Gift Vouchers Are Out! Buy Now

Privacy Policy

Last updated: 24 October 2025

Who we are: IRISINFRAME LTD (“we”, “us”, “our”).

Contact: contact@irisinframe.com

1. What this notice covers

This Privacy Policy explains how we collect, use, and share personal data when you visit our website, purchase our products (including gift vouchers), or contact us.

2. The data we collect

  • Identity & contact: name, email address, phone number (if provided), postal address (for delivery).
  • Order details: items purchased, order number, delivery preferences.
  • Marketing preferences: your opt-in/opt-out choices.
  • Payment info: payments are processed by Revolut. We receive payment confirmations and limited metadata (amount, time, card brand and last 4 digits). We do not store full card numbers or CVV.
  • Images: iris photographs taken by us (see “Images & copyright”).
  • Website data: basic technical logs for security and performance. We do not use non-essential cookies or tracking technologies. If this changes, we will update this notice and obtain consent where required.

3. Why we use your data & lawful bases

  • Fulfil purchases and deliver goods (Contract).
  • Process payments and prevent fraud (Legitimate interests; Legal obligation).
  • Customer service and returns (Contract/Legitimate interests).
  • Marketing our own products only:
    • Email based on consent (where you opt in) or soft opt-in for existing customers buying similar products. You can unsubscribe at any time.
  • Legal and tax compliance (Legal obligation).

4. Images & copyright

All iris photographs we take are stored on our physical and cloud storage. We retain full copyright and ownership in every image. Customers receive a personal, non-commercial licence to display, share, and print purchased images/prints for personal use. Commercial use requires our prior written permission.

5. Sharing your data

  • Payment processing: Revolut (independent controller of payment data).
  • Delivery & logistics: postal/courier providers (shipping addresses only).
  • IT & hosting: secure website/hosting/cloud storage and email services under data-processing agreements.
  • Legal/compliance: regulators or authorities where required by law.

6. International transfers

If any provider stores data outside the UK/EEA, we use appropriate safeguards (e.g., UK IDTA/Standard Contractual Clauses or adequacy decisions).

7. Retention

  • Orders & invoices: 6 years from your last transaction (tax/legal).
  • Marketing data: until you opt out or your consent is withdrawn.
  • Images: retained for business records and portfolio management unless you lawfully request deletion (where applicable) or we choose to delete earlier.

8. Your rights

You may request access, correction, deletion, restriction, objection, and data portability, and withdraw consent at any time. To exercise rights, email contact@irisinframe.com. You can complain to the ICO (ico.org.uk); please consider contacting us first.

9. Security

We use administrative, technical, and physical safeguards and limit access to personal data on a need-to-know basis.

10. Contact

Questions about this notice: contact@irisinframe.com