Global Privacy Notice
INFORMATION SERVICES GROUP, INC.
Last modified: 14 September 2023
We know you care how information about you is used and shared and we appreciate your trust in us to do that carefully and sensibly.
1. Who Are We?
Information Services Group, Inc. and/or its affiliated entities are the data controller(s) of your personal information. Information Services Group, Inc. has its principal place of business at 2187 Atlantic Street, Stamford CT 06902, USA.
If you have any questions relating to our use of your personal information, or any other related questions, please direct them to [email protected] or write to us c/o Privacy Officer, Information Services Group Europe Ltd, Hays House, Millmead, Guildford, Surrey, GU2 4HJ, UK. We will endeavor to respond within 30 days.
2. Information We Collect
We collect information from various sources and methods as described below.
Sources Of Information
We collect information about you or your devices from the following sources:
- when you provide information to us when you make an inquiry on the Homepage, or when you subscribe to a newsletter or any other online service offered by us;
- when you register for our mobile application;
- when you provide information to us for the purposes of effecting a billing transaction via the Homepage;
- when you provide information to us when making an online application for employment with Information Services Group, Inc. or its affiliated companies;
- when you provide us with survey responses via external survey websites to help us improve our service offerings to you;
- third parties to whom you have provided information with your consent to pass it on to other organizations or persons; and
In addition, we may collect any other information that you choose to disclose to us from time to time.
Types Of Information You Give To Us
- name, company name, personal and business email address, phone number;
- job level;
- employment history;
- profile photograph;
- information relevant to events attendance such as dietary preferences, and requested accommodation.
Information We Collect Automatically
When you use our Websites or apps, we automatically collect and analyse certain information, which includes IP addresses, unique browser identifiers, browser and operating system information, length of visits, page views, device identifiers (such as the Apple IDFA or Android Advertising ID), geolocation and other device-specific information, internet connection information as well as details about your interactions with our Websites and apps.
When you access ISG content via our apps, the apps will store an authentication token so you will not need to login every time.
Information We Collect From Third Parties
- LinkedIn profile data;
- Facebook profile data;
- Google plus profile data; and
- Twitter profile data;
4. How We Use Information We Collect:
We use your information as follows:
On the basis of express consent, such as:
- to register a user account in your name;
- to register for our mobile application;
- to help us identify you when you contact us;
- to help us deal with and respond to your inquiries;
- to help us deal with and respond to your periodic updates and subscription requests for ISG publications and events within the ‘Connection Center’;
- to send you certain information at your request, including publications;
- to improve the services offered by ISG following survey responses you provide to us via external survey websites;
- to conduct surveys and report survey responses on behalf of our clients, so they may improve the services offered to you;
- in connection with recruitment activities to assess your suitability for employment, maintain your employment accounts and employment application records;
- to enable you to share our content with others, e.g. by using the social media “share” functionality on our Websites (see Section 4 below for further details) and
- to contact you via email about products and services offered by us and selected partners.
For our legitimate interests in conducting our business, such as:
- to fulfill your requests;
- to respond to your questions, concerns or customer service inquiries;
- to communicate with you about your account;
- to carry out certain marketing activities;
- to conduct research and analysis (including surveys and the creation of statistical and testing information);
- to perform group-wide analysis of usage patterns;
- to enable you to access and use the services offered by our service providers; processing any transaction between you and a third party; and tracking sales (see Section 5 below for further details);
- for events:
1.1 to publish attendee lists for our events
1.2 to provide relevant information (for hospitality and safety purposes) to hotels and other facilities involved in hosting the event attendees
1.3 to enforce the legal terms that govern our websites, apps and services
1.4 to create aggregated or anonymized data, which we may use or disclose without restriction
1.5 to contact you about selected future events that may be of interest
- If all, or substantially all, of our assets are acquired or are in the process of being acquired by a third party, in which case personal information held by us about our customers, will be one of the transferred assets;
- To comply with applicable laws, protect rights, safety and property, and respond to lawful requests from public authorities (such as disclosing data in appropriate situations for national security or law enforcement purposes);
- We may monitor and record communications with you (including phone conversations and emails), but we will do so in accordance with data protection legislation and other applicable law. Monitoring or recording will always be for business purposes, such as for quality assurance and compliance, to prevent unauthorised use of our Websites, to ensure effective systems operation, to meet any legal obligation and/or to prevent or detect crime;
- We will not sell or share your information or information with our service providers (other than our subsidiaries or affiliates) for their own promotional or marketing purposes unless you give us consent to do so and where permitted by applicable law.
