We are committed to protecting your privacy and will handle your personal data in accordance with this ISS Global Privacy Statement (hereinafter referred to as “Privacy Statement”) and our obligations under the EU General Data Protection Regulation and/or applicable local data protection regulations. This Privacy Statement covers the ISS Group of companies as listed in our consolidated Group Annual Report including ISS BELUX companies, being at the date of this Statement: ISS Facility Services NV, ISS Catering NV, ISS Reception & Support Services NV, ISS Facility Services SA (Luxembourg) and ISS Luxintérim SARL (Luxembourg).
Personal data means any information relating to an identified or identifiable natural person (“data subject”) such as your name, address, telephone number and email address.
Special categories of personal data are used to describe a subset of personal data, which is considered more sensitive, and may include information such as race, ethnic origin, religion, sexual orientation, health information and trade union memberships.
We collect personal data concerning our employees, potential employees (i.e. job candidates, job applicants), customers, suppliers, customers’ and suppliers’ representatives, investors/shareholders, other stakeholders and users of our websites. Concerning collection of personal data under our whistleblower system (“Speak-Up System”), please refer specifically to Section 3 of this Privacy Statement.
The types of personal data that we may ask you to provide include, but are not limited to, contact information (such as name, address, telephone number and email address), business-related information, photos, videos and identification documents.
We collect your personal data for the following purposes:
- Talent management (e.g. to identify potential candidates, recruit and develop employees, etc.)
- Administration (e.g. employee administration, maintenance of shareholder registers, etc.)
- Communication (e.g. with investors/shareholders, current and potential customers, other stakeholders, etc.)
- Provision of our services (e.g. to facilitate transactions; analyse and optimise operations; promote our offerings; handle complaints, manage contractual relations, etc.)
- Procurement of services and products (e.g. to facilitate transactions; analyse markets; analyse and optimise our supply chain, manage contractual relations, etc.)
- Monitoring use of our systems and websites (e.g. to ensure secure and compliant use, to analyse and personalise user experience, etc.)
Our processing of your personal data for the above-mentioned purposes is based on our legitimate interest, including without limitation our legitimate interests to attract, select and manage employees; provide credible and relevant communication and develop our business. We may also process your personal data in order to comply with legislative and regulatory requirements. In certain situations, we may also process your personal data based on your consent.
We retain the right to potentially withhold information or services if we are not able to identify you based on the information provided. Therefore, although it is your right to not provide us with the requested information, this may limit our ability to assist you or fulfil your requests.
In line with the ISS Values and Code of Conduct, the business integrity of ISS is non-negotiable. We are committed to conducting our business in accordance with the law and high ethical standards. We have therefore established a whistleblower system called the Speak Up system under which we may also process your personal data. Please refer to our Speak Up Policy for further information about such processing of your personal data, including without limitation information about types of personal data processed, purpose of processing, data subject rights, etc.
We usually collect personal data directly from you (unless you otherwise provide your consent for us to obtain such data from third parties). We collect the personal data you give us through your use of our website, social media, during phone calls with our representatives, when we deliver and administer services to you and on forms or other correspondence completed by you.
If we receive personal data about you that we have not requested, and which is not of relevance to the processing activities in question, we will delete or permanently anonymise the data, unless otherwise required by law.
No cookies controlled by ISS will be saved on your device unless you consent to it. An exemption to this rule is cookies that are needed for core functionality of the site. You can choose a setting in the browser which allows the storage of cookies conditional upon consent. If you only want to accept the cookies of ISS but not the cookies from our service providers and partners, you can select the setting “Block third-party cookies” in your browser. Generally, there will be a display via the Help function in the menu list of the web browser telling how to reject new cookies and disable ones already received. Find detailed instructions on how to remove cookies here:
Our website may contain links to third party websites. Please note that the terms of this ISS Global Privacy Statement do not apply to external websites. If you wish to find out how a third party handles your personal data, you will need to contact such third party and refer to their privacy statement.
We may share your personal data, for any of the purposes mentioned in section 2 above, with third parties. Such third parties include: Other corporate entities, agents, external advisors, our external service providers and contractors (such as any mail provider, commercial agent or support services), government agencies including law enforcement, regulatory and dispute resolution bodies (or any other body to whom disclosure is required by law or court/ tribunal order) and any other person or entity to whom disclosure is authorised by you.
When we disclose your personal data to a third party who is processing personal data on our behalf, we take all reasonable steps to ensure that such third parties will implement appropriate technical and organisational measures and are bound by confidentiality and legal obligations with respect to the protection of your personal data. The potential disclosure of your personal data is conducted in compliance with legal requirements. This means that such processing is guarded by data processing agreements to ensure that personal data is not processed for other purposes than those clearly stated, and to make sure that our third parties uphold adequate security measures to protect your personal data.
We will not disclose your personal data to third party organisations located outside the country in which we have received your information (as applicable) without your prior written consent, except as set out below or where disclosure is otherwise authorised or required by law or court/ tribunal order.
We may transfer your personal data within the ISS Group, and to our operations or contractors located outside the EU/EEA. However, any such transfer does not change our commitment to safeguard your personal data under this Privacy Statement.
If your personal data is transferred outside of the EU/EEA, ISS ensures an adequate level of security by transferring to countries approved by the EU Commission as having an adequate level of protection, or by entering into an appropriately drafted contract between ISS and the non-EU/EEA entity receiving the data.
