Iris.ai Privacy Policy
Data protection is of a particularly high priority for Iris AI AS, a limited liability company duly incorporated under the Laws of Norway (AKSJESELSKAP) with registration number 916 246 269, represented by Anita Schjøll Brede (“Iris AI AS”) and by means of this Privacy Policy, we would like to inform the general public of the nature, scope and purpose of the personal data we collect, use and process, via our website: https://iris.ai (“Website”).
Iris AI AS has implemented numerous technical and organizational measures to ensure the most complete protection of the personal data processed via the Website and assures that the processing of personal data will always be in line with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”/”GDPR”/”Regulation”).
Furthermore, by means of this Privacy Policy, data subjects are informed of the rights to which they are entitled.
I. Definitions
This Privacy Policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation. To ensure that this Privacy Policy is legible and understandable for the general public, and particularly the data subjects, we would like to first explain the terminology used.
In this Privacy Policy, we use, inter alia, the following terms:
Personal data is any information relating to an identified or identifiable natural person.
Data subject is any identified or identifiable natural person.
Processing is any operation or set of operations which is performed on Personal data or on sets of Personal data.
II. Identity and contact details
We are Iris AI AS, a limited liability company duly incorporated under the Laws of Norway (AKSJESELSKAP)
Our registration number is 916 246 269
We are represented by Anita Schjøll Brede
Our email is support@iris.ai
Our phone is 00 47 455 07 380
Any Data subject may, at any time, contact any of us directly with all questions and suggestions concerning data protection.
III. Categories of personal data we process
Our Website provides for a free account registration by which you will be able to bookmark interesting papers, see a history of your exploration and get access to all new features right as they launch.
Upon registration we collect your names, email and information whether you are a student, researcher, science enthusiast or other. We need those data for individualization and authentication purposes, services provision, security purposes, and contact correspondence if necessary. You can at any time change this information through the functionalities of your account.
We also collect and process data in order to provide you with the Services you have requested. Our goal is helping scientist optimize their research processes, so our Services – help you find and create a science map, visit a science map, create a focus study, visit a focus study, find a bookmarked map or paper, create a bookmark, visit a bookmarked map or paper, as well as generally based on your research history, provide you with AI tailored science maps, focus studies and papers suggestions.
We do not collect or process bank accounts, credit card details, debit card details or any information regarding payment services. Such information is collected and processed by our partners – payment services providers and they have full responsibility for its protection.
We consciously do not collect data related to children.
We have created the Researcher for Researcher project (“R4R”) with the purpose of developing scholarly research in an open manner. We can receive and store authors’ and/or researchers’ personal data for R4R and we have drafted a separate R4R Terms of Service and Privacy Policy. Check them out here.
IV. Updates
You can opt-in or directly sign up for our Newsletter via providing your email to the “Sign up for our newsletter” field. In both cases, you may, at any time, unsubscribe by pushing the “Unsubscribe” button at the end of each email you receive.
V. Legal basis for the processing
Article 6(1) lit. b GDPR serves as the legal basis for processing operations where processing of Personal data is necessary for the performance of a contract to which you are party, as is the case of account registration. The same applies to such processing operations where processing of Personal data is necessary for carrying out pre-contractual measures.
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations where we have obtained your consent for a specific processing purpose, as is the case when you opt-in for updates.
VI. Possible consequences of failure to provide data
If you do not provide the relevant Personal data, we would not be able to provide you with the services you have requested, for example, you would not be able to register an account.
VII. Period for which the personal data will be stored
Personal data is stored up until there is a legitimate ground for us to delete them or up until the following:
You delete your own account
You are solely responsible for properly deleting your account. Please note that we will not accept requests via the phone, mail, or by facsimile to delete your account.
You can delete your account at any time by clicking on the account link in the global navigation bar at the right top of your screen. The account screen provides “My information” bar, at the bottom of which a simple no questions asked “Delete” cancellation button is provided.
All of your content will be immediately deleted from the Service upon deletion. This information cannot be recovered once your account is deleted. If you delete your account before the end of your current paid up month, your deletion will take effect immediately and you will not be charged again.
We delete latent user accounts
“Latent users” are users who have not taken any Service significant action (hereby called “User activity”) within the last 2 years.
“User activity” is each activity that is essential to the Service we provide and to what it does – helping scientist optimize their research processes. Example of such User activities include but are not limited to: creating a science map, visiting a science map, creating a focus study, visiting a focus study, creating a bookmark, visiting a bookmarked map or paper, etc. Most actions in the Service are considered User activity, but there are few exceptions, such as user authentication (i.e. login) and browsing user dashboard. We believe that those two are not essential to the Service and what it does, that is why they are excluded from that category.
In case your account becomes a Latent user account, we may delete it, unless you take any User activity action, as described above. We will notify you automatically 30 days, 5 days and 1 day prior the deletion date and time. If no User activity is registered after the notifications, your data will be downloaded and sent to you via email and afterwards deleted from our servers.
