Iris AI AS has implemented numerous technical and organizational measures to ensure the most complete protection of the personal data processed via the Website and assures that the processing of personal data will always be in line with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”/”GDPR”/”Regulation”).
Personal data is any information relating to an identified or identifiable natural person.
Data subject is any identified or identifiable natural person.
Processing is any operation or set of operations which is performed on Personal data or on sets of Personal data.
II. Identity and contact details
We are Iris AI AS, a limited liability company duly incorporated under the Laws of Norway (AKSJESELSKAP)
Our registration number is 916 246 269
We are represented by Anita Schjøll Brede
Our email is firstname.lastname@example.org
Our phone is 00 47 455 07 380
Any Data subject may, at any time, contact any of us directly with all questions and suggestions concerning data protection.
III. Categories of personal data we process
Our Website provides for a free account registration by which you will be able to bookmark interesting papers, see a history of your exploration and get access to all new features right as they launch. Upon registration we collect your names and email. We need those data for individualization and authentication purposes, services provision, security purposes, and contact correspondence if necessary.
We consciously do not collect data related to children.
You can opt-in or directly sign up for our Newsletter via providing your email to the “Sign up for our newsletter” field. In both cases, you may, at any time, unsubscribe by pushing the “Unsubscribe” button at the end of each email you receive.
V. Legal basis for the processing
Article 6(1) lit. b GDPR serves as the legal basis for processing operations where processing of Personal data is necessary for the performance of a contract to which you are party, as is the case of account registration. The same applies to such processing operations where processing of Personal data is necessary for carrying out pre-contractual measures.
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations where we have obtained your consent for a specific processing purpose, as is the case when you opt-in for updates.
VI. Possible consequences of failure to provide data
If you do not provide the relevant Personal data, we would not be able to provide you with the services you have requested, for example, you would not be able to register an account.
VII. Period for which the personal data will be stored
Personal data is stored up until you terminate your account or there is a legitimate ground for us to delete them.
The categories of recipients to whom personal data may be disclosed are:
1. persons, if provided for in a normative act, including state bodies, in respect of which there is a statutory requirement to provide certain categories of personal data;
2. processors, by virtue of a contract, providing IT services, hosting services, hardware, software, networking, storage, and related technology services required to run the Iris.ai service. Those processors may process Personal data only at our direction, unless processing is required by current legislation. Processors are required to provide sufficient guarantees for the application of appropriate technical and organizational measures in such a way that the processing proceeds in accordance with the requirements of the Regulation and protects your rights.
3. persons who, under our direct authority, process Personal data, have taken confidentiality commitment and are aware of the personal data legislation.
IX. Your rights
1. Right of confirmation
You have the right granted by the European legislator to obtain from us confirmation as to whether or not Personal data concerning you are being processed.
If a you wish to avail yourself of this right of confirmation, you may, at any time, contact us.
2. Right of access
You have the right granted by the European legislator to obtain from us free information about your Personal data stored at any time and a copy of this information. Where you make the request by electronic means, and unless otherwise requested by you, this information shall be provided by us in a commonly used electronic form. Furthermore, the European regulations grants you access to the following information:
– the purposes of the processing;
– the categories of Personal data concerned;
– the recipients or categories of recipients to whom the Personal data have been or will be disclosed, if any, and in particular recipients in third countries or international organisations, if any;
– the envisaged period for which the Personal data will be stored, or, if not possible, the criteria used to determine that period;
– the existence of the right to request from us rectification or erasure of Personal data, or restriction of processing of Personal data concerning you, or to object to such processing;
– the existence of the right to lodge a complaint with a supervisory authority;
– if the Personal data are not collected from you, any available information as to their source;
– the existence or not of automated decision-making, including profiling.
If you wish to avail yourself of this right of access, you may, at any time, check your account or contact us.
3. Right to rectification
You have the right granted by the European legislator to rectify the inaccurate Personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to complete the incomplete Personal data, including by means of providing a supplementary statement.
If you wish to exercise this right to rectification, you may, at any time, directly make the necessary changes from the functionalities of your account.
4. Right to erasure (Right to be forgotten)
You have the right granted by the European legislator to erase the Personal data concerning you without undue delay.
If you wish to exercise this right to erasure, you may, at any time, delete your account via its functionalities and thus erase all your Personal data stored by us.
For security and privacy reasons our current system configuration does not allow for the creation and deletion of accounts by us. If you chose to insist on the deletion of your account by us, we would need to engage in a process of verification of your identity and authorize an ad-hoc manual operator to scan and delete your data.
5. Right of restriction of processing
You have the right granted by the European legislator to obtain from us restriction of processing. If one of the conditions described in the GDPR is met, and a you wish to request the restriction of the processing of your Personal data, you may at any time contact us.
*Taking into account the available technology and the cost of implementation, we have taken reasonable steps, including technical measures, to communicate any rectification or erasure of Personal data or restriction of processing to each recipient to whom the Personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request it. We will arrange all the necessary measures in any individual cases.
6. Right to data portability
You have the right granted by the European legislator, to receive the Personal data concerning you, which was provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from us, as long as the processing is based on consent, or on a contract, and the processing is carried out by automated means.
In order to assert the right to data portability, you may at any time export your data from the functionalities of your account.
Furthermore, in exercising your right to data portability, you have the right to have your Personal data transmitted directly from us to another controller, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
For security and privacy reasons our current system configuration does not provide us with data subject’s information in a structured, commonly used and machine-readable format. If you chose to insist on the transmission of your personal data directly from us to another controller, we would need to engage in a process of verification of your identity and authorize an ad-hoc manual operator to scan, export and transmit your data.
7. Automated individual decision-making, including profiling
We do not perform automated decision-making and profiling.
8. Right to withdraw data protection consent
You have the right granted by the European legislator to withdraw your consent to processing of your Personal data at any time.
If you wish to exercise the right to withdraw your consent, you may, at any time, push the “Unsubscribe” button at the end of each email you receive or contact us.
9. Right to a complaint
You have the right granted by the European legislator to lodge a complaint with the competent supervisory authority and before the competent courts of the Member States of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of Personal data relating to you is in breach of the provisions of the GDPR.
10. Right to information on action taken
You have the right granted by the European legislator to be provided by us with information on action taken on a request without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. Where you make the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by you.
11. Right to information in case of data breach
You have the right granted by the European legislator to be informed without undue delay by us about a Personal data breach which is likely to result in a high risk to the rights and freedoms of natural persons.
X. Security of the Personal data
We have implemented all kinds of technical and organisational measures to ensure that processing is carried out in accordance with the GDPR, including:
1. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
2. the ability to restore the availability and access to Personal data in a timely manner in the event of a physical or technical incident;
3. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
These measures are designed to implement data protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of the Regulation and protect your rights.
If you believe that any information about you is false or inaccurate, please inform us as soon as possible writing to: email@example.com.
Last updated: 29 October 2018