Privacy Policy
We are committed to protecting your privacy and will handle your personal data in accordance with this ISS Global Privacy Statement (hereinafter referred to as “Privacy Statement”) and our obligations under the EU General Data Protection Regulation and/or applicable local data protection regulations. This Privacy Statement covers the ISS Group of companies as listed in our consolidated Group Annual Report.
Personal data means any information relating to an identified or identifiable natural person (“data subject”) such as your name, address, telephone number and email address.
Special categories of personal data are used to describe a subset of personal data, which is considered more sensitive, and may include information such as race, ethnic origin, religion, sexual orientation, health information and trade union memberships.
1
What kind of personal data do we process about you and why we do so?
We collect personal data concerning our employees, potential employees (i.e. job candidates, job applicants), customers, suppliers, customers’ and suppliers’ representatives, investors/shareholders, other stakeholders and users of our websites. Concerning collection of personal data under our whistleblower system (“Speak-Up System”), please refer specifically to Section 3 of this Privacy Statement.
The types of personal data that we may ask you to provide include, but are not limited to, contact information (such as name, address, telephone number and email address), business-related information, photos, videos and identification documents.
2
We collect your personal data for the following purposes:
-
Talent management (e.g. to identify potential candidates, recruit and develop employees, etc.)
-
Administration (e.g. employee administration, maintenance of shareholder registers, etc.)
-
Communication (e.g. with investors/shareholders, current and potential customers, other stakeholders, etc.)
-
Provision of our services (e.g. to facilitate transactions; analyse and optimise operations; promote our offerings; handle complaints, manage contractual relations, etc.)
-
Procurement of services and products (e.g. to facilitate transactions; analyse markets; analyse and optimise our supply chain, manage contractual relations, etc.)
-
Monitoring use of our systems and websites (e.g. to ensure secure and compliant use, to analyse and personalise user experience, etc.)
Our processing of your personal data for the above-mentioned purposes is based on our legitimate interest, including without limitation our legitimate interests to attract, select and manage employees; provide credible and relevant communication and develop our business. We may also process your personal data in order to comply with legislative and regulatory requirements. In certain situations, we may also process your personal data based on your consent.
We retain the right to potentially withhold information or services if we are not able to identify you based on the information provided. Therefore, although it is your right to not provide us with the requested information, this may limit our ability to assist you or fulfil your requests.
Our whistleblower system (“Speak Up system”)
In line with the ISS Values and Code of Conduct, the business integrity of ISS is non-negotiable. We are committed to conducting our business in accordance with the law and high ethical standards. We have therefore established a whistleblower system called the Speak Up system under which we may also process your personal data. Please refer to our Speak Up Policy for further information about such processing of your personal data, including without limitation information about types of personal data processed, purpose of processing, data subject rights, etc.
3
How do we collect your personal data?
We usually collect personal data directly from you (unless you otherwise provide your consent for us to obtain such data from third parties). We collect the personal data you give us through your use of our website, social media, during phone calls with our representatives, when we deliver and administer services to you and on forms or other correspondence completed by you.
If we receive personal data about you that we have not requested, and which is not of relevance to the processing activities in question, we will delete or permanently anonymise the data, unless otherwise required by law.
4
Cookies
When you visit our website and consent to the use of cookies, it will save a cookie on your device. This is a small piece of information stored on your hard drive, which tells us that your device has accessed our website.
The cookie will not be able to directly identify you. If you do not want us to use cookies, you can set your browser to reject them. If you consent to our use of cookies on our website, we will process your personal information with regard to how you use our website and we use cookies to collect data from our website for the purpose and based on our legitimate interest to help us understand which of our pages are most popular and when the peak usage times are, along with other information about Internet Protocol (IP) addresses, referring website addresses, application activity logs and error logs that helps us improve the content and make the navigation on our website easier.
ISS uses Google Analytics or similar tools to obtain trend information about users interactions with our website, for system administration purposes and to identify problems and improve the website. Google Analytics uses first-party cookies to report on visitor interactions. These cookies are used to store information, such as what time the current visit occurred, whether the visitor has been to the site before, and what site referred the visitor to the web page. For further information about Google Analytics, and for links to Google’s Privacy Policy and an opt-out tool for Google Analytics, go to https://support.google.com/analytics and review the Data Privacy and Security section.
No cookies controlled by ISS will be saved on your device unless you consent to it. An exemption to this rule is cookies that are needed for core functionality of the site. You can choose a setting in the browser which allows the storage of cookies conditional upon consent. If you only want to accept the cookies of ISS but not the cookies from our service providers and partners, you can select the setting "Block third-party cookies" in your browser. Generally, there will be a display via the Help function in the menu list of the web browser telling how to reject new cookies and disable ones already received.
