Effective Date: May 23, 2018
1. Websites Covered
2. Information We Collect
We collect the following data about users: (1) information that you voluntarily submit to us (“User-Supplied Information”); (2) technical data automatically collected from all visitors to the Iris Technologies Website (described below under “Passive Data Collection”); (3) information we collect through our Services; and (4) information we collect from third-party sources.
User-Supplied Information. We may collect user-supplied information when you choose to provide us with your Personal information via the Iris Technologies Websites, including when you send us an email asking a question, register to attend an event, submit a form to receive marketing materials or email newsletters, or request any research or whitepapers.
3. Use of Collected Information
We use personal information to establish and enhance our relationship with you. We may use personal information to operate, provide, improve, and maintain the Iris Technologies Websites; to prevent abusive and fraudulent use of the Iris Technologies Websites; to personalize and display content on the Iris Technologies Websites; where permitted by applicable law, to send you information, including via email, about our products and Services in which we believe you may be interested; to respond to your inquiries and for other customer service purposes; and for other administrative and internal business purposes.
We may use your e-mail address, including any email address provided at www.gdpr-wp.com or through the Iris Technologies Websites as set forth in the “Communications and Unsolicited Marketing Communications” section.
On the Iris Technologies Websites, we may use passively collected data to: (a) remember your information so that you will not have to re-enter it during your visit or the next time you visit the Iris Technologies Websites; and (b) monitor aggregate website usage metrics such as total number of visitors and pages viewed.
4. Disclosure of Collected Information
We do not sell or rent email addresses and other personal information that we collect directly through the Iris Technologies Websites. Please be aware, however, that any information that you voluntarily choose to display on any publicly available portion of the Iris Technologies Websites, or on any Service, becomes publicly available and may be collected and used by us or others without restriction. We share your information, including personal information, as follows:
Iris Technologies Service Providers
We may disclose personal information if we have a good-faith belief that doing so is required by a subpoena or other judicial or administrative order or otherwise required by law. Additionally, we may disclose personal information where we, in good faith, deem it appropriate or necessary to prevent violation of the Iris Technologies Terms of Service, or our other agreements; take precautions against liability; protect the rights, property, or safety of Iris Technologies, any individual, or the general public; maintain and protect the security and integrity of our Services or infrastructure; protect ourselves and our Services from fraudulent, abusive, or unlawful uses; investigate and defend ourselves against third-party claims or allegations; or assist government enforcement agencies.
Aggregate Information and Non-Identifying Information
We may share aggregated information with Clients, prospective Clients, partners or the press in order to demonstrate usage of the Service, identify industry and advertising trends, and to generate publicity for the Iris Technologies Services.
5. Your Choices
On the Iris Technologies Websites
You may, as a visitor to our website, choose not to provide us with personal information. You may also, at any time, access your personal information to update, correct, or delete certain personal information about you by contacting us at firstname.lastname@example.org or at the address set forth below in the “Contact Us” section. You also have the right to obtain from Iris Technologies the erasure of personal data about you in accordance with applicable data privacy laws. You may exercise your rights with the following requests:
Exercise Your Rights
Request to be removed:
Request Access to your data:
Submit a complaint:
In addition, you may decide not to opt–in, either when you first provide Iris Technologies with any personal information, to receive marketing information from Iris Technologies about products and Services (including our products and Services and those of third parties). See also Section 6, “Communications and Unsolicited Marketing Communications”, for additional information regarding changing your preferences or opting out of receiving marketing information.
Please be aware that even if you update or remove personal information that you have provided to us, your personal information may be retained in our backup files and archives for a reasonable period of time for legal purposes.
6. Communications and Unsolicited Marketing Communications
If you opted in to receive communications from us, including through email@example.com, we may send you administrative messages and updates regarding your account, updates regarding the Iris Technologies Websites, and, where permitted by applicable law, information regarding our offer, products and Services, including, without, limitation, through social media updates, by email and postal mail. If you no longer want to receive commercial email messages, you may indicate your preferences regarding commercial email messages by taking the steps described in such messages. Also, you may indicate your preferences regarding commercial email messages and postal mail messages by contacting us using the information in the “Contact Us” section below.
