top of page

ISMC Global website privacy notice

ISMC Global website privacy notice

ISMC and our affiliated companies worldwide (“ISMC”) are a global professional services firm focused on delivering business consulting for our clients. This privacy notice describes our approach to privacy, why we collect your personal data, what data we are collecting, how

we process it, and how you can manage and delete your personal data. In this privacy notice, we also provide information about higher or different standards that apply in particular locations.

ISMC is a controller or its equivalent under privacy laws where it decides how and why personal data is used. Where we act as a processor or its equivalent in our capacity of providing services to a client, we will only use personal data in accordance with specific written instructions from our client. In those cases, the client is the data controller or its equivalent for that personal data and will be responsible to data subjects for the way in which their personal data is processed. Where applicable and in accordance with privacy laws, we shall assist the relevant data controller in complying with your privacy rights. If you have any questions or concerns about this privacy notice or your personal data, please

contact us at

1. What personal data we collect and how we collect it.

2. Purpose and lawful basis for processing personal data.

3. Security.

4. How we share your personal data.

5. International and group company transfers of personal data.

6. Data storage and retention.

7. Existence of automated profiling.

8. Data Subject rights:

     Residents of California and Virginia

     Residents of Europe

9. Contact us and information regarding complaints.

10. Changes to our privacy notice

1. What personal data we collect and how we collect it

ISMC collects the following personal data in one or more of the following ways. Your name or other unique identifier: ISMC uses this information in order to contact you in response to your request to do so or to receive marketing communications. On the ‘Contact Us’ page: ISMC uses the contact information you submit to enable us to respond to a general or business inquiry made by you, or on behalf of the company that you represent.

Internet and network activity when you visit our website: ISMC uses cookies and web beacons to collect data on how you use our websites, including your IP address, pages visited, and length of time spent on the site. Please see our COOKIES NOTICE LINK for further

information and to customize your cookie preferences.


  • When you use our Subscription Center: ISMC uses the information you provide, such as your name and email address, to provide subscription services. The subscription center also keeps track of your communication preferences and areas of interest (such as receiving newsletters, thought leadership content and/or marketing materials), that you have either

        opted in to, or opted out of.

  • Our career portal: ISMC collects education and employment information when you submit an application for a role at ISMC via our career portal. Email communications: If you receive our marketing communications, we will track when you receive, open, click a link in, or share an e-mail you receive from ISMC. Please refer to our Customer Privacy Notice for further details. To unsubscribe from ISMC marketing communications, please click here.

  • Information from other sources: Depending on your relationship with ISMC, ISMC may receive information about you from other sources, including but not limited to data vendors, insurance providers, auditors, travel service providers, consulting firms, background check service providers, and social media to ensure the accuracy and completeness of your personal data.


2. Purpose and lawful basis for processing personal data

ISMC uses the personal information it has collected from you in the following ways:

  • Consent: Where we require your consent, you will find opt-in mechanisms and you will have the ability to withdraw consent at all times.

  • Contract: Where we need to perform a contract that we are about to enter into or have entered into with you. For example, when we perform services for you.

  • Legal or regulatory obligation: This includes maintaining records, performing compliance screening (such as anti-money laundering, financial or credit checks, fraud and crime prevention and detection analysis, and screening for compliance with trade sanctions and embargo laws). This also includes automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity or making records of our communications with you for compliance purposes.

  • Legitimate interests: Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests. Our legitimate interest will include, for example, market research purposes, marketing purposes and appropriate controls to ensure our website, processes and procedures are running effectively, for the prevention and detention of against fraud and for Information Technology (IT) security purposes. You can contact us for further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities. If processing personal data is subject to any other data protection laws, then the lawful basis for processing personal data may be different to that set out above. In those circumstances, the processing will be based on the applicable national or state laws. ISMC shall only process the received information to pursue our legitimate business interests. This includes screening resumes of prospective candidates, establishing communication with prospective customers (whom you represent) and personnel with general/business inquiries, and to enhance our user experience. Please visit our Customer Privacy Notice and our


Candidate Privacy Notice for further details.

