Privacy Notice
Last updated: 26 March 2026
I. NOTICE STATEMENT
A. Overview
ISB Global Services (“ISB Global Services”, “we”, “ours, “us”) is committed to respecting your privacy and protecting your personal information, which is why we have implemented a privacy program and appointed a Privacy Officer.
The purpose of this Notice is to inform you of how we collect, use, disclose, retain, share, and protect your personal information, and how you can contact us if you have queries about our management of your personal information.
To provide you and our end clients (including, without being limited to prospective and current employers, insurers, and insurance agencies, each a “End Client”) with quality services, including background check services, insurance services, and other products and services described on our website (the “Services”) we need to have access to certain personal information about you. We make sure that our employees and subcontractors manage this information with all the necessary discretion and diligence in compliance with the legal and regulatory requirements in force. This Privacy Notice does not apply to your use of any third-party sites linked to this website.
By engaging us to provide Services, by completing and submitting a consent form for the release of your personal information (a “Consent Form”) or by otherwise submitting personal information to us in a manner compliant with applicable laws and regulations, you accept the terms of this Notice, and consent to our use, collection, disclosure and retention of personal information as described in this Notice.
ISB Global Services primarily acts as a “data processor,” meaning we process personal information on behalf of our clients, who act as the “data controllers.” In this role, our clients determine the purposes and means of the data processing, and we process personal data strictly in accordance with their instructions and the terms of our data processing agreements.
However, in certain situations, ISB Global Services may act as a “data controller.” This occurs when we independently determine the purposes and means of processing. This Privacy Notice applies only to the personal information we process in our capacity as a data controller. It does not apply to data we process on behalf of our clients. For information on how our clients handle your personal data, including your rights and how to exercise them, please refer to their respective privacy policies and contact them directly.
We reserve the right to update this Notice periodically. Any changes will be posted on our website and will take effect immediately. Your continued access to the Services constitutes your acceptance of the changes. We encourage you to review this Notice periodically to stay informed about how we are protecting your data.
B. Compliance with legal obligations
ISB Global Services has committed to complying with laws applicable to individual privacy and privacy breach notification that are enacted in the various jurisdictions in which it operates and offers its Services, collectively referred to as "Data Protection Laws."
Canada:
We respect the privacy of all individuals who provide personal information to us. We are committed to complying with the applicable privacy legislation in each jurisdiction where we do business. In Canada, this includes the federal Personal Information Protection and Electronic Documents Act and all applicable provincial privacy laws regulating the private sector.
Please note that we do not voluntarily collect information from persons under the age of 16.
United States:
The California Consumer Privacy Act and comparable state-level comprehensive data privacy laws similar in states such as Colorado, Montana, New Hampshire, New Jersey, Oregon, Rhode Island, Utah, and other states provides their residents with certain privacy protections.
However, these Data Privacy Laws typically do not apply to ISB Global Services because it is governed by the federal Fair Credit Reporting Act (FCRA), as consumer reporting agency. Your rights under the FCRA can be found here: https://www.isbglobalservices.com/my-background-check/fair-credit-reporting-act-summary/
Children’s Online Privacy Protection Act Compliance
We are compliant with the requirements of COPPA (Children’s Online Privacy Protection Act) because we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed at people who are at least 13 years old or older.
We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us.
If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
European Economic Area, UK, or Switzerland:
Please also see the Supplemental European Privacy Statement below.
You can jump to particular topics by going to the headings below:
II. PERSONAL INFORMATION
We define “personal information” as any information about an identifiable individual, or that taken alone or combined with other data, allows an individual to be identified. Personal information does not include business contact information such as your name, title, business address, or telephone number.
An identifiable natural person, or "Data Subject," is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location information, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
III. COLLECTION OF PERSONAL INFORMATION
A. Types of personal information collected
We collect personal information you voluntarily provide when you express interest in our company, engage our Services, participate in related activities, or contact us directly. The type of information collected depends on the nature of your interaction, your choices, and the specific services you use.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on to process your personal information. As such, we may rely on the following legal bases to process your personal information:
We only collect the sensitive personal information reasonably necessary for the Services or for other uses specified in this Notice, if we have a signed consent form of the individuals to whom the sensitive information relates, or if the information is necessary or required for another legal reason provided under applicable privacy or other legislation.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
B. How we collect personal information
We collect personal information directly from you when you submit a Consent Form or when you contact us or share any personal information with us.
It is also in the very nature of our Services to collect personal information about you from a variety of other independent or third-party sources, with your consent, including credit reporting agencies, screening and recruitment agencies, insurers and insurance agencies, federal, provincial or local governments, courts, law enforcement agencies and other governmental agencies, past and current employers, employment references, hospitals and other healthcare facilities, publicly available sources (including social media), recruitment agencies, contractors, service providers and business partners (“Third-Party Sources”).
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
IV. PURPOSES OF COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION
We collect, use, and disclose personal information for the purposes identified at the time of collection or as permitted or required by law. This includes, but is not limited to, the following purposes:
ISB Global Services is a consumer reporting agency (“CRA”) operating in accordance with the requirements of the Fair Credit Reporting Act (“FCRA”) and collects, uses, and discloses your personal information in accordance with the guiding principles set forth in the FCRA.
Although the list above describes our primary purposes in collecting your information, in many situations we have more than one purpose. For example, if you sign up for our Services, we may collect your information to complete that transaction, but we also collect your information as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about our Services.
If we wish to use your personal information for a purpose which is not compatible with the purpose for which it was collected for, we will request your consent, unless there is an exception which applies under applicable law. In all cases, we balance our legal use of your personal information with your interests, rights, and freedoms in accordance with applicable Data Protection Laws.
V. LIMITATION OF THE COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION
We strive to limit the collection, use and disclosure of personal information to what is strictly required to fulfill the purposes for which it is collected. In certain circumstances, we may need to collect personal and sensitive information to comply with our legal obligations. We will not disclose or use your personal information for any other purpose unless you consent to such or as required by law.
