We collect personal data concerning our employees, potential employees (i.e. job candidates, job applicants), customers, suppliers, customers’ and suppliers’ representatives, investors/shareholders, other stakeholders and users of our websites. Concerning collection of personal data under our whistleblower system (“Speak-Up System”), please refer specifically to Section 3 of this Privacy Statement.
The types of personal data that we may ask you to provide include, but are not limited to, contact information (such as name, address, telephone number and email address), business-related information, photos, videos and identification documents.
We collect your personal data for the following purposes:
- Talent management (e.g. to identify potential candidates, recruit and develop employees, etc.)
- Administration (e.g. employee administration, maintenance of shareholder registers, etc.)
- Communication (e.g. with investors/shareholders, current and potential customers, other stakeholders, etc.)
- Understanding communication preferences: (e.g. in our approach to customer engagement, we employ a method designed to gain insight into communication preferences. By understanding these preferences, we aim to ensure our interactions and responses are tailored to resonate with our customers and potential customers in a manner that fosters clear, effective, and mutually beneficial communication)
- Provision of our services (e.g. to facilitate transactions; analyse and optimise operations; promote our offerings; handle complaints, manage contractual relations, etc.)
- Procurement of services and products (e.g. to facilitate transactions; analyse markets; analyse and optimise our supply chain, manage contractual relations, etc.)
- Monitoring use of our systems and websites (e.g. to ensure secure and compliant use, to analyse and personalise user experience, etc.)
Our processing of your personal data for the above-mentioned purposes is based on our legitimate interest, including without limitation our legitimate interests to attract, select and manage employees; provide credible and relevant communication and develop our business. We may also process your personal data in order to comply with legislative and regulatory requirements. In certain situations, we may also process your personal data based on your consent.
We retain the right to potentially withhold information or services if we are not able to identify you based on the information provided. Therefore, although it is your right to not provide us with the requested information, this may limit our ability to assist you or fulfil your requests.
No cookies controlled by ISS will be saved on your device unless you consent to it. An exemption to this rule is cookies that are needed for core functionality of the site. You can choose a setting in the browser which allows the storage of cookies conditional upon consent. If you only want to accept the cookies of ISS but not the cookies from our service providers and partners, you can select the setting "Block third-party cookies" in your browser. Generally, there will be a display via the Help function in the menu list of the web browser telling how to reject new cookies and disable ones already received. Find detailed instructions on how to remove cookies here:
Our website may contain links to third party websites. Please note that the terms of this ISS Global Privacy Statement do not apply to external websites. If you wish to find out how a third party handles your personal data, you will need to contact such third party and refer to their privacy statement.
We may share your personal data, for any of the purposes mentioned in section 2 above, with third parties. Such third parties include: Other corporate entities, agents, external advisors, our external service providers and contractors (such as any mail provider, commercial agent or support services), government agencies including law enforcement, regulatory and dispute resolution bodies (or any other body to whom disclosure is required by law or court/ tribunal order) and any other person or entity to whom disclosure is authorised by you.
When we disclose your personal data to a third party who is processing personal data on our behalf, we take all reasonable steps to ensure that such third parties will implement appropriate technical and organisational measures and are bound by confidentiality and legal obligations with respect to the protection of your personal data. The potential disclosure of your personal data is conducted in compliance with legal requirements. This means that such processing is guarded by data processing agreements to ensure that personal data is not processed for other purposes than those clearly stated, and to make sure that our third parties uphold adequate security measures to protect your personal data.
We will not disclose your personal data to third party organisations located outside the country in which we have received your information (as applicable) without your prior written consent, except as set out below or where disclosure is otherwise authorised or required by law or court/ tribunal order.
We may transfer your personal data within the ISS Group, and to our operations or contractors located outside the EU/EEA. However, any such transfer does not change our commitment to safeguard your personal data under this Privacy Statement.
If your personal data is transferred outside of the EU/EEA, ISS ensures an adequate level of security by transferring to countries approved by the EU Commission as having an adequate level of protection, or by entering into an appropriately drafted contract between ISS and the non-EU/EEA entity receiving the data.
