Privacy policy

Version 3.2
Last update: April 10, 2026

This Privacy Policy explains how we process the personal information that we collect from you when you: attend our events or visit our premises; use our websites, apps, platforms and services; contact our support team or open a support ticket; or apply for a role at IRIS IMS.

I.R.I.S. Solutions & Experts S.A. (“IRIS IMS”, “we”, “us”, or “our”) is the data controller of your personal information — that is, the entity that determines the purposes and means of the processing. For further details, please see the “Definition of I.R.I.S.” section at the end of this Privacy Policy.

If you do not accept the use of your personal data in accordance with this policy, you should not make use of our Services.

1 WHEN THIS PRIVACY POLICY APPLIES

The following Services are subject to this Privacy Policy:

  • Completing a form on one of our apps or websites
  • Taking part in research, for example a survey or contest
  • Attending one of our events or visiting one of our kiosks at an event
  • Contacting us with a query, for example about the repair or upgrade of a service or product, and fulfilling our obligations towards you
  • Our marketing of goods and/or services we think may be of interest to you and your business
  • Contacting our Support Teams and/or opening a Support Ticket in our JIRA Ticketing System

2 INFORMATION WE COLLECT AND WHAT WE USE IT FOR

We collect personal information in the following circumstances:

  • When you have expressed interest in a product or service we offer: we take your name and business contact details where we interact. For example, if you approach us online, attend our stand at an event and/or call us about a potential service or product, we will record your details so that we may follow up on your query and offer other products and/or services that may be of interest to your business.
  • Upon registering for a Support Service: you will be asked for personal details necessary to create your Support Portal account. Some fields are mandatory; if you do not provide them, we may be unable to provide all or part of the Services.
  • When you use our Services: we may collect and process personal information about your use of such Services to improve your overall experience and to fulfil our obligations to you.
  • When we research our market: to reach the appropriate business audiences, we may occasionally purchase marketing lists containing your name, business email address and business phone number. We do not buy marketing lists containing your private, personal contact details unless those lists fully comply with the opt-in requirements of the GDPR.
  • To improve your user experience: knowing your basic personal details lets us personalise communications we send to you and ensure they are relevant to your role and business.

2.1 To Provide Online Accounts

This is personal information you give us when setting up an online account (for example, our Support Portal), which personally identifies you, such as your name, position, business email address or telephone number. We need this information to:

  • Verify your identity and assist with the identification of users (e.g. your email address acts as your username to sign in to your online account and access IRIS IMS Services)
  • Send important notices, such as order confirmations or communications about changes to our terms, conditions, and policies

2.2 Responding to Customer Queries

Your personal details will be processed to respond to queries and assist with user identification. We may collect your phone number when you call us and use it as an identifier in the future. Whenever you fill in an e-form on our website or app, we may store relevant identity data to trace the history of your query and deal with it more efficiently.

2.3 Events Management

We collect your information to register you for an event, process your payment (where applicable) and provide you with relevant event materials. We may collect your name, business telephone number, emergency contact details (where strictly necessary), dietary requirements and any other information needed for you to get the most out of your experience.

2.4 To Learn About Your Activities

2.4.1 Browsing Behaviour, Device Information and Interaction

We may record details of your actions (such as repeated site visits, interactions, keywords and cookies) when you access and use our Services, in order to build a picture of our customers’ interests over time. This also includes information about the devices and methods you use to interact with IRIS IMS Services.

We combine behavioural information with your personal details, but will not store personal details related to fields you left blank during sign-up. When personal identification is not necessary, we process behavioural information on an aggregate basis only.

We capture information about your operating system and internet browser when you visit our websites, including information automatically logged when you use our Services (e.g. requested information, timestamp, IP address). Where required by applicable law, we will obtain your consent before storing or accessing data on your device.