You also have the option to subscribe/opt-in to receive newsletters, thought leadership content and/or marketing materials. You can always opt out by using our Subscription Center or writing to ISMC shall adhere to your preferences


3. Security

ISMC implements industry standard security measures to keep your personal data secure and confidential, including but not limited to:

Restriction of access to your personal data to ISMC employees strictly on a need-to-know basis, such as responding to an inquiry or request. Implementation of physical, electronic, administrative, technical and procedural safeguards that comply with applicable rules, laws, legislation and regulations to protect your personal data from unauthorized or inappropriate access, alteration, disclosure and/or destruction. It is important that you also make every effort to protect your password and computer from unauthorized access. Be sure to sign off when you are finished using a shared computer. Disciplinary action against ISMC employees who misuse personal data, which is a violation of ISMC policies.

4. How we share your personal data

The personal data ISMC collects from you is stored in one or more databases hosted by third parties. These third parties do not use or have access to your personal data for any purpose other than cloud storage and retrieval. On occasion, ISMC engages third parties to respond to

any queries raised by you or to establish business communications, including marketing communications, to prospective customers. For information on the third-party vendors partnered with ISMC, please click here. ISMC shares your personal data with service providers, which, depending on your relationship with ISMC, may include but is not limited to payroll processors, cloud service

providers, and administration support providers. Personal data shared with these service providers is for business purposes only.

ISMC has offices and operations in a number of international locations and we share information between our group companies for business and administrative purposes. Please click here to see a list of the locations within our corporate group.

Where required or permitted by law, information may be provided to others, such as, but not limited to regulators and enforceable government directives. From time to time, ISMC will consider corporate transactions such as a merger, acquisition, reorganization, asset sale, or similar transaction. In these instances, we may transfer or allow access to information to enable the assessment and undertaking of that transaction. If we buy or sell any business or assets, personal data may be transferred to third parties involved in the

transaction. In these instances, ISMC will continue to ensure your personal data is protected and ISMC will provide any impacted data subjects notice before any personal data is transferred or subject to a different privacy policy.

5. International and group company transfers of personal data

We are part of an international group of companies and transfer personal data concerning you to countries across the globe. Safeguards are put in place under applicable data protection laws to ensure the safe transfer of data between regions. You can find a list of the locations within our corporate group here. We transfer personal data between our group companies and data centers for the purposes described above. Your personal data will be stored in databases located in regions across the globe including India. The databases are controlled by our administrative staff located outside of the European Union including in India and can be accessed electronically. Specific transfer mechanisms outside of the European Union under the GDPR: Where we transfer personal data outside the EU and between our group companies, we either transfer personal data to countries that provide an adequate level of protection as determined by the European Commission, or use alternative safeguards. Standard contractual clauses are used as the appropriate safeguards. To find out more about standard contractual clauses, click here. To the extent Protection of Personal Information Act (“POPIA”) applies, where we transfer

personal data outside of the country in which ISMC is established, we only transfer personal data to countries that provide an adequate level of protection and/or we ensure that we have appropriate safeguards in place to cover these transfers, as permitted under the applicable data protection legislation. If you would like more information on any of the data transfer mechanisms we rely on, please

contact us at

6. Data storage and retention

ISMC shall retain your personal data pursuant to the business purposes and in line with our retention policies. We will only keep your personal data for as long as is reasonably necessary taking into consideration the purposes outlined above or to comply with legal, accounting or reporting requirements under applicable law(s). To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Personal data received from prospective candidates shall be retained in accordance with the

retention criteria set out in our Candidate Privacy Notice. Personal data received from prospective customers shall be retained for the duration of the prospective customer’s business relationship with ISMC and in accordance with the retention

criteria set out in our Customer Privacy Notice.

For more information on where and how long your personal data is stored, please contact us at

7. Existence of automated profiling

ISMC uses automated profiling in limited circumstances relating to email campaigns. As part of our email campaigns, we track when you receive, open, click a link in, or share an e-mail you receive from ISMC using a ISMC managed automated solution. The automated solution profiles the information tracked to evaluate your interest in ISMC’s service offerings and/or


promotions. This enables us to identify and target potential customers and/or business partners

and aims to provide you with relevant and timely content based on your indicated interests.

