Privacy policy


GENERAL INFORMATION

We are honored that you visited our website and thank you for your interest in our products. The security of your data is essential to us. We not only ensure that we comply with the relevant regulations but we also endeavored to have a sophisticated online retail store in which to feel comfortable about entrusting personal data online. For this reason, we handle personal data with utmost care and respect.

This privacy policy describes which data is being collected on our website and how your personal data is being processed by us, IRIS, a trademark licensed to SRAR Al-Riyadh Company under existing laws in the Kingdom of Saudi Arabia. This policy states how we are using your personal data, which measures we have taken and continue to take to protect your data and which rights you have with regards to your personal data.

You can print or save this document by using the common functionality of your internet browser. 

RESPONSIBLE PARTY

Name and address of the controller

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by applicable laws.

Controller for these purposes, other data protection laws and other provisions related to data protection is:

IRIS
SRAR Al-Riyadh Company
P. O. Box 61474
Riyadh 11565
Saudi Arabia
E-mail: info@irisselections.com
Website: www.irisselections.com

Should you object to the acquisition, processing or utilization of your data by IRIS in keeping with the stipulations of data-protection provisions, whether entirely or for individual measures, you can send your objection per e-mail, or by letter again using the previously mentioned contact options.

COLLECTION AND PROCESSING OF PERSONAL DATA

Introduction
We take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the applicable laws of the Kingdom of Saudi Arabia.

Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). This includes among others your name, your address, your e-mail address, your phone number, your IP-address, and any other data that you provide while registering for a customer account with us.

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Purpose and legal basis of the data processing, data categories

Purpose of the data processing

In general, we process your personal data for the following purposes:

  • To offer our products and services
  • To assist customers, intermediaries and potential customers
  • To prepare and execute business transactions
  • To inform and communicate with our customers, intermediaries and potential customers
  • To be compliant with legal responsibilities, such as financial and accounting requirements
  • To ensure a technically correct functioning of our website

Data categories
For these purposes we process personal data that can belong to the following data categories:

  • Contact information
  • Data that is required to prepare and complete business transactions and processes
  • Financial data, bank information and credit-check data
  • Contractual data
  • Data that is being created during the communication of your internet browser with our website
  • Data that has to be collected and processed because of a public interest

Transmission and forwarding of personal data
We transmit and forward your personal data to third parties for the purpose of order fulfillment, and to processors, that process your personal data only with our specific or general written authorization.

Period for which personal data will be stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract, the initiation of a contract, or the completion of the initial purpose of the data collection.

Right to withdraw consent
If you have given consent to the processing of your personal data, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of data processing based on consent given before its withdrawal.

Automated decision making and profiling
We do not perform any automated decision-making, including profiling.

DATA COLLECTION

Webserver log-files
IP addresses are required for internet browsers to communicate with web servers. When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

  • IP-address
  • Browser type and version
  • Operating system
  • The website from which an accessing system reaches our website (so-called referrer)
  • The URL that is being requested on your website
  • The date and time of the access request

Data processing is carried out on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. We store the information in our log files for 14 days. All content older than that is automatically deleted from the log files.

Cookies

Our website uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. Cookies are required for our website to function properly. As an example, cookies are required that you can add products to the shopping bag. If you choose to disable cookies, this may limit the functionality of our website. By using cookies we can only identify your computer but not you as a person.

Generally, there are two types of cookies: so called “session cookies” which are automatically deleted after your visit, and cookies that remain in your device's memory for a longer time period or until you delete them. These cookies make it possible to recognize your browser when you visit our website again.

Most of the cookies that we use are session cookies and are automatically deleted when you end your session or close your browser.

We also use cookies that are saved on your computer for longer than your current session. One such cookie is placed when you login to your account on our website and activate the “Keep me logged-in”-function. When you visit us again with the same device, we recognize your cookie and log you in automatically. Another such cookie is stored on your computer when you add products to your wish list and you are not logged in. Such cookies are stored for a maximum of two years.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors.

We may work together with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies may also be stored on your device when you visit our website (third-party cookies). You will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following sections.

Please note that you can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Please note that the functionality of our website may be limited if cookies are not accepted.