5
Links
Our website may contain links to third party websites. Please note that the terms of this ISS Global Privacy Statement do not apply to external websites. If you wish to find out how a third party handles your personal data, you will need to contact such third party and refer to their privacy statement.
6
Do we disclose personal data to third parties?
We may share your personal data, for any of the purposes mentioned in section 2 above, with third parties. Such third parties include: Other corporate entities, agents, external advisors, our external service providers and contractors (such as any mail provider, commercial agent or support services), government agencies including law enforcement, regulatory and dispute resolution bodies (or any other body to whom disclosure is required by law or court/ tribunal order) and any other person or entity to whom disclosure is authorised by you.
When we disclose your personal data to a third party who is processing personal data on our behalf, we take all reasonable steps to ensure that such third parties will implement appropriate technical and organisational measures and are bound by confidentiality and legal obligations with respect to the protection of your personal data. The potential disclosure of your personal data is conducted in compliance with legal requirements. This means that such processing is guarded by data processing agreements to ensure that personal data is not processed for other purposes than those clearly stated, and to make sure that our third parties uphold adequate security measures to protect your personal data.
7
Do we disclose your personal data to recipients outside the EU/EEA?
We will not disclose your personal data to third party organisations located outside the country in which we have received your information (as applicable) without your prior written consent, except as set out below or where disclosure is otherwise authorised or required by law or court/ tribunal order.
We may transfer your personal data within the ISS Group, and to our operations or contractors located outside the EU/EEA. However, any such transfer does not change our commitment to safeguard your personal data under this Privacy Statement.
If your personal data is transferred outside of the EU/EEA, ISS ensures an adequate level of security by transferring to countries approved by the EU Commission as having an adequate level of protection, or by entering into an appropriately drafted contract between ISS and the non-EU/EEA entity receiving the data.
8
Direct marketing and promotional use of your personal data
ISS may use your personal data to provide you with information about our services and products, or those provided by third parties, as deemed relevant for you. With your specific consent, we may provide your personal data to such third-party organisations for specific marketing purposes.
Based on the nature of our business relationship we may wish to use you as a reference when promoting our business to others. In such cases, we will ask for your specific consent and will only disclose personal data to the extent that we have your consent.
You can ask us at any time not to contact you about products or services and to not disclose your data to others for that purpose by contacting us or, where applicable, by clicking the "unsubscribe" button in our promotional email messages.
9
Storage and security of your personal data
We store your personal data in paper-based and/or electronic files and registers. We have put in place safeguards, as required by law, to protect the personal data we process from misuse, interference, loss, unauthorised access, modification or disclosure. ISS has a number of technical security measures in place. These include a range of systems and communication security measures, as well as the secure storage of hard copy documents and the use of encryption. In addition, access to your personal data will be restricted to those who require access to fulfil the purposes.
We only keep your personal data for as long as it is required for the purpose for which we process the data, and in accordance with our Group standard on retention and deletion.
If you are an employee of ISS, we will keep your personal data for a period of up to five (5) years after the end of the employment relationship or for such longer periods as may be required by applicable local law.
If you are a job applicant, we will keep your personal data for future recruitment purposes in accordance with your consent. In case there is a potential dispute in relation to the recruitment process, your personal data may be kept for up to six (6) months after finalisation of the recruitment process.
If you are an investor or shareholder, we will keep your personal data as long as you are an investor or shareholder and, if relevant for specific company documents, as long as ISS exists as a company.
If your personal data forms part of financial records, we generally will keep your personal data for a period of five (5) years from the end of the financial year to which the financial records are related or for such longer periods as may be required by applicable rules.
If you have consented to receive direct marketing by electronic means, we are obliged to keep your personal data up to two (2) years after you have withdrawn your consent in order to document compliance with the applicable spam rules.
If you are a user of our websites, please see the storage period for cookies above.
If you are a current or potential customer or supplier, we will generally keep your personal data for a period of five (5) years following our last interaction with you.
We take reasonable steps to delete or permanently anonymise all personal data after it can no longer be used in accordance with this Privacy Statement.
10
Your data protection rights
We take reasonable steps to ensure that you are able to exercise your data protection rights. Unless stated otherwise in specific data protection legislation, you have the following rights:
You have the right to gain access to your personal data and obtain a copy hereof. You also have the right to rectification of the personal data we process and the right to erasure. You may object to our processing of your personal data, including our processing of your personal data for direct marketing purposes, or request us to restrict our processing.