7. Client Data
We collect, use, and retain certain information at the direction and on behalf of our Clients from individuals (“End Users”) who use the Client website (Client Data). Iris Technologies has no relationship with such End Users whose Client Data we process on behalf of our Clients. We also do not decide how the Clients use such Client Data. Iris Technologies does not access and use the Client Data, except at directed by our Clients or required by law.
Information Collected Directly Through Use of the Services about End Users: We collect two types of data about End Users: (1) information that is passed through the Service as a result of use of the Website and (2) technical data automatically collected from all visitors to pages of your website that load the Services. The information that we collect on your behalf depends on the particular Services to which you subscribe and your preferences. Social network and/or identity providers are hosted by a third party and on our Client’s service. The Client’s and the End User’s interaction with these features are governed by the privacy statement of the company providing it.
End User Information: We maintain no rights to use any End User Personal Information transmitted to us on your behalf through the Iris Technologies Website or received from the social networks, except to make the Services available to you and/or End User.
We use the information that we collect automatically about the use of our Website to facilitate delivery of the Service and, in some cases, for internal reports. Additionally, some of the information collected is used in the Client Reports. The Client Reports may contain both passively-collected information and End User Personal Information.
If you are a customer of one of our Client’s, and you want to edit or delete any information captured about you on that Client’s website, you should contact the Client directly.
8. International Users
The Iris Technologies Websites are hosted in Bulgaria, and we may use service providers in Bulgaria and elsewhere to process personal information on our behalf. If you use the Iris Technologies Websites outside Bulgaria, please note that your personal data may be transferred outside of your home jurisdiction to Bulgaria and to other jurisdictions where our affiliates and service providers are located. Some of these jurisdictions, including Bulgaria, do not have equivalent data protection laws as the European Union and other jurisdictions. By using our Websites, you are agreeing that your personal data may be transferred to Bulgaria and other jurisdictions, as explained in this Section.
For EU residents, see Section 9, “EU and the Privacy Shield” below, for information regarding (i) Iris Technologies’s participation in the EU-US Privacy Shield Program through its Solution Partnership with Gigya and (ii) Iris Technologies’s handling of Personal information received from the European Union as a Subprocessor of Clients for its cloud Services.
9. EU, Switzerland and the Data Privacy Shield Framework
Iris Technologies complies with the E.U.- U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information obtained from European Union member countries and Switzerland in conjunction with its contractual relationship with Gigya. Iris Technologies is a sub-processor for Clients websites that utilize our Services and certifies its processing of personal information from E.U. member countries and Switzerland is in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability (the “Principles”). You may view the certification for which Iris Technologies adheres to through its Solution Partnership with Gigya here https://www.privacyshield.gov/list. Gigya and its subsidiaries are subject to the investigatory and enforcement authority of the Federal Trade Commission.
Information We Process. We collect, in accordance with the Privacy Shield principles, the categories of information described in sections 2 and 7 above. We process personal information about website users for the purposes described in section 3 above. Please note: additional information about Iris Technologies’s participation in the Privacy Shield program, with regard to data collected in a capacity as a processor to our Clients, is available by contacting firstname.lastname@example.org.
E.U. and Swiss End Users whose personal information we process on behalf of a Iris Technologies Client (as a data processor) should first contact the Iris Technologies Client, who is the controller of your personal information, to access their personal information; Iris Technologies will work with its Clients to provide End Users the necessary access about what personal information is processed.
Transfers to Third Parties. As described in the “Disclosure of Collected Information” section above, we may transfer personal information from the E.U. and Switzerland to third parties. We contractually require third parties to whom we transfer personal information to provide the same level of protections as the Principles. Iris Technologies remains responsible for the personal information we receive and transfer under Privacy Shield as it relates to our Services.
