Last Updated: 05/03/2026
Effective Date: 29/05/2025
Thank you for using IRIS (“the Application”). “We”, in this privacy policy, refers to Catalink Ltd. We provide the App in the context of real-time detection and assessment of driver drowsiness and inattention. The primary goal of the Application is to continuously monitor the driver's alertness levels and provide immediate feedback to enhance safety on the road. We value your privacy and are committed to protecting your personal information. We are responsible for the collection and use of your personal data, as described in this privacy policy. This Privacy Policy explains how we collect, use, share, and safeguard your data when you interact with our services. By accessing or using our Application and its services, you acknowledge that you have read, understood, and agreed to the terms of this policy. We encourage you to review this document regularly to stay informed about our practices and your rights regarding your personal information. Your trust is essential to us, and we strive to uphold your privacy while delivering a secure and beneficial experience.
By downloading, accessing, or using our Application, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our Application. For further details, please refer to our website at https://iris.catalink.eu/.
When you use our Application, we may collect the following types of personal data:
● Facial Images: The primary type of data we collect includes facial images captured through the Application for the purpose of detecting driver drowsiness and inattention indicators (such as eye closure patterns, blink rate, yawning and head pose). We do not use facial images to identify you, authenticate you, or perform facial recognition for identity verification. The images may be used to analyze facial features for research purposes related exclusively to improving drowsiness and inattention detection algorithms. Facial images are collected with your explicit consent, and no images will be stored without this prior approval (by default, storage of facial images is disabled and requires an active opt-in by the user).
● Heart Rate Data: If you download the smartwatch app and pair it with the application we also collect heart rate data that are later on used for stress estimation. Heart rate data are collected with your explicit consent, and no heart rate data will be stored without this prior approval. Heart rate is used only to estimate stress/physiological state related to driving safety; it is not used for medical diagnosis.
● Demographic Information: In addition to facial images, we may also collect demographic information that could include:
○ Age: Your date of birth or age group to help categorize how different age groups respond to the research.
○ Gender: Information about your gender for analysis in relation to drowsiness detection performance across demographic groups (not for identification purposes).
● Account Information: Depending on the features of the Application, you may be asked to create an account. In this case, we may collect additional personal details like:
○ Username: A unique identifier for your account.
○ Full name: The full name of the user.
○ Email Address: To communicate with you regarding the research or account-related notifications.
○ Passwords: Stored using industry-standard hashing and security measures and are not stored in plain text.
All the data is stored securely in our in-house
CTL servers, located in Cyprus (EU/EEA) and access is limited to authorized personnel. Data
is encrypted in transit and protected at rest, and identifying information is
stored separately from image data.
The heart rate data is stored in a postgres database. The path to the facial images is stored in the same postgress database and the facial images are stored in the CTL inhouse servers.
The facial images and the heart rate data are stored only if the user agrees to the collection of the data. The default option is false. The demographic data are stored only if the user provides them during the registration process and are not mandatory. The main account information is securely stored and is mandatory in order to be able to use the application.
The Application may capture images that could incidentally include multiple passengers. However, the system is designed to detect and process only the face closest to the camera screen. Images or facial data of other passengers are not intentionally processed, analyzed, or stored. If image storage is enabled by the user, reasonable technical measures are applied to focus on the driver’s face and minimize incidental capture of other occupants.
We may also collect non-personal data, which does not identify you as a specific individual. This data helps us understand how users interact with the Application and improve our services. Non-personal data may include:
● Device Information: We collect certain information about the device you use to access the Application, including:
○ Device Type: The type of device (e.g., smartphone, tablet).
○ Operating System: The version of the operating system (e.g., Android, iOS) that your device is using.
○ Unique Device Identifiers: Such as the device ID or advertising ID, which help us recognize your device for analytics and error reporting.
● Usage Data: We gather data about your interactions with the Application, including but not limited to:
○ Session Duration: The amount of time you spend using the Application during each session.
○ Features Used: Information about the features or sections of the Application that you access and how frequently.
○ Crash Reports: If the Application crashes, we may collect data about the error to help improve app stability.