ISS may use your personal data to provide you with information about our services and products, or those provided by third parties, as deemed relevant for you. With your specific consent, we may provide your personal data to such third-party organisations for specific marketing purposes.
Based on the nature of our business relationship we may wish to use you as a reference when promoting our business to others. In such cases, we will ask for your specific consent and will only disclose personal data to the extent that we have your consent.
You can ask us at any time not to contact you about products or services and to not disclose your data to others for that purpose by contacting us or, where applicable, by clicking the "unsubscribe" button in our promotional email messages.
We store your personal data in paper-based and/or electronic files and registers. We have put in place safeguards, as required by law, to protect the personal data we process from misuse, interference, loss, unauthorised access, modification or disclosure. ISS has a number of technical security measures in place. These include a range of systems and communication security measures, as well as the secure storage of hard copy documents and the use of encryption. In addition, access to your personal data will be restricted to those who require access to fulfil the purposes.
We only keep your personal data for as long as it is required for the purpose for which we process the data, and in accordance with our Group standard on retention and deletion.
If you are an employee of ISS, we will keep your personal data for a period of up to five (5) years after the end of the employment relationship or for such longer periods as may be required by applicable local law.
If you are a job applicant, we will keep your personal data for future recruitment purposes in accordance with your consent. In case there is a potential dispute in relation to the recruitment process, your personal data may be kept for up to six (6) months after finalisation of the recruitment process.
If you are an investor or shareholder, we will keep your personal data as long as you are an investor or shareholder and, if relevant for specific company documents, as long as ISS exists as a company.
If your personal data forms part of financial records, we generally will keep your personal data for a period of five (5) years from the end of the financial year to which the financial records are related or for such longer periods as may be required by applicable rules.
If you have consented to receive direct marketing by electronic means, we are obliged to keep your personal data up to two (2) years after you have withdrawn your consent in order to document compliance with the applicable spam rules.
If you are a user of our websites, please see the storage period for cookies above.
If you are a current or potential customer or supplier, we will generally keep your personal data for a period of five (5) years following our last interaction with you.
We take reasonable steps to delete or permanently anonymise all personal data after it can no longer be used in accordance with this Privacy Statement.
If you want to complain about our processing of your personal data, please contact our Group Data Protection Manager:
- Phone +45 38 17 00 00
- Address: Group Data Protection Manager, ISS A/S, Buddingevej 197, DK 2860 Soeborg, Denmark
- E-mail to email@example.com
We will do our best to resolve your complaint as quickly as possible. If you are not satisfied with the outcome of your complaint, you may refer your complaint to:
Datatilsynet (the Danish Data Protection Authority)
- Phone: +45 33 193 200
- Address: Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Denmark
- Website: www.datatilsynet.dk
Download the files related to the ISS BCR policy here.
We are committed to protecting your privacy and will handle your personal information in accordance with this Privacy Statement and in accordance with our obligations under the current UK legislation on processing personal data, the Data Protection Act 2018, as well as the principles of the EU General Data Protection Regulation.
This Privacy Statement covers the UK ISS Group of companies as listed in our consolidated Annual Report (together and separately, ISS, we, us or our).
We are committed to protecting your privacy and will handle your personal data in accordance with this Privacy Statement and in accordance with our obligations under:
• the Data Protection Act 2018, and
• the EU General Data Protection Regulation, as amended from time to time.
In some of the premises we operate our services in, we use CCTV systems to capture video images. However we will only do so where it is appropriate given the nature of the work we are undertaking and where we are legally able to do so. Signs will be in place where CCTV is in operation.
We use CCTV systems for security purposes and to help us in preventing and detecting crime. Data captured by CCTV may be shared with third parties and the police where there is a legal basis for doing so. Data captured by CCTV is stored in the UK for a maximum of 30 days unless it is needed for evidence purposes in which case it will be destroyed after that use is fulfilled. We are processing the CCTV data in pursuit of our legitimate interests and without the consent of data subjects.