We process this information for the following purposes:

  • To provide, maintain, protect and improve our products and Services, and develop new ones
    • For example, information about how you browse our websites can be used for data analysis, to deliver better user journeys or improve search results
  • To improve your user experience
    • Your activity teaches us what you find most useful so we can tailor your experience and display personalised content
    • Device identifiers let us optimise our Services for the device you are using
  • To provide you with marketing communications relevant to your interests and business
    • Understanding how you interact with IRIS IMS means we can provide more personalised information through your preferred channels
  • To protect our users and IRIS IMS
    • We monitor for unusual or suspicious activity, such as automated abuse, and may use your information for internal auditing and legal compliance

2.5 For Fulfilment Purposes

To support your business and perform our contract for the Services with you, we may collect personal data to arrange repairs and perform services. Examples include: when you log a call to arrange a repair or service; when you fill in a form about one of our products; and when you arrange site visits or equipment collection.

When performing technical operations on your IT infrastructure, we may have access to personal data held by your organisation. Where we use third parties for fulfilment activities, we select trusted partners who share our values and data protection standards.

2.6 To Find New Customers

To offer our products and services to others who may be interested in them, we sometimes obtain contact details from industry partners and professional bodies. When we do so, we ensure that your contact details are not part of any national opt-out service and comply with applicable marketing regulations.

2.7 Surveys and Related Information

We occasionally send customers surveys and feedback forms. Where you provide your name and contact details, we will use these to respond to your feedback and provide you with information relevant to your responses. We will only add you to our marketing database if you have opted in.

2.8 Purchase Information

We keep records about goods and services you buy to provide, maintain, protect and improve our products and services and to develop new ones. We also send important notices about purchases or changes to our terms, conditions, and policies.

2.9 Cookies and Other Technologies

Cookies and similar technologies (e.g. web beacons) are small pieces of information used to store technical and/or personal details and enable certain functionalities. To learn more about the cookies used by our Services and how to manage them, please see Section 11 (Cookie Policy) of this document.

2.10 Legal and Regulatory Requirements and Other Business Purposes

We may need to process your personal information to comply with applicable laws and regulations — for example, where we have an obligation to report suspected fraud. Other business-related purposes include negotiating and performing contracts, managing accounts and records, supporting corporate social responsibility activities, and legal, regulatory or internal investigations.

3 LEGAL BASIS FOR USING YOUR PERSONAL INFORMATION

IRIS IMS will only process your personal information where we have a lawful basis to do so under the GDPR. The applicable basis depends on the purpose:

  • Legitimate business interests of IRIS IMS: where it is necessary for IRIS IMS to understand our customers, promote our services and operate effectively as a B2B IT services and document management solutions provider. See Section 3.1 below.
  • Performance of a contract with your business: where you have ordered or requested products or Services from us and we need your contact details and payment information to process your order and deliver the products or Services.
  • Compliance with law: where IRIS IMS is subject to a legal obligation and needs to use your personal information in order to comply with that obligation.
  • Consent: for example, where you have voluntarily provided information to enter a competition. You can withdraw your consent at any time by sending an email to the contact address below or writing to any IRIS IMS address listed in this Policy.

3.1 Our Legitimate Interests

IRIS IMS’s legitimate interests include the need to understand our customers in sufficient detail to create and publicise new products and Services and to offer them a better experience. Specifically:

  • We perform analytics to provide you with a tailored experience and so that we can improve, maintain and manage our products and services in a way that meets your expectations as a customer
  • We use your information to better support your organisation and maintain the products and services you use
  • We engage in product development and will use your feedback, from surveys and elsewhere, as part of this process
  • Where permissible, we market new products and services which we think you may be interested in, always offering you the option to unsubscribe

4 HOW WE SHARE YOUR INFORMATION

4.1 Within IRIS IMS

We restrict access to personal data to people within our company who have a “need to know” such information. For example, we may pass any personal data we collect about you to our sales team or support team in order to provide our Services.

