Iris

Privacy Policy

Last updated: February 19, 2026

Table of Contents

1. Introduction

This Privacy Policy describes how Araminta Advisers ("we", "us", or "our") collects, uses, and protects your personal data when you use the Iris Grievance Platform ("Platform").

We are committed to protecting your privacy and ensuring the security of your information in compliance with the General Data Protection Regulation (GDPR).

2. Data Controller

The data controller for your personal information is:

Araminta Advisers
Email: info@araminta-advisers.eu

3. What Data We Collect

We collect different types of data depending on how you use the Platform:

Anonymous Complaints

  • No personally identifiable information (PII) is required.
  • You may submit complaints completely anonymously.

Registered Accounts

  • Name and email address.
  • Password (securely hashed).
  • Organization affiliation.

Complaint Content

  • Incident descriptions, locations, and dates.
  • Category of the grievance.
  • Company or supplier involved.

Evidence Files

  • Any files you upload are encrypted using AES-256-GCM.

Technical Data

  • IP addresses are used only for rate limiting and security, not for tracking.
  • Essential cookies for session management.

4. How We Use Your Data

We use your data solely for the following purposes:

  • To process and resolve grievances submitted through the Platform.
  • To facilitate secure communication between claimants and claim managers.
  • To improve the security and functionality of the Platform.
  • To comply with legal obligations.

5. Anonymous Reporting

The Platform is designed to support fully anonymous reporting. If you choose to report anonymously:

  • We do not collect your name or email.
  • We do not track your IP address linked to the report.
  • You are issued a unique tracking code to follow up on your case.

6. Data Security

We implement state-of-the-art security measures to protect your data:

  • Encryption: All sensitive data is encrypted at rest using AES-256-GCM.
  • Isolation: Multi-tenant architecture ensures data isolation between organizations.
  • Access Control: Row Level Security (RLS) ensures users only access data they are authorized to see.
  • Hosting: All data is hosted within the European Union.

7. Cookies

We use cookies strictly for essential platform functions:

  • Session Cookies: To maintain your login state.
  • Locale Cookies: To remember your language preference.
  • Security Cookies: To prevent Cross-Site Request Forgery (CSRF).

We do not use advertising or tracking cookies.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of your data.
  • Right to Rectification: You can ask us to correct inaccurate data.
  • Right to Erasure: You can ask us to delete your data ("Right to be forgotten").
  • Right to Restrict Processing: You can limit how we use your data.
  • Right to Object: You can object to our processing of your data.
  • Right to Data Portability: You can request your data in a structured format.

To exercise these rights, please contact us at info@araminta-advisers.eu.

9. Data Retention

We retain your data only as long as necessary:

  • Accounts: Until deleted by the user.
  • Complaints: For 5 years after case closure, for audit and compliance purposes.
  • Logs: System logs are retained for 90 days.

10. Third Parties

We do not sell your data. We only share data with:

  • Hosting Providers: Secure cloud infrastructure providers within the EU.
  • Legal Authorities: Only if required by law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes through the Platform.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

info@araminta-advisers.eu

Contact Us

Questions about this policy?

info@araminta-advisers.eu
Back to Home