IISRI®
Privacy Policy

1 / Scope

IISRI® provides services and reports to customers in the United States of America, China, Australia, and New Zealand.

2 / Purpose

IISRI® is committed to safeguarding the privacy of our customers; in this policy, we explain how we will treat your personal information. This Privacy Policy explains data collection, data use, and data disclosure by IISRI® and your rights to access, modify or delete your data. By using this website, rating reports, and our services, you are deemed to have accepted and agreed to this Privacy Policy.

3 / Information Collected

Below you will find a description of possible interactions with IISRI® where private information might be collected.

3.1 / Website

Any information, materials, and services provided on this website are under the Terms and Conditions. By using this website you agree with them. We use cookies as your consent to our Terms and Conditions. We do not use cookies to collect any information about you or how you use our website. We might store anonymized information with a 12-monthly retention policy.

3.2 / Rating Reports

In order to get our rating reports, you need to provide us with the following details: your first and last name, email address, and (optionally) organization name. This information is retained for 12 months or until the rating expires. After this period all your personal information is automatically removed.

2.3 / External Assessments

External assessments are performed based on publicly available information. Therefore, none of the information is classified as privacy-related information. All information used during the assessments is mirrored, timestamped, encrypted, and stored in a secure location.

2.4 / Internal Assessments

Internal assessments are performed with the cooperation of the assessed organization and therefore privacy related, sensitive, or confidential information may be provided to IISRI®. All information obtained via electronic communication is transferred over an encrypted channel. Access to this information is strictly limited to the IISRI® assessors per assessment and the IISRI® rating committee. ALL data used during and after the assessment are encrypted, other than the published reports available on this website.

2.5 / Email

Any information sent to IISRI® by email is considered to be sent through an unencrypted channel. Therefore such information is automatically declassified and is not covered by this policy.

3 / Use of Collected Information

Only in two situations does IISRI® use your personal information: when you buy our reports from our website and when we perform internal assessments. This information is retained for 12 months or until the rating expires.

3.1 / Reports

Information you provide is used to create a unique watermark and stored in case you lose your rating report. You can contact us and based on this information we can send you a copy of the report.

ISRI® will not disclose confidential information to third parties. However, in the case of internal assessments, the assessed organization might request us to disclose confidential parts of the report to third parties. In order to do that IISRI® will first confirm that the requestor is the owner or legitimate representative of the assessed organization.

3.2 / Internal Assessment

Information provided by you is used to perform the internal assessment and to provide you with an internal information security rating.

3.3 / Payment

Our payment services provider handles all our online financial transactions and respects your privacy according to their privacy policy. We will share your information with our payment services provider only to the extent necessary for the purposes of processing online payments via our website and possible refunds.

4 / Disclosure of Information

IISRI® does not disclose any collected private information to any third party without your explicit consent. IISRI® does not disclose any collected personal information to any government or legal authority except when IISRI® is forced to do so by NZ Legal/Judicial authority.

5 / Retaining Personal Information

We only retain your private information for a period over the time specified in this policy when we need to comply with our legal obligations concerning the retention and deletion of personal information or to establish, exercise, or defend our legal rights.

6 / Policy Modifications

IISRI® may amend this Privacy Policy from time to time and will post any changes on this site. You should check this page occasionally to ensure you are informed about any changes.

7 / Questions and Requests

If you would like IISRI® to remove information related to you, please use the contact form here. If you have any questions or comments about this Privacy Policy, please also use the contact form.