4.2 Outside IRIS IMS, to Our Partners and Third Parties

Except as described in this policy or where you have provided your consent, personal information processed when you use our Services will not be shared with or disclosed to other individuals or businesses for their own use. We may disclose your personal information to the following third parties for the purposes described:

  • Vendors and subcontractors who provide products and services to us so that we can provide our Services to you (such as technology vendors, maintenance and servicing partners, software development, hosting and management providers)
  • Third-party service providers who carry out marketing campaigns or run customer surveys on our behalf
  • Payment processing companies, credit reference agencies and anti-fraud screening service providers to process payments and carry out fraud-screening where necessary
  • Professional and legal advisers for the purposes of obtaining commercial, financial or legal advice
  • In the event that we sell any business assets, personal information may be disclosed to a potential buyer. We will make reasonable attempts to ensure the buyer will be bound by the terms of this Privacy Policy
  • In exceptional circumstances, personal information may be shared with third parties such as the police and regulatory authorities to protect our rights, property, or the safety of our customers, staff and assets
  • Where necessary to comply with a legal obligation in any jurisdiction

5 HOW WE PROTECT YOUR INFORMATION

Your personal information is held on secure servers and is not processed for any purposes other than those set out in this Privacy Policy. The servers IRIS IMS uses to store this information are accessible to authorised staff only, and IRIS IMS ensures that adequate security measures are in place.

No data transmission over the internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you have with us has been compromised), please immediately notify us using the contact details below.

We use vendors and service providers based around the world. As a result, your personal information may be processed in countries outside the country where you live. Where we transfer personal information outside the European Economic Area (EEA) to a country that provides a lower standard of legal protection, we will ensure your privacy rights are protected by appropriate safeguards — in particular through the use of Standard Contractual Clauses approved by the European Commission. Please contact us if you would like more information about these safeguards.

6 MARKETING COMMUNICATIONS

IRIS IMS may use your personal information for marketing purposes and to inform you about products and services which we think might be of interest to you and your business. You can specify whether you wish to receive such information by ticking the appropriate box in your registration form.

You can opt out from receiving marketing at any time by editing your emailing preferences in your account or by unsubscribing at: unsubscribe@irisims.com. If you unsubscribe from marketing, please note we may still send you service messages (for example, to confirm an order or delivery details).

7 HOW TO EXERCISE YOUR RIGHTS

As a data subject under the GDPR, you have the following rights in relation to your personal information:

  • Right of access: you have the right to obtain a copy of the personal data we hold about you, free of charge.
  • Right to rectification: you have the right to have inaccurate or incomplete data corrected.
  • Right to erasure (‘right to be forgotten’): you have the right to request deletion of your personal data in certain circumstances.
  • Right to restriction of processing: you have the right to request that we restrict how we use your data in certain situations (e.g. while a dispute about accuracy is resolved).
  • Right to data portability: where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object: you have the right to object to processing based on our legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at info@irisims.com or write to us at the address below. We will comply in accordance with applicable law. Please be aware that certain legal exemptions may apply and there may be circumstances where we are not able to fulfil your request.

We will delete your personal information once it is no longer necessary for the purposes for which it was originally collected.

Right to complain. If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit — APD/GBA):

Rue de la Presse 35, 1000 Brussels, Belgium
Website: www.dataprotectionauthority.be
Email: contact@apd-gba.be
Tel: +32 (0)2 274 48 00

8 RETENTION OF YOUR INFORMATION

IRIS IMS will keep your personal information for as long as we need it for the purposes set out in Section 2 of this Privacy Policy and in accordance with any retention periods required by applicable laws and relevant statutes of limitations. This period should typically not exceed 6 years in most jurisdictions.

For example:

  • Where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty purposes
  • We may keep a record of correspondence (for example, if you have made a complaint) for as long as is necessary to protect us from a legal claim

Where we no longer have a need to keep your personal information, we will delete it. IRIS IMS will not delete personal information that refers to an active relationship or a product or service explicitly requested by you (e.g. a recent purchase).

9 YOUR COMMITMENTS

You guarantee the accuracy and quality of the information you provide in connection with our Services. All personal information you send to IRIS IMS must be real, accurate and kept up to date. You take full responsibility for ensuring the accuracy of your information.

