We Make Privacy A Priority
Throughout International SOS, Privacy is a genuine priority. This means we review and act upon privacy at the highest levels of the organisation. This includes having a dedicated Data Protection Committee that reports into our board, and an operational Information Security and Privacy Committee that monitors privacy and continuous improvement within our organisation.
We Protect Your Member's Personal Information
We implement comprehensive measures to protect personal data across everything we do. For example, this includes ensuring ongoing training for all colleagues within our organisation, having clear procedures for our colleagues to follow, and maintaining leading certifications that demonstrate our privacy and security practices.
We are Focused on Transparency
It’s important to us that you and your members know how we collect and use personal information. To do this, we publish clear privacy notices and wherever possible we inform you and your members of how we will use information at the point of collection. Importantly, we never sell your personal information.
We Give Choices
Where applicable, we allow you and your members to influence how we collect and use personal information. This includes providing options as to how we share data when you or your member reach out to us for assistance, as well as options as to how we monitor use of our services through cookie management.
Documentation
Our ISMS & PIMS narrative outlines the controls we have in place to maintain our Information Security and Privacy Information Management Systems. This includes high level explanations of the technical and organisational measures that we apply across our organisation on areas such as governance, employee training, record keeping and encryption. These together support our continued ISO 27001 and ISO 27701 certifi cations.
Find the document here
Our WFR Processor and Sub-Processor List contains each of the third- parties we use for our core WFR services. Clients can sign up to changes to this list through the linked sign-up form.
Find the document here
Our Processing Descriptions provide further detail on the data used within each of our services and applications and is intended to support our clients in carry out Data Privacy Impact Assessments (DPIA). This includes a services table outlining whether International SOS is a Controller or Processor for each service.
Find the document here
Our Data Protection Policy outlines our organisation's guiding principles on privacy and information security. The policy applies in full to all International SOS employees and the activities we undertake and makes clear our company's expectations on key data protection areas.
Find the document here
Our Retention, Archiving and Destruction Policy outlines our Group retention periods and approach to the archiving and destruction of data once we no longer have a purpose for retaining it.
Find the document here
Where information is transferred overseas, either as a result of International SOS personnel being located around the world, or as a result of technology such as cloud-based systems and technologies, we are required to assess the risk of that cross-border transfer. This narrative outlines our approach to these risk assessments, and controls that we maintain to mitigate any identified risk.
Find the document here
The Privacy Centre is our public-facing webpage for all things privacy, including direct links to each of our privacy notices.
Find the page here
Our Binding Corporate Rules function as a legal instrument in accordance with GDPR Article 47, safeguarding personal data transferred from International SOS Group entities in the EEA acting as Controllers (“Data Exporters”), to other International SOS Group entities in Third Countries, acting as Controllers or Processors (“Data Importers”).
The BCR are legally binding and apply to every signatory entity and their employees. They also establish the data exporters’ liability for breaches caused by data importers and confer enforceable rights on all data subjects whose personal data is processed by the BCR Members.
Find the document here