In accordance with our legal obligations, we may also transfer, subject to a lawful request, personal information to public authorities for law enforcement or national security purposes.
Contacting Us, Complaints and Dispute Resolution. E.U. and Swiss individuals who have questions or complaints about how we process their personal information may contact us at email@example.com. We will work to resolve your issue and respond no later than 45 days of receipt.
The security of your information is important to us, including, but not limited to, the personal information collected via the Iris Technologies Websites and Services. We use reasonable security measures to protect against the loss, misuse, and alteration of Personal information under our control, both during the transmission and once we receive it. This includes, but is not limited to, the use of firewalls and encryption. Although we make good faith efforts to maintain the security of such personal information, no method of transmission over the Internet or method of electronic storage, is 100% secure and we cannot guarantee that it will remain free from unauthorized access, use, disclosure, or alteration. Further, while we work hard to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent “hackers” or other unauthorized persons from illegally accessing or obtaining this information.
If we learn of a security breach involving your personal information, we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Iris Technologies Websites or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Iris Technologies Websites. If a security systems breach occurs, we may post a notice on our homepage (iristech.co) or elsewhere on the Iris Technologies Websites and may send an email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach, involving your personal information, in writing. This notice paragraph applies to users of the Iris Technologies Websites and our Clients who utilize our Services on their third party websites only. Should there be a breach that affects End Users of Clients, the Client will be responsible for disseminating notice of such a breach to those End Users.
The Children’s Online Privacy Protection Act (“COPPA”) protects the online privacy of children under 13 years of age. Iris Technologies’s Websites are not directed toward individuals under the age of thirteen (13), and we request that such individuals do not provide personally identifying information through our websites. Additionally, we do not knowingly collect or maintain personal information from anyone under the age of 13, unless or except as permitted by law. If we learn that personal information has been collected from a user under 13 years of age on or through the Iris Technologies Websites, then we will take the appropriate steps to cause this information to be deleted. If you are the parent or legal guardian of a child under 13 who has registered on the Iris Technologies Websites or you believe has otherwise provided personal information to Iris Technologies, please contact Iris Technologies at firstname.lastname@example.org to have that child’s account terminated and information deleted.
In addition, we use Google Analytics to analyze our users’ use of the Iris Technologies Websites. Google Analytics is currently on iristech.co and www.gdpr-wp.com. Google Analytics provides us with aggregated data in order to help us make informed business decisions. Ultimately, Google, as a third party, controls information collected through Google Analytics and you should check and be comfortable with its privacy practices prior to using the Iris Technologies Websites. You may review information about Google’s privacy practices with respect to Google Analytics at http://www.google.com/analytics/learn/privacy.html.
13. Third-Party Ad Networks
You may opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). For more information regarding this practice by NAI members and DAA members, and your choices regarding having this information used by these companies, including how to opt-out of third-party ad networks operated by NAI and DAA members, please visit their respective websites: www.networkadvertising.org/optout_nonppii.asp (NAI) and www.aboutads.info/choices (DAA).
Opting out of one or more NAI member or DAA member networks (many of which will be the same) only means that those members no longer will deliver targeted content or ads to you. It does not mean you will no longer receive any targeted content or ads on our Site or other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing. Also, if your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different computer or change web browsers, your NAI or DAA opt-out may no longer be effective. Additional information is available on NAI’s and DAA’s websites accessible by the above links.
15. Contact Us
Like most web based services, Iris Technologies EOOD (“Iris Technologies”, “we” or “us) may automatically receive and record information when you use the Iris Technologies Websites and Services. We may use a variety of methods, including clear GIFs (also known as “web beacons”) and “cookies”, to collect this information.
1. Cookies and Other Automated Means of Passive Data Collection
This section provides more information about some of those technologies and how they work.
