IriusRisk Privacy Policy

Introduction

IRIUSRISK, S.L. (hereinafter "IRIUSRISK") is the owner of the domain https://www.iriusrisk.com and subdomains https://community.iriusrisk.com/ui#!login and https://support.iriusrisk.com/hc/en-us (hereinafter the " Website") and is responsible for the processing of your personal data (“you”, “your”) when you access, sign up, browse and use the Website.

By means of this Privacy Policy, and in compliance with Regulation (EU) 2016/679 ("GDPR") and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights ("LOPDGDD"), we inform you, as a user of the Website, of the processing of your personal data that may be processed by IRIUSRISK.

Data Controller

The Data Controller is IRIUSRISK, S.L. with registered office at Parque Tecnológico Walga, Ctra. Zaragoza N-330A, Km. 566, 22197 Cuarte (Huesca), Spain, with N.I.F. B-22341713 and email address info@irusrisk.com.

Data collected, purposes, legal basis and retention period

By means of the following table, we inform you which data IRIUSRISK collect about you, as well as the legal basis by which it will be legitimized to process such data, the purpose of processing and retention periods.

Data collected

Identification, contact and professional data: name, surname, email, company name.

Legal basis  

Execution of the Terms and Conditions

Purpose

Sign up, access and use the IriusRisk Community edition

Retention period

This data will be used for as long as you remain subscribed to our Community. If you choose to unsubscribe, all your personal data collected for this function will be deleted, without prejudice to the blocking for 5 years to address possible liabilities.

Data collected

Identification, contact and professional data: name, surname, email, company name, phone number, country

Legal basis  

Execution of the service requested by you  

Purpose

Request, perform and schedule a Live Demo  

Retention period

During the necessary time to contact you, schedule and perform the Demo. After this time the data will be blocked during the maximum period of 3 years.

Data collected

Identification, contact and professional data: name, surname, email, company name, phone number, country

Legal basis  

Execution of the service requested by

Purpose

To download our e-book

Retention period

During the time necessary to send the e-book. After this time the data will be blocked during the maximum period of 3 years.

Data collected

Identification, contact and professional data: Name and surname, email, phone number, country. Message content.  

Legal basis  

Legitimate interest to resolve any questions and/or incidents and provide you adequate service.

Purpose

Support: Provide you support in case there is any query, question and/or incident related to the provision of the service.

Retention period

During the time necessary to answer the question and/or solve the incident.

Data collected

Contact data: email  

Legal basis  

Free, specific and informed consent given through a checkbox.

Purpose

To carry out marketing communications and inform you about events, reports and other services available on the Website.

Retention period

This data will be used for as long as you remain subscribed to our commercial communications. If you choose to unsubscribe, all your personal data collected for this function will be deleted, without prejudice to the blocking for 5 years to address possible liabilities.

Data collected

Identification, contact, personal characteristics, employment, professional data: name, surname, image, email, phone number, postal address, country, academic and professional data (provided by the CV).

Legal basis  

The application of pre-contractual measures (prior to the employment contract)

Purpose

To receive applications for potential employees

Retention period

During 2 years from the moment of receipt, the data will be blocked during the maximum period of 3 years.

Data collected

Identification, contact and professional data: name, surname, image, voice, email, company name, phone number, country.

Legal basis  

Execution of the service requested by you

Purpose

Participate in the events, webinars and presentations you register for.

Retention period

During the necessary time to contact you and give you access/ send you the recorded webinars. After this time the data will be blocked during the maximum period of 3 years.

Data collected

Site Navigation Data: IP and other characteristics of navigation (e.g., location and/or device) derived from the use of cookies or similar technologies used on the Website. You can find more information in our Cookie Policy.

Legal basis  

Consent given through the cookie banner at the start of your navigation. You may withdraw your consent by following the steps indicated in the Cookies Policy.

Legitimate Interest: Those cookies categorized as technical will be necessary for the operation of the Website.

Purpose

Analysis of browsing behavior and statistics: The information collected through cookies and other similar tracking technologies that allow an analysis of your navigation.

Retention period

The retention periods depend on each specific cookie. For more information on the information retention periods for each type of cookie, please consult theCookie Policy.

Communication of data to third parties and international transfers.  

IRIUSRISK will process your personal data with strict confidentiality in accordance with applicable law. However, we will disclose any personal or other data you provide to us in compliance with a legal obligation or to properly fulfill other obligations under applicable law.

Additionally, in certain cases, this personal data will be communicated to the other companies of the IriusRisk group, in order to effectively fulfil the purpose of the processing. This may imply international data transfers, for which adequate safeguards have been put in place.

Notwithstanding the foregoing, IRIUSRISK uses the services of third-party technology service providers (hosting, CRM, etc.) to ensure the operation of the Website as well as for the provision of services, which may process personal data as data processors within the European Economic Area ("EEA") and also outside the EEA:

  • Amazon Web Services (“AWS”): we use AWS to host and store the information and personal data collected and generated through the use of the Website on AWS servers located within and outside the EEA for which we have applied the appropriate safeguards (Standard Contractual Clauses), in accordance with their particular conditions of hosting services. Please, for more information visit their Privacy Policy at: https://aws.amazon.com/es/privacy/.
  • HubSpot Inc (“HubSpot”): we use HubSpot for CRM software services, and its serves are located within and outside EEA for which we have applied the appropriate safeguards (Standard Contractual Clauses). Please, for more information visit their Privacy Policy at: https://legal.hubspot.com/es/privacy-policy.

Security and confidentiality

IRIUSRISK undertakes to adopt the necessary technical and organizational measures in accordance with current regulations in order to ensure the security of personal data and to prevent accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorized communication or access to such personal data. Personal data will be treated as confidential by the data controller, who undertakes to inform and ensure by means of a legal or contractual obligation that such confidentiality is respected by its employees, associates, and any person to whom it makes the information accessible.

Data protection rights

You may exercise the rights of access, rectification, erasure, opposition, and, if applicable, to limit the processing and portability of data by sending an email to dpo@irusrisk.com, with the reference "GDPR" and the content of your request. In cases where representation is admitted, it will also be necessary the identification by the same means of the person representing you, as well as the document proving the representation.  

 Likewise, you may submit a complaint to a supervisory authority, and in particular, to the Spanish Data Protection Agency (www.aepd.es ) if you considers that the rights set out above in this Privacy Policy are violated or if you considers that the processing of your personal data infringes the applicable regulations. Though we would request you to first contact us to deal with any complaint.

Commercial communications

When subscribing to our newsletter, you will receive electronic commercial communications in accordance with applicable law, including alerts, notifications, newsletters, offers and promotions about IRIUSRISK services. If you do not wish to receive information related to IRIUSRISK services, you may unsubscribe from any of our "Unsubscribe" communications or let us know by sending a notification to info@irusrisk.com .

Changes in the Privacy Policy

IRIUSRISK reserves the right to modify this Privacy Policy at any time. Changes or updates to the Privacy Policy will be explicitly notified to you through a notice on the Website, along with the updated version of the Privacy Policy.  

Last version: 1st September, 2022