We may use your personal information if it is necessary to prevent or lessen a serious threat to public health or public safety or if the use of the information is necessary for law enforcement or for the conduct of proceedings before any court or tribunal.
VI. CONSENT
A. Primary purposes
Except where expressly authorized under applicable laws and regulations, we will always obtain your consent prior to the collection, use or disclosure of your personal information.
With regards to personal information collected, used, or disclosed for our Services, your consent will be expressed through your completed Consent Form, which will indicate the types of Services provided.
Please note that you have the right to refuse to provide us with your consent. You also have the right, subject to reasonable notice and applicable legal or contractual restrictions, to withdraw your consent regarding the use of your personal information already collected by contacting our Privacy Officer. The refusal to consent or withdrawal of your consent may prevent us from providing or continuing to provide you or the End Client with our Services.
B. Marketing and secondary purposes
We may also ask for your consent for secondary purposes, for example for development and marketing purposes. As mentioned above, we will ask for your consent in this regard. In addition, your consent for secondary purposes may be withdrawn at any time, without affecting the rendering of our Services to you or the End Client.
With your consent, we may also contact you to inform you about products, services, events, and resources which we think would be of particular interest to you. If you opt out of receiving further communications from us, we will take steps to ensure you do not receive any such further information from us in future.
C. Providing third-party personal information to us
If, at any time, you provide us with personal information or other information about an individual other than yourself, you warrant to us that you have that individual’s consent, including where applicable any other necessary consent to provide such information for the purpose specified and for us to treat such information in accordance with this Notice. We may need to ask for written proof of consent from that individual when necessary.
VII. PERSONAL INFORMATION DISCLOSURE
To provide you with our Services, we may need to disclose the personal information we collect about you. All such disclosures will be conducted in accordance with applicable laws and regulations.
We will never, by any means, sell or exchange your personal information for payment. We do not disclose personal information to third parties for their own direct marketing purposes. We may share limited information with service providers, such as analytics providers, to help us operate and improve our services.
We may disclose your personal information in the following circumstances:
A. End Clients
It is the very nature of our Services (including our background check services, insurance services, and identity verification services) to disclose certain personal information about you to the End Client (including prospective employers, insurance agents, etc.) as required by the applicable Services.
B. Third-Party Sources
To the extent required by the applicable Services, we will need to disclose certain personal information about you to Third-Party Sources (as defined in Section III of this Notice) in order to conduct the verifications and obtain any additional personal information required as part of such Services.
C. Employees and service providers
To provide the Services, certain of our employees with a need to know will have access to your personal information. All such employees will be advised of the personal and confidential nature of your personal information and be bound by reasonable confidentiality obligations.
Additionally, we may disclose your personal information to individuals or entities that assist us to deliver our services, such as our contractors, business partners, affiliates, agents, or service providers. These third parties may change from time to time and include technology and internet service providers and data storage or processing services providers. Where it is necessary for personal information to be provided to a third party in connection with the provision of a service to us, we will take reasonable steps within our power to prevent the unauthorized use or unauthorized disclosure of personal information.
D. Other permitted disclosures
Only to the extent allowed by the applicable laws and regulations, we may also disclose your personal information under the following circumstances:
VIII. COOKIE POLICY
We use cookies (small text files placed on your device to track activity) and similar tracking technologies (such as web beacons and pixels) to collect information when you interact with our Services. These technologies help us:
Google Analytics
ISB Global Services uses Google Analytics to understand how users engage with our website. Google Analytics collects information such as:
This helps us enhance our website’s performance and improve the overall user experience.
Google Analytics operates through cookies that may remain on your device even after your session ends. You can control your preferences for Google Analytics through:
For additional options, you may visit:
For more details on how Google collects and processes data, please see the Google Privacy and Terms page.
Note: Disabling Google Analytics may affect some functionality but will not prevent you from using our Services.
IX. USE OF SUBPROCESSORS
ISB Global Services engages certain third-party service providers (“subprocessors”) to support the delivery of our Services. We maintain an up-to-date list of these subprocessors where we disclose the nature of the services provided. We may add or replace subprocessors as our business needs evolve and will update our subprocessor list accordingly. If you would like a copy of the list or have questions about our subprocessors, please contact us at legalteam@isbglobalservices.com.
In situations where we are required to provide notice under applicable law or a specific contractual obligation, we will notify users of such changes directly. By continuing to use our Services, you acknowledge and accept any changes made to our subprocessor list.
X. TRANSFER OF PERSONAL INFORMATION ABROAD
Most of our Services will be performed by our employees who are currently located in Ontario and Quebec (Canada). Our American services will be performed by our employees located in the United States. However, certain End Clients, Third-Party Sources or other service providers or third parties may be located in other jurisdictions. Some of our third-party service providers are based outside Quebec (Canada), notably across North America.
Accordingly, it is possible that some of your personal information may be transferred to places other than your province, territory, state, or country of residence. In such case, we will ensure that your personal information is transferred to countries that provide adequate protections for your personal information, or that your personal information is adequately protected by appropriate safeguards for international data transfers, such as Standard Contractual Clauses, industry best practices, and compliance with applicable regulations. When required by applicable laws and regulations, we will conduct an impact assessment prior to such transfers to identify and mitigate any risk of harm to individuals.
You acknowledge and agree to such international data transfers with respect to personal information of the nature described above.
XI. PERSONAL INFORMATION RETENTION
Personal information is retained for as long as necessary for the purposes set out in this Notice. After such time, any personal information held by us will be destroyed, deleted or made anonymous, unless we are required to retain your personal information for a longer period to ensure that we comply with our legal, tax or regulatory obligations.
The specific retention period depends on the nature of the personal information and the reasons for which it was collected. When determining how long to retain personal information, we consider several factors, including:
When we no longer have a legitimate business need to process your personal information, we will either delete or anonymize it. If immediate deletion is not possible (for example, because the information is stored in backup archives), we will securely store and isolate it from further processing until deletion becomes feasible.
