We collect personal data concerning our employees, potential employees (i.e. job candidates, job applicants), customers, suppliers, customers’ and suppliers’ representatives, investors/shareholders, other stakeholders and users of our websites. Concerning collection of personal data under our whistleblower system (“Speak-Up System”), please refer specifically to Section 3 of this Privacy Statement. 

The types of personal data that we may ask you to provide include, but are not limited to, contact information (such as name, address, telephone number and email address), business-related information, photos, videos and identification documents.  

We collect your personal data for the following purposes: 

- Talent management (e.g. to identify potential candidates, recruit and develop employees, etc.) 

- Administration (e.g. employee administration, maintenance of shareholder registers, etc.) 

- Communication (e.g. with investors/shareholders, current and potential customers, other stakeholders, etc.)

- Understanding communication preferences: (e.g. in our approach to customer engagement, we employ a method designed to gain insight into communication preferences. By understanding these preferences, we aim to ensure our interactions and responses are tailored to resonate with our customers and potential customers in a manner that fosters clear, effective, and mutually beneficial communication)

- Provision of our services (e.g. to facilitate transactions; analyze and optimize operations; promote our offerings; handle complaints, manage contractual relations, etc.) 

- Procurement of services and products (e.g. to facilitate transactions; analyze markets; analyze and optimize our supply chain, manage contractual relations, etc.) 

- Monitoring use of our systems and websites (e.g. to ensure secure and compliant use, to analyze and personalize user experience, etc.) 

Our processing of your personal data for the above-mentioned purposes is based on our legitimate interest, including without limitation our legitimate interests to attract, select and manage employees; provide credible and relevant communication and develop our business. We may also process your personal data in order to comply with legislative and regulatory requirements. In certain situations, we may also process your personal data based on your consent.  

We retain the right to potentially withhold information or services if we are not able to identify you based on the information provided. Therefore, although it is your right to not provide us with the requested information, this may limit our ability to assist you or fulfill your requests.  

When you visit our website and consent to the use of cookies, it will save a cookie on your device. This is a small piece of information stored on your hard drive, which tells us that your device has accessed our website. The cookie will not be able to directly identify you. If you do not want us to use cookies, you can set your browser to reject them. If you consent to our use of cookies on our website, we will process your personal information with regard to how you use our website and we use cookies to collect data from our website for the purpose and based on our legitimate interest to help us understand which of our pages are most popular and when the peak usage times are, along with other information about Internet Protocol (IP) addresses, referring website addresses, application activity logs and error logs that helps us improve the content and make the navigation on our website easier. 

ISS uses Google Analytics or similar tools to obtain trend information about users interactions with our website, for system administration purposes and to identify problems and improve the website. Google Analytics uses first-party cookies to report on visitor interactions. These cookies are used to store information, such as what time the current visit occurred, whether the visitor has been to the site before, and what site referred the visitor to the web page. For further information about Google Analytics, and for links to Google’s Privacy Policy and an opt-out tool for Google Analytics, go to https://support.google.com/analytics and review the Data Privacy and Security section.   

No cookies controlled by ISS will be saved on your device unless you consent to it. An exemption to this rule is cookies that are needed for core functionality of the site. You can choose a setting in the browser which allows the storage of cookies conditional upon consent. If you only want to accept the cookies of ISS but not the cookies from our service providers and partners, you can select the setting "Block third-party cookies" in your browser. Generally, there will be a display via the Help function in the menu list of the web browser telling how to reject new cookies and disable ones already received. Find detailed instructions on how to remove cookies here: 

Deleting cookies in Internet Explorer 
Deleting cookies in Google Chrome 
Deleting cookies in Safari 
Deleting cookies in Mozilla Firefox 

Our website may contain links to third party websites. Please note that the terms of this ISS Global Privacy Statement do not apply to external websites. If you wish to find out how a third party handles your personal data, you will need to contact such third party and refer to their privacy statement. 