10 CHANGES TO THIS PRIVACY POLICY

We will update this Privacy Policy from time to time to ensure you are promptly informed of IRIS IMS’s data processing activities. We will not engage in any processing that puts your personal information at risk, and will seek your explicit consent where necessary.

We will keep you updated on any changes through the Services and via the communication methods you have provided. If you continue using our Services after being informed of an updated Privacy Policy, you agree to be bound by the updated terms.

11 COOKIE POLICY

Our website uses cookies to make it more user-friendly, effective and secure — for instance to enable faster navigation and provide page view statistics. Some of these cookies are transmitted to your computer system by our server.

Most are “session cookies”, which are automatically deleted from your device at the end of your browser session. Others (“permanent cookies”) remain on your device and allow us to recognise you on your next visit. You can refuse cookies in your browser settings at any time; however, some website features may not function fully if you do.

11.1 Cookies Used on This Website

The following cookies are in use on www.irisims.com:

Cookie name Domain Category Description
_ga .irisims.com / google-analytics.com Analytics Registers a unique user ID to generate statistical data on how the visitor uses the website (2-year retention).
_gid .irisims.com / google-analytics.com Analytics Registers a unique ID to generate statistical data on how the visitor uses the website (24-hour retention).
_gat .irisims.com / google-analytics.com Analytics Used by Google Analytics to throttle request rate and manage traffic load.
collect google-analytics.com Analytics Pixel-based tracking request used to send user interaction data to Google Analytics servers.
YSC youtube.com Marketing Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
VISITOR_INFO1_LIVE youtube.com Marketing Attempts to estimate the user’s bandwidth and supports tracking and ad personalization by YouTube.
cookie_consent .irisims.com Functional Stores the user’s cookie consent preferences for compliance purposes.
PHPSESSID .irisims.com Necessary Preserves user session state across page requests.
wordpress_test_cookie .irisims.com Functional Checks if cookies are enabled in the browser (WordPress-related).
wordpress_logged_in_* .irisims.com Functional Indicates when a user is logged in and who they are (WordPress session management).

11.2 Managing Your Cookie Preferences

You can manage or disable cookies at any time through your browser settings. For general guidance on managing cookies, visit www.aboutcookies.org. You may also adjust your preferences via our cookie consent banner when you first visit the Website.

To opt out of Google Analytics tracking, install the browser add-on available at: tools.google.com/dlpage/gaoptout

12 RECRUITMENT POLICY

Article 1 – Scope of the Policy
This Policy relates to IRIS IMS’s processing of personal data in relation to recruitment. It provides job applicants (“you” or “your”) with information about how IRIS IMS processes your personal data and the rights you have under data protection legislation. In this Policy, we refer to this type of information as “Recruitment Data”. Please read this Policy carefully before providing your personal data to, for example, the IRIS IMS Online Recruitment System.

Article 2 – Collection of Personal Data
We collect Recruitment Data to manage our recruitment, planning and organisational activities. The information we may collect from you includes:

  • Application information: your name, address, telephone number, email address, other contact details and preferred means of communication; information in your cover letter and CV (e.g. professional qualifications, previous work experience, level of education, skills and abilities, current salary, personal interests); information from publicly available social networking accounts (such as LinkedIn); and any other information you wish to provide in connection with your application.
  • Recruitment Process Information: information collected during the recruitment process, such as test or interview results and information provided by your references.
  • Future Opportunities Information: information collected to keep in touch with you about future opportunities, such as your name, email address, LinkedIn profile, location, area of expertise and type of position you are interested in. You can unsubscribe from this database at any time during your application.

IRIS IMS may also conduct background checks and analyses with third parties (“Pre-Employment Screening”). Personal data relating to criminal convictions or medical information will only be searched where permitted by applicable legislation.

If you provide us with contact details for a reference or any third party in your CV, it is your responsibility to ensure that such third party consents to us receiving their information.

