Privacy Policy

Last updated – January 22, 2020

This Website Privacy Policy is provided by TGR1.618 Limited (“IRIS” or “we” or “us”). We are a ‘controller’ for the purposes of the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act 2018 (collectively the “Data Protection Laws“). This Website Privacy Policy applies to the personal data we collect in relation to your use of our website https://shapedbyiris.com. We take your privacy very seriously and ask that you read this Website Privacy Policy carefully as it contains important information about our processing and your rights.

How to contact us

If you would like this Website Privacy Policy in another format (for example: audio, large print, braille) please contact us at the details below:

  • Data Protection Manager: Tom Darnell
  • Address: 21 Knightsbridge, London SW1X 7LY, UK
  • Email: [email protected]

Current version: November 2019

What personal details do we collect?

When you use our websites, we collect and analyse information such as your IP address, browser types, browser language, operating system, the state or country from which you accessed the Services, software and hardware attributes (including device IDs), referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the terms you use in searches on our sites, the date and time you used the Services and upload or post content, error logs, and other similar information.

If you access the Services through a third-party connection or log-in (e.g. through a social network), you may allow us to have access to and store certain information from your social network profile. This includes your name, gender, profile picture, your “likes” and check-ins, and your list of friends, depending on your settings on such services. If you do not wish to have this information shared, do not use a social networking connection to access the Services. For a description of how social networking sites handle your information, please refer to their privacy policies and terms of use, which may permit you to modify your privacy settings.

When you “like” or “follow” us on Facebook, Instagram, Twitter or other social media sites, we may collect some information from you including your name, email address and any comments or content that you post that is relevant to us. We also collect your information if you sign up for one of our promotions or submit information to us through social media sites.

How we use your information

  • Complete a purchase or provide the Services that you have requested, including invoicing and accounting
  • Respond to your request for information and provide you with more effective and efficient customer service
  • Provide you with updates and information about products you have purchased from us
  • Review and process employment applications, as discussed further below in the “Employment applications” section
  • Contact you by email, postal mail or phone regarding IRIS and third-party products, services, surveys, research studies, promotions, special events and other subjects that we think may be of interest to you
  • Customise the advertising and content on the Services
  • Help us better understand your interests and needs, and improve the Services
  • Engage in analysis, research and reports regarding use of our Services
  • Provide, manage and improve the Services and their performance, and test and create new products, features and services
  • Comply with any procedures, laws and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others
  • Establish, exercise or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others

Why do we process your personal data, how is it lawful and how long do we keep it for?

The legal basis we rely for this processing of your personal data is either:

  • In order to carry out our contractual obligations to you where you have accepted our Terms of Use and;
  • for our legitimate interests i.e. we have good, sensible, practical reasons for processing your personal data which is in the interest of IRIS.

We have considered the impact on your interests and right and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. You can object to any of the processing that we carry out on the grounds of legitimate interests (see the section “Your Rights” to find out how).

Who will have access to your personal data?

We use external providers that process your personal data as part of the services (such as hosting providers) which they offer to us. We take steps to ensure that our service providers process your data in accordance with the Data Protection Laws, only use it in accordance with our contract with them and keep it secure. If you would like more information about our processors, please contact us using the details at the “How to contact us” section.

We do not transfer your personal data outside the UK and the European Economic Area.

We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities.

Your rights

As a data subject, you have the following rights under the Data Protection Laws:

  • Right to object to processing of your personal data;
  • Right of access to your personal data;
  • Right to correct any mistakes in your personal data;
  • Right to prevent your personal data being processed;
  • Right to have your personal data ported to another controller; and
  • Right to erasure.

Rights in relation to automated decision making do not apply as we do not carry out any automated decision making. Some of these rights are qualified and do not apply in certain circumstances.

To exercise your rights, contact us using the details given in the ‘Contact Us’ section.

If you do not think that we have processed their data in accordance with this notice, you should let us know as soon as possible. You can also complain to the ICO, the UK data protection regulator. Information about how to do this is available on its website at www.ico.org.uk.

Copy link
CopyCopied
Powered by Social Snap