Privacy Policy - IrisEvents

1. Who We Are & How to Reach Us

IrisEvents is operated by Garver Systems (“IrisEvents”, “we”, “us”), which acts as the data controller for personal data processed through this platform. We are established in the European Union and primarily operate from the Netherlands.

You can reach our team at contact@garversystems.com. This inbox also serves as our Data Protection contact point. If you participate through an event organizer, you may additionally address requests to them, and we will coordinate as joint controllers where applicable.

2. Information We Collect

When you register for or attend an event through IrisEvents, we process the following categories of information:

Identity & Contact Data: First and last name, primary email address, optional backup/contact email, and any nickname you provide for your badge.
Professional Profile Data: Company, job title, LinkedIn URL, website, Instagram handle, and other badge fields the organizer chooses to collect.
Profile Photos: Optional profile photographs you upload during registration, which are processed, cropped, and stored to display on your badge and in connection views.
Event Question Responses: Answers to organizer-defined registration questions (multiple-choice or free text) and any challenge participation data.
Networking & Connection Data: Badge IDs we assign, scans/connections you make with other attendees, and challenge assignments related to your badge.
Usage & Technical Data: Session identifiers, authentication cookies, timestamps of key actions (registration, check-in, summaries sent), and basic device information captured through server logs for security and troubleshooting.

We collect information directly from you, from the event organizer responsible for the event you attend, and automatically from the application when you interact with the platform.

3. How We Use Your Information

We process personal data for the following purposes:

To register you for an event, manage attendance limits, and issue a unique badge ID.
To print and display badges (including your profile photo if provided), facilitate networking, and share the profile details you choose to provide to other attendees.
To process and store profile photos you upload, including automatic cropping and resizing for optimal display on badges and in connection views.
To provide organizers with dashboards, CSV exports, and event summaries so they can run the event you signed up for.
To email you event status information, connection summaries, and operational notices using our mail service.
To secure the platform and ensure you are in full control of your event profile.
To generate general (non individual-specific) event engagement reports for the event organizer.

4. Legal Bases for Processing

Under the GDPR, we rely on the following legal bases:

Contractual necessity: Core registration data, badge creation, organizer dashboards, and post-event connection summaries are required to deliver the services you request.
Legitimate interests: Maintaining platform security, generating anonymized analytics, preventing duplicate registrations, and improving workflows. We balance these interests against your rights and provide opt-outs where needed.
Consent: Optional profile fields, social links, marketing opt-ins requested by organizers, and cookies that are not strictly necessary will only be processed when you actively choose to provide them.
Legal obligations: Retaining certain transactional records and cooperating with lawful access requests.

5. Information Sharing

Your data is shared only as needed to run the event experience:

Other attendees: Only the badge details you choose to display (name, profile photo if provided, selected profile fields, and printed question answers) become visible when someone scans your badge. Your profile photo will be displayed on your badge and in connection views to help other attendees identify you. During the event, you can revoke your profile information from anyone who has previously scanned your badge.
Event organizers: Organizers can view and export registration data for their own events inside our dashboard and may download CSV copies. This includes access to your name, email address, and any other profile details.
Service providers: We use vetted processors for hosting and email (Hostinger currently supplies our hosting, databases, and mail services). These providers keep IrisEvents production data on EU-based datacenters, and are obligated to protect it.
Legal and safety disclosures: We may disclose data if required by law or necessary to protect the rights, safety, or property of attendees, organizers, or IrisEvents.
Challenge feature: When you participate in Challenges, suggested matches initially show only the person's first and last name so you know who to find on the floor. No other profile details (company, title, social links, answers, or profile photo) appear until you or the matched attendee scan the other's badge, at which point the full badge profile becomes visible to both of you.

We do not sell attendee data or permit processors to use it for their independent marketing purposes.

6. International Transfers

All web servers, application code, and the database that powers IrisEvents are hosted with Hostinger on infrastructure located inside the European Union. When we send transactional emails through Hostinger’s mail gateways, traffic may transit other regions, but Hostinger’s processing remains bound to EU data-protection standards. If we ever rely on a provider that stores or accesses data outside the EEA, we will implement Standard Contractual Clauses or an equivalent safeguard before any transfer occurs.

7. Data Retention and Deletion

We store personal data only as long as necessary for the purposes described above:

Event-specific registration data: Automatically deleted (including badge connections, challenge assignments, profile details, connection summaries, and profile photos) within 48 hours after the event ends. IrisEvents admins can trigger deletion sooner. When a registration data is deleted, the associated profile photo file is also permanently removed from our database. Please note that event organizers may retain information such as names and emails as part of our registration service.
Organizer account data: Maintained while the account is active and for up to 24 months after the last login to enable reactivation and comply with bookkeeping requirements.
Server and security logs: Stored for up to 12 months unless a longer period is required for investigations.

You can request deletion at any time. Once the request is verified, we will erase or anonymize relevant records (including profile photos) and notify the affected organizer.

8. Data Security & Breach Response

We implement appropriate technical and organizational measures, including TLS encryption, server hardening, access controls tied to user roles, and periodic code reviews. In the event of a data breach affecting your personal data, we will notify the competent supervisory authority within 72 hours where required and will inform affected users without undue delay when the breach is likely to result in a high risk to their rights and freedoms.

9. Your Rights

Depending on your location, you may have the following rights over your personal data:

Access the information we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion (erasure) of your data.
Request restriction of processing.
Object to processing carried out on the basis of legitimate interests.
Receive a portable copy of the data you provided in a structured, commonly used format.
Withdraw consent at any time without affecting prior lawful processing.
Lodge a complaint with your local supervisory authority (for example, the Dutch Data Protection Authority).

To exercise any of these rights, email contact@garversystems.com or work through your event organizer. We will respond within one month, or explain if additional time is required.

10. Cookies and Tracking Technologies

We use a minimal set of cookies and similar technologies:

Strictly necessary cookies: Session cookies (such as PHP session IDs) that keep you logged in and secure. These are required for the platform to function and are deleted automatically when your session expires.
Preference cookies: Organizer-specific settings (e.g., which view you last selected) stored in your browser. You may clear them at any time.

We do not run advertising or analytics cookies on attendee-facing pages. You can control cookies through your browser, but disabling essential cookies may prevent access to secure areas of the platform.

11. Third-Party Services

Besides event organizers, we currently rely on the following categories of processors: managed hosting providers, email delivery services, and optional integrations requested by organizers. Each provider is reviewed for security, bound by confidentiality, and prohibited from using your data for their own purposes.

12. Children's Privacy

Our services are intended for professional and business events and are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that such data was collected, we will delete it promptly.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the revised policy here, updating the “Last Updated” date, and, where appropriate, sending you an in-product or email notification.

14. Contact Us

If you have questions or concerns about this privacy policy or our data practices, please contact us:

Email: contact@garversystems.com
Through your event organizer or IrisEvents account representative