● Log Data: Like many online services, we automatically collect log data when you use our Application, including:
○ IP Address: The Internet Protocol address that your device is using, which helps us understand your geographical location in relation to our user base.
○ Timestamp: The time and date when you accessed the Application, which can help us analyze trends in use patterns.
The Application may use cookies and similar tracking technologies to enhance your experience. Cookies are small files placed on your device that help us recognize your device and improve your experience. The data we may collect through cookies includes:
● User Preference Cookies: To remember your preferences and settings in the Application.
● Analytics Cookies: Used to analyze user behavior and improve our Application based on that data.
You can manage cookie preferences through your device settings, but please note that disabling cookies may affect your ability to use certain functionalities of the Application.
If you are located in the European Economic Area (EEA) or other regions that govern data protection, our legal basis for collecting and using your personal data is dependent on the information we collect and the context in which we collect it. We will normally collect personal data from you only when:
● We have your consent to do so.
● We need the personal data to perform a contract with you.
● The processing is in our legitimate interests and is not overridden by your rights.
The personal data and non-personal data we collect through the Application serve several key purposes, primarily centered around the research project for which the data is being gathered. Below are the specific purposes for which we may collect and use your information:
● Drowsiness Recognition Studies: The primary aim of collecting facial images is to support our research in drowsiness recognition technologies. This includes developing algorithms that can accurately identify and analyze facial features and expressions across diverse demographics. We also gather heart rate data to accompany the facial images for stress detection and make the drowsiness recognition more accurate.
● Behavioral Analysis: The data collected may be used to study how various traits such as age, gender, and ethnicity can influence the effectiveness of drowsiness recognition systems in different contexts. Understanding these differences may lead to advancements in technology that can better accommodate diverse user groups.
● Model Training and Validation: The gathered data will be utilized to train machine learning models that are integral to improving the performance and reliability of drowsiness recognition systems. Validation processes involving real-world applications will also rely on this data to ensure the algorithm’s accuracy.
● User Experience Enhancements: Your feedback and usage data allow us to refine and enhance the features of our Application. By analyzing how users engage with different functionalities, we can make informed decisions on updates and improvements that better meet user needs.
● Performance Monitoring: We will use the data collected to monitor the Application's performance. This information helps us identify any technical issues or bottlenecks and ensures that our service runs smoothly and efficiently.
● User Communication: Your contact information (if provided) may be used to communicate important updates about the Application, including research findings, changes to terms or policies, and other relevant news. We want to keep you informed about the research project and its implications.
● Surveys and Feedback: We may occasionally contact you to participate in surveys or studies aimed at gathering feedback about your experience with the Application. Your input is invaluable in shaping future iterations of the Application.
● Compliance with Regulations: We may also collect and process your personal data to ensure compliance with applicable laws and regulations, including data protection laws and ethical guidelines pertaining to research. Maintaining legal compliance helps safeguard both the users and the research integrity.
● Security Measures: Data collection enables us to implement security measures to protect against unauthorized access and to detect, prevent, and respond to security incidents. This includes monitoring the Application for potential vulnerabilities or abuse.
● Anonymization of Data: In many cases, we may anonymize or aggregate your data before using it for research purposes, ensuring that no individual can be identified from the data used. Anonymized data can contribute to a broader understanding of trends without compromising individual privacy.
● Research Publication: Findings from our research may be disseminated through academic papers, conferences, or other public forums. Any data shared in published research will be in an aggregated or anonymized form, ensuring your privacy is maintained.
While certain data collection is necessary for the Application to function correctly, other types may be collected on a voluntary basis. You may choose to provide additional information or participate in optional features, such as advanced research functionalities, based on your consent.
We commit to handling your data in accordance with ethical research practices and according to guidelines established by relevant research institutions. Your engagement and consent are paramount to this process.
Your privacy is of utmost importance to us, and obtaining your informed consent is a key part of how we handle your data. This section outlines how we obtain, manage, and respect your consent regarding the collection and use of your personal information.
● Understanding of Data Collection: Before you use the Application, we provide clear and explicit information about what personal data will be collected, how it will be used, and the purposes of such collection. This is meant to ensure that you make an informed decision regarding your participation.