Other cases we can delete user accounts
Iris.ai, in its sole discretion, has the right to suspend or terminate your account and refuse any and all current or future use of the Service, or any other Iris.ai service, for any reason at any time (for example, including but not limited to law infringement, fraudulent actions, etc.). Such suspension or termination of the Service will result in the deactivation or deletion of your account or your access to your account, and the forfeiture and relinquishment of all content in your account. Iris.ai reserves the right to refuse service to anyone for any reason at any time.
In the event that Iris.ai takes action to suspend or terminate an account, we will make a reasonable effort to provide the affected account owner with a copy of their account contents upon request, unless the account was suspended or terminated due to unlawful conduct.
VIII. Disclosure
The categories of recipients to whom personal data may be disclosed are:
1. persons, if provided for in a normative act, including state bodies, in respect of which there is a statutory requirement to provide certain categories of personal data;
2. processors, by virtue of a contract, providing IT services, hosting services, hardware, software, networking, storage, and related technology services required to run the Iris.ai service. Those processors may process Personal data only at our direction, unless processing is required by current legislation. Processors are required to provide sufficient guarantees for the application of appropriate technical and organizational measures in such a way that the processing proceeds in accordance with the requirements of the Regulation and protects your rights.
3. persons who, under our direct authority, process Personal data, have taken confidentiality commitment and are aware of the personal data legislation.
IX. Your rights
1. Right of confirmation
You have the right to obtain from us confirmation as to whether or not Personal data concerning you are being processed.
If a you wish to avail yourself of this right of confirmation, you may, at any time, contact us.
2. Right of access
You have the right of access to your Personal data stored at any time by us and a copy of this information.
If you wish to avail yourself of this right of access, you may, at any time, check your account and/or export all your data stored by us.
3. Right to rectification
You have the right to rectify the inaccurate and/or incomplete Personal data concerning you without undue delay.
If you wish to avail yourself of this right to rectification, you may, at any time, make the necessary changes from the functionalities of your account.
4. Right to erasure (‘right to be forgotten’)
You have the right to erase the Personal data concerning you without undue delay.
If you wish to avail yourself of this right to erasure, you may, at any time, delete your account via its functionalities and thus erase all your Personal data stored by us.
For security and privacy reasons our current system configuration does not allow for the creation and deletion of accounts by us.
5. Right of restriction of processing
You have the right to obtain from us restriction of processing of your Personal data on the grounds of Art. 18 of the GDPR.
If you wish to avail yourself of this right of restriction of processing of your Personal data, you may at any time contact us.
6. Right to data portability
You have the right to receive the Personal data concerning you, which was provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from us, as long as the processing is based on consent, or on a contract, and the processing is carried out by automated means.
If you wish to avail yourself of this right to data portability, you may at any time export your data from the functionalities of your account.
Please note that we will not accept requests to transmit your Personal data directly to another controller, as for security and privacy reasons our current system configuration does not provide us with data subject’s information in a structured, commonly used and machine-readable format.
7. Automated individual decision-making, including profiling
We do not perform automated decision-making, including profiling.
8. Right to withdraw data protection consent
Where you have provided your consent to the collection and processing of your Personal data for a specific purpose, you have the right to withdraw your consent. Please note that the withdrawal of your consent will not affect the lawfulness of any processing of your Personal data based on your consent before its withdrawal.
If you wish to exercise the right to withdraw your consent, you may, at any time, push the “Unsubscribe” button at the end of each email you receive.
9. Right to a complaint
You have the right to lodge a complaint with the competent supervisory authority and before the competent courts of the Member States of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your Personal data is in breach of the provisions of the GDPR.
10. Right to information on action taken
You have the right to be provided by us with information on action taken on a request without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. Where you make the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by you.
11. Right to information in case of data breach
You have the right to be informed without undue delay by us about a Personal data breach which is likely to result in a high risk to the rights and freedoms of natural persons.
*The above rights may be limited on the grounds provided for in the GDPR. We will inform you if this is the case.
X. Security of the Personal data
We have implemented all kinds of technical and organizational measures to ensure that processing is carried out in accordance with the GDPR, including:
1. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
2. the ability to restore the availability and access to Personal data in a timely manner in the event of a physical or technical incident;
3. a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
These measures are designed to implement data protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of the Regulation and protect your rights.
XI. Changes
We may periodically update this Privacy Policy, as we will publish the updates on the Website. If the changes in the Privacy Policy are important and substantially alter the rules on data protection, we will further notify you through other means we find applicable, such as email or notice, before the changes come into force.
XII. Questions
If you believe that any information about you is false or inaccurate, please inform us as soon as possible writing to: georgi@iris.ai.
Last updated: 19th October 2019