Customer account and registration

All visitors of our website and all our customers have the option to register for a customer account on our website. Registered users receive One Time Password (OTP) access to their customer data. The "Profile"-pages provide information on the order history, billing and shipping addresses. Furthermore, registered and logged-in users can save their wish list long-term. Registering for a customer account can be done during checkout or independently thereof. During registration the following personal data is being collected:

  • E-mail address
  • First and last name
  • Address (street, postal code, city and country)
  • Phone number

This data is collected and saved only for our internal use, for order-fulfillment and our own purpose. Should a registered customer place an order through a customer account, then we may forward relevant personal data to third parties that are involved in and for the purpose of order fulfillment, such as logistics companies.

We will process the data provided during registration only.

You have the right to withdraw your consent at any time. An informal e-mail to info@irisselections.com making this request is sufficient. The withdrawal of consent shall not affect the lawfulness of data processing based on consent given before its withdrawal.

ORDER, ORDER-PROCESSING AND CREDIT-CHECK

General information

During order processing and fulfillment, we collect, process, and use personal data only insofar as it is necessary to prepare and complete your order. This is done based on applicable regulations which allow the processing of data to fulfill a contract or for measures preliminary to a contract.

To process your order we require your full name, your billing and shipping addresses, a telephone number to contact you in case of delivery problems and your e-mail address. If you pay by direct debit, this data also includes your bank account details. We give this data to those third-party companies, which are necessary to deliver your order to your doorstep. For example, our shipping partners Aramex and DHL need to receive your shipping address, and our payment service provider requires your billing address and credit card data to process your payment.

No storage of credit card data

We do not store any credit card details. Such payment details are exclusively stored on the secure server of our payment service provider, which means that we are compliant with the so called “Payment Card Industry Data Security Standard”. This standard defines a secure process for credit card payments.

Contact form

Our website contains a contact form that enables a quick electronic contact to our company, as well as direct communication with us. Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. The following personal data is being collected:

  • Last name and, if provided, first name
  • E-mail address
  • Phone number, if provided
  • Your message

Such personal data transmitted through the contact form is stored for the purpose of processing your enquiry and of replying to any ensuing questions. We do not share this information without your permission.

We will process any data you enter into the contact form only with your consent. You may revoke your consent at any time. An informal e-mail making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Google Analytics

Web-analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. As examples, a web-analysis service collects data about the website from which a person has come (the so-called referrer), which specific pages (URLs) were visited on a website, or how often and for what duration these pages were viewed. We use web-analytics mainly for the optimization of our website and in order to carry out a cost-benefit analysis of our internet marketing measures.

This website uses Google Analytics, a web-analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

You can also prevent the collection of your data by Google Analytics by clicking on the following link: Disable Google Analytics. An opt-out cookie will be set to prevent your data from being collected on future visits to this website.

For more information about how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Social media

Our website can easily be shared on Facebook, Instagram, Pinterest and Twitter. Our implemented solution strongly protects your data privacy. Our social-sharing buttons contain only static links to the social networks. You will be forwarded to the social network in a separate browser window.

The social networks can therefore only obtain data from you, when you have pressed a sharing button. If you are a logged-in Facebook user and you click on the sharing button, then this information will be transmitted to your Facebook profile.

SSL-ENCRYPTION AND DATA SECURITY

Your personal data is securely transmitted using https-encryption. This also applies when you are placing an order with us or when you register for a customer account on our website. We encrypt your data using the SSL (Secure Socket Layer) protocol.

Our servers are protected by a Firewall against unauthorized access. We do not store any credit card details. Such payment details are exclusively stored on the secure server of our payment service provider. We are “PCI-compliant” which means that we are compliant with the so called “Payment Card Industry Data Security Standard”. This standard defines a secure process for credit card payments.

YOUR RIGHTS (AS THE DATA SUBJECT)

Introduction

Regarding your personal data, applicable laws provide you with the rights described in the following sub-chapters. 

Right of access

According existing regulations, the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. This includes the personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. If you wish to claim your right of access, you may contact us at any time.

Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. If you wish to claim your right to rectification, you may contact us at any time.

Right to erasure ('right to be forgotten')

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay. If you wish to claim your right to erasure, you may contact us at any time.

Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing. If you wish to claim your right to restriction of processing, you may contact us at any time.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible. If you wish to claim your right to data portability, you may contact us at any time.

Right to withdraw consent

The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. If you wish to claim your right to withdraw consent, you may contact us at any time.

Right to lodge a complaint with a supervisory authority

If there has been a breach of data protection legislation, the person affected may lodge a complaint with a relevant supervisory authority in the Kingdom of Saudi Arabia.

Can we store cookies?

Broadcast uses cookies to improve your browsing experience.