous months, then we will delete your personal data within 18 months from this date.
Who will have access to your personal data?
We use external providers that process your personaldata as part of the services (such as hosting providers) which they offer to us. We take steps to ensure that our service providers process your data in accordance with the Data Protection Laws, only use it in accordance with our contract with them and keep it secure. If you would like more information about our processors, please contact us using the details at the “How to contact us” section.
We do not transfer your personal data outside the UK and the European Economic Area.
We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities.
As a data subject, you have the following rights under the Data Protection Laws:
- Right to object to processing of your personal data;
- Right of access to your personal data;
- Right to correct any mistakes in your personal data;
- Right to prevent your personal data being processed;
- Right to have your personal data ported to another controller; and
- Right to erasure.
Rights in relation to automated decision making do not apply as we do not carry out any automated decision making. Some of these rights are qualified and do not apply in certain circumstances.
To exercise your rights, contact us using the details given in the ‘How to Contact Us’ section.
If you do not think that we have processed their data in accordance with this notice, you should let us know as soon as possible. You can also complain to the ICO, the UK data protection regulator. Information about how to do this is available on its website at www.ico.org.uk.