Privacy and your data rights

1. Introduction

As is true of most companies, ISG needs to collect and use your personal information for various purposes. 

ISG is a company registered in England and Wales under the registration number 10081578. Our registered address is Aldgate House, 33 Aldgate High Street, London EC3N 1AG. All references to ‘ISG’, ‘we’, ‘us’, ‘our’ are references to ISG Ltd and its subsidiaries.

We understand that you care about your privacy, and we take that seriously. 

This Privacy Notice describes ISG’s policies and practices regarding its collection and use of your personal data.

If you are attending one of our project sites, please refer to the Site Privacy Notice for a description of the processing that is performed at that location.

2. Data protection officer

ISG has appointed an internal data protection officer for you to contact if you have any questions or concerns about ISG’s personal data policies or practices. ISG’s data protection officer’s name and contact information are as follows:

Data Protection Officer
ISG 
86 Sandy Hill Lane
Ipswich IP3 0NA 

data.protection@isgltd.com

3. How we collect and use your personal information

3.1. How we collect your data

We collect your personal information through various channels including, but not limited to, the following:

• Email marketing campaigns and communications 
• Social media communications
• Search engine marketing (SEO/PPC/affiliates)
• Offline marketing campaigns linked to ISG websites
• Business cards
• Face to face meetings when conducting our business
• Forms you fill in 
• Records of CCTV and other security systems
• Where we engage with our partners that enable you to register to visit our site, we may receive your personal data relevant to the visit
• Where we provide repair services to our partners, we may receive your personal information from entities and organisations that manage your property.
  
   

3.2. The types of data we collect

Personal Data for Marketing: Mostly, the personal data we collect is limited to the kinds of information that can be found on a business card or can be retrieved from your email enquiries or face to face meetings, namely your first name, last name, job title, employer name, work address, work email, work phone number and content of communications. If you subscribe to our newsletter via our website or a Consent Page, we will collect your email, first name, last name, as well as information about your communication preferences and interests. We can also collect your name or nickname, a photo on social media and content of communications, when you send us a message or interact on our social media pages If you choose to opt out of our mailing list, (submit requests to digital@isgltd.com) we will move your name and email address to our suppression list.

Personal Data for Events: When you register to attend an event organised by us, we may collect your first name, last name, job title, employer name, work address, work email, work phone number and content of communications. In some instances, only when appropriate, we may ask you for other personal data, although this will always be optional, for example, your dietary requirements.

Site Visitor’s Personal Data: When you register to visit any of our sites, we may collect your first name, last name, employer or school name, employer or school address, email, phone number, trade and CSCS Card Number. If you are provided with an induction, we will retain the information about it. We may also collect your photo, biometric data or CCTV footage necessary for health and safety and/or security purposes. We ask for information relating to social value and sustainability measures, but it is entirely voluntary if you wish to provide this to us. If you are under age 13, we require your parents’ or guardians’ consent to process your personal data; this consent is to be collected by the school or educational authority prior to the visit commencing.  Public Health measures are also put in place on our sites as appropriate, for example COVID screening or testing.

Tenants’ Personal Data: When a manager of your property requests us to repair it, we will obtain information with your first name, last name, phone number, address, email, time for availability, property defects, work orders, work completion information and content of communications. 

For more information, please see the Appendix below.

3.3. How we process your personal information on this website

Server Log Files

Purpose of data processing: When visiting this website, certain connection data is stored in a server log of the hosting provider. These server log files record, for example, the name of the requested file, your anonymized IP address, the date and time of the request, the amount of data transferred and the requesting provider (access data) and document the request. This access data is evaluated solely for the purpose of ensuring trouble-free operation of the site and improving this website.

Legal basis: The processing is carried out in the legitimate interest of maintaining the stability, security and functionality of the website.

Recipients: The services for hosting and displaying the website are provided by service providers as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data as well as all data collected in forms provided for this purpose on this website are processed on their servers.

Deletion period: All access data will be deleted no later than 30 days after the end of your visit to the website unless a security-related event occurs (e.g. a DDoS attack). In the event of such an event, server log files are stored until the security-relevant event has been eliminated and fully resolved.

Contact 

Purpose of data processing: You can contact us by sending us an e-mail or entering data in the end-to-end encrypted contact form. The data you enter and submit will be processed for the purpose of individual communication with you.