We may share your personal data, for any of the purposes mentioned in section 2 above, with third parties. Such third parties include: Other corporate entities, agents, external advisors, our external service providers and contractors (such as any mail provider, commercial agent or support services), government agencies including law enforcement, regulatory and dispute resolution bodies (or any other body to whom disclosure is required by law or court/ tribunal order) and any other person or entity to whom disclosure is authorized by you. 

When we disclose your personal data to a third party who is processing personal data on our behalf, we take all reasonable steps to ensure that such third parties will implement appropriate technical and organizational measures and are bound by confidentiality and legal obligations with respect to the protection of your personal data. The potential disclosure of your personal data is conducted in compliance with legal requirements. This means that such processing is guarded by data processing agreements to ensure that personal data is not processed for other purposes than those clearly stated, and to make sure that our third parties uphold adequate security measures to protect your personal data.

We will not disclose your personal data to third party organizations located outside the country in which we have received your information (as applicable) without your prior written consent, except as set out below or where disclosure is otherwise authorized or required by law or court/ tribunal order. 

We may transfer your personal data within the ISS Group, and to our operations or contractors located outside the EU/EEA. However, any such transfer does not change our commitment to safeguard your personal data under this Privacy Statement. 

If your personal data is transferred outside of the EU/EEA, ISS ensures an adequate level of security by transferring to countries approved by the EU Commission as having an adequate level of protection, or by entering into an appropriately drafted contract between ISS and the non-EU/EEA entity receiving the data. 

ISS may use your personal data to provide you with information about our services and products, or those provided by third parties, as deemed relevant for you. With your specific consent, we may provide your personal data to such third-party organizations for specific marketing purposes.

Based on the nature of our business relationship we may wish to use you as a reference when promoting our business to others. In such cases, we will ask for your specific consent and will only disclose personal data to the extent that we have your consent.

You can ask us at any time not to contact you about products or services and to not disclose your data to others for that purpose by contacting us or, where applicable, by clicking the "unsubscribe" button in our promotional email messages.

We store your personal data in paper-based and/or electronic files and registers. We have put in place safeguards, as required by law, to protect the personal data we process from misuse, interference, loss, unauthorized access, modification or disclosure. ISS has a number of technical security measures in place. These include a range of systems and communication security measures, as well as the secure storage of hard copy documents and the use of encryption. In addition, access to your personal data will be restricted to those who require access to fulfill the purposes. 

We only keep your personal data for as long as it is required for the purpose for which we process the data, and in accordance with our Group standard on retention and deletion. 

If you are an employee of ISS, we will keep your personal data for a period of up to five (5) years after the end of the employment relationship or for such longer periods as may be required by applicable local law. 

If you are a job applicant, we will keep your personal data for future recruitment purposes in accordance with your consent. In case there is a potential dispute in relation to the recruitment process, your personal data may be kept for up to six (6) months after finalization of the recruitment process. 

If you are an investor or shareholder, we will keep your personal data as long as you are an investor or shareholder and, if relevant for specific company documents, as long as ISS exists as a company. 

If your personal data forms part of financial records, we generally will keep your personal data for a period of five (5) years from the end of the financial year to which the financial records are related or for such longer periods as may be required by applicable rules. 

If you have consented to receive direct marketing by electronic means, we are obliged to keep your personal data up to two (2) years after you have withdrawn your consent in order to document compliance with the applicable spam rules. 

If you are a user of our websites, please see the storage period for cookies above. 

If you are a current or potential customer or supplier, we will generally keep your personal data for a period of five (5) years following our last interaction with you. 

We take reasonable steps to delete or permanently anonymize all personal data after it can no longer be used in accordance with this Privacy Statement. 

Download the files related to the ISS BCR policy here.

ISS BCR policy

ISS BCR - Appendix 1 (Standard on the data subject's rights of access)

ISS BCR - Appendix 2 (Audit Standard)

ISS BCR - Appendix 3 (Complaint Handling Procedure)

ISS BCR - Appendix 4 (Co-operation Procedure)

ISS BCR - Appendix 5 (Updating Procedure)