1. What Information We Collect About You
1.1 Information you provide to IRIS
When you interact with us via our websites or use the Subscription Service or the app, we may collect Personal Data and other information from you, as further described below.
1.1.1When you visit our Website
We collect Personal Data from you when you submit web forms or interact with our websites, for example subscribing to a IRISGST Newsletter, using Peridot-web and/or IRIS-CaptainBiz, signing up for a webinar, or product enquiries. Personal Data is any data about the User, by which he/ she/ it, as a person can be identified, including without limitation, GSTIN, business name, address, email address, date of registration, GSTIN and phone number etc. to which IRIS Products has or is likely to have access by virtue of the User’s consensual submission. You are free to explore some of our websites without providing any Personal Data about yourself. We use this Information to communicate with you and in some cases facilitate your registration fo r the product. Additionally, we may share your registration data with our partners in order to improve your overall experience of IRISGST Products and Services.
1.1.2 Account and User Information
We collect Personal Data when you sign-up for one of the IRISGST products or apps, create or modify user information, set preferences, or provide any other related information to access or utilize our Subscription Service. You may further provide us with details pertaining to your customers and vendors for availing our value-added services. The details including but not limited contact details, turnover, GSTIN, or industry shall be collected.
1.1.3 Payment Information
You may also provide payment information, such as a credit card number or bank account numbers, when purchasing products or services. We use secure third-party payment service providers to manage payment processing, which is collected through a secure payment process.
1.1.4 Customer Testimonials
We post customer testimonials and comments on our websites, which may contain Personal Data. We obtain each customer’s consent via email or through other agreements between customers and IRIS prior to posting the customer’s name and testimonial.
1.2 Information We Collect and Process When You Use the Subscription Service
1.2.1 Log Files
When you visit our websites or when you use the Subscription Service, we automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, internet service provider (ISP), and the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, and access times and referring website addresses.
1.2.2 Usage Data
We collect usage data when you or your users in your IRISGST Products or website interact with the Subscription Service. We engage third-party providers to collect usage data, and we only share data with these providers in an unidentified manner. Usage data includes metrics and information regarding your use and interaction with the Subscription Service such as what product features you use the most, when a report is downloaded and uploaded, and how often certain features (like workflows) are triggered in your account.
When you access or use the Subscription Service via our mobile applications, we automatically collect information such as your device model and version, operating system, or device identifier.
1.2.4 Third Party Integrations
You may connect third party integrations to your IRISGST account, which may ask for certain permissions to access data or send information to your IRISGST account. It is your responsibility to review any third party integrations you authorize.
Any permission(s) granted by you, grants these third parties access to your data, which may include (but is not limited to) granting third-party applications access to view, store, and modify your IRISGST account data. We are not responsible for the practices of third party integrations, so please carefully review the permissions you grant to third-party applications.
1.3. Information We Collect From Other Sources
1.3.1 IRISGST Partners
We may receive information about you or other users of your IRISGST account from our network of partners. We may receive this data from our deal and/or lead registration process through our partners or through our partner co-marketing agreements.
1.3.2 Third Parties
We may receive information from third party service providers, from related companies, and from our business and solution partners.
1.3.3 Other Information
IRIS Products may automatically collect certain other information, including but not limited to usernames, passwords, and other security and usage related information, whenever you visit or utilize the Services such as Log Data, Analytical Code, Time Stamp, Geo Stamp, IP address, version and identification number of the device, browser type, browser language, the date and time of your request, your profile, websites visited by you, search terms used, platform type, number of clicks, phone number, requested status of other Users and various status information and other personal setting information with regard to your usage of the Services provided through the Website (“Usage Information”). Such Usage Information collected is not associated with any Personal Data and is tagged to the unique identifier of a particular device.
1.3.4 Information We Process on Behalf of Customers
Our Subscription Service allows our customers to create and share GST Returns and related information. When customers use the Subscription Service, they may collect Personal Data such as first and last name, email address, physical address, phone number, or other information about you as their vendors. We do not control the content of our customers’ webpages or the types of Personal Data that our customers may choose to collect or manage using the Subscription Service. We store our customers’ information on our service providers’ servers but process it as a processor under our customers’ instructions and in accordance with our Customer Terms of Service, which prohibit us from using the information except as necessary to provide and improve the Subscription Service and as required by law.
