Last updated: 21/09/2020
Types of personal information we collect
We currently collect and process the following types of information:
- Personal identifiers, contacts and characteristics (for example your name, email address and contact information)
- Financial / invoicing information
How we obtain the personal information and why we have it
The majority of the personal information we process is provided directly by yourself for one of the following reasons:
- Communicating with us via telephone, email or website
- Using one of our services
- Analytical information from the website through Google Analytics.
When contacting us, we use the information which has been provided to help provide our service or answer any questions that you may have. If permitted by yourself we may also contact you to remind you of renewals and any promotions which are running. By using this type of information, it helps us provide the most relevant content service to you.
How we store your information
When we obtain your information, we securely store it within one of our business applications:
- Microsoft Office 365
Where data is stored on local devices, your data is protected by appropriate security controls including full disk encryption and user authentication, where possible additional two-factor authentication.
We will keep records of any contact for 3 years in case of any follow up.
We keep records of provided services for the minimum permitted duration of “current tax year plus 6 years” as required by the HMRC.
Once no longer required, we will dispose of your information by secure methods including deletion of files / records. We may also retain the file / record but use anonymisation to remove your data and so protect your privacy.
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server, this enables the web server to identify and track the web browser.
ISG may use both session and persistent cookies on the website, we will use the session cookies to: keep track of you whilst you navigate the website. We will use the persistent cookies to: enable our website to recognise you when you return.
Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking Tools –> Internet Options –> Privacy –> Block all cookies, then using the sliding selector. Blocking all cookies will, however, may have a negative impact upon the usability of many websites, including this one.
Social Sharing & CAPTCHA plugins
We utilise Social Sharing plugins to help you spread awareness of information, these plugins will utilise your social media accounts (if you are logged in) to share the content to the relevant network. InfoSec Governance do not use any information which is used to post to these accounts.
CAPTCHA technology is used for contact forms to help safeguard against spam and malicious bots trying to email or make use of our contact forms. CAPTCHA is used and integrated with Google.
Using your personal information
Personal information submitted on this website will be used for the purposes specified in this privacy notice or in relevant parts of the website.
We may use your information to:
- Administer and optimise the website
- Improve your browsing experience by personalising the website
- Enable your use of the services available on the website
- Send you services purchased via the website
- Send statements and invoices to you, and collect payments from you
- Send you general (non-marketing) commercial communications
- Send you email notifications which you have specifically requested
- Send you our newsletter and other marketing communications relating to our business, where you have specifically agreed to this (you can inform us at any time if you no longer require marketing communications)
- Deal with enquiries and complaints, made by you, relating to the website
We will not provide your personal information to any third parties for the purpose of direct marketing without your express consent.
We won’t sell or rent information about you or your services.
- To the extent that we are required to do so by law
- In connection with any legal proceedings or prospective legal proceedings
- In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
- To the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.
Except as provided in this privacy notice, we will not provide your information to third parties.
To help provide you a service, at times we may utilise companies which are based outside of the UK, which may mean these counties have more lenient data protection laws. We will only work with companies who we trust to keep your information safe and we share the minimum amount of information necessary to provide our services. During the selection of our suppliers and partners, we ensure that they meet high information security standards.
Information that we collect is primarily stored within UK data centre’s, however at times some of our providers may store, process and transfer your data securely to another country, this may be the US, EEA, Australia or New Zealand. ISG map and ensure that your data is secured as much as possible from end -to-end.
We ensure that all companies with which we work with, comply with the General Data Protection Regulation (GDPR) as well as the UK Data Protection Act 2018 (DPA 2018). As a minimum we also ensure that companies adhere to Cyber Essentials Plus, ISO 27001 or similar frameworks.
Any personal information that you submit for publication on the website will be published on the internet and will be available, via the internet, around the world.
We will take all the reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information, we continually adapt our security measures in line with technological progress and developments.
We will store all the personal information you provide on our secure (password protected and firewall protected) servers, administrative access is restricted and the use of two-factor authentication is used by default. All information will be stored within our CRM application that is based within the UK.
We send emails to customers and mailing list subscribers. You control what communications you receive and can unsubscribe from mailing lists at any time by using the link in the email received. Customers will still receive important information, alerts and notices relating to their account.
ISG maintains a strict opt-in policy in regard to its email communications. We only send email to individuals who have subscribed or as part of an ongoing relationship we have with an individual or business.
Your right to control what communications, if any, you receive from ISG is important to us. The information below will assist you in understanding the different options you have, and how you can notify us of changes in the communications you wish to receive or to unsubscribe in general.
Though we may include announcements from partners or other third parties in some communications, we do not provide email addresses to third parties.
If you believe you have received unwanted, unsolicited email sent via this system or purporting to be sent via this system, please forward a copy of that email with your comments to [email protected] for review.
The content you receive can be tailored to your subscription preferences as follows:
- Events – Invites to events and webinars we are hosting
- Blogs – Highlighting blog posts relevant to your interests
- Case Studies – Highlighting success from other brands close to your level of sophistication
- Product Awareness – Occasional updates highlighting products for email marketing and how to leverage them for your success
Changing your subscription preferences
You can update your communications preferences at any time by following the convenient links located at the bottom of our emails. Requests submitted in this manner are processed and effective immediately.
If you are signed up to the ISG customer portal, you can update your personal information via this portal as well as any opt-out requests for emailing.
You may email [email protected] with your unsubscribe request. Please be aware that unsubscribe requests submitted in this manner will take longer to process and will not be effective immediately.
Privacy notice updates
When we send you emails, we may include a tracking image and web analytics code to allow us to determine the number of people who have interacted with our emails. When you click on a link in an email, we may record this individual response to allow us to customise our offerings to you. This tracking collects only limited information such as webpage viewed, time and date.
To help provide you with end-to-end information security solutions, ISG has partnered with a range of third-party software and service providers. We ensure that any third-party providers take protecting information seriously. ISG ensure that suppliers have at least Cyber Essentials Plus or ISO:27001 in place and have GDPR compliant systems and processes.
This privacy notice will be updated from time to time and the latest version will always be on our website. If significant changes are made which may impact you, we will also notify these changes in advance via email.
You can instruct us to provide you with any personal information we hold about you by emailing your request to [email protected] or by writing to us at: InfoSec Governance Ltd, 73 Duke Street, Darlington, DL3 7SD
Right to object to direct marketing
You can instruct us not to process your personal information for marketing purposes by email at any time by using the unsubscribe link in a marketing email you receive or by emailing [email protected] with your request.
Right to update or correct information
Please let us know if the personal information which we hold about you needs to be corrected or updated by emailing [email protected].
Right to be forgotten
You have the right to ask us to delete the personal information that we have about you by emailing [email protected].
Retention of personal information
We will retain your information for the period necessary for the purposes for which the data was collected or for which it is to be processed further, whichever is the longer.
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
The information controller responsible for our website is: InfoSec Governance Ltd. Registration number: ZA564169
If you have any questions about this privacy notice, or our treatment of your personal information, please contact: [email protected] or write to: InfoSec Governance Ltd, 73 Duke street, Darlington, DL3 7SD. Telephone us on: +44 (0)330 043 0826