Legal basis: The data processing is carried out for the implementation of pre-contractual measures, for the fulfillment of a contract or based on our legitimate interests in providing an efficient and secure procedure communication.

News and Updates

Purpose of data processing: To provide you with information and updates about ISG, you can sign up to our newsletter. 

Marketing Policy: We will always exercise restraint and send you only materials that we feel are relevant to your interests.

If you no longer wish to receive any more updates, you can unsubscribe via the link in each newsletter. This link will send you to a Preference Centre where you can manage where you no longer wish to receive any newsletter or adapt your preferences. You can also unsubscribe by sending us a request to email@isgltd.com. We will move your name and email address to our suppression list to ensure you will no longer receive any marketing content. 

Legal basis: We process your data based on your consent.

Recipients: Our newsletters are sent through an external newsletter service provider who is engaged as a processor, who processes your data exclusively based on our instructions. 

Cookies

Purpose of data processing: Our website uses cookies. Cookies do not cause any damage to your device and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your terminal device and in your browser. 

All detailed information about the cookies used on this website can be found in our cookie consent banner. 

We would like to point out that the use and especially the comfort of use may be limited without the use of cookies. The cookies are set via a consent management tool.

Legal basis: We use cookies, which are strictly necessary for our legitimate interest (Art. 6 para. 1 lit. f) (GDPR) to provide a functional and safe website for you. For all other purposes, the placement of cookies requires your consent (Art. 6 para. 1 lit. a) (GDPR).

Social Media

Purpose of processing: For the purpose of establishing an online presence, we operate social media accounts. We regularly publish posts and communicate with you within the comments or via direct messages.

The respective provider assumes the data protection obligations towards you as a user, such as informing you about data processing, and is the contact person for your rights. This results from the fact that such a provider has direct access to the relevant information on the social media site and the processing of your data.

Insofar as you have given your consent to the respective social media operator, your data will be collected and stored when you visit our profile. The detailed use of your data by the respective social media operator, as well as a contact option and your rights and settings options in this regard to protect your privacy, can be found in the privacy notices of the operators linked below.

• Instagram: https://www.facebook.com/privacy/policy/
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• X (Twitter): https://twitter.com/en/privacy 
• Facebook: https://www.facebook.com/privacy/policy/ 
• Youtube: https://policies.google.com/privacy

Legal basis: Primarily, the processing is carried out within our legitimate overriding interest in establishing an online presence. Insofar as communication takes place with a view to initiating a contract, the processing is carried out for the fulfillment of contractual or pre-contractual measures.

Data Transfer: We cannot exclude a third country transfer, e.g. to servers located in the USA. Furthermore, we would like to point out that as the operator of a Facebook/Instagram page, we are jointly responsible with Meta (Facebook, Instagram) for processing the personal data of visitors to the page (Art. 26 DSGVO). For this purpose, we have concluded corresponding contracts with Meta.

If you have a profile for any of these social media sites and are logged in, the social media platform providers can, for example, analyze your usage behavior and create a usage profile corresponding to your usage behavior. This user data is regularly processed for market research and (personalised) advertising purposes.

4. Why we collect your information

4.1. Purposes

As is true of most companies, ISG Ltd needs to collect and use your personal information for various purposes, namely the following:

• Marketing: Personal information we collect to provide you with relevant information about our services and events, and respond to your enquiries
• Registration: Personal information we collect to register you for our events or site visits
• Health and Safety: Personal information we collect for your safety and the safety of others on project sites
• Security: Personal information we collect to ensure security on project sites
• Legal reasons: Personal information we are required to collect by law
• Tenancy repairs: Personal information we need to collect to arrange appointments for repairs at your property

4.2. Legal Basis for collecting and using your data

The legal basis for collecting and using your personal information for the above purposes are legitimate interests, consent and legal obligation.

For more information on ISG’s legal bases and legitimate interests please refer to the Appendix below or contact us at data.protection@isgltd.com

4.3. Automated decision making

We do not make any automated decision-making or profiling using your personal information.We use a tool (Hotjar) that tracks user experience of the site, but this does not collect your personal data. The default setting is that this tool remains turned off if you only wish to use functional or necessary cookies and is only enabled if you accept analytics cookies. Please read the cookie notice for more information.

4.4. How long we keep your personal information

The information we collect will be stored for the duration of your interest in ISG’s services, for the duration of events and visits on sites, provision of repairs, and in some instances longer, if required by regulatory authorities. Please see the Appendix for more information.