Our customers control and are responsible for correcting, deleting or updating the information they process using the Subscription Service and for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the Personal Data to IRISGST for processing purposes.
2. How We Use Your Information
2.1 To Provide the Product and Services
2.1.1To Market and Promote the Subscription Service
We use the information you provide to IRISGST to market and promote the products, services, and other offerings. For example, we use the information, like your email or physical address, to send information or IRISGST content to you which we think may be of interest to you by post, email, or other means and send you marketing communications relating to our business. We use this information to promote the use of our services to you and share promotional and information content with you in accordance with your communication preferences.
We may also reach out to you via telephone to ask about other IRISGST products or services you may be interested in. If you have a call scheduled with an IRISGST representative, we may record and transcribe the call. You will be notified prior to the call that the call is being recorded, and you will be offered an opportunity to opt-out of having the call recorded.
2.1.2 To Communicate with You About the Services
We use the data you provide to IRISGST when signing up for the Subscription Service to contact you via email or in-app notification about billing, account management, and other administrative matters. We send updates to you regarding our Customer Terms of Service or other legal agreements. We may also communicate with you about security incidents via email or in-app notification.
We use your information to provide customer support, such as resolving technical issues you encounter and analyzing product outages or bugs.
2.1.3 To Provide and Improve the Subscription Service
We use your account information and Customer Data to provide the product and services to you. For example, we use the email address you provide when signing up for the product to create your user account, and we use your payment information to process payments for paid use of the Subscription Service.
We collect data about how our products and services are used by monitoring and tracking our product users. We use this data to develop and improve our products and services. For example, we use usage data to assess trends and usage across the product to help us determine what new features or integrations our users may be interested in. We may share usage data externally but will only do so in an anonymized and/or aggregated manner to build and improve product features.
We use Customer Data in an anonymized manner for machine learning that supports certain product features and functionality with the Subscription Service.
2.1.4 To Secure and Protect our Product and IRISGST Users
We use your account information to investigate and help prevent security incidents. We may also use this information to meet legal requirements. We use your information to verify user accounts and new product sign-ups, and to detect and prevent product abuse.
2.1.5 For Research and Development
We may share externally or provide other companies with statistical information about our users, but this information will not be used to identify any individual user and will only be shared on an aggregate and de-identified basis. For example, we may publish blog posts on trends or insights into how users are interacting with the product.
If you use the mobile applications, we may send you push notifications from time to time in order to update you about events and promotions. If you no longer wish to receive such communications, you may turn them off at the device level.
2.1.7 Log Files
Log files are used by IRISGST to provide general statistics regarding use of the websites. For these purposes, we do link this automatically-collected data to other personal data such as name, email address, address, and phone number. We also use log files to troubleshoot and investigate security incidents.
2.1.8 Third Parties
2.1.9 Social Media Features
3. How We Share Information We Collect
3.1 Third Parties and Service Providers
We employ other third parties and service providers to provide services on our behalf to our website visitors, our customers, and users of the product and services. We may need to share your information with service providers to provide information about products or services to you. Examples may include removing repetitive information from prospect lists, analyzing data or performing statistical analysis on your use of the Subscription Service or interactions on our websites, providing marketing assistance, processing credit card payments, supplementing the information you provide to us in order to provide you with better service, developing and improving the product and services, and providing customer service or support. These service providers are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your information. In all cases where we share your information with such agents, we explicitly require the agent to acknowledge and adhere to our privacy and data protection policies and standards.
We may share data with trusted IRISGST partners to contact you based on your request to receive such communications, help us perform statistical analysis, or provide sales support, or provide customer support. Partners are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your data.
We partner with trusted third parties to provide you with co-marketing content that we think may be relevant to you. When you engage with these co-marketing partners, we will tell you who we are sharing data with. These co-marketing partners are required to adhere to our privacy and data protection policies.
3.3 Corporate Events
If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by IRISGST on the websites and the Subscription Service. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Data, and choices you may have regarding your Personal Data.
3.4 Compelled Disclosure
We reserve the right to use or disclose your Personal Data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process. If you use the Subscription Service, Customer Data is considered Confidential Information and you should review the Confidentiality terms in the Customer Terms of Service for more information.
The Company shall not rent, sell or otherwise provide Information received from the Users to third parties without their consent, except as described in this Policy or as required by law.