8. Data Subject Rights

You may have certain rights in relation to your personal data pursuant to data protection laws in your jurisdiction. To exercise such rights, please contact

The rights for certain jurisdictions are explained in further detail below.

Residents of California and Virginia:

Please note that ISMC does not sell or share personal information as defined in sections

1798.140(t) and 1798.140(ah)(1) of the California Consumer Privacy Act of 2018, as

amended by the California Privacy Rights Act.

ISMC also does not sell the personal information of children under age 16.

Your rights

Depending on your state of residency, you may have the ability to exercise all or some of the following rights, subject to any exemptions or exceptions in applicable law:

  • The right to access what personal information has been collected about you by making a proper Verifiable Consumer Request (VCR). Through a VCR, you may request:

1. The categories of personal information collected about you in the preceding 12


2. The categories of sources from which personal information is collected;

3. The business or commercial purpose for collecting personal information;

4. The categories of third parties with whom ISMC shares personal information; and

5. Specific pieces of personal information collected about you.

  • The right to request deletion of personal information that has been collected about you, subject to certain exceptions.

  • The right to request that your personal information be transferred to a third party.

  • The right to correct inaccurate personal information, taking into account the nature of the personal data and the purposes of the processing of the personal data.

  • The right, if applicable, to restrict sensitive personal information processing.

  • The right to non-discrimination against you for exercising any of the rights listed above. You may exercise your rights with respect to your personal information by submitting a Verifiable Consumer Request on ISMC’s request portal here. You may also submit a request by calling 1(888) 914-9661 and entering in the following ID: 112797. You may designate an authorized agent to make a request on your behalf if necessary. We will use reasonable methods to verify your identity when receiving a request. If collecting new information is necessary to verify your identity, it will only be used for identity purposes; and will be deleted as soon as practical after processing the request and to comply with recordkeeping obligations. To the extent possible, we will provide you with your personal information in a format that you can share with other businesses. For issues accessing ISMC’s portal, please contact ISMC will respond to a Verifiable Consumer Request within 45 days. Should we require more time, ISMC will notify you of the extension period and the reason for the extension in writing. In some situations and subject to certain exemptions, we may decline a request to exercise the


rights above, particularly if we are unable to validate your identity. Depending on your state of residency, you may have the ability to appeal a decision we have made in connection with your VCR.

Residents of Europe:

  • The right to request access to your personal data and request details of the processing activities conducted by ISMC.

  • The right to erasure of your personal data under certain circumstances.

  • The right to request that your personal data is rectified if it is inaccurate or incomplete.

  • The right to request restriction of the processing of your personal data in certain circumstances.

  • The right to object to the processing, including the sale or commercial use, of your personaldata in certain circumstances.

  • The right to receive your personal data provided to us as a controller in a structured, commonly used and machine-readable format in certain circumstances.

  • The right to object to, and not to be subject to a decision based solely on, automated processing (including profiling), which produces legal effects or significantly affects you.

  • The right to withdraw your consent provided at any time by contacting us. In accordance with the GDPR, we will respond to your request within one month upon receipt of your request. Where we are unable to progress your response, we will contact you. In certain circumstances, ISMC may extend the timeline of our response to 3 months in accordance with applicable law. To exercise your rights with


respect to your personal data, you can submit a data subject

request on ISMC’s request portal here. For issues accessing ISMC’s portal, contact


You may find further information specific to residents of Europe by visiting GDPR page.

9. Contact us and information regarding complaints

Contact us:

Please contact us with any concerns you may have. You can contact us by writing to us at

10. Changes to our privacy notice

This privacy notice was last updated in December 2022 and ISMC will notify you of changes we may make to this privacy notice where required. However, we would recommend that you look back at this notice from time to time to check for any updates.

Ingo Schmitz (CEO)- +49 69 400 50 170

Email -

Rana Hargovind Singh (AIG e.V)

Sonnenstrasse 84, 48429 Rheine Germany 

Tax ID 311/5180/1391, VAT ID (USt) DE 251989651




Contact Us

Email -

© 2024 by ISMC. All rights Reserved

  • LinkedIn
bottom of page