Iris (“Iris”, “us”, “we”, or “our”) cares about your privacy and is committed to protecting your personal information with fair information practices and applicable data protection laws.
This Privacy Notice describes the types of information we collect from you when you use the WeWorkApp and how we process, transfer and store the collected information, as well as how you can exercise your rights.
1. Who processes your personal data?
The Controller of your personal information is the Iris group entity that initially collected your data. If you have questions about who the Controller of your data is or any other questions about your data, please contact our HR department via payroll@iris.be
2. Personal data we collect, purposes and legal bases
The purpose of the WeWorkApp is to track time / work hours on jobs and projects.
In order to use the WeWorkApp for the first time, you will be required to enter your phone number, and name so we can send you a unique code allowing you to access the App.
With each of your visits to the WeWorkApp we may automatically collect device specific information such as your unique device identifier, your mobile operating system, the type of mobile device you use, your mobile device unique ID, and mobile network information. We may use this information to compile anonymous statistics for our legitimate interest of analyzing usage of the WeWorkApp, and enhancing the App.
Non Iris Group users
Users of our App who are not employees of Iris Group can use the App in order to track time on their projects.
In that case, we only process your name and phone number for the purpose of identifying you as a user who is not an employee of Iris Group and for sending a unique access code to your mobile device.
In addition, with your consent, we may obtain information about your physical location when you use the WeWorkApp. You may stop sharing your location information by adjusting your mobile device’s location services settings.
Iris Group employees
By entering your name and phone number, you will be identified as an employee of Iris Group and receive a unique code on your mobile device to access the App for time registration purposes.
For the purpose of time registration we process the following information:
- Location information: with your consent, we obtain information about your physical location when you use the WeWorkApp. This information is used to validate the presence of our workers at our client’s premises. You may stop sharing your location information by adjusting your mobile device’s location services settings, however, in that way you will not be able to use the time registration function of the app.
- Time registration data: when you access your work schedule (planning) in the WeWorkApp, your time is registered automatically upon check-in and check-out. This personal information is collected based on the performance of our contract with our workers.
For payroll processing purposes of our own workers, we may also collect:
- Images: with your consent, the WeWorkApp will access the camera in order to upload materials such as images and/or pictures, photos and/or documents (such as doctor’s notes) related to absences for sick leave, work accidents, etc.
- Information about holidays: requests and approvals for holiday leave may also be processed via the WeWorkApp
We may send push notifications to your mobile device for the purpose of reminding you about your time registration duties. If you do not wish to receive any push notifications, you need to change the settings on your device.
3. Recipients of your personal data
- Within Iris: business functions that require access to Iris Group employees’ data in order to perform our contractual and legal obligations (i.e. HR, accounting, operations, legal) or for the purpose of our legitimate interests (i.e. IT). We may also transfer and share information with other entities of the Iris group.
- Third parties: we may use third parties to provide or perform services and functions on our behalf (data processors) such as payroll processing companies and IT service providers. We may make personal information available to those third parties to perform these services and functions. Any processing of that personal information will be on our instructions and the use of your personal information is limited (by law and by contract i.e. data processing agreements) to the specified purposes in this privacy statement.
- As required by law: we may also make personal information available to public or judicial authorities, law enforcement personnel and agencies. Where permitted by law, we may also disclose personal information to third parties (including legal counsel) when necessary for the establishment, exercise or defense of legal claims, or to otherwise enforce our rights, protect our property or the rights, property or safety of others, or as needed to support audit and compliance functions.
- Mergers and acquisitions: personal information may be transferred to a party acquiring all or part of the equity or assets of Iris or its business operations in the event of a sale, merger, liquidation, dissolution or other.
- For non Iris Group users, your phone number and name are only used to determine if you are an employee or not.
4. Data storage and retention
Your personal data will be stored until the processing of your personal data is no longer necessary for the intended purpose.
Local storage in the WeWorkApp is limited to your first name and last name (which will be stored until your account is deleted) and for iris employees your working schedule, which is stored for the next 10 working days.
The personal information we collect from you via the WeWorkApp is send to and stored on our Cloud servers based in Europe. We retain this information for as long as we have on ongoing relationship with you and for as long we have a legal obligation to keep payroll information when you have left Iris as an employee.
For visitors who are not employees, no personal data is stored.
5. Your rights
Under data protection law, you have the following rights:
- Right of access: You have the right to ask us for copies of your personal information.
- Right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
- Right to restrict processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Right to object to processing: You have the right to object to the processing of your personal information in certain circumstances.
- Right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
- Right to withdraw consent: where we are relying on consent to process your personal data, you have the right to withdraw consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
We respect these rights and have processes in place to recognize and respond to individuals wishing to exercise these rights. Iris Group employees may request to exercise any of these rights through their local HR contact or via payroll@iris.be
Non Iris Group users can exercise their rights via: gdpr@iris.be
You also have the right to lodge a complaint with the relevant supervisory authorities if you decide that the processing of your personal data violates the regulations of the General Data Protection Regulation. The Belgian supervisory authority can be contacted via contact@apd-gba.be
6. Security
We are committed to protecting your personal information from loss, misuse, disclosure, alteration, unavailability, unauthorized access and destruction by taking appropriate organizational and technical measures.
In order to protect your personal data, we take various security measures including secure severs, firewalls, authentication tools, as well as physical protection of the locations where personal data is stored.
In addition, all Iris personnel and any third parties engaged by Iris to process your personal information are obliged to respect and safeguard the confidentiality of your information.
Nevertheless, if you would discover a breach of our security despite all taken precautions, we request that you notify us as soon as possible via gdpr@iris.be
7. Automated decision making
Your personal data is not subject to automated decision-making, nor profiling.
8. International transfers
Your personal data is not transferred outside the European Economic Area (EEA).
9. Contact information
Within Iris, the HR department is the point of contact for questions regarding the protection of personal data of Iris Group employees via: payroll@iris.be
Non Iris Group users can address any questions or concerns to: gdpr@iris.be
Iris will investigate and attempt to resolve any request or complaint regarding the use or disclosure of your personal information.
In the event that you are not satisfied with our reply, you also have the right to contact the data protection authority, as indicated above.