In some cases, we may anonymize your personal information (so that it can no longer be associated with you) for research, statistical, or other business purposes. Aggregated, anonymized, or de-identified data may be retained indefinitely. Additionally, we may retain personal data for a commercially reasonable period to meet backup, archival, audit, dispute resolution, or legal compliance needs.
XII. DATA SECURITY
We maintain physical, electronic, and procedural safeguards to guard and protect your personal information. To learn more about our security measures, please consult our Information Security web page, https://www.isbglobalservices.com/information-security/.
However, despite our efforts, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee that cybercriminals, hackers, or other unauthorized third parties will never be able to defeat our security measures or improperly access, steal, or modify your data.
Transmission of personal information to and from our Services is at your own risk. You should only access our Services through secure networks and environments. In the event of a data breach involving a loss or unauthorized access to or misuse of your personal information, we will report such breach to you and any relevant authority as required by law.
XIII. YOUR RIGHTS
Depending on applicable laws and regulations of your jurisdiction, you might have the right to obtain access to, rectification or erasure of your personal information, the right to withdraw your consent (if any), the right to be informed of a decision based exclusively on an automated processing automated decision (if any), the right not to be discriminated against, the right to restrict and to object to the use and processing of your personal information by us, or the right to data portability by, namely, receiving a copy of all personal information that we have about you in a structured, commonly used and machine-readable format.
A. Making a request
To exercise any of these rights (to the extent available), please submit your request to us by writing to the Privacy Officer as set forth in Section XV of this Notice. Depending on the right being exercised, we will inform you of the procedure to follow, the processing time (delay of response) and the information needed. We will endeavor to process your request within one (1) calendar month from the date your request is received. We will inform you if this timeframe is not achievable and extend this timeframe as permitted by applicable law. We may need to verify your identity before processing your request.
Unless we are required or permitted by applicable laws and regulations to refuse to do so, we will, on request, provide you with details of the personal information we have collected about you or update and rectify your personal information in accordance with your request. Where we are also required by the applicable law to provide further information about the use or disclosure of your personal information, we will do so upon your request.
B. Exceptions
If we refuse to provide you with access to, or to rectify or erase, your personal information as requested or otherwise meet your requests, we will notify you accordingly. Where appropriate, we will provide you with the reason(s) for our decision and the mechanisms available to complain about the refusal. We may exercise such refusal if your personal information is not retrievable, the request is frivolous or vexatious, providing access or otherwise meeting your request is reasonably likely to pose a serious threat to the safety of an individual or the public or for any other reason supported by applicable laws and regulations.
XIV. PERSONAL INFORMATION MANAGEMENT PROGRAM
In order to protect your personal information, we have put in place policies, practices and procedures relating to the management of the personal information we hold.
These internal policies and procedures govern the collection, use, disclosure, retention, and destruction of personal information, as well as complaint handling, information security, and data governance. These policies and practices also provide the framework for the implementation of privacy impact assessments, as well as the prevention of and response to potential privacy incidents.
XV. DATA PRIVACY FRAMEWORK COMPLIANCE AND INTERNATIONAL DATA TRANSFERS
ISB Global Services complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
ISB Global Services has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
ISB Global Services has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ISB Global Services commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
The Federal Trade Commission (FTC) has investigatory and enforcement power over ISB Global Services’ compliance with the EU-U.S. DPF, the UK Extension to the EU- U.S. DPF and the Swiss-U.S. Data Privacy Framework.
Under certain conditions, individuals may invoke binding arbitration to resolve disputes regarding ISB Global Service’s compliance with the Data Privacy Framework (DPF) Principles. ISB Global Services is committed to arbitrating claims in accordance with Annex I of the DPF Principles, provided that the individual has delivered notice to ISB Global Services and followed the conditions set forth in Annex I of Principles.
ISB Global Services is committed to protecting Personal Information in accordance with the Data Privacy Framework (DPF) Principles. In cases where ISB Global Services transfers Personal Information to a third party, ISB Global Services remains responsible under the DPF Principles if the third party processes such information in a manner inconsistent with the DPF Principles, unless ISB Global Services can demonstrate that it is not responsible for the event giving rise to the damage.
XVI. EUROPEAN DATA PROTECTION AUTHORITIES AND COMPLAINT RESOLUTION
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ISB Global Services commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
XVII. CONTACT US
We have delegated the management of the privacy program to the Privacy Officer. The Privacy Officer is responsible for the internal management and oversight of our privacy program and can be reached at:
It is also the responsibility of the Privacy Officer to provide you with the necessary support in the event of a question, complaint or request relating to the protection of personal information.
In the event that you have a complaint regarding the exercise of your rights under this Notice, we will respond to your complaint as soon as possible. Your file will be handled by our Privacy Officer, who will inform you of the procedures to follow. Each complaint will be investigated. If the complaint is justified, the specific situation will be corrected, and you will be informed. We will contact you to let you know how long it will take to resolve the complaint.
If you believe that we have not adequately dealt with your complaint, you may complain to the competent authority, such as the Commission d’accès à l’information du Québec for the province of Quebec or the Privacy Commissioner of Canada.
XVIII. SUPPLEMENTAL EUROPEAN PRIVACY RIGHTS STATEMENT
If you are a resident of the European Economic Area, we rely on our legitimate interest, contractual relationship, and your consent as described in this Privacy Notice to process your personal information. Additionally, subject to any exemptions as provided by law, you may have certain rights regarding the personal information we maintain about you. We offer you certain choices about what personal information we collect from you, how we use that information, and how we communicate with you. If at any time you wish to exercise your rights, please reach out to us in accordance with the “Contact Us” section below.
According to the GDPR, UK GDPR, and FADP, you have the following rights:
Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply. We will not discriminate against you for exercising such rights.
Except as described in this Notice or provided for under applicable privacy laws, there is no charge to exercise your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking in account the administrative costs of providing the information or taking the action requested; or refuse to act on the request and notify you of the reason for refusing the request.
