Privacy & Cookies
13 JUNE 2018
The International SOS Group of Companies includes companies in over 70 countries. We make sure that all of these companies meet or exceed legislated and industry standards for Data Protection to ensure that your personal information is protected across borders while we assist you worldwide.
In this Privacy Notice we make a commitment to protect your privacy. We also describe what information we collect about you and why we collect it, how we use and safeguard that information and we explain what choices you have, including how to access and update or ask us to delete your information.
Our Promise to You:
- When we need your Personal Information we always explain the purpose and will not use your information for any other purpose without asking you first.
- We do not retain your personal information longer than required for the purpose of providing our services to you.
- Your personal information can only be accessed by authorised personnel.
- You can ask to review or update the personal information we hold about you.
- We only share information with third parties for purposes specified in this Privacy Notice, for reasons required by law or with your explicit prior consent.
- We carefully select our partners and third-party service providers and implement contractual clauses that hold them accountable to the same data protection and privacy standards we meet ourselves.
- We actively monitor external threats and act quickly and transparently to protect your privacy.
- We understand that technology develops rapidly and continuously monitor and enhance the measures we have implemented to protect your information from unauthorized access and accidental loss or disclosure.
Types of Personal Information
Personal Identifiable Information (PII) or Personal Data is information that can be used on its own or in combination with other information, to identify, contact or locate a single person, or to identify an individual or natural person in context. Personal information does not include anonymised or statistical data that by itself does not allow identification of you as an individual.Sensitive Information or Special Category Personal Data we may collect includes information about an individual’s current health or health history, sexual orientation or religion.
How we collect and use Your Personal Information
In order to provide our services, we will usually need to collect some personal information about the individuals we are assisting.
We collect information about you when you buy, use or benefit from International SOS' services or products.
We may not always receive personal information from you directly but also from other sources, such as your employer or your relatives, your insurance company, other assistance companies, financial institutions, medical service providers or travel agencies.
Travel Security (TravelTracker)
If you use our TravelTracker app, it will collect some Personal information and Travel information. This includes the email address of the app enabled device and your organisation or your personal International SOS membership number. The app also periodically collects usage data.
This information is integral to how the app works, as we need to know where you are in order to keep you safe. The app will provide local emergency contact details, tailored medical and security alerts for your location as well as monitoring your location so we can assist you during situations where you may be in danger. Location monitoring is a voluntary feature and you can disable it at any time.
Medical and Security Assistance
When you speak with someone at one of our Assistance Centres, the call will usually be recorded. We do this for Training and Quality purposes. If you do not wish to be recorded, please let us know and we will call you back on an unrecorded line.
In order to assist you, we will usually need to ask you for some personal information, such as your name, contact details and the company you work for, and this will be recorded on our case management system. Such information is required to identify you and respond to you and where required keep a record of our interaction. We will only collect as much Personal Information as is required to provide the service you ask for in a safe and efficient manner. Some of this may be sensitive data such as medical information required to refer you to a suitable healthcare provider.
If our coordinators ask you for permission to share your personal information and medical information with your insurer, this will be to allow them to place a Guarantee of Payment so you will not be asked to pay for your medical expenses. Your consent will allow us to submit a claim to your insurer.
If our coordinators ask you for permission to share personal or medical information with your employer, this is because your employer has asked us to update them each time we provide assistance so that they can fulfil their Duty of Care and offer support where needed. They may also require us to obtain approval from them before paying for your medical expenses. You can withhold your consent for us to share either your personal information, medical information or both. Where your employer requires us to obtain their approval before making financial arrangements on your behalf, we may not be able to assist you with this if we do not have your consent to contact them.
Medical Services (Clinics)
If you visit one of our clinics, for example for a consultation, medical treatment or occupational health assessment, personal and sensitive information will be collected as part of your medical record maintained by the clinic which allows our medical staff to provide medical advice and treatment as appropriate. We retain original medical records in compliance with applicable regulation.
Training and E-Learning
International SOS provides Training services and we will collect some personal information as part of attendance or completion records and to issue certificates to candidates.
We will ask for your Personal information and Credit Card Information (Card Company, Number, Expiry Date) to assist you and process your payment. We handle all payment information in accordance with the Payment Card Industry Data Security Standard (PCI DSS). Full details are available in the Aspire Privacy Statement at https://www.aspirelifestyles.com/en/privacy-policy.
Occupational Health Assessment (MedFit)
We will receive your name and email address from your employer. In the course of providing services, we will also maintain relevant health records received from you and the occupational health clinic. At the end of contract, International SOS will return any such health records in accordance with instructions received from your employer.
International SOS Website
Cookies and Tracking Technology
Acceptance and links to other websites
This website may contain links to other websites, which are there for your convenience and not as an indication of International SOS’s approval. These other websites may have their own policies, which we do not control, and therefore are not covered by this statement or the International SOS Data Protection Policy.Data Protection for Minors
We do not knowingly collect any information on anyone who has not reached the age of 18 years through the online services and the International SOS website.
