How to contact us
- Data Protection Manager: Tom Darnell
- Address: 21 Knightsbridge, London SW1X 7LY, UK
- Email: [email protected]
Current version: November 2019
What personal details do we collect?
When you use our websites, we collect and analyse information such as your IP address, browser types, browser language, operating system, the state or country from which you accessed the Services, software and hardware attributes (including device IDs), referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the terms you use in searches on our sites, the date and time you used the Services and upload or post content, error logs, and other similar information.
When you “like” or “follow” us on Facebook, Instagram, Twitter or other social media sites, we may collect some information from you including your name, email address and any comments or content that you post that is relevant to us. We also collect your information if you sign up for one of our promotions or submit information to us through social media sites.
How we use your information
- Complete a purchase or provide the Services that you have requested, including invoicing and accounting
- Respond to your request for information and provide you with more effective and efficient customer service
- Provide you with updates and information about products you have purchased from us
- Review and process employment applications, as discussed further below in the “Employment applications” section
- Contact you by email, postal mail or phone regarding IRIS and third-party products, services, surveys, research studies, promotions, special events and other subjects that we think may be of interest to you
- Customise the advertising and content on the Services
- Help us better understand your interests and needs, and improve the Services
- Engage in analysis, research and reports regarding use of our Services
- Provide, manage and improve the Services and their performance, and test and create new products, features and services
- Comply with any procedures, laws and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others
- Establish, exercise or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others
Why do we process your personal data, how is it lawful and how long do we keep it for?
The legal basis we rely for this processing of your personal data is either:
- for our legitimate interests i.e. we have good, sensible, practical reasons for processing your personal data which is in the interest of IRIS.
We have considered the impact on your interests and right and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. You can object to any of the processing that we carry out on the grounds of legitimate interests (see the section “Your Rights” to find out how).
Who will have access to your personal data?
We use external providers that process your personal data as part of the services (such as hosting providers) which they offer to us. We take steps to ensure that our service providers process your data in accordance with the Data Protection Laws, only use it in accordance with our contract with them and keep it secure. If you would like more information about our processors, please contact us using the details at the “How to contact us” section.
We do not transfer your personal data outside the UK and the European Economic Area.
We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities.
As a data subject, you have the following rights under the Data Protection Laws:
- Right to object to processing of your personal data;
- Right of access to your personal data;
- Right to correct any mistakes in your personal data;
- Right to prevent your personal data being processed;
- Right to have your personal data ported to another controller; and
- Right to erasure.
Rights in relation to automated decision making do not apply as we do not carry out any automated decision making. Some of these rights are qualified and do not apply in certain circumstances.
To exercise your rights, contact us using the details given in the ‘Contact Us’ section.
If you do not think that we have processed their data in accordance with this notice, you should let us know as soon as possible. You can also complain to the ICO, the UK data protection regulator. Information about how to do this is available on its website at www.ico.org.uk.