Contact Us
If you are a resident in the European Economic Area, we are the "data controller" of your personal information. We have appointed …… to be our representative in the EEA. You can contact them directly regarding our processing of your information via email at
If you are a resident in the United Kingdom, we are the "data controller" of your personal information. We have appointed … to be our representative in the UK. You can contact them directly regarding our processing of your information via email at
If you have questions or comments about this Statement, you may contact us at
A. Overview
ISB Global Services (“ISB Global Services”, “we”, “ours, “us”) is committed to respecting your privacy and protecting your personal information, which is why we have implemented a privacy program and appointed a Privacy Officer.
The purpose of this Notice is to inform you of how we collect, use, disclose, retain, share, and protect your personal information, and how you can contact us if you have queries about our management of your personal information.
To provide you and our end clients (including, without being limited to prospective and current employers, insurers, and insurance agencies, each a “End Client”) with quality services, including background check services, insurance services, and other products and services described on our website (the “Services”) we need to have access to certain personal information about you. We make sure that our employees and subcontractors manage this information with all the necessary discretion and diligence in compliance with the legal and regulatory requirements in force. This Privacy Notice does not apply to your use of any third-party sites linked to this website.
By engaging us to provide Services, by completing and submitting a consent form for the release of your personal information (a “Consent Form”) or by otherwise submitting personal information to us in a manner compliant with applicable laws and regulations, you accept the terms of this Notice, and consent to our use, collection, disclosure and retention of personal information as described in this Notice.
ISB Global Services primarily acts as a “data processor,” meaning we process personal information on behalf of our clients, who act as the “data controllers.” In this role, our clients determine the purposes and means of the data processing, and we process personal data strictly in accordance with their instructions and the terms of our data processing agreements.
However, in certain situations, ISB Global Services may act as a “data controller.” This occurs when we independently determine the purposes and means of processing. This Privacy Notice applies only to the personal information we process in our capacity as a data controller. It does not apply to data we process on behalf of our clients. For information on how our clients handle your personal data, including your rights and how to exercise them, please refer to their respective privacy policies and contact them directly.
We reserve the right to update this Notice periodically. Any changes will be posted on our website and will take effect immediately. Your continued access to the Services constitutes your acceptance of the changes. We encourage you to review this Notice periodically to stay informed about how we are protecting your data.
B. Compliance with legal obligations
ISB Global Services has committed to complying with laws applicable to individual privacy and privacy breach notification that are enacted in the various jurisdictions in which it operates and offers its Services, collectively referred to as "Data Protection Laws."
Canada:
We respect the privacy of all individuals who provide personal information to us. We are committed to complying with the applicable privacy legislation in each jurisdiction where we do business. In Canada, this includes the federal Personal Information Protection and Electronic Documents Act and all applicable provincial privacy laws regulating the private sector.
Please note that we do not voluntarily collect information from persons under the age of 16.
United States:
The California Consumer Privacy Act and comparable state-level comprehensive data privacy laws similar in states such as Colorado, Montana, New Hampshire, New Jersey, Oregon, Rhode Island, Utah, and other states provides their residents with certain privacy protections.
However, these Data Privacy Laws typically do not apply to ISB Global Services because it is governed by the federal Fair Credit Reporting Act (FCRA), as consumer reporting agency. Your rights under the FCRA can be found here: https://www.isbglobalservices.com/my-background-check/fair-credit-reporting-act-summary/
Children’s Online Privacy Protection Act Compliance
We are compliant with the requirements of COPPA (Children’s Online Privacy Protection Act) because we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed at people who are at least 13 years old or older.
We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us.
If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
European Economic Area, UK, or Switzerland:
Please also see the Supplemental European Privacy Statement below.
You can jump to particular topics by going to the headings below:
- Notice Statement
- Personal Information
- Collection of Personal Information
- Purposes of Collection, Use and Disclosure of Personal Information
- Limitation of the Collection, Use and Disclosure of Personal Information
- Consent
- Personal Information Disclosure
- Cookie Policy
- Use of Subprocessors
- Transfer of Personal Information Abroad
- Personal Information Retention
- Data Security
- Your Rights
- Personal Information Management Program
- Data Privacy Framework Compliance and International Data Transfers
- European Data Protection Authorities and Complaint Resolution
- Contact Us
- Supplemental European Privacy Rights Statement
II. PERSONAL INFORMATION
We define “personal information” as any information about an identifiable individual, or that taken alone or combined with other data, allows an individual to be identified. Personal information does not include business contact information such as your name, title, business address, or telephone number.
An identifiable natural person, or "Data Subject," is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location information, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
III. COLLECTION OF PERSONAL INFORMATION
A. Types of personal information collected
We collect personal information you voluntarily provide when you express interest in our company, engage our Services, participate in related activities, or contact us directly. The type of information collected depends on the nature of your interaction, your choices, and the specific services you use.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on to process your personal information. As such, we may rely on the following legal bases to process your personal information:
- Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
- Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
- Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
- Send users information about special offers and discounts on our products and services.
- Develop and display personalized and relevant advertising content for our users.
- Analyze how our Services are used so we can improve them to engage and retain users.
- Support our marketing activities.
- Diagnose problems and/or prevent fraudulent activities.
- Understand how our users use our products and services so we can improve user experience.
- Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
- Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
| Context | Types of Information | Primary Bases for Collection and Use of Information |
| Contact information | We process contact information such as your name, address, email, or phone number | We are executing on a contractual obligation in contacting our clients and communicating with them concerning normal business administration such as billing, registration, and our Services. |
| Identification information | We process identification information such as your social security number, social insurance number, driver’s license number, passport number, birth certificate, date of birth, place of birth, gender, nationality, and citizenship status. | We process identification information to verify identity, perform background screening services, and comply with applicable legal and regulatory requirements. Processing is necessary for the performance of a contract, compliance with legal obligations, and, where required, based on explicit consent. |
| Education and employment information | We process education and employment information, including with respect to your educational background, training courses and diplomas, employment history, past and current titles, employers, associations, and references. | We have a contractual obligation to process this information to verify qualifications, assess work history, and provide employment-related screening, verification, and compliance services. |
| Financial and insurance information | We process financial and insurance information, including annual income, credit score, credit history, insurance coverage and claims history. | We process financial and insurance information to conduct background checks, assess financial risk and eligibility, and support employment-related or compliance services, as necessary to perform our contractual obligations. |
| Public and criminal records information | We process public and criminal records information, including information available by federal, provincial or local governments, courts, law enforcement agencies and other governmental agencies such as legal proceedings, court records, drivers abstract and bankruptcy registrations. | We process public and criminal records information to conduct background checks, verify legal and regulatory compliance, assess suitability or risk, and provide employment-related or compliance services requested by our clients, based on the performance of a contract. |
| Health information | We process health information, including medical records and other information regarding an accident, disability, or injury. | We process health information to support employment-related screening, accommodations, insurance, or compliance services as necessary to perform our contractual obligations to our clients. |
| Digital content | We process digital content such as photos, videos, or audio files. | We have a legitimate interest in processing this digital content to support verification, security, and compliance-related services. |
| Client and User Account Information | We collect personal information from our clients and users of our Services when they create an account with us to access and use our Services. This information could include business contact data such as name, email address, title, company information, and phone number. | We are executing on our contract by delivering Services to our clients and managing the associated client relationship. |
| Cookies and First-Party Tracking | We use cookies and small data files. “Cookies” are small pieces of data that a website sends to a computer’s hard drive while a website is viewed. | We have a legitimate interest in making our website operate efficiently and in improving our marketing efforts and our Services. See our Cookie Policy below. |
| Cookies and Third-Party Tracking | We participate in behavior-based advertising and the gathering of analytics. This means that a third- party uses technology (e.g., a cookie) to collect data about your use of our websites so that they can provide us with website and user analytics, as well as for the purposes of advertising products and services tailored to your interests on our website, or on other websites. | We have a legitimate interest in engaging in behavior-based advertising and capturing website analytics in improving our marketing efforts. For additional information on our use of cookies, please see our Cookie Policy below. Additionally, you can manage your cookie consent preferences in the cookie consent manager via our website’s cookie banner. |
| Email Interconnectivity | If you receive an email from us, we may use certain tools to capture data related to when you open our message or click on any links or banners contained within. | We have a legitimate interest in understanding how you interact with our communications to improve relevance and engagement. |
| Employment- related information | If you apply for a job posting or become an employee of ISB Global Services, we collect the information necessary to process your application or to retain you as an employee. This may include, among other things, your name, address, email address, I-9 information, Social Security Number or Personal Public Service Number, work history, resume, EEO information, veteran status, disability status, healthcare information, and bank account information. Providing this information is required for employment. | We use information about current employees to fulfil our contract of employment or the anticipation of a contract of employment with you. In some contexts, we are also required by law to collect information about our employees. We are executing on a contractual obligation in using your information to have efficient staffing and workforce operations. |
| Feedback and Support | We collect personal information from you contained in any inquiry you submit to us regarding our Services, such as completing our online forms, calling, or emailing for the purposes of general inquiries, support, and chat requests, or to report an issue. When you communicate with us through our live support chat or over the phone, your messages and calls may be recorded and analyzed for training, quality control, and for sales and marketing purposes. During such interactions, we will notify you of the recording via either voice prompt or script. | We have a legitimate interest in receiving and acting upon your feedback, issues, or inquiries to improve support and service offerings. |
| Mailing List | When you sign up for one of our blogs, newsletter or mailing lists, we collect contact information such as your name, email address, and company affiliation. | We collect this information based on your consent, which you provide when you sign up. You may withdraw your consent at any time by using the unsubscribe link in our communications or by contacting us directly. |
| Payment Information | We collect payment and billing information when you receive certain Services. For example, we ask you to designate a billing representative, including name and contact information, upon registration. You might also provide payment information, such as payment card details, which we collect via secure payment processing services. | We are executing on a contractual obligation in obtaining payments for certain Services. |
| Website Interactions | We use technology to monitor how you interact with our Services. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser. | We have a legitimate interest in understanding how you interact with our Services to better improve them, and to understand your preferences and interests to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud. |
| Social Media | When an individual interacts with our Services through various social media networks, such as when someone follows us or shares our content on LinkedIn, or other social networks, we may receive some information about individuals that they permit the social network to share with third-parties. The information we receive is dependent upon an individual’s privacy settings with the social network, and may include your profile information, profile picture, gender, username, user ID associated with your social media account, age range, language, country, and any other information you permit the social network to share with third-parties. | We use this information to update and maintain the page to provide you with content and features of our Services, as well as to improve our product outreach. Individuals should always review and, if necessary, adjust their privacy settings on third-party websites and social media networks and services before sharing information and/or linking or connecting them to other services. We have a legitimate interest and/or may obtain your consent to collect this information. |
| Web Logs and Usage Data | Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings. | We have a legitimate interest in monitoring our networks and visitors to our Services. Among other things, it helps us to monitor performance and to understand which of our Services and features are the most popular. |
| Device Data | We collect device data such as information about your computer, phone, tablet, or other devices you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information. | We have a legitimate interest in collecting device data to ensure the security, stability, and performance of our Services. This information helps us detect and prevent fraudulent activity, monitor system usage, optimize compatibility across different devices, and understand how users interact with our Services to improve functionality. |
| Location Data | We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location settings on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services. | We collect geolocation information based on our legitimate interest in enhancing service relevance, optimizing user experience, and ensuring compliance with applicable location-based legal requirements. |
| User-generated Content (UGC) | Reviews, comments, or questions you submit, including feedback provided through surveys, contact forms, social media channels, or direct communications with our team. | We have a legitimate interest in collecting user-generated content to enhance our Services and improve user experience. |
We only collect the sensitive personal information reasonably necessary for the Services or for other uses specified in this Notice, if we have a signed consent form of the individuals to whom the sensitive information relates, or if the information is necessary or required for another legal reason provided under applicable privacy or other legislation.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
B. How we collect personal information
We collect personal information directly from you when you submit a Consent Form or when you contact us or share any personal information with us.
