Security and Privacy


For GDPR purposes IRIS Cascade has been identified as a Data Processor, with the client as the Data Controller.

As such the client has an obligation to:

  1. Choose only processors that can provide sufficient guarantees to implement appropriate technical and organisational measures to make sure that the processing will meet data protection requirements and will protect the rights of the individuals the information relates to.
  2. Put in place a contract or agreement, that is binding on the processor and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the customer. That contract must include certain clauses listed in Article 28 of the General Data Protection Regulation (GDPR).

This section is designed to provide reasonable guarantees in line with the above.

IRIS Cascade commitment to data protection

IRIS Cascade will:

  • Use personal data legally and securely

  • Respect privacy and treat personal data lawfully and correctly

  • Ensure that the service complies with the General Data Protection Regulations

  • Adhere to the group data protection policy

  • Report any breaches of data protection to the relevant channels

Useful links can be found below:

Find out more