● Active Consent Mechanism: Your consent to the collection and use of your data will be obtained through an active mechanism, such as a checkbox or a similar prompt, that requires you to affirmatively agree to our Privacy Policy. Passive consent (e.g., not opting out) will not be considered valid.
● Consent is granted for specified purposes outlined in this Privacy Policy. You are informing us that you agree to the collection and use of your data solely for those outlined objectives.
● Right to Withdraw: You have the right to withdraw your consent at any time. Instructions for how to withdraw consent will be clearly detailed in our communications and within the Application. Upon receiving your withdrawal request, we will cease data collection and processing activities related to the previously granted consent.
● Consequences of Withdrawal: It is important to be aware that withdrawing your consent may affect your ability to use certain features of the Application, particularly those that rely on your data for functionality. We will inform you of any potential impacts prior to you making this decision.
● Age Restrictions: Users must be at least 18 years old to use the Application. By agreeing to this Privacy Policy, you represent and warrant that you meet this requirement.
● Third-Party Consent: If the Application involves any third-party services, we will clearly indicate when additional consent is required for sharing your data with those services. This way, you are fully aware of which external entities will have access to your data.
● Policy Updates: We may update our Privacy Policy, which could impact how we collect and use your data. We will notify you of significant changes and seek your consent again if the new policy modifies how we use your existing data.
● Ongoing Communication: We commit to maintaining open lines of communication regarding any changes that may affect your consent, such as new data use cases or modifications to our data-sharing practices.
The information we collect from our users is pivotal in enhancing the functionality, personalization, and security of the Application. This section delineates the various ways we use your information across different dimensions to improve your overall experience.
One of the primary uses of your information is to deliver and manage the core services offered by the Application. This includes:
● Account Management: Your details are essential for creating and managing your user account. This process involves authentication to ensure you can securely access your personalized features and content.
● Service Delivery: We utilize your data to fulfill your requests and provide the services you seek. Whether it is processing transactions, delivering content, or ensuring timely responses to your inquiries, your information plays a crucial role.
We are committed to maintaining clear and effective communication with our users. Your information allows us to:
● Customer Support: We use your details to address any questions, issues, or feedback you may have. Your information helps us provide a personalized support experience, making it easier to resolve concerns.
● Updates and Notifications: We inform you of important changes to our services, terms, or policies. Furthermore, we may send reminders and notifications relevant to your account or usage patterns, ensuring you are always informed.
● Promotional Communication: With your consent, we may reach out to you with newsletters, special offers, or updates about new features and services. You are always in control of your communication preferences and can opt-out whenever you choose.
The information we collect is vital for understanding user behavior and improving our services. This involves:
● User Behavior Analysis: We may analyze aggregated data to identify trends, preferences, and patterns in user interactions with the Application. This insight enables us to tailor the user experience, ensuring it aligns with your expectations.
● Product Development: Your feedback and usage data can inform our development efforts, allowing us to enhance existing functionalities and introduce new features that cater to user needs.
● Performance Monitoring: We continuously monitor the performance of the Application to ensure it functions optimally. Information collected helps us troubleshoot issues and measure the effectiveness of changes made.
Protecting your information is a top priority, and we leverage it to enhance our security practices:
● Fraud Prevention: We utilize your data to identify and prevent fraudulent activities, ensuring a safer environment for all users.
● Data Security: The information we collect helps us implement security measures that protect against unauthorized access, breaches, and other vulnerabilities.
We are committed to adhering to all applicable laws and regulations. Consequently, we may use your information in the following ways:
● Legal Compliance: Your data may be processed to comply with legal requests or subpoenas from regulatory authorities.
● Protection of Rights: In certain circumstances, we may need to disclose your information to protect the rights, property, or safety of our company, users, or others.
While we prioritize user privacy, there are instances where sharing your information is necessary:
● Service Providers: We may share your information with third-party service providers that assist us in delivering our services. These partners are bound by confidentiality agreements and are permitted to use your information only to perform specific functions on our behalf.
● Aggregate Information: We may also use or disclose non-personal aggregated information for research, or analysis purposes. This data does not identify individual users and aids in comprehending broader trends.