It is also in the very nature of our Services to collect personal information about you from a variety of other independent or third-party sources, with your consent, including credit reporting agencies, screening and recruitment agencies, insurers and insurance agencies, federal, provincial or local governments, courts, law enforcement agencies and other governmental agencies, past and current employers, employment references, hospitals and other healthcare facilities, publicly available sources (including social media), recruitment agencies, contractors, service providers and business partners (“Third-Party Sources”).
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
IV. PURPOSES OF COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION
We collect, use, and disclose personal information for the purposes identified at the time of collection or as permitted or required by law. This includes, but is not limited to, the following purposes:
- Establishing and managing our relationship with you and our End Client;
- Providing the Services (the nature of which is indicated in your Consent Form or as otherwise disclosed at the time of collection) to you and our End Client;
- Investigating any complaints made by you or responding to any requests to exercise your rights described in this Notice; or
- Conducting development and research to ensure that we maintain the highest standard of security, to understand our End Clients’ requirements and to improve our service offer;
- Enabling business development and marketing, more precisely to inform current and End Clients about our new services. You can opt out of our marketing emails at any time. For more information, see “Your Rights” below;
- Any other purpose to which you have consent or that is permitted or required by any applicable laws and regulations.
ISB Global Services is a consumer reporting agency (“CRA”) operating in accordance with the requirements of the Fair Credit Reporting Act (“FCRA”) and collects, uses, and discloses your personal information in accordance with the guiding principles set forth in the FCRA.
Although the list above describes our primary purposes in collecting your information, in many situations we have more than one purpose. For example, if you sign up for our Services, we may collect your information to complete that transaction, but we also collect your information as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about our Services.
If we wish to use your personal information for a purpose which is not compatible with the purpose for which it was collected for, we will request your consent, unless there is an exception which applies under applicable law. In all cases, we balance our legal use of your personal information with your interests, rights, and freedoms in accordance with applicable Data Protection Laws.
V. LIMITATION OF THE COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION
We strive to limit the collection, use and disclosure of personal information to what is strictly required to fulfill the purposes for which it is collected. In certain circumstances, we may need to collect personal and sensitive information to comply with our legal obligations. We will not disclose or use your personal information for any other purpose unless you consent to such or as required by law.
We may use your personal information if it is necessary to prevent or lessen a serious threat to public health or public safety or if the use of the information is necessary for law enforcement or for the conduct of proceedings before any court or tribunal.
VI. CONSENT
A. Primary purposes
Except where expressly authorized under applicable laws and regulations, we will always obtain your consent prior to the collection, use or disclosure of your personal information.
With regards to personal information collected, used, or disclosed for our Services, your consent will be expressed through your completed Consent Form, which will indicate the types of Services provided.
Please note that you have the right to refuse to provide us with your consent. You also have the right, subject to reasonable notice and applicable legal or contractual restrictions, to withdraw your consent regarding the use of your personal information already collected by contacting our Privacy Officer. The refusal to consent or withdrawal of your consent may prevent us from providing or continuing to provide you or the End Client with our Services.
B. Marketing and secondary purposes
We may also ask for your consent for secondary purposes, for example for development and marketing purposes. As mentioned above, we will ask for your consent in this regard. In addition, your consent for secondary purposes may be withdrawn at any time, without affecting the rendering of our Services to you or the End Client.
With your consent, we may also contact you to inform you about products, services, events, and resources which we think would be of particular interest to you. If you opt out of receiving further communications from us, we will take steps to ensure you do not receive any such further information from us in future.
C. Providing third-party personal information to us
If, at any time, you provide us with personal information or other information about an individual other than yourself, you warrant to us that you have that individual’s consent, including where applicable any other necessary consent to provide such information for the purpose specified and for us to treat such information in accordance with this Notice. We may need to ask for written proof of consent from that individual when necessary.
VII. PERSONAL INFORMATION DISCLOSURE
To provide you with our Services, we may need to disclose the personal information we collect about you. All such disclosures will be conducted in accordance with applicable laws and regulations.
We will never, by any means, sell or exchange your personal information for payment. We do not disclose personal information to third parties for their own direct marketing purposes. We may share limited information with service providers, such as analytics providers, to help us operate and improve our services.
We may disclose your personal information in the following circumstances:
A. End Clients
It is the very nature of our Services (including our background check services, insurance services, and identity verification services) to disclose certain personal information about you to the End Client (including prospective employers, insurance agents, etc.) as required by the applicable Services.
B. Third-Party Sources
To the extent required by the applicable Services, we will need to disclose certain personal information about you to Third-Party Sources (as defined in Section III of this Notice) in order to conduct the verifications and obtain any additional personal information required as part of such Services.
C. Employees and service providers
To provide the Services, certain of our employees with a need to know will have access to your personal information. All such employees will be advised of the personal and confidential nature of your personal information and be bound by reasonable confidentiality obligations.
Additionally, we may disclose your personal information to individuals or entities that assist us to deliver our services, such as our contractors, business partners, affiliates, agents, or service providers. These third parties may change from time to time and include technology and internet service providers and data storage or processing services providers. Where it is necessary for personal information to be provided to a third party in connection with the provision of a service to us, we will take reasonable steps within our power to prevent the unauthorized use or unauthorized disclosure of personal information.
D. Other permitted disclosures
Only to the extent allowed by the applicable laws and regulations, we may also disclose your personal information under the following circumstances:
- when you have expressly consented to such disclosure;
- when you would reasonably expect us to use or disclose your personal information in a certain way;
- when the disclosure is one of the purposes in connection with which the information was obtained or is directly related to the purposes in connection with which the information was obtained;
- when the source of the information is a publicly available publication and, in the particular circumstances, it would not be unfair or unreasonable to disclose the information;
- when authorized or required to do so by a court or under applicable laws or regulations (for example, a subpoena), or where requested by a government agency;
- where we consider a company or an individual may be engaged in fraudulent activity or other deceptive practices of which a governmental agency should be made aware;
- when disclosure is reasonably necessary for a law enforcement-related activity.
