Privacy Policy

1. Introduction

IRIUSRISK, S.L. (hereinafter "IRIUSRISK") is the owner of the domain https://www.iriusrisk.com and subdomains https://community.iriusrisk.com/ui#!login and https://support.iriusrisk.com/hc/en-us (hereinafter the " Website") and is responsible for the processing of your personal data (“you”, “your”) when you access, sign up, browse and use the Website.

By means of this Privacy Policy, and in compliance with Regulation (EU) 2016/679 ("GDPR") and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights ("LOPDGDD"), IRIUSRISK informs you, who makes use of the Website, of the processing of those personal data that may be processed by IRIUSRISK, in order for you to decide, freely and voluntarily, whether you wish to provide the requested information.

You declare to have been informed of the conditions on personal data protection, accepting and understanding the content of this Privacy Policy. Otherwise, please do not accept the Privacy Policy and do not use the Website.

2. Data Controller

The Data Controller is IRIUSRISK, S.L. with registered office at Parque Tecnológico Walga, Ctra. Zaragoza N-330A, Km. 566, 22197 Cuarte (Huesca), Spain, with N.I.F. B-22341713 and email address info@irusrisk.com.

3. Data collected, purposes, legal basis and retention period

By means of the following table, we inform you which data IRIUSRISK collect about you, as well as the legal basis by which it will be legitimized to process such data, the purpose of processing and retention periods.

Data collected	Legal basis	Purpose	Retention period
Identification data: name, surname, email, company	Execution of the Terms and Conditions	Sign up to IriusRisk Community edition	This data will be used for as long as you remain subscribed to our Community. If you choose to unsubscribe, all your personal data collected for this function will be deleted, without prejudice to the blocking for 5 years to address possible liabilities.
Contact data: name, surname, email, company name, phone number, country	Consent	Request a Live Demo	During the necessary time to contact you, schedule and perform the Demo. After this time the data will be blocked during the maximum period of 3 years.
Contact data: name, surname, email, company name, phone number, country	Consent	To download our e-book	During the time necessary to send the e-book. After this time the data will be blocked during the maximum period of 3 years.
Contact data: Name and surname, email, phone number, country. Message content	Legitimate interest to resolve any questions and/or incidents and provide you adequate service.	Support: Provide you support in case there is any query, question and/or incident related to the provision of the service.	During the time necessary to answer the question and/or solve the incident.
Contact data: email	Consent	To carry out marketing communications and inform you about events, reports and other services available on the Website.	This data will be used for as long as you remain subscribed to our commercial communications. If You choose to unsubscribe, all your personal data collected for this function will be deleted, without prejudice to the blocking for 5 years to address possible liabilities.
Identification data: name, surname, email, company name, phone number, country. Academic and professional data: CV	Consent	To receive applications for potential employees	During 2 years from the moment of receipt, the data will be blocked during the maximum period of 3 years.
Contact data: name, surname, email, company name, phone number, country.	Consent	To access to our webinars recording events	During the necessary time to contact you and give you access/ send you the recorded webinars. After this time the data will be blocked during the maximum period of 3 years.
Site Navigation Data: IP and other characteristics of navigation (e.g., location and/or device) derived from the use of cookies or similar technologies used on the Website. You can find more information in our Cookie Policy.	Consent given through the cookie banner at the start of your navigation. You may withdraw your consent by following the steps indicated in the Cookies Policy. Legitimate Interest Those cookies categorized as technical will be necessary for the operation of the Website.	Analysis of browsing behavior and statistics: The information collected through cookies and other similar tracking technologies that allow an analysis of your navigation.	The retention periods depend on each specific cookie. For more information on the information retention periods for each type of cookie, please consult the Cookie Policy.

The data collected above, may be used by IRIUSRISK for the compatible purposes recognized by the GDPR in Article 89, for the purposes of reports and statistical studies in order to increase knowledge about the products you demanded, as well as to improve the quality of the services of the Website. For this purpose, pseudonymization and even anonymization techniques, such as data aggregation, preventing this subsequent processing from identifying you individually. 4.

4. Communication of data to third parties and international transfers.

IRIUSRISK will process your personal data with strict confidentiality in accordance with applicable law. However, we will disclose any personal or other data you provide to us in compliance with a legal obligation or to properly fulfill other obligations under applicable law. IRIUSRISK will ensure that your identity will be kept strictly confidential and will not be transmitted to a third party, subject to the provisions and agreements herein.

Notwithstanding the foregoing, IRIUSRISK uses the services of third-party technology service providers (hosting, CRM, etc.) to ensure the operation of the Website as well as for the provision of services, which may process personal data as data processors within the European Economic Area ("EEA") and also outside the EEA:

Amazon Web Services (“AWS”): we use AWS to host and store the information and personal data collected and generated through the use of the Website on AWS servers located within and outside the EEA for which we have applied the appropriate safeguards (Standard Contractual Clauses), in accordance with their particular conditions of hosting services. Please, for more information visit their Privacy Policy at: https://aws.amazon.com/es/privacy/.
HubSpot Inc (“HubSpot”): we use HubSpot for CRM software services, and its serves are located within and outside EEA for which we have applied the appropriate safeguards (Standard Contractual Clauses). Please, for more information visit their Privacy Policy at: https://legal.hubspot.com/es/privacy-policy.

IRIUSRISK may share personal data, in addition to the companies within its corporate group for purposes of separation of business activities, customer portfolio management or other purposes related to the internal business organization, with any company interested in buying or buying IRIUSRISK or a part of its business and, consequently, give access to any national or international auditors to carry out their due diligence provided that such processing is essential for the successful completion of the business transaction. As indicated in article 21 LOPDGDD, if the transaction is not completed, the data must be immediately deleted by the receiving entity.

5. Security and confidentiality

IRIUSRISK undertakes to adopt the necessary technical and organizational measures in accordance with current regulations in order to ensure the security of personal data and to prevent accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorized communication or access to such personal data. Personal data will be treated as confidential by the data controller, who undertakes to inform and ensure by means of a legal or contractual obligation that such confidentiality is respected by its employees, associates, and any person to whom it makes the information accessible.

6. Data protection rights

You may exercise the rights of access, rectification, erasure, opposition, and, if applicable, to limit the processing and portability of data by sending an email to dpo@irusrisk.com, with the reference "GDPR" and the content of your request. In cases where representation is admitted, it will also be necessary the identification by the same means of the person representing you, as well as the document proving the representation.

  Likewise, you may submit a complaint to a supervisory authority, and in particular, to the Spanish Data Protection Agency (www.aepd.es ) if you considers that the rights set out above in this Privacy Policy are violated or if you considers that the processing of your personal data infringes the applicable regulations. Though we would request you to first contact us to deal with any complaint.

7. Commercial communications

When subscribing to our newsletter, you will receive electronic commercial communications in accordance with applicable law, including alerts, notifications, newsletters, offers and promotions about IRIUSRISK services. If you do not wish to receive information related to IRIUSRISK services, you may unsubscribe from any of our "Unsubscribe" communications or let us know by sending a notification to info@irusrisk.com .

8. Changes in the Privacy Policy

IRIUSRISK reserves the right to modify this Privacy Policy at any time. Changes or updates to the Privacy Policy will be explicitly notified to you through a notice on the Website, along with the updated version of the Privacy Policy.

Last version: 30 of 08 of 2022