In summary, the use of your information is multifaceted, aimed at enhancing your experience while prioritizing your privacy and security. Each aspect of how we utilize your data is guided by a commitment to transparency, responsibility, and user empowerment.
The Application uses automated processing to detect signs of drowsiness
in real time and generate alerts. However, these alerts do not produce legal
effects or similarly significant effects on the user.
The system
analyses visual and/or sensor-based input to identify potential signs of driver
fatigue. When predefined thresholds are met, the system generates an alert to
warn the user. The user remains fully responsible for all driving decisions.
No decisions concerning the user are made solely by automated means
within the meaning of Article 22 GDPR.
We recognize the importance of your privacy and are committed to protecting your information. This section outlines the circumstances under which we may share or disclose your data, ensuring that you are fully informed about our practices.
To deliver our services effectively, we may share your information with trusted third-party service providers who perform tasks on our behalf. This could include: service providers that assist us with technical operations, such as data hosting, maintenance, and platform management may have access to your information as necessary for providing their services.
All service providers are obligated to protect your information and are strictly limited to using it for the purposes outlined in our agreements.
As of the effective date of this Privacy
Policy, we do not share, sell, license, or otherwise disclose personal data to
third parties. Should our data-sharing practices change, we will revise this
Policy and provide notice as required by applicable law.
We are obliged to comply with applicable laws and regulations, which may necessitate the sharing of your information under specific circumstances:
● Law Enforcement: We may disclose your information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
● Legal Proceedings: If we are involved in a lawsuit, arbitration, or similar legal proceeding, we may share your information to establish our rights, defend against legal claims, or comply with legal obligations.
In certain instances, we may disclose your information to protect the rights, property, or safety of our company, our users, or others:
● Emergency Situations: If we believe that disclosing your information is necessary to prevent physical harm or financial loss, we may act accordingly.
● Fraud Prevention and Investigation: We may share your information with relevant entities to investigate or prevent fraudulent activity, security breaches, or any misconduct.
In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be part of the assets transferred. In such cases:
● Notification: We will provide notice to you via email or a prominent notice on the Application if your information is transferred and becomes subject to a different Privacy Policy.
● Continued Protection: We will ensure that the acquiring entity inherits our obligations regarding the protection of your information.
We may use and share aggregate or de-identified information derived from your data, which does not identify you personally for research or analysis purposes, helping us understand user trends and improve services.
In cases where specific sharing practices are not covered by the sections above, we may seek your explicit consent before disclosing your information:
● Opt-In Agreements: Depending on the context, we may ask for your permission to share data with third parties for particular purposes, such as marketing communications or participation in surveys.
● Clear Communication: We strive to communicate the purpose and extent of any sharing arrangement for which we seek your consent.
Please be aware that our Application may contain links to third-party websites or services that are not operated by us:
● External Privacy Practices: We do not control these third-party services and their privacy practices. We encourage you to review the privacy policies of any external sites you visit, as they may have different guidelines regarding data collection and usage.
● No Responsibility: We are not responsible for the content, privacy policies, or practices of any third-party websites or services.
We are committed to retaining your information only to fulfill the purposes outlined in our Privacy Policy, comply with legal obligations, and ensure that our services operate effectively. This section provides an in-depth look at our data retention practices.
Where data must be retained to comply with legal obligations or to
establish, exercise, or defend legal claims, we retain such data for the
duration of the applicable statutory limitation period.
We retain your account data (such as name, email address, profile information, and application settings) for the duration of your account relationship.
· Active accounts: Account data are retained for as long as your account remains active.
· Inactive accounts: If your account remains inactive for 24 consecutive months, we may notify you using your registered email address. If no response is received within 30 days of notification, your account and associated personal data will be deleted within an additional 30 days.
· Account deletion at Your request: If you request deletion of your account Your account data will be deleted or irreversibly anonymized within 30 days of your request. You will no longer be able to access the account after deletion. Once deleted, your account cannot be restored and a new registration will be required to use the Application.
We may retain transaction history and usage data for various reasons:
● Usage Analytics: We may retain aggregated or anonymized usage data indefinitely to analyze trends, improve services, and enhance user experience, as it does not contain personally identifiable information.
