Privacy notice

01. Introduction

As is true of most companies, ISG needs to collect and use your personal information for various purposes. ISG is a company registered in England and Wales under the registration number 10081578. Our registered address is Aldgate House, 33 Aldgate High Street, London EC3N 1AG. All references to ‘ISG’, ‘we’, ‘us’, ‘our’ are references to ISG Plc and its subsidiaries.

We understand that you care about your privacy, and we take that seriously. This Privacy Notice describes ISG’s policies and practices regarding its collection and use of your personal data.

02. Data protection officer/ Data protection specialist

ISG has appointed an internal data protection officer/ data protection specialist for you to contact if you have any questions or concerns about ISG’s personal data policies or practices. ISG’s data protection officer’s name and contact information are as follows:

Data Protection Team
ISG
Aldgate House
33 Aldgate High Street
London  EC3N 1AG
data.protection@isgplc.com

03. How we collect and use (process) your personal information

As with other companies, we collect personal data through various channels including, but not limited to, the following channels:

  • Email marketing campaigns and communications (to individuals who have already consented to receive them)
  • Social media communications
  • Search engine marketing (SEO/PPC/affiliates)
  • Offline marketing campaigns linked to ISG websites
  • Business cards
  • Face to face meetings (during the conducting of business)

Mostly, the personal data we collect is limited to the kinds of information that can be found on a business card: first name, last name, job title, employer name, work address, work email, and work phone number. In some instances, only when appropriate, we may ask you for other specific personal data, although this will always be optional (for example, dietary requirements in advance of an event, or your hobbies and interests). We will store your details on ISG’s CRM database in accordance with our marketing data storage and retention policy (see section 8).

The method we use to record your consent is primarily via our consent preference centre, which is available via buttons on pages of our website, or via the footer on any website page (https://www.isgplc.com).

Our consent preference centre enables you to record your consent for us to send you marketing content, based on optional preferences that you control. This includes:

  • Services we offer that you are interested in: fit out, new build construction, engineering-led construction services, consultancy services
  • Market sectors you are interested in: offices; retail; hotels, hospitality and leisure; technology, science and health; government, public sector and education
  • Geographical regions you are interested in: UK, Continental Europe,Middle East, Asia and The Americas
  • Type of content you are interested in: events, news and insights, products and services
  • Preferred method(s) of communication: email, telephone (voice/sms), post

How we use your personal information:

If you consent via our consent preference centre, we will send you free of charge marketing content which relates to the preferences you have set, until you tell us not to. You can change your preferences or remove your consent at any time via the same preference centre.

Events, news, insights and product and services information:

ISG hosts events throughout the year. These include in-person conferences (e.g. our ‘Security in the built environment’ seminar), or meetings or sessions we arrange during industry events. We also publish news, insights and information on our services. If you have used our consent preference centre to confirm you want to receive information about events, news, insights or our services, we will send you information in line with your preferences, free of charge, until you tell us not to.

We may also include forms on our website which enable you to sign up for specific events if you wish to, or download content such as insights or information about our services. Any data we collect from these specific forms will only be processed and used for purposes relating to the event or topic that the form relates to. It will not be used as consent to send you any other unrelated marketing content, although we will also offer you an optional opportunity to consent for us to send you carefully selected marketing content that we think you might be interested in, free of charge, until you tell us not to. Alternatively, you can access our consent preference centre and specify which topics you would like us to send you information about, on an ongoing basis, until you tell us not to.

When you make an enquiry to ISG

If you make an enquiry to ISG via our website, by email, or face-to-face (e.g. at an event), we may offer you an opportunity to consent to us storing your personal data, and also the option to use our consent preference centre to consent for us to send you information which reflects the preferences you select, on an ongoing basis, until you tell us not to.

04. When and how we share information with others

The personal information ISG collects from you is stored in one or more databases hosted by third parties located in the European Economic Area (EEA). These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval, or the storage and use of postal addresses for individuals who have consented freely to receive information from us by post.

The list of parties is shown below:

Company Data shared Reason for sharing
Microsoft Dynamics CRM Name, job title, email, telephone numbers, postal address, dietary requirements, connections with ISG employees, connection with projects or future projects, marketing preferences, marketing consent status (if consented) Microsoft hosts the software and databases that contain personal information
Sitecore First name, last name, job title, company name, work email Sending of email communications, e.g. news and insights, information about events, CX surveys
Team365 Postal addresses This is ISG's mailing and distribution company. Mailing details are only shared for individuals who have consented freely to receive information from us by post

05. Transferring personal data from the EU

ISG may transfer data to countries that have not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. ISG relies on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, ISG collects and transfers personal data to these countries only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of ISG in a manner that does not outweigh your rights and freedoms.

The countries outside of the European Economic Area (EEA) where ISG collects and transfers data are:

  • Australia
  • Brazil
  • China
  • Hong Kong SAR
  • Japan
  • Macau
  • Malaysia
  • Philippines
  • Singapore
  • South Korea
  • Taiwan SAR
  • United Arab Emirates
  • USA

06. Data subject rights

This Privacy Notice is intended to provide you with information about what personal data the ISG collects about you and how it is used. If you have any questions, please contact us at:

Data Protection Team
ISG
Aldgate House
33 Aldgate High Street
London  EC3N 1AG
data.protection@isgplc.com

Under the GDPR data subjects have the following rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

If you wish to exercise your rights as a data subject, please contact our Data Protection Team using the details below. If you simply want to unsubscribe from marketing consent you have given previously, you can visit our consent preference centre, which is available via the footer on any page on our website (https://www.isgplc.com).

07. Security of your information

To help protect the privacy of data and personally identifiable information you transmit through use of this Site, we maintain physical, technical and administrative safeguards. We update and test our security technology on an on-going basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

08. Data storage and retention

Your personal data is stored by ISG Plc on its servers, and on the servers of the 3rd party service providers ISG Plc engages, which are located within the European Union (EU), specifically the UK and Ireland. ISG retains data for different durations depending on the purposes for data collection and use. We have listed the retention periods in this notice. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact ISG’s Data Protection Team using the details below.

Data storage locations:

Web / email / social media platforms:

  • Sitecore experience platform/Rackspace: UK
  • Sitecore’s EXM email platform: UK

CRM platform:

  • Dynamics CRM: EU – IE/NL
  • Microsoft Azure: EU

Storage and transfer:

  • Outlook: EU
  • Local/shared drives: UK

Other:

  • Team 365 (UK)
Data retention review periods and storage durations:

Web / email / social media platforms:

  • Sitecore web experience: Annual review; seven years retention

CRM platform:

  • Dynamics CRM: Annual review; seven years retention
  • Microsoft Azure: Annual review; seven years retention

Storage and transfer:

  • Outlook: Annual review; two years retention
  • Local/shared drives: Annual review; five years retention

Other:

  • Team 365: one month retention (for direct mail/brochures if you have consented to receive information by post)

09. Questions, concerns or complaints

Please contact ISG Plc’s data protection team:

Data Protection Team
ISG
Aldgate House
33 Aldgate High Street
London  EC3N 1AG
data.protection@isgplc.com