How long we keep Your Personal InformationWe only retain your personal information as long as it is required and we have a lawful reason. When your personal information is no longer required it will be securely destroyed or transferred in accordance with prior contractual agreement or your own preference. Our data retention policy is published at https://www.internationalsos.com/privacy.
Sharing your Personal Information
We do not sell your personal information in any circumstances and our business model does not rely on such action.
Your personal information may be transferred to other companies within the International SOS Group, or to third-parties that help us deliver our services to you. These companies may be located in another country.
Whenever we need to transfer sensitive personal information (such as medical information), we will first ask for your consent.
We do not share your personal information with third parties unless one of the following conditions or reasons apply:
You have provided explicit consent
We will ask for your explicit consent before sharing any sensitive personal information about you. We will provide you with clear explanations to allow you to make an informed choice. You are entitled to withdraw your consent at any time.
For external processing
For legal reasons
We may transfer your personal information to Government authorities, agencies and institutions, but ONLY as required or allowed by applicable regulations.
To verify your insurance or employment benefits
In some cases we may need to notify third parties such as your insurer or employer, for example to verify your benefits before paying for your medical expenses, and share some of your personal information with them. We will always ask for your consent if sensitive data needs to be shared or if we need to share information for additional purposes that you may not expect.
Accessing, correcting or deleting your Personal Information
You can seek access to, or revise, or ask to delete the personal information that International SOS has collected from you by using our Data Subject Rights Request Form: https://app.whispli.com/InternationalSOS-Data-Subject-Rights-Request. If you have a user account, you can access and manage your records through our website. You can also contact the Assistance Centre, clinic, medical service facility or individual employee you have been dealing with. Or you can write to us using the contact link on our website.
If you do not wish to contact International SOS through any of these channels, you can contact our Data Protection Officers, responsible for the jurisdiction in which you are living or where you are receiving our products or services. You can contact our Data Protection Officers at email@example.com.
When you make a Data Subject Right Request,
(a) You will be asked to provide International SOS with details of the data requested and the reasons why that data needs correction;
(b) You will be asked to provide proof of who you are;
(c) If applicable, we may seek verification with your employer or your company’s authorised personnel.
We will strive to address your request as soon as possible and no later than thirty (30) calendar days from the date your request is received and understood.
If International SOS is asked to destroy personal information, we will ensure that its recreation is prevented and shall take reasonable care to make sure that there is no unauthorised disclosure during the destruction of the data. To allow us to do this, we will maintain a record of all such requests, including a minimum of personal information required.
How we protect your Personal information
- We have group-wide independent certification to the International Information Security standard ISO 27001 https://www.iso.org/isoiec-27001-information-security.html
- We invest in industry-standard encryption and commission regular penetration testing and continuous threat monitoring
- We thoroughly and routinely vet the Information Security Management Systems of all our third party IT vendors
- The certification of our Binding Corporate Rules by the French Data Protection Authority means that you can be sure that your data is protected even when we need to transfer it to other entities of the International SOS group
- Our Data Protection Officers monitor Data Protection regulation developments globally to ensure that we are always compliant with legal requirements.
- We have internal policies to prevent inappropriate or unauthorised access or disclosure or accidental loss of personal information and all employees receive regular Data Protection training.
- We have implemented physical security measures to safeguard personal information from misuse, alteration, accidental loss or destruction.
How to resolve disputes with International SOS
If you are unsatisfied with the manner in which your question or concern is being addressed, you can contact us at firstname.lastname@example.org.
If you do not wish to make a complaint through our online services, you may direct all enquiries, concerns or complaints regarding our processing of your personal information to our Data Protection Officer at email@example.com.
We promise to investigate and address all concerns and complaints as quickly as possible. We will provide an acknowledgement of your query together with an indication of the approximate length of time that it will take us to review it within a week of receipt. If it will likely take us longer than two weeks to address your query, we will also provide you with regular updates throughout the process.
If you receive services from International SOS through your employer, through a relative's employer, an association or institution, or an insurance or financial services program and your personal information has been improperly handled a result of the actions or inactions of such third party, we cannot be liable for resolving any resulting disputes. We will direct you to the appropriate point of contact in such cases.
You have the right at any time, to raise your issues with a data protection authority or to take your case to a court.
Changes to this Statement
We regularly review and on occasion update this statement to ensure it remains in line with applicable regulation and our Information Security and Privacy Policies. We will inform you of such changes by prior notification, usually through the www.internationalsos.com website. This statement is not intended to create any contractual or other legal rights; its purpose is to explain how your personal information will be processed to allow the provision of International SOS services and how you can make use of your rights under data protection legislation in relation to such processing.