To comply with applicable laws, we may retain your data for specific periods:
● Regulatory Compliance: Legal obligations, such as tax or accounting laws, may require us to retain records for certain durations. We carefully evaluate our obligations and retain data accordingly.
● Investigation and Legalities: In the event of potential legal claims or investigations, we may retain your information until the matter is resolved or until we are no longer required to keep it.
When the retention period has expired or when you request deletion, we ensure that data is disposed of securely:
● Deletion Processes: We follow standard data deletion protocols to permanently remove your personal information from our active databases, ensuring that it cannot be recovered.
● Anonymization Methods: In some cases, rather than deleting data outright, we may anonymize the information, rendering it untraceable to you while retaining it for analytical purposes.
Our data retention policies are subject to periodic review, and we may update them in response to:
● Changes in Regulations: As laws and regulations evolve, we adapt our retention practices to ensure continued compliance, safeguarding both user and corporate interests.
● Operational Needs: As our business needs and operational practices evolve, we may adjust our data retention periods to improve efficiency and effectiveness.
You have rights associated with your data retention preferences, including:
● Access and Informed Choices: You can request access to your personal data, inquire about our retention practices, and express preferences regarding how long we retain your information.
● Deletion Requests: You have the right to request the deletion of your information, subject to certain legal obligations and retention policies. We will promptly address your requests in accordance with applicable laws.
If you are located in a region with specific data protection regulations, such as the GDPR in the European Union, additional principles regarding data retention may apply:
● Data Minimization: We adhere to principles of data minimization, ensuring we only retain information that is necessary for our specified purposes.
● User Rights: Users in such regions have enhanced rights regarding data access, correction, deletion, and the duration of data retention, and we strive to honor these rights in our practices.
We prioritize the security of your information and are committed to implementing robust technical and organizational measures to protect your data from unauthorized access, loss, misuse, and alteration. This section details our security practices and protocols.
To safeguard your information, we use encryption technologies:
● Transmission Security: Sensitive data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) to protect against eavesdropping and interception during transmission. All communications between users and our API at https://iristest.catalink.eu are secured using TLS 1.3, the latest and most secure standard for encrypted web traffic. This ensures that any data transmitted to and from the API is encrypted in transit, protecting it from eavesdropping or tampering. Internally, our infrastructure is configured to proxy requests through a secure, TLS-terminating gateway (Nginx Proxy Manager), which then routes traffic to the backend service.
● Data Storage Security: Sensitive personal information stored on our servers is encrypted to deter unauthorized access, ensuring that even if data is compromised, it remains unreadable without the appropriate decryption keys.
We implement strict access control measures to ensure that only authorized personnel have access to your information:
● Role-Based Access: Access to personal data is limited to employees and contractors whose roles require it for their job functions. Each individual is assigned access rights based on the principle of least privilege.
● Authentication Mechanisms: We utilize strong authentication procedures, to enhance security and verify the identities of users accessing sensitive information.
To ensure ongoing security, we conduct regular audits and assessments of our systems and practices:
● Vulnerability Assessments: Our security team conducts routine vulnerability assessments to identify and address potential weaknesses in our systems.
● Internal Audits: We perform internal audits to evaluate compliance with our security policies, procedures, and applicable regulatory requirements, ensuring continuous improvement in our security posture.
We have established an incident response plan to efficiently manage and mitigate potential security breaches:
● Monitoring and Detection: We continuously monitor our systems for unusual activity and have processes in place to detect and respond to security incidents promptly.
● Incident Reporting: In the event of a data breach, we will notify affected individuals in accordance with applicable laws and regulations and will include information on the nature of the breach, the data involved, and recommended protective measures.
We implement technical and organizational measures to ensure that personal data are adequate, relevant, and limited to what is necessary for the purposes described in this Privacy Policy.
For data minimization we apply the following measures:
· Purpose limitation: Personal data are collected solely for specified and legitimate purposes and are not further processed in a manner incompatible with those purposes.
· Facial images and heart rate data collection: Storage of drowsiness detection data require explicit user activation and consent. By default, such data are not stored.
· Local processing by default: Real-time image and sensor data used for drowsiness detection are processed locally on the device and are not stored unless the user has expressly consented to storage.