We will clearly indicate when information we request is mandatory or optional, and will explain the consequences of not providing mandatory information.

Article 3 – Use of Personal Data
We use Recruitment Data for the purpose of evaluating and selecting candidates, in particular to:

  • Examine and process your application, assess your suitability for the role and check references and professional qualifications
  • Organise and conduct interviews and tests
  • Manage on-site security, for example to ensure that our premises, assets, information, employees and other personnel are secure
  • Evaluate and analyse the results of interviews and tests
  • Carry out any other activities necessary in the recruitment process, including final recruitment

We may also use Recruitment Data for legal and regulatory compliance purposes, for example to ensure compliance with health and safety requirements, anti-money laundering, anti-bribery, anti-corruption and equal opportunities policies.

We will only process Recruitment Data where we have a legal basis to do so. Generally, we process this data to decide whether to enter into a contract of employment with you. Where not covered by contract or legal obligation, we will process Recruitment Data on the basis of your consent, which you may withdraw at any time.

Article 4 – Disclosure of Personal Data
We restrict access to Recruitment Data to those within our group of companies who need to know that information. This may include people within our Human Resources team and those you would report to if you are hired.

Article 5 – Storage of Personal Data
IRIS IMS is an organisation with subsidiaries, business processes, management structures and technical systems that cross national borders. As a result, your personal data may be transferred and processed outside the country in which you provide it, including outside the EEA or the United Kingdom.

Where we transfer Recruitment Data outside the EEA or the UK, we will take legally necessary measures to ensure adequate protections are in place, including the use of Standard Contractual Clauses. You may contact us to request a copy of the safeguards we have in place.

Article 6 – Retention of Personal Data
IRIS IMS will retain your personal data with your consent for 6 months from the date of submission or last update of your contact or account information. After 12 months from the transmission or last update of your profile, your personal data will be deleted. If you wish your data to be retained in our talent pool after this period, you can respond to a reminder sent by us and IRIS IMS may retain your data for a further 12 months.

If you do not wish to be contacted for future positions, you can inform us during the recruitment process and your data will be deleted at the end of the process.

If you are hired and become an employee, your personal data may become part of your personnel file and may be used for other employment-related purposes.

We may delete your personal information (including your CV) at any time without notice. We therefore recommend you keep your own copy of the personal data you have provided to us.

Article 7 – Your Rights
As an individual whose personal data IRIS IMS processes, you have the right to access, rectify or delete your Recruitment Data. You also have the right to object to or restrict certain types of processing, and to request a portable copy of the Recruitment Data you have provided to us.

You may exercise your rights by contacting us using the contact details below. Any request will be considered on a case-by-case basis; in certain situations we may not be legally obliged to comply, due to applicable data protection exemptions.

If you have queries about how we have handled your Recruitment Data, please contact us in the first instance. If you are not satisfied, you have the right to complain to the Belgian Data Protection Authority (APD/GBA) at www.dataprotectionauthority.be.

Article 8 – Contact IRIS IMS
IRIS IMS is committed to protecting your personal data in compliance with applicable data protection law. If you have any questions about this Policy, please contact the generic Canon Data Protection Officer at: dpo@irisims.com

13 UPDATES TO OUR PRIVACY POLICY

We may update this policy as necessary and at any time to reflect changes in legislation, regulatory guidance or privacy practices. Where this occurs and to the extent required by law, we will provide you with a new or updated policy setting out the changes, including what, if anything, you should do.

14 DEFINITION OF IRIS IMS

In this Privacy Policy, “IRIS IMS” refers to I.R.I.S. Solutions & Experts S.A., a company incorporated under Belgian law, registered at:

I.R.I.S. Solutions & Experts S.A.
Rue Emile Francqui 11
1435 Mont-Saint-Guibert
Belgium

General enquiries: info@irisims.com | T: +32 (0)10 39 75 40
Data protection enquiries: dpo@irisims.com
Unsubscribe from marketing: unsubscribe@irisims.com