GDPR and other Policies
IRIS Software Group Limited is committed to protecting and respecting your privacy.
Read the IRIS Software Group Privicy Policy, you can also read information on our cookie policy.
My ePay Window data
How long are my documents kept for
Client’s who have not accessed or uploaded new data in the preceding 12 months will be deemed to be no longer using the My ePay Window service and will have their accounts blocked and their data will be anonymised after a further 3 months.
We may use aggregated information for the purposes of monitoring use of the Website. Such aggregated information may be provided to third parties. These statistics will not include information which can be used to identify any individual, Client Company or client entity or the nature of its employment or business.
For the avoidance of doubt, we shall not use any personal data held on the Website for any marketing purposes.
Information security reviews
ISO27001 certification is audited annually by an external assessor. Internal compliance with Group ISMS is also annually reviewed by the Group Compliance team. Annual external 3rd Party Penetration testing is carried out for cloud services with weekly vulnerability scanning.
Download the ISO27001 Certificate (PDF)
Geographic processing location
IRIS has a section 28 EU-GDPR sub-processor agreement in place with Rackspace Ltd who provide exclusive UK hosting services for the IRIS My ePay Window service. Rackspace certifications include ISO27001, AICPA-SOC (formerly known as SAS70) and PCI-DSS. Their certifications include ISO27001, AICPA-SOC (formerly known as SAS70) and PCI-DSS.
Continuity
Business continuity procedures include daily backups and separate physical servers using virtual server technology with failover in the event of an individual virtual machine or hardware failure (through virtual machine Clustering and SAN technology) IRIS service level agreement terms provided by Rackspace Limited, provides 100% availability of the network and repair of any problem hardware component within one hour of identification, additional time may be required to rebuild a RAID array or to reload operating systems and or applications.