· Access Controls: Access to personal data is limited to authorized personnel strictly on a need-to-know basis.
For retention and deletion controls, to minimize storage risks:
· Personal data are retained only for the specific retention periods set out in Section 6.
· Upon expiration of the applicable retention period, data are permanently deleted or irreversibly anonymized.
We periodically review stored personal data to ensure that data which are no longer necessary are securely deleted or anonymized.
We believe that employee awareness and training are critical to maintaining data security. We promote a culture of security awareness where employees understand their roles and responsibilities in protecting personal information and report any suspicious activities.
When engaging third-party service providers, we ensure they adhere to stringent security standards:
● Vendor Risk Management: We conduct due diligence and assessments of third-party service providers’ security practices to ensure they align with our security policies.
● Contractual Obligations: Our contracts with third-party providers include provisions mandating appropriate security measures, data protection commitments, and responsibilities in the event of a data breach.
While we take significant measures to protect your information, we also encourage users to take proactive steps to enhance their security:
● Strong Passwords: Choose strong, unique passwords for your accounts and change them regularly. Avoid using easily guessable information, such as names or birthdates.
● Device Security: Ensure that the devices you use to access our services have up-to-date antivirus software and are secured with passwords, biometric locks, or other protective measures.
While we strive to implement effective security measures, no system can be completely secure:
● Acknowledgment of Risks: You acknowledge that there are risks inherent in the transmission of information over the internet and that we cannot guarantee complete security.
● Ongoing Improvements: We continually evaluate and enhance our security practices to meet evolving threats and vulnerabilities but cannot be held responsible for unauthorized access to your information beyond our control.
As a user of our services, you have certain rights concerning your personal information. This section outlines these rights, providing detailed explanations on how you can exercise them and what they entail.
You have the right to request access to the personal information we hold about you:
● Requesting Information: You can submit a request to gain insight into what personal data we collect, how it is processed, and the specific purposes for which it is being used.
● Response Time: We will respond to access requests without undue delay and, in any event, within one month of receipt of the request. Where permitted by applicable law, this period may be extended by up to two additional months where necessary, taking into account the complexity and number of requests. If an extension is required, we will inform you within the initial one-month period.
If you believe that your personal information is inaccurate or incomplete, you have the right to request its correction:
● Updating Information: You can request that we update or correct any inaccurate data. We encourage users to keep their information current, and we provide options within our platform to modify account details.
● Verification Process: We may require you to verify your identity before processing requests for rectification to ensure that personal data is updated securely.
You have the right to request the deletion of your personal information under certain circumstances:
● Conditions for Deletion: You may request erasure if:
○ The data is no longer necessary for the purposes for which it was collected.
○ You withdraw consent and there are no alternative legal grounds for processing.
○ You object to processing and there are no overriding legitimate grounds for the processing.
● Limitations: Please note that we may retain certain information as required by law or for legitimate business purposes, even after erasure.
You have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format:
● Obtaining Your Data: You can request access to your data in a way that enables you to transfer it to another service provider or system if technically feasible.
● Scope of Portability: This right only applies to the personal data you have provided to us directly and for which we are processing based on your consent or contract.
You have the right to object to the processing of your personal information, particularly in the following contexts:
● Automated Decision-Making: If we are carrying out automated decision-making that significantly affects you, you have the right to contest such decisions, and we will provide you an opportunity to present your case.
You have the right to request a restriction on the processing of your personal information under specific circumstances:
● Conditions for Restriction: You may request a restriction if:
○ You contest the accuracy of the personal data.
○ The processing is unlawful and you request a restriction instead of erasure.
○ We no longer need the personal data, but you require it for legal claims.
● Implications of Restriction: During the restriction period, we may continue to store your data but will not process it further unless you consent or for legal reasons.
When we process your personal information based on your consent, you have the right to withdraw that consent at any time:
● Easily Withdraw Consent: You can withdraw your consent through your account settings or by contacting us directly. Your request will not affect the lawfulness of processing based on consent before its withdrawal.
● Impact on Services: Please note that withdrawing consent may affect your ability to use certain features or services that require the processing of your data.