Cookies store information about your activities on a website or other platform. For example, cookies can store your session information for easy sign-in to a website or other platform you have previously visited. They enable us to make your use of the Iris Technologies Websites and Services more enjoyable and to improve the functionality of the Service.
Clear GIFs (also known as web beacons) are used in combination with cookies to help website operators understand how visitors interact with their websites. A clear GIF is typically a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a website. The use of a clear GIF allows the website to measure the actions of the visitor opening the page that contains the clear GIF. It makes it easier to follow and record the activities of a recognized browser, such as the path of pages visited at a website.
Clear GIFs, which can be embedded in web pages, videos, or emails, can allow a web server to read certain types of information from your browser, check whether you have viewed a particular web page or email message, and determine, among other things, the time and date on which you viewed the Clear GIF, the IP address of your computer, and the URL of the web page from which the Clear GIF was viewed.
For more information about cookies and web beacons, please visit http://www.allaboutcookies.org/cookies/.
2. What Information Do We Passively Collect?
3. How Do We Use Passively Collected Data?
A. On the Iris Technologies Websites
On the Iris Technologies Websites, we may use passively-collected data to: (a) remember your information so that you will not have to re-enter it during your visit or the next time you visit the Iris Technologies Websites; (b) monitor your participation in various sections of the Iris Technologies Websites; (c) customize our service to you, including by providing you with recommendations; (c) monitor aggregate website usage metrics such as total number of visitors and pages viewed; and (d) administer, operate, and improve the Iris Technologies Websites and our other services and systems, and to provide services and content that are tailored to you.
B. Through the Iris Technologies Services
Our Clients, in implementing Services, may utilize the Services API within their own websites. When you use the Service, servers passively collect data through the implementation of the API including, but not limited to, your IP address, page views, browser type, interactions with Services, the web page you are currently visiting and the web page you were visiting before you came to the Service, and social actions such as sharing and commenting. This information is used to facilitate delivery of the Service and, in some cases, for internal reports. Additionally, some of the information collected is used in the Client Reports. The Client Reports may contain both passively-collected information and End User Personal Information.
4. What Cookies Do We Use and Why? We use the following types of cookies:
Strictly necessary cookies – These cookies are used for the sole purpose of either (i) carrying out a transmission of a communication over an electronic communications network, or (ii) to allow the provider of an information society service to provide such service as explicitly requested by you.
Performance cookies – These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. it is only used to improve how a website works.
Functionality cookies – These cookies allow the website to remember choices you make (such as your user name, language or region you are in) and provide enhanced, more personal features.
Social media cookies – These cookies are used based on social connect functionalities or when you make use of a social media add on button (e.g. clicking on the ‘Like’ icon on a webpage)
Advertising cookies – These cookies collect information about web browsing activity in order to inform advertising networks about website traffic in order to provide targeted advertisements based on previous browsing activity.
Whether a cookie is considered as a ‘first’ or ‘third party’ cookie refers to the domain placing the cookie. First-party cookies are those cookies set by a website that is being visited by the user at the time (e.g. cookies placed by [iristech.co]). Third-party cookies are cookies that are set by a domain other than that of the website being visited by the user. If a user visits a website and another entity sets a cookie through that website this would be a third-party cookie.
Session cookies allow website operators to link your actions during a browser session. A browser session starts when you open the browser window and finishes when you close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted. Persistent cookies on the other hand are cookies which remain on your device for the period of time specified in the cookie. We use both session and persistent cookies.
You can find more information about the individual cookies we use, and the specific purposes for which we use them, in the preference window.
5. How To Disable or Remove Cookies
You can configure your Internet browser, by changing its options, to stop accepting cookies completely or to prompt you before accepting a cookie from the website you visit. If you do not accept cookies, however, you may not be able to use all portions of the Iris Technologies Websites or all functionality of the Services.
Please note that disabling these technologies may interfere with the performance and features of the Services.
You may also disable cookies on the Iris Technologies Sites by modifying your settings here:
7. Contacting Us