4.5. Our marketing policy

We will always exercise restraint and send you only materials that we feel are relevant to your interests.

If you consent via the website, we will send you free of charge marketing content which relates to the preferences you have set, until you tell us not to. If you consent via our Consent Page, we will send you marketing content which we select on your behalf, until you tell us not to. You can set/change your preferences or remove your consent at any time via the link at the bottom of the marketing content, or by submitting a request to digital@isgltd.com. 

We host events throughout the year. These include in-person conferences or meetings or sessions we arrange during industry events. We also publish news, insights and information on our services. If you have used our Preference Centre to confirm you want to receive information about events, news, insights or our services, we will send you information in line with your preferences, free of charge, until you tell us not to.

We may also include forms on our website which enable you to sign up for specific events if you wish to, or download content such as insights or information about our services. Any data we collect from these specific forms will only be processed and used for purposes relating to the event or topic that the form relates to. It will not be used as consent to send you any other unrelated marketing content, although we will also offer you an optional opportunity to consent for us to send you carefully selected marketing content that we think you might be interested in, free of charge, until you tell us not to. Alternatively, you can access our Preference Centre and specify which topics you would like us to send you information about, on an ongoing basis, until you tell us not to.

If you make an enquiry to ISG via our website, by email, or face-to-face (e.g. at an event), we may offer you an opportunity to consent to us storing your personal data, and also the option to use our Preference Centre to consent for us to send you information which reflects the preferences you select, on an ongoing basis, until you tell us not to.

5. Sharing your personal information

The personal information ISG collects from you is stored in one or more databases hosted by third parties located in the European Economic Area (EEA). These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval.

We may share your information with other organisations or divisions within the ISG group. Where we need to share data outside the EEA, for example to one of our Global ISG offices, we will apply appropriate safeguards. We may also have to share your personal information with law enforcement authorities where we are required to do so by law.

The list of parties is shown below:

Company	Data shared	Reason for sharing
CRM system provider	Name, job title, email, telephone numbers, postal address, dietary requirements, marketing preferences and interests, marketing consent status (if consented), suppression list	This cloud-based database is used to store your personal information in relation to marketing
Web, email, social media platforms	Name, job title, email, telephone numbers, postal address, work, name or nickname on social media, photo on social media, content of communications	These service providers help us to respond to any of your enquiries
Email, mail and surveys distribution providers	First name, last name, job title, company name, work email, postal address	These service providers help us to deliver email and mail communications to you, e.g. news and insights, information about events, CX surveys
Biometric systems providers	Biometric data: fingerprints, retina scans	This only applies to sites where biometric scanners are installed. This technology helps us to carefully identify persons accessing our sites
CCTV systems providers	CCTV footage	This only applies to sites where CCTV is installed for security reasons
Customer care database	First name, last name, phone number, address, email, time for availability, property defects, work orders and work completion information	This database is used to report information on property repairs
Sub-contractors	First name, last name, phone number, address, email, time for availability, property defects, work orders and work completion information	This only applies where we need to use sub-contractors to engage for property repairs

6. Your rights

Under the GDPR data subjects have the following rights:

• The right to be informed of any data processing
• The right of access to your personal data
• The right to rectification of your personal data, in some circumstances
• The right to erasure of your personal data, in some circumstances
• The right to restrict processing of your personal data, in some circumstances
• The right to data portability, in some circumstances
• The right to object to the processing of your personal data, in some circumstances
• The right to withdraw consent to the processing of your personal data, where applicable.

If you wish to exercise your rights as a data subject, please contact us at data.protection@isgltd.com

If you wish to unsubscribe from our marketing communications, you can contact us at email@isgltd.com.

Additionally, if you are aged under 13, we may require your parents’ or guardian’s consent for you to exercise any of your rights.

7. Security of your information

To help protect the privacy and confidentiality of your personal information, we maintain physical, technical and administrative safeguards. We update and test our security technology on an on-going basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

8. How long we keep your personal information

The duration of data storage depends on the respective processing activity. If the retention period is not specified further, your personal data will be deleted or blocked as soon as the purpose or legal basis of the storage ceases to apply. Personal data will not be deleted if storage is required by law or in the event of possible legal dispute.

9. Changes to the privacy policy

We reserve the right to adapt this privacy policy so that it always complies with the current legal requirements. The current version of the privacy policy applies.