If you believe that we have not processed your
personal information in accordance with applicable data protection laws, you
have the right to lodge a complaint with a supervisory authority:
● Filing a Complaint: You may lodge a complaint with the data protection authority in your country of residence, place of work, or place of the alleged infringement.
● Other Remedies: Exercising this right does not affect your right to seek judicial or other administrative remedies where available under applicable law.
To exercise any of the rights outlined above:
● Submitting Requests: You can submit requests via our designated contact methods, such as email or an online form available on our website. Make sure to provide sufficient information to verify your identity.
● Identification Requirements: For your protection, we may require proof of identity to respond effectively to your request, ensuring that only authorized users can access or modify their information.
We take your rights seriously and will respond to your requests in a timely manner:
● Acknowledgment of Requests: Upon receiving your request, we will acknowledge it and inform you about the expected timeframe for a full response (typically within 30 days).
● Limitations on Rights: While we strive to honor your requests, there may be limitations based on legal obligations or legitimate interests that may override your specific requests.
If you are located in regions with specific data protection regulations (e.g., the General Data Protection Regulation in the European Union), additional rights may apply:
● Rights Specific to GDPR: You may have enhanced rights under GDPR, including the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been infringed.
● Additional Protections: We are committed to respecting and adhering to applicable regulations relevant to our users, ensuring that we facilitate your rights effectively.
To exercise these rights, please contact us at info@catalink.eu.
We recognize the importance of keeping our users informed about how we handle your personal information. As such, this section details our processes for making changes to this privacy policy.
We may modify this privacy policy for several reasons, including but not limited to:
● Legal and Regulatory Updates: Changes in laws and regulations regarding data protection and privacy may necessitate updates to our policy to ensure compliance.
● Business Changes: If we undergo changes in our business practices, such as mergers, acquisitions, or new service offerings, our privacy policy may need to be adjusted accordingly.
● Enhancements to Services: As we develop and enhance our services, it may require us to update our data collection and usage practices, leading to changes in our privacy policy.
● Feedback and Continuous Improvement: User feedback may prompt us to clarify our practices or enhance transparency, which may result in policy modifications.
When we make changes to this privacy policy, we will ensure users are adequately informed:
● Prominent Notification: We will display a prominent notice on our Application, highlighting that a change has been made to the privacy policy.
● Email Notifications: If we have obtained your consent for communication, we may send you an email notification detailing the changes, particularly if they significantly affect how your personal information is processed.
● Version History: We will maintain a version history of the privacy policy on our website, allowing you to review previous versions as needed.
By continuing to use our services after changes are made to the privacy policy, you signify your acceptance of the new terms:
● Implied Consent: Your continued interaction with our services after the effective date of the updated policy will indicate your acceptance of the changes.
● Right to Review: We encourage you to review the privacy policy periodically to stay informed about how we process your data and your rights under the policy.
Each updated version of this privacy policy will include an effective date, clarifying when the new terms take effect:
● Immediate Effect: Changes may take immediate effect, except where the law requires a grace period for certain changes.
● Transitional Provisions: If necessary, we will include transitional provisions to ensure that previously collected data is handled in accordance with the terms of the prior version if it affects your rights negatively.
We value user input regarding our privacy practices and policy changes:
● Contact Information: If you have any questions, concerns, or feedback about the changes to our privacy policy, please contact us using the contact information provided in the policy.
● User Engagement: We welcome suggestions for improvement and will consider user feedback when evaluating future updates to our privacy policy.
If changes involve collaboration with third parties or changes in the data-sharing practices, we may link to their privacy policies for clarity:
● Transparency with Partners: We will highlight any new affiliations or partnerships, ensuring users are aware of how their data may be handled by third-party organizations.
● Comprehensive Understanding: By providing links to external policies, we aim to give users a complete understanding of their data’s journey beyond our services.
If you have any questions regarding IRIS's privacy policy, the data we maintain about you, or if you'd like to exercise any of your data protection rights, please feel free to reach out to us.
Catalink Ltd
Charitinis Sakkada 5
Nicosia, 1040
Cyprus
Phone: +357 22 263 921
Email: iris-info@catalink.eu
Thank you for using IRIS!
Your privacy is important to us.