Furthermore, you may in some cases request to obtain a copy of your personal data in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller (data portability). If processing of your personal data is based solely on your consent, you may withdraw your consent at any time. Please note that this does not affect our processing of your personal data prior to the withdrawal of your consent.
If you have any questions about this Privacy Statement or if you wish to exercise your data protection rights, please contact our Group Data Protection Officer in writing:
-
Address: Group Data Protection Officer, ISS A/S, Buddingevej 197, DK 2860 Soeborg, Denmark
-
E-mail: dpo@group.issworld.com
You will not be charged for exercising your data protection rights. That said, you may be charged for additional copies of your personal data in accordance with applicable data protection law.
11
How and when we will respond to your request
Prior to responding to a data subject request, we must confirm the identity of the requesting data subject. Thus, a data subject request must be supplemented by relevant information needed for ISS to identify you and to process your request. Where relevant, we will take reasonable steps to ensure that the personal data is corrected or erased, notify you of the correction/erasure, as well as notify any other recipients of the personal data where we are required to do so pursuant to applicable data protection regulations.
There may be situations where we have to refuse a request for correction or erasure. In such cases you can request that we include a statement with the personal data that you wished to have corrected or erased.
We will process and reply to your request without undue delay and in any event within one (1) month of receipt of the request, unless we have the right to extend the response period pursuant to applicable data protection laws. In case of any extension, we will inform you about that, together with the reasons for the delay. If we cannot meet your request, you will receive a written explanation as to why, as well as details of your further options if you are not satisfied with our response.
12
Can you complain about our processing of your personal data?
If you want to complain about our processing of your personal data, please contact our Group Data Protection Manager:
-
Phone +45 38 17 00 00
-
Address: Group Data Protection Manager, ISS A/S, Buddingevej 197, DK 2860 Soeborg, Denmark
-
E-mail to dpm@group.issworld.com
We will do our best to resolve your complaint as quickly as possible. If you are not satisfied with the outcome of your complaint, you may refer your complaint to:
Datatilsynet (the Danish Data Protection Authority)
-
Phone: +45 33 193 200
-
Address: Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Denmark
-
Website: www.datatilsynet.dk
13
Need further information?
For more information about privacy in general, you can visit the Danish Data Protection Authority’s website at www.datatilsynet.dk.
14
Updating our Privacy Statement
We may review, amend or revise our Privacy Statement and the way we process personal data from time to time. We will post the updated Privacy Statement on our website at www.issworld.com. Any revised terms will take effect from the date of posting.
15
ISS Binding Corporate Rules
Download the files related to the ISS BCR policy here.
16
Report a data incident
Report a data incident here.
17
ISS UK Privacy Statement
We are committed to protecting your privacy and will handle your personal information in accordance with this Privacy Statement and in accordance with our obligations under the current UK legislation on processing personal data, the Data Protection Act 2018, as well as the principles of the EU General Data Protection Regulation.
This Privacy Statement covers the UK ISS Group of companies as listed in our consolidated Annual Report (together and separately, ISS, we, us or our).
We are committed to protecting your privacy and will handle your personal data in accordance with this Privacy Statement and in accordance with our obligations under:
-
The Data Protection Act 2018, and
-
The EU General Data Protection Regulation, as amended from time to time.
18
How do we collect your personal information?
CCTV
In some of the premises we operate our services in, we use CCTV systems to capture video images. However we will only do so where it is appropriate given the nature of the work we are undertaking and where we are legally able to do so. Signs will be in place where CCTV is in operation.
We use CCTV systems for security purposes and to help us in preventing and detecting crime. Data captured by CCTV may be shared with third parties and the police where there is a legal basis for doing so. Data captured by CCTV is stored in the UK for a maximum of 30 days unless it is needed for evidence purposes in which case it will be destroyed after that use is fulfilled. We are processing the CCTV data in pursuit of our legitimate interests and without the consent of data subjects.
19
How do I complain about a breach of privacy?
If you want to complain about a privacy breach, please contact our Group Data Protection Officer:
-
Phone: +45 38 17 62 01
-
Post: The Data Protection Officer, ISS A/S, Buddingevej 197, DK 2860 Soeborg, Denmark; or
-
Email: dpo@group.issworld.com
We will do our best to resolve your complaint as quickly as possible. If you are not satisfied with the outcome of your complaint, you may refer your complaint to:
-
The Information Commissioner’s Office (the UK Data Protection Authority)
-
Phone: 0303 123 1113
-
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
-
Email: casework@ico.org.uk
-