Personal data processing
This policy describes how we collect and process personal data at Irisity.
When we mention Irisity services in this policy, we refer to all our software products and services, including cloud-hosted and on-premise software, as well as to professional services such as education, installation, support and maintenance.
If you are a customer of Irisity, more detailed terms relating to your use of our services may be available in your customer agreement. In case of conflicting information, your customer agreement has precedence.
Our processing of video material from security operations connected to our services is described in a separate video data policy. This policy describes all data other types of personal data processing.
Your personal data
Irisity AB publ. (“Irisity”, “we”, “us”) knows the importance of personal integrity for our customers and web site visitors. Our goal with this policy is to describe our use of personal data to you in a clear and transparent way, to ensure you that your personal data is safe. We process all personal data according to the EU General Data Protection Regulation (GDPR) and other relevant legislation.
By using our services, you accept this policy and consent to the processing of your personal data according to this policy.
Personal data controller and processor
Irisity is the controller for all personal data collected by us in relation to your usage of the our website and in relation to our business relationship with you. For information related to your security operation that you enter in our systems, you as a customer is data controller, while Irisity acts as data processor. This relationship is further regulated in each customer agreement.
Personal data collection and processing
What is personal data?
Personal data is any kind of information that directly or indirectly can be attributed to a real living person. This includes for example name, personal identification number, address, e-mail address and telephone number. This also includes encrypted information and various kinds of digital identities, such as IP addresses, if they can be connected to individuals.
We collect and processes the following categories of personal data:
When you communicate with us in relation to past, current, future or potential business relationships, we collect and process the information required in order to provide you with offers and services. This information consists of:
- Contact information, such as name, telephone number, address, e-mail address, and identity on online communication platforms that you use when communicating with us.
- Information about your past and current interest in our products.
- Information that you provide in relation to customer support, including any personal data needed for a complete description of support issues.
- Any other information that you provide which is relevant for us to deliver services according to our agreements with you.
This information is stored in the following ways and for the following purposes:
- The information is stored in Irisity systems in order to provide services according to our agreements, including showing relevant information in web portals and other systems, distribute event reports, inform you about upcoming service windows, new releases, service disruptions, and other important information related to our services.
- In customer relationship management systems, for the purpose of producing quotes and contracts, tracking your orders, sending order confirmations, providing additional offers, sending out customer satisfaction surveys, and any related purposes relevant to your business relationship with us.
- In administrative company systems for invoicing, book-keeping, auditing and other purposes related to administration and finance.
Information entered into Irisity systems
We store and process any information that you enter into our systems as a registered user. This information may include contact information to yourself, your customers, collaboration partners or other actors in the system. For such information, you as a customer acts as data controller, while Irisity acts as data processor. Such information is processed only in order to deliver the services that you ordered.
Newsletter subscription information
If you choose to subscribe to the Irisity newsletter, we store and process your name and e-mail address for the purpose of sending out the newsletter.
Service usage information
When you use our websites or other digital services, we process and store information relating to your use of that service. This includes IP-addresses and network communication in relation to the service. We also collect and process information about how you use the products and services, including information about which pages you visit and what actions you make as a logged-in user. The purpose of this processing is to troubleshoot and improve our products and services. Your browsing patterns, including information such as selected language and frequently visited pages or product categories, may be used to optimize your web browsing experience.
Information collected from others than yourself
In relation to quotes, orders and other commercial contacts with us, representatives of our customers may provide personal data relating to other individuals within the customer organization or their collaborators. We assume that the person providing this information has obtained consent from all related persons.
Personal data processing and storage
Legal basis for personal data processing
Irisity processes personal data in accordance with current legislation. The legal basis used for this processing of personal data in relation to commercial contacts is consent and fulfillment of agreements with customers. The legal basis for our processing of web page analytics data is our legitimate interest in improving our web pages and services. Collected personal data may also be processed in order to fulfill legal obligations according to current regulations, for example related to requests from police authorities or auditing requirements.
Personal data is stored for as long as required for fulfilling the purpose of the processing. Information in our customer relationship management systems is stored for one year after the last contact with us unless you have given consent to a longer storage period.
Information provided in our web systems are stored while the user account is active.
Your e-mail address stored for the purpose of sending out our newsletter is stored until you choose to unsubscribe.
The same personal data may be stored in different locations for different purposes. This means that a piece of information that has been removed from one system may remain in another system if needed for a different purpose.
Technical and organizational measures for ensuring safe personal data processing
We take continuous measures in order to fulfill the GDPR principles of ”data protection by design and by default”. We continuously evaluate risks related to our personal data processing and take appropriate steps in order to minimize the risks. We also continuously educate our staff and subcontractors in data protection issues.