VIII. COOKIE POLICY
We use cookies (small text files placed on your device to track activity) and similar tracking technologies (such as web beacons and pixels) to collect information when you interact with our Services. These technologies help us:
- Maintain the security and functionality of our Services
- Fix bugs and prevent crashes
- Save your preferences
- Improve performance and user experience
Google Analytics
ISB Global Services uses Google Analytics to understand how users engage with our website. Google Analytics collects information such as:
- Frequency of site visits
- Pages visited and time spent on them
- Actions taken while browsing
- Device and browser information (IP address, browser type, operating system)
- Approximate geolocation data.
This helps us enhance our website’s performance and improve the overall user experience.
Google Analytics operates through cookies that may remain on your device even after your session ends. You can control your preferences for Google Analytics through:
- The cookie consent manager on our website.
- Your browser settings (e.g., blocking or deleting cookies).
- Installing the Google Analytics Opt-out Browser Add-on, which prevents Google Analytics from collecting data across websites.
- Adjusting your ad settings via Google Ads Settings or mobile device settings.
For additional options, you may visit:
For more details on how Google collects and processes data, please see the Google Privacy and Terms page.
Note: Disabling Google Analytics may affect some functionality but will not prevent you from using our Services.
IX. USE OF SUBPROCESSORS
ISB Global Services engages certain third-party service providers (“subprocessors”) to support the delivery of our Services. We maintain an up-to-date list of these subprocessors where we disclose the nature of the services provided. We may add or replace subprocessors as our business needs evolve and will update our subprocessor list accordingly. If you would like a copy of the list or have questions about our subprocessors, please contact us at legalteam@isbglobalservices.com.
In situations where we are required to provide notice under applicable law or a specific contractual obligation, we will notify users of such changes directly. By continuing to use our Services, you acknowledge and accept any changes made to our subprocessor list.
X. TRANSFER OF PERSONAL INFORMATION ABROAD
Most of our Services will be performed by our employees who are currently located in Ontario and Quebec (Canada). Our American services will be performed by our employees located in the United States. However, certain End Clients, Third-Party Sources or other service providers or third parties may be located in other jurisdictions. Some of our third-party service providers are based outside Quebec (Canada), notably across North America.
Accordingly, it is possible that some of your personal information may be transferred to places other than your province, territory, state, or country of residence. In such case, we will ensure that your personal information is transferred to countries that provide adequate protections for your personal information, or that your personal information is adequately protected by appropriate safeguards for international data transfers, such as Standard Contractual Clauses, industry best practices, and compliance with applicable regulations. When required by applicable laws and regulations, we will conduct an impact assessment prior to such transfers to identify and mitigate any risk of harm to individuals.
You acknowledge and agree to such international data transfers with respect to personal information of the nature described above.
XI. PERSONAL INFORMATION RETENTION
Personal information is retained for as long as necessary for the purposes set out in this Notice. After such time, any personal information held by us will be destroyed, deleted or made anonymous, unless we are required to retain your personal information for a longer period to ensure that we comply with our legal, tax or regulatory obligations.
The specific retention period depends on the nature of the personal information and the reasons for which it was collected. When determining how long to retain personal information, we consider several factors, including:
- The amount, nature, and sensitivity of the information.
- The potential risk of harm from unauthorized use or disclosure.
- The purposes for processing and whether those purposes can be achieved through other means.
- Any applicable legal, regulatory, or contractual requirements.
When we no longer have a legitimate business need to process your personal information, we will either delete or anonymize it. If immediate deletion is not possible (for example, because the information is stored in backup archives), we will securely store and isolate it from further processing until deletion becomes feasible.
In some cases, we may anonymize your personal information (so that it can no longer be associated with you) for research, statistical, or other business purposes. Aggregated, anonymized, or de-identified data may be retained indefinitely. Additionally, we may retain personal data for a commercially reasonable period to meet backup, archival, audit, dispute resolution, or legal compliance needs.
XII. DATA SECURITY
We maintain physical, electronic, and procedural safeguards to guard and protect your personal information. To learn more about our security measures, please consult our Information Security web page, https://www.isbglobalservices.com/information-security/.
However, despite our efforts, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee that cybercriminals, hackers, or other unauthorized third parties will never be able to defeat our security measures or improperly access, steal, or modify your data.
Transmission of personal information to and from our Services is at your own risk. You should only access our Services through secure networks and environments. In the event of a data breach involving a loss or unauthorized access to or misuse of your personal information, we will report such breach to you and any relevant authority as required by law.
XIII. YOUR RIGHTS
Depending on applicable laws and regulations of your jurisdiction, you might have the right to obtain access to, rectification or erasure of your personal information, the right to withdraw your consent (if any), the right to be informed of a decision based exclusively on an automated processing automated decision (if any), the right not to be discriminated against, the right to restrict and to object to the use and processing of your personal information by us, or the right to data portability by, namely, receiving a copy of all personal information that we have about you in a structured, commonly used and machine-readable format.
A. Making a request
To exercise any of these rights (to the extent available), please submit your request to us by writing to the Privacy Officer as set forth in Section XV of this Notice. Depending on the right being exercised, we will inform you of the procedure to follow, the processing time (delay of response) and the information needed. We will endeavor to process your request within one (1) calendar month from the date your request is received. We will inform you if this timeframe is not achievable and extend this timeframe as permitted by applicable law. We may need to verify your identity before processing your request.
Unless we are required or permitted by applicable laws and regulations to refuse to do so, we will, on request, provide you with details of the personal information we have collected about you or update and rectify your personal information in accordance with your request. Where we are also required by the applicable law to provide further information about the use or disclosure of your personal information, we will do so upon your request.
B. Exceptions
If we refuse to provide you with access to, or to rectify or erase, your personal information as requested or otherwise meet your requests, we will notify you accordingly. Where appropriate, we will provide you with the reason(s) for our decision and the mechanisms available to complain about the refusal. We may exercise such refusal if your personal information is not retrievable, the request is frivolous or vexatious, providing access or otherwise meeting your request is reasonably likely to pose a serious threat to the safety of an individual or the public or for any other reason supported by applicable laws and regulations.