From 25th May 2018, you will have a right to object to our use of your personal information for these legitimate interests. If you raise an objection we will stop processing your personal information unless there are legitimate business purposes or legal reasons which prevent us from doing so, in which case we will let you know why we are continuing to process your personal information. Please send an email to [email protected] if you wish to exercise this right and we will endeavor to respond to you within 30 days.
5. Disclosure Of Personal Information
We may disclose your personal information to other parties if this is necessary for the purpose of providing the services used or if you have given your prior consent. These parties include:
|Name of recipient||Type of recipient ||Why your personal data is shared||Location of processing||Safeguards used to protect personal data processed outside the EEA (if applicable)|
|Information Services Group Europe Limited||Joint Controller||For internal business operations||UK||Intra Group Agreement|
|Information Service Group Denmark ApS||Joint Controller||For internal business operations||EEA|
|Information SG (Finland) Oy||Joint Controller||For internal business operations||EEA|
|ISG Information Services Group France||Joint Controller||For internal business operations||EEA|
|Information Service Group Germany GmbH||Joint Controller||For internal business operations||EEA|
|Information Services Group Italia S.p.A.||Joint Controller||For internal business operations||EEA|
|Information Services Group Switzerland GmbH||Joint Controller||For internal business operations||EEA|
|Information Services Group, Inc||Joint Controller||For internal business operations||US||Intra Company Agreement|
|ISG Canada||Joint Controller||For internal business operations||Canada||Intra Company Agreement|
|ISG Information Services Group Americas, Inc.||Joint Controller||For internal business operations||Australia||Intra Company Agreement|
|TPI Advisory Services India Pvt Ltd||Joint Controller||For internal business operations||India||Intra Company Agreement|
|ISG Information Services Group Americas||Joint Controller||For internal business operations||Singapore||Intra Company Agreement|
|Jobvite||Processor||To handle Careers inquiries and Recruitment Services||US||Model Contract Clauses|
|SNL||Processor||To manage ISG Investor Relations Services||US||Model Contract Clauses|
|Publish Interactive||Processor||To manage the subscription content of the ISG Research microsite||EEA|
|FoxyCart||Controller||To manage the shopping cart for Research and Events||US||Model Contract Clauses|
|Stripe||Controller||To manage the credit card payments for Research and Events||US||Model Contract Clauses|
|Rackspace||Controller||To host our websites and processing data exclusively on our instructions||EEA|
|Survey Monkey (Momentive)||Controller||To host our Survey platforms||US||Model Contract Clauses|
|Survey Gizmo (Alchemer)||Controller||To host our Survey platforms||EEA|
|Qualtrics||Processor||To host our Survey platforms||EEA|
|Salesforce||Processor||To host our marketing system||US||Model Contract Clauses|
|Marketo||Processor||To manage our marketing activities||US||Model Contract Clauses|
|Hivebright||Processor||To handle our GovernX users community platform||US||Model Contract Clauses|
|Swoogo||Processor||To host our ISG Events registration platform||US||Model Contract Clauses|
|Emma by Marigold||Processor||To host our marketing platform||US||Model Contract Clauses|
|ServiceNow||Processor||To host our GovernX platform||US||Model Contract Clauses|
|Microsoft Inc||Processor||To host our systems and processing data exclusively on our instructions||US, Ireland||Model Contract Clauses|
|SiteFinity Cloud||Processor||To host our websites and processing data exclusively on our instructions||US||Model Contract Clauses|
6. How Long Do We keep Your Personal Information?
We retain your personal data for no longer than is necessary for the purpose(s) for which it was provided. What this means in practice will vary between different types of data. When determining the relevant retention periods, we take into account factors including:
- legal obligation(s) under applicable law to retain data for a certain period of time;
- statute of limitations under applicable law;
- potential or actual disputes; and
- guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your personal data from our systems when it is no longer needed.
7. How Can You Amend Your Preferences?
In some cases, you may directly access your online profiles and other personal details and amend, update, add or delete information yourself by logging into the relevant areas of our Websites and apps.