Distribution of personal data to third parties
Other IT support systems
We use a set of different IT services and systems in our operations, including systems for customer relationship management, invoicing and finance. Your personal data may be stored in such systems. Some of these systems are cloud-based or hosted by the provider, in which case your personal data will be transferred to those providers. In such cases, these IT systems providers act as data processors and will only process your data according to our instructions.
We take your personal data protection seriously and use strict IT security guidelines in relation to your personal data. The access to your data is limited to authorized staff members that need access to your information, and your data is always stored on encrypted storage media.
Web page analytics
Contact service providers
A number of third parties may be used for distributing information to you relating to your security operation using SMS or e-mail. The exact services used depend on your system configuration. We distribute your contact information to these external providers in order to deliver these communication services.
Suppliers of related services
If your customer agreement with us includes additional services (such as installation services) we may use subcontractors and partners in order to provide these services. We may distribute your personal data to such subcontractors to the extent necessary in order to deliver services according to our agreement.
Depending on your system configuration and business setup, our services may include connecting you to a third-party alarm central for assessing or handling video alarms. Depending on the characteristics of each agreement, we may use different alarm centrals to adjust for availability or downtime, re-route traffic in case of high workloads, long response times or similar circumstances in order to provide an optimal service for you. We may distribute your contact information to contracted alarm centrals to the extent required for them to provide the alarm handling included in your customer agreement.
Banks and credit facilities
We use external suppliers for managing invoicing, payments and other issues related to banking and credit management. These suppliers get access to your name, contact information and payment information in order to fulfill payment processing related to your customer agreement.
Other third parties
If you contact us in any matter other than the ones mentioned above, we may distribute your personal data to external providers as required to fulfill your request. The personal data distributed in this case is typically your name and contact information, together with the required information relating to your request.
Distribution to third countries
Irisity works on a global market with a global network of partners, suppliers and resellers. In order to provide an optimally efficient service to you, we may from time to time distribute your personal data to countries outside of the EU/EES area. Regardless of the recipient, Irisity has an obligation to ensure that your personal data has an adequate level of protection. Any distribution to third countries is always made according to the GDPR, using EU-approved mechanisms for ensuring the integrity and safe processing of your data.
Necessary processing of personal data and processing supported by consent
The processing of personal data that is required for us to fulfill a customer agreement with you or a legal obligation according to current regulations is permitted without your explicit consent. In order for us to process your personal data for other purposes, your consent is required. You provide your consent when starting to use our services, in contact with our customer support or sales representatives.
Recalling your consent
You may at any time choose to recall your consent by contacting us using the contact information provided above. If you recall your consent, we will permanently remove your personal data that is stored and processed based on your consent.
Please note that the same piece of personal data may be processed both supported by your consent and by other means, such as the fulfillment of agreements or legal obligations. This means that even if your consent is recalled, there may be cases where we may keep your personal data for other purposes.
Information about processed personal data
You have the right to obtain information about what personal data we have stored related to yourself. This information can be provided upon a written request according to details provided in the “Contact information” section below. Such data export requests are provided for free once per year. For additional or excessive requests, we may charge a reasonable fee to cover our expenses related to the request.
Your right to rectification and data removal
You have the right to request that we correct errors in your data, complete missing information, or remove your data. You also have the right to request that your personal data is limited to certain purposes, for example not be used for directed advertisements or profiling. Such requests shall be sent by mail according to details provided in the “Contact information” section below.
Your right to complain to supervisory authorities
If you believe that Irisity acts in violation to GDPR or other data protection legislation, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY. Previously Swedish Data Protection Authority, Datainspektionen). You can read more at their web site imy.se.
Our Customer Success team is the main point of contact for all incoming questions. They can be reached at firstname.lastname@example.org or by telephone at +46 771-41 11 00. To reach our data protection officer, please contact Customer Success and ask to be redirected.
Formal, written requests related to personal data exports, information, rectification, removal or related issues should be sent by mail to “Data Protection Officer, Irisity AB (publ), Lindholmspiren 7, 417 56 Göteborg, Sweden”. Such requests must contain your contact information and be signed by you. Your letter should contain as detailed information as possible about the nature, scope and context of your request. We also need proof of your identity in order to avoid unauthorized or fraudulent requests. This proof can be provided by including an attested copy of your ID card with your request or showing your ID card during a personal visit to our office. We may contact you to request additional information or verify your personal information in order to avoid misuse.