XIV. PERSONAL INFORMATION MANAGEMENT PROGRAM
In order to protect your personal information, we have put in place policies, practices and procedures relating to the management of the personal information we hold.
These internal policies and procedures govern the collection, use, disclosure, retention, and destruction of personal information, as well as complaint handling, information security, and data governance. These policies and practices also provide the framework for the implementation of privacy impact assessments, as well as the prevention of and response to potential privacy incidents.
XV. DATA PRIVACY FRAMEWORK COMPLIANCE AND INTERNATIONAL DATA TRANSFERS
ISB Global Services complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
ISB Global Services has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
ISB Global Services has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ISB Global Services commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
The Federal Trade Commission (FTC) has investigatory and enforcement power over ISB Global Services’ compliance with the EU-U.S. DPF, the UK Extension to the EU- U.S. DPF and the Swiss-U.S. Data Privacy Framework.
Under certain conditions, individuals may invoke binding arbitration to resolve disputes regarding ISB Global Service’s compliance with the Data Privacy Framework (DPF) Principles. ISB Global Services is committed to arbitrating claims in accordance with Annex I of the DPF Principles, provided that the individual has delivered notice to ISB Global Services and followed the conditions set forth in Annex I of Principles.
ISB Global Services is committed to protecting Personal Information in accordance with the Data Privacy Framework (DPF) Principles. In cases where ISB Global Services transfers Personal Information to a third party, ISB Global Services remains responsible under the DPF Principles if the third party processes such information in a manner inconsistent with the DPF Principles, unless ISB Global Services can demonstrate that it is not responsible for the event giving rise to the damage.
XVI. EUROPEAN DATA PROTECTION AUTHORITIES AND COMPLAINT RESOLUTION
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ISB Global Services commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
XVII. CONTACT US
We have delegated the management of the privacy program to the Privacy Officer. The Privacy Officer is responsible for the internal management and oversight of our privacy program and can be reached at:
Privacy Officer
ISB Global Services
100 Stone Rd W Unit #203
Guelph, ON N1G 5L3
1.800.609.6552
legalteam@isbglobalservices.com
ISB Global Services
100 Stone Rd W Unit #203
Guelph, ON N1G 5L3
1.800.609.6552
legalteam@isbglobalservices.com
It is also the responsibility of the Privacy Officer to provide you with the necessary support in the event of a question, complaint or request relating to the protection of personal information.
In the event that you have a complaint regarding the exercise of your rights under this Notice, we will respond to your complaint as soon as possible. Your file will be handled by our Privacy Officer, who will inform you of the procedures to follow. Each complaint will be investigated. If the complaint is justified, the specific situation will be corrected, and you will be informed. We will contact you to let you know how long it will take to resolve the complaint.
If you believe that we have not adequately dealt with your complaint, you may complain to the competent authority, such as the Commission d’accès à l’information du Québec for the province of Quebec or the Privacy Commissioner of Canada.
XVIII. SUPPLEMENTAL EUROPEAN PRIVACY RIGHTS STATEMENT
If you are a resident of the European Economic Area, we rely on our legitimate interest, contractual relationship, and your consent as described in this Privacy Notice to process your personal information. Additionally, subject to any exemptions as provided by law, you may have certain rights regarding the personal information we maintain about you. We offer you certain choices about what personal information we collect from you, how we use that information, and how we communicate with you. If at any time you wish to exercise your rights, please reach out to us in accordance with the “Contact Us” section below.
According to the GDPR, UK GDPR, and FADP, you have the following rights:
- Right of Access. If you ask us, we will confirm whether we are processing your personal information and, if so, provide you with a copy of that personal information along with certain other details. If you require additional copies, we may charge a reasonable fee.
- Right to Rectification. If your personal information is inaccurate or incomplete, you may be entitled to ask that we correct or complete it.
- Right to Erasure. You may ask us to erase your personal information in some circumstances, such as where we no longer need it, or you withdraw your consent (where applicable) and where there is no other legal basis for processing.
- Right to Restrict Processing. You may ask us to restrict or ‘block’ the processing of your personal information in certain circumstances, such as if you contest its accuracy or object to us processing it.
- Right to Data Portability. You may have the right to obtain your personal information from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and if the processing is carried out by automated means.
- Right to Object. You may ask us at any time to stop processing your personal information, and we will do so: (a) if we are relying on a legitimate interest to process your personal information, unless we demonstrate compelling legitimate grounds for the processing or your data is needed to establish, exercise, or defend legal claims; or (b) we are processing your personal information for direct marketing and, in such case, we may keep minimum information about you (for example, in a suppression list) as necessary for our and your legitimate interest to ensure your opt out choices are respected in the future and to comply with data protection laws.
- Right to Withdraw Consent. If we rely on your consent to process your personal information, you may have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.
- Right to lodge a Complaint. If you have a concern about our privacy practices, including the way we handled your personal information, you can report it to the data protection authority that is authorized to hear those concerns.
Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply. We will not discriminate against you for exercising such rights.
Except as described in this Notice or provided for under applicable privacy laws, there is no charge to exercise your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking in account the administrative costs of providing the information or taking the action requested; or refuse to act on the request and notify you of the reason for refusing the request.
Contact Us
If you are a resident in the European Economic Area, we are the "data controller" of your personal information. We have appointed …… to be our representative in the EEA. You can contact them directly regarding our processing of your information via email at
If you are a resident in the United Kingdom, we are the "data controller" of your personal information. We have appointed … to be our representative in the UK. You can contact them directly regarding our processing of your information via email at
If you have questions or comments about this Statement, you may contact us at
Privacy Officer
ISB Global Services
100 Stone Rd W Unit #203
Guelph, ON N1G 5L3
1.800.609.6552
legalteam@isbglobalservices.com
ISB Global Services
100 Stone Rd W Unit #203
Guelph, ON N1G 5L3
1.800.609.6552
legalteam@isbglobalservices.com
While we are not affiliated with or employed by these organizations, we may reference our verified status in marketing materials, proposals, and client communications to demonstrate ISB’s commitment to compliance and security.