4. How We Store and Secure Your Information
4.1 Data Storage and Security
We use a variety of security technologies and procedures to help protect your Personal Data from unauthorized access, use or disclosure. We secure the Personal Data you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All Personal Data is protected using appropriate physical, technical and organizational measures.
4.2 Retention of Personal Data
How long we keep information we collect about you depends on the type of information and how we collect and store it.
We retain Personal Data that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes and enforce our agreements).
When we have no ongoing legitimate business need to process your Personal Data, we securely delete the information or anonymize it or, if this is not possible, securely store your Personal Data and isolate it from any further processing until deletion is possible.
If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services, such as when you last opened an email from us or ceased using your IRISGST account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
5. Cookies and Similar Technologies
When you visit our websites, sign up for an IRISGST account, attend an IRISGST virtual event, or request more information about IRISGST, we collect information automatically using tracking technologies, like cookies and tracking pixels.
5.3 Third Party Tracking Technologies
6. How to Access & Control Your Personal Data
6.1 Reviewing, Correcting and Removing Your Personal Data
You have the following data protection rights:
6.1.1 You can request access, correction, updates or deletion of your Personal Data.
You can object to our processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data.
If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
If you are a customer, prospect, or otherwise interact with an IRISGST customer that uses our Subscription Service and would like to access, correct, amend or delete your data controlled by the customer, please contact the relevant customer directly. IRISGST acts as a processor for our customers and will work with our customers to fulfil these requests when applicable.
6.1.2 To Unsubscribe From Our Communications
You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our e-mails, updating your communication preferences, or by contacting us here or postal mail to IRIS Business Services Limited, T-231, International Infotech Park, Vashi, Navi Mumbai, Maharashtra, 400703. Customers cannot opt out of receiving transactional emails related to their account with us or the Subscription Service.
6.1.3 To Unsubscribe From Our Customers’ Communications
Our customers are solely responsible for their own marketing emails and other communications; we cannot unsubscribe you from their communications. If you are a customer, prospect, or otherwise interact with an IRISGST customer, you can unsubscribe from our customers’ marketing communications by clicking on the “unsubscribe” link located on the bottom of their emails, or by contacting them directly.
7. Data Security
7.1 Protecting Data
The Company is committed to protect the security of any Information and uses reasonable efforts including a variety of security technologies and procedures to help protect such Information from any unauthorized access, use or disclosure. The Company will take all reasonable measures in furtherance of the above commitment. However, the Company cannot guarantee that the Information received from the User and other information stored on the servers will be absolutely protected in all circumstances. There may be instances where IRISGST Products may be subject to security breaches and failures due to circumstances beyond Company’s reasonable control. These may include computer “hacking”, data theft or and physical theft among others. To prevent this we recommend that the User take additional measures to protect his/her information, such as installing anti-virus software, closing browsers after use, keeping confidential log-in credentials and passwords, and making sure that User has regularly updated Software to ensure the presence of the latest security enabled features on the device.
7.2 Data Disposal
Any data destroyed shall be disposed off in a manner that protects the privacy of the Information received by IRIS Products from the User in an appropriate manner as per the industry standard practices and norms.
The User hereby acknowledges and understands that all Information provided in using IRIS Products is with their knowledgeable consent and at the User’s own risk.
9. Commercial Communication
Company may send electronic communications or trade electronic communications to your contact address on the site or on your behalf, which you have forwarded to or registered with. It is assumed that you have given prior permission / consent to the sending of an electronic message to be sent via any electronic communication whether commercial or not. You always have the right to revoke your consent / rejection and refuse commercial electronic communications.
10. Third Party Services
The Peridot app uses third party services that declare their own Terms and Conditions.
- Google Play Services
- Firebase Crashlytics
- Google Analytics for Firebase
Link to Terms and Conditions of third party service providers used by the Peridot app
11. Link to Other Sites
12. Assumptions and Inferences
The product IRIS Peridot provides GST Compliance Details of any GSTIN based on the information available from the GST system. Using publicly available information, the app provides insights and inferences. The approach, assumptions, derivations and scope are available here.
Product – IRIS LookUp provides match on MCA Struck Off Companies based on the information collected from MCA site. The approach, assumptions, derivations and scope are available here.
13. Contact Us
Any grievances or questions regarding this document should be directed to the following e-mail address: [firstname.lastname@example.org]