Iris Innovations Limited GDPR Policy

1. Overview

Iris Innovations Limited is committed to protecting and respecting your privacy and complying with the principles of the Data Protection act and E.U General Data Protection Act (GDPR). This policy sets out the basis on which any personal data we collect from you, or that you provide to us through your use of our website, will be processed by us.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Your data is controlled by Iris Innovations Limited (Iris), Unit 15 Fareham Innovation Centre, Meteor Way, Lee on Solent, Hampshire PO13 9FU. United Kingdom. Iris Innovations Limited determines how your personal data will be used in relation to the services we provide you.

We are committed to processing information about you fairly and in a transparent manner and the aim of this document is to provide you with sufficient information for you to be able to understand what we are doing with your data. If you are unsure how we are handling information about you or you think we could improve our privacy information please let us know.

1.1 Use of this Policy

This Privacy Policy describes how DEC collects, uses and discloses information, and what choices you have with respect to the information.

Updates in this version of the Privacy Policy reflect changes in data protection law. In addition, we have worked to make the Privacy Policy clearer and more understandable by:

1) Arranging into sections
2) Providing clear examples to show how the policies may be implemented by Iris
3) Outlining what your rights are around these policies

1.2 Changes to this Policy

We may change this privacy policy from time to time but if we change it in a way which significantly alters the terms upon which you have agreed to use our website, we will post notice of the change on our website and you will be deemed to have accepted such changes. This privacy notice was last updated April 2018.

2. Your Data

2.1 What Personal Data We Hold

Depending on the services you interact with, we may hold the following personal data on you;

Email addresses
Telephone numbers
Details of your visits to our website, and any other websites we may publish relating to our products and services, that you access using cookies.
General communication we may have with you
Marketing Preferences

2.2 The Purpose and Legal Reasons for Holding Your Information:

Purpose: Electronic & Printed Marketing
Reason: Your Consent to Receiving Marketing Material from Iris
Our Interests: Introducing new products and services and trade events such as trade shows and exhibitions / Market Research / Seeking Your Consent when we need to contact you / Promotional Offers

Purpose: Processing Your Payments
Reason: To fulfil your orders
Our Interests: Having appropriate security and safeguards to protect you. We do not retain credit or debit card information following any transaction. Details are destroyed immediately.

Purpose: Responding to Queries and Enquiries
Reason: To provide the best possible customer service and answer your queries quickly

2.3 How Long Do We Keep Your Data For

We will hold information about you in our database for no more than is necessary.
We may need to keep your records longer to comply with legal obligations such as accounts auditing. Once we have held your records for the duration of the legal requirements they will be deleted.
Records not required to be held by law will be deleted upon request by you.
We always think about your best interests when we apply retention rules to our systems and are always happy to remove you at your request.

2.4 How we Secure and Maintain your Data

We will take all steps reasonably necessary including policies, procedures and security features to ensure that your data is treated securely and protected from unauthorised and unlawful access and use and in accordance with this privacy policy.
Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to protect your personal data transmitted to us via the internet we cannot guarantee the security of your data transmitted to the DEC Website from your device: any transmission is at your own risk.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone

2.5 Necessary Processors

Iris will not share your payment details with any other party. The only third parties we share your data with are as follows:

Organisation: Xero
Service: Cloud based invoicing and customer management service.
Data Held: Company address and contact details, quotes and invoices.

Organisation: Mailchimp
Service: Email Campaign Builder & Management System
Data Held: Email addresses and Contact Details

3. Your Rights & Accessing Your Data

3.1 Right of Access
You have the right of access to information we hold about or concerning you. If you would like to exercise this right you should contact us by emailing Iris’s Data Controller, Carl Hitchcock: or by telephoning +44 (0)2392 556509.

3.2 Right of Rectification or Erasure
If you feel that any data that we hold about you is inaccurate you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data.
Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we shall take all reasonable steps to inform those with whom we have shared your data about your request for erasure.

3.3 Right to restriction of processing.
You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we don’t need to hold your data anymore but you need us to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.

3.4 Right to Portability
You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.

3.5 Right to Object
This includes the right to object to any direct marketing we may undertake and to any automated decisions based on profiling which we may carry out. This also includes the right to object to any processing based on legitimate interests, such as wealth screening.

3.6 Right to Withdraw Consent
You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent.
You can do so by contacting our support care team and they will immediately mark our records accordingly, this will then take effect as soon as possible.
Please be aware that some activities may already have left our system at time of consent withdrawal.

3.7 Right of Complaint
You also have a right to lodge a complaint about any aspect of how we are handling your data with the UK’s Information Commissioner’s Office who can be contacted at