Any ISG publications and events communication we send you will include clear and concise instructions to follow should you wish to unsubscribe at any time. You may also amend your marketing preferences by accessing your personal details via ‘Connection Center’, via the ‘email preferences’ or ‘unsubscribe’ link received at the bottom of emails or by emailing us at [email protected].
Should you no longer wish to be contacted by us, you can advise us at any time by contacting us by sending an email to [email protected]
8. How Your Personal Information Is Protected
We have implemented administrative, technical and physical security measures to help prevent unauthorized access. Despite these measures, no data transmission over the internet can be entirely secure, and we cannot and do not guarantee or warrant the security of any information you transmit via our websites or apps.
- We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) technology; data at rest is protected using EMC VMAX – DaRE encryption.
- We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information against loss, destruction, access, modification or dissemination of your data by unauthorized persons. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
- Our data processing and our security precautions are constantly adapted to current circumstances and requirements in accordance with technological developments and are continuously developed further.
- It is important for you to protect your access information and your computer against unauthorised access. Be sure to sign off and close the browser window when you finish communicating with us using a shared computer.
9. Your Personal Information Rights And How To Contact Us
You have certain rights under the General Data Protection Regulation including the right to request a copy of the personal information we hold about you, if you request it from us in writing:
- Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete;
- Right to erasure: this is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions. For example, we have the right to continue using your personal data if such use is necessary for compliance with our legal obligations or for the establishment, exercise or defence of legal claims.
- Right to restrict our use of your information: the right to ‘block’ us from using your personal information or limit the way in which we can use it. Please note that your right to restrict processing is limited in certain situations; for example when we are processing your personal information that we collected from you with your consent you can only request restriction on the basis of: (a) inaccuracy of data; (b) where our processing is unlawful and you don’t want your personal information erased; (c) you need it for a legal claim; or (d) if we no longer need to use the data for the purposes for which we hold it. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future;
- Right to data portability: the right to request that we move, copy or transfer (where technically feasible) your personal information in a structured, commonly used and machine-readable format, for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability. Please note, this right is limited to where: (a) you provided the personal data to us; (b) we are processing such data on the basis of your consent or to perform a contract with you; and (c) the processing is carried out by automated means;
- Right to object: the right to object to our use of your personal information including where we use it for our legitimate interests, direct marketing or where we use your personal information to carry out profiling to inform our market research and customer demographics (see Section 4 above);
- Right to be informed: you have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy; and
- Right to withdraw consent: if you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal information for marketing purposes.
This service is free of charge and requires you to prove your identity with two pieces of approved identification. We will use reasonable efforts consistent with our legal duty to supply, correct or delete personal information about you on our files.
When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the processing of personal data that we cannot resolve with our users directly.
If you are not satisfied with the way any complaint you make in relation to your personal information is handled by us then you may refer your complaint to the relevant data protection supervisory authority which is:
- in the UK is the ICO (Information Commissioner’s Office).
- In France, the CNIL (Commission nationale de l’informatique et des libertes).
- In Germany, the Hessische Beauftragte fur Datenschutz and Informationsfreiheit and
- In Italy, the Garante per la protezione dei dati personali
10. Right Of Appeal
You can make a complaint to the ICO by:
- writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF;
- calling: 0303 123 1113; or
- submitting a message through the ICO’s website at: www.ico.org.uk.
You can make a complaint to the CNIL by:
- writing to: 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France
- calling +33 (0) 1 53 73 22 22
You can make a complaint to the Hessische Beauftragte fur Datenschutz and Informationsfreiheit by:
- writing to: Postfach 3163, 65021 Wiesbaden, Germany
- calling: +49 611 1408-0
emailing: [email protected]
You can make a complaint to the Garante per la Protezione dei Dati Personali by:
- writing to: Piazza Venezia 11, 00187 Rome, Italy
- calling: +39 06. 696771
- emailing: [email protected]
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection supervisory authority in your country.
11. Privacy Of Children
The Websites are intended to be used by persons aged 18 and older. We do not seek to collect information about persons under the age of 18.
No information should be submitted to or posted on the Websites by persons younger than 18 years of age. If such a person submits personal information via the Websites, we shall delete that information as soon as we are made aware of their age and thereafter shall not use it for any purpose whatsoever.