ISS may use your personal data to provide you with information about our services and products, or those provided by third parties, as deemed relevant for you. With your specific consent, we may provide your personal data to such third-party organisations for specific marketing purposes.
Based on the nature of our business relationship we may wish to use you as a reference when promoting our business to others. In such cases, we will ask for your specific consent and will only disclose personal data to the extent that we have your consent.
You can ask us at any time not to contact you about products or services and to not disclose your data to others for that purpose by contacting us or, where applicable, by clicking the “unsubscribe” button in our promotional email messages.
We store your personal data in paper-based and/or electronic files and registers. We have put in place safeguards, as required by law, to protect the personal data we process from misuse, interference, loss, unauthorised access, modification or disclosure. ISS has a number of technical security measures in place. These include a range of systems and communication security measures, as well as the secure storage of hard copy documents and the use of encryption. In addition, access to your personal data will be restricted to those who require access to fulfil the purposes.
We only keep your personal data for as long as it is required for the purpose for which we process the data, and in accordance with our Group standard on retention and deletion.
If you are an employee of ISS, we will keep your personal data for a period of up to five (5) years after the end of the employment relationship or for such longer periods as may be required by applicable local law.
If you are a job applicant, we will keep your personal data for future recruitment purposes in accordance with your consent. In case there is a potential dispute in relation to the recruitment process, your personal data may be kept for up to six (6) months after finalisation of the recruitment process.
If you are an investor or shareholder, we will keep your personal data as long as you are an investor or shareholder and, if relevant for specific company documents, as long as ISS exists as a company.
If your personal data forms part of financial records, we generally will keep your personal data for a period of five (5) years from the end of the financial year to which the financial records are related or for such longer periods as may be required by applicable rules.
If you have consented to receive direct marketing by electronic means, we are obliged to keep your personal data up to two (2) years after you have withdrawn your consent in order to document compliance with the applicable spam rules.
If you are a user of our websites, please see the storage period for cookies above.
If you are a current or potential customer or supplier, we will generally keep your personal data for a period of five (5) years following our last interaction with you.
We take reasonable steps to delete or permanently anonymise all personal data after it can no longer be used in accordance with this Privacy Statement.
We take reasonable steps to ensure that you are able to exercise your data protection rights. Unless stated otherwise in specific data protection legislation, you have the following rights:
You have the right to gain access to your personal data and obtain a copy hereof. You also have the right to rectification of the personal data we process and the right to erasure. You may object to our processing of your personal data, including our processing of your personal data for direct marketing purposes, or request us to restrict our processing. Furthermore, you may in some cases request to obtain a copy of your personal data in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller (data portability). If processing of your personal data is based solely on your consent, you may withdraw your consent at any time. Please note that this does not affect our processing of your personal data prior to the withdrawal of your consent.
If you have any questions about this Privacy Statement or if you wish to exercise your data protection rights, please contact Officer in writing:
If you have any questions about this Privacy Statement or if you wish to exercise your data protection rights, please contact in writing:
- our Group Data Protection Officer
- Address: Group Data Protection Officer, ISS A/S, Buddingevej 197, DK 2860 Soeborg, Denmark
- E-mail: email@example.com
- or our local compliance team, the BeLux Data Protection Committee
You will not be charged for exercising your data protection rights. That said, you may be charged for additional copies of your personal data in accordance with applicable data protection law.
Prior to responding to a data subject request, we must confirm the identity of the requesting data subject. Thus, a data subject request must be supplemented by relevant information needed for ISS to identify you and to process your request. Where relevant, we will take reasonable steps to ensure that the personal data is corrected or erased, notify you of the correction/erasure, as well as notify any other recipients of the personal data where we are required to do so pursuant to applicable data protection regulations.
There may be situations where we have to refuse a request for correction or erasure. In such cases you can request that we include a statement with the personal data that you wished to have corrected or erased.
We will process and reply to your request without undue delay and in any event within one (1) month of receipt of the request, unless we have the right to extend the response period pursuant to applicable data protection laws. In case of any extension, we will inform you about that, together with the reasons for the delay. If we cannot meet your request, you will receive a written explanation as to why, as well as details of your further options if you are not satisfied with our response.
You are welcome to contact us anonymously. However, if you choose to be anonymous, our ability to provide you with the services or information you require is limited.
If you want to complain about our processing of your personal data, please contact our local compliance team, the BeLux Data Protection Committee
- Address: BeLux Data Protection Committee, ISS Facility Services NV, Leuvensesteenweg 248C, 1800 Vilvoorde, Belgium
- E-mail: firstname.lastname@example.org and email@example.com
You can also contact our Group Data Protection team:
- Phone: +45 38 17 00 00
- Address: Group Data Protection Officer, ISS A/S, Buddingevej 197, DK 2860 Soeborg, Denmark
- E-mail: firstname.lastname@example.org
We will do our best to resolve your complaint as quickly as possible. If you are not satisfied with the outcome of your complaint, you may refer your complaint to:
Data Protection authority
- Phone: +32 (0)2 274 48 00
- Address: Rue de la presse 35, 1000 Bruxelles, Belgique
- Website: www.dataprotectionauthority.be
Commission Nationale pour la protection des données
- Phone: (+352) 26 10 60 -1
- Address: 15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg
- Website: https://cnpd.public.lu/
Download the files related to the ISS BCR policy here.