Data privacy is becoming an increasingly important topic in personal, professional and commercial contexts. This page briefly summarises our approach to data privacy.
We deal only with Insurance Companies and Consulting Actuaries on a business-to-business basis. Individuals may not become our customers and we do not store personal information.
IRIS SOFTWARE DEVELOPMENT AND TESTING
In production, the Iris Software runs on the computer systems of Insurance Companies and Consulting Actuaries inside their security perimeters and under their control. The Insurance Companies and Consulting Actuaries are responsible for protecting their customer data. When companies use Iris software on their computers then none of the data is sent to us and we can neither see nor store any company or personal information. When we create the Iris Software we use synthetic data to test its accuracy and performance. If we are sent test data by our clients, the Insurance Companies and Consulting Actuaries, then we insist that they remove any real information. If they do not do so then we delete the data and request that they send an updated version.
IRIS MONITOR APP
A Web App and an iOS App called the Iris-Monitor have been created to allow users to monitor the progress of their runs when they are not at their desk. This is a small optional part of the overall system and is aimed at users who do not have access to a corporate VPN to monitor their runs directly. Individual employees will need to get permission from their Employer (ie our client) to use the Iris-Monitor. If they do so then a corporate email address and a small number of run time metadata items will be stored in a third party database that is managed by us so that individual employees may have access to that metadata, which secured by a password. The metadata does not include any Insurance Company financial assumptions, results or input data.
IRIS MONITOR SUPPORT
Full documentation on the use of the Iris-Monitor is contained within your Iris-System installation in the local Iris-Docs. Additional support may be obtained from your company's internal Iris-Administrator or your internal IT department.
If you are the Iris-Administrator then you may obtain support from the Green13 StackOverflow forum. Iris-Administrators you may also contact your usual Green13 contact by email or telephone for dedicated incident support.
DATA POLICY FOR IRIS MONITOR
1. Collection, use and protection of personal data
Please note that you may only use the Iris-Monitor if your employer has a valid Iris Licence and if your employer has given you permission to use the Iris-Monitor.
You will not be able to use the Iris-Monitor unless it is set up by Green13 Technical and this setup will only be done if we have received confirmation of your employer's permission to use it in writing.
2. Collection of Data
Your data will only be collected if you choose to activate the Iris-Monitor-Server component of the Iris-System. This is a positive decision that you must make as the basic Iris-System can not collect or transfer data outside of your corporate network.
If you activate the Iris-Monitor-Server then we will collect the data and store it in a Google Firebase database that is under our control. The data consists of your email address and the progress metadata of your Iris batch run.
The metadata includes your email address, your Iris-Licence uniqueId, the run start time, total number of activities, current activity index, current activity title, number of errors and percentage complete of your currently most recent batch run.
The metadata does not include any policy data, assumptions, financial results or formula. Your metadata may be stored in the UK, EU and other countries.
3. Use of Data
We will store the metadata collected from your run on a PC in our Google Firebase database so that you may retrieve that information using your iOS app or the web app and monitor the progress of your run. This is for times when you are not able to access your company PC either in person at your office or via your corporate network.
Your metadata will only be available to you, using your username and password to log in, and will not be available to other users. We will have access to your metadata and will use it to provide us with feedback on the performance and stability of the Iris-Software.
The cloud service providers who operate under contract to us may also have access to your data. Please see the Google Firebase documentation for their current statement on this matter.
We will not pass your data to any third party or law enforcement agencies unless we are required to do under relevant legislation or court order.
We will protect your metadata and other information using technical and administrative security measures to reduce the risks of loss or misuse.
6. Further information
Further information is contained in your Iris Licence Agreement and Iris Services Contract (if applicable).
Last updated: 16 January 2019