Customer Logins

Obtain the data you need to make the most informed decisions by accessing our extensive portfolio of information, analytics, and expertise. Sign in to the product or service center of your choice.

Customer Logins

IHS Markit Policy for the Processing of Data Governed by the GDPR

The relevant IHS Markit entity that provides the products or services and its affiliates (“IHS Markit”) may collect, process or handle Personal Data relating to individuals in the European Economic Area, Switzerland and/or the United Kingdom (the “Personal Data”) on behalf of its customers and its affiliates, where applicable (“customer”).

Although IHS Markit’s relationship with its customers is typically governed by its general terms and conditions and/or a master agreement, which includes order forms, exhibits, schedules and addenda (the “Agreement”), IHS Markit is also legally bound under the EU General Data Protection Regulation 2016/679 (the “GDPR”) and the UK Data Protection Act 2018 (“UK GDPR”), where they apply, concerning the manner in which it collects, uses, and processes Personal Data. This Policy describes IHS Markit’s commitment to the processing of Personal Data under the GDPR and the UK GDPR.

If the United Kingdom (“UK”), Switzerland, and/or European Economic Area (“EEA”) member state law applicable to a specific IHS Markit customer requires that this Policy be appended to the Agreement, then, IHS Markit will execute a version of this Policy upon written request. Please contact your usual account representative or applicable IHS Markit Division if you would like an executable version of this Policy. 

  1. Appropriate Technical and Organizational Measures. When IHS Markit processes Personal Data on behalf of a customer, IHS Markit implements appropriate technical and organizational measures to satisfy the requirements of the GDPR and UK GDPR, to ensure the level of security of Personal Data is appropriate to the level of risk, and to help ensure the protection of the rights of the data subject. 
  1. Subprocessing. Customers may provide IHS Markit specific or general written authorisation to utilize subprocessors. IHS Markit requires that each of its subprocessors that may have access to Personal Data agrees to provide at least the same level of protection as is described in this Policy. To the extent required by law, IHS Markit remains liable to its customers for any actions by its subprocessors that impact any rights guaranteed under the GDPR and/or UK GDPR. A list of our Subprocessors can be found here
  1. Written Instructions. IHS Markit only processes Personal Data in accordance with the terms (and to satisfy our obligations) set out in any Agreement, this Policy, the S&P Global Privacy Policy and any other written terms agreed with customer from time to time. The foregoing documents set out the subject-matter, duration, nature, purpose, types of Personal Data, categories of data subjects, and the obligations and rights of IHS Markit’s customers relating to its processing of such Personal Data. 
  1. Transfers to non-EEA Countries. In connection with certain of its products and services, IHS Markit confirms that Personal Data may be transmitted outside of the EEA, Switzerland and the UK. However, IHS Markit will only transfer Personal Data provided it has a legal basis to do so under applicable law, such as by offering to customers the SCCs or the UK Addendum.

    The SCCs are pre-signed by IHS Markit and immediately available to customers for signing and returning. To download a copy of the SCCs, click here. The UK Addendum, which incorporates the SCCs, can be downloaded by clicking here
  1. Confidentiality. IHS Markit requires that the people it authorizes to process Personal Data are under appropriate obligations of confidentiality. 
  1. Cooperation Concerning Data Subjects. IHS Markit cooperates with the reasonable requests of its customers (at the customer’s reasonable expense) to help them fulfill their obligations under the GDPR and the UK GDPR to respond to requests by data subjects to access, modify, rectify, or remove their Personal Data. 
  1. Cooperation Concerning Customer Documentation. IHS Markit cooperates with the reasonable requests of its customers to provide information necessary to demonstrate compliance with this Policy and the GDPR and UK GDPR or to conduct audits of the Personal Data held by IHS Markit that was received from the customer. IHS Markit will typically agree to such audits on the following basis: (a) audits may only occur once per calendar year and during normal business hours, and only after reasonable notice to IHS Markit (not less than 30 business days); (b) audits will be conducted by customer or an appropriate independent auditor appointed by customer (not being a competitor of IHS Markit) to conduct audits, in a manner that does not have any adverse impact on IHS Markit’s normal business operations; (c) customer and/or its representatives will comply with IHS Markit’s standard safety, confidentiality and security procedures in conducting any such audits and shall not have access to any proprietary or third party information or data; and (d) any records, data or information accessed by the customer and/or its representatives in the performance of any such audit will be deemed to be the confidential information of IHS Markit, as applicable, and may be used for no other reason than to assess IHS Markit’s compliance with the terms of this Policy (in connection with the foregoing, IHS Markit may require customer and and/or its representatives to enter into a customary confidentiality agreement prior to any such audit); (e) to the extent any such audit incurs or is reasonably likely to incur in excess of 10 hours of IHS Markit personnel time, IHS Markit shall be entitled to charge customer a reasonable hourly fee for any such excess time. Customer may request a quote of the reasonable hourly fee from IHS Markit and, if a quote is requested by customer, the audit will not proceed without customer’s prior approval of such quote. 
  1. Personal Data Breach. In the event of a Personal Data breach under the GDPR or the UK GDPR, IHS Markit will notify its applicable customers without undue delay after becoming aware of the breach. Such notification(s) may be delivered to an email address provided by customer or, at IHS Markit’s discretion, by direct communication (for example, by phone call or an in-person meeting). Customer is responsible for ensuring that any email address for notifications provided by customer is current and valid. IHS Markit will take reasonable steps to provide its customers with information that they may reasonably require to comply with their obligations to notify impacted data subjects or supervisory authorities. 
  1. Deletion of Data; Termination and Variation. At the termination of a customer’s relationship with IHS Markit, IHS Markit will delete or return all Personal Data to the customer, unless IHS Markit is permitted to retain it or is otherwise required to retain it by applicable laws, regulations or bona fide audit and compliance policies. Customer may request a quote of the reasonable fee from IHS Markit and IHS Markit will provide customer with a quote for reasonable fees to comply with this request. 

    This Policy is entered into effect on May 25, 2018 and will remain in effect until, and automatically expire upon, deletion of all Personal Data by IHS Markit. IHS Markit reserves the right to reasonably amend and update this Policy from time to time. IHS Markit will give no less than 30 days’ notice of any such changes, which shall be included on the IHS Markit website. 
  1. Governing Law. This Policy shall be governed by the governing law (and subject to the jurisdiction(s)) of the relevant Agreement and otherwise subject to the limitations and remedies expressly set out in the Agreement.

 If you have any queries about this Policy please contact your usual account representative.

{"items" : [ {"name":"share","enabled":true,"desc":"<strong>Share</strong>","mobdesc":"Share","options":[ {"name":"facebook","url":"https://www.facebook.com/sharer.php?u=http%3a%2f%2fihsmarkit.com%2fLegal%2fdata-governed-gdpr.html","enabled":true},{"name":"twitter","url":"https://twitter.com/intent/tweet?url=http%3a%2f%2fihsmarkit.com%2fLegal%2fdata-governed-gdpr.html&text=Policy+for+the+Processing+of+Data+Governed+by+the+GDPR+-+IHS+Markit","enabled":true},{"name":"linkedin","url":"https://www.linkedin.com/sharing/share-offsite/?url=http%3a%2f%2fihsmarkit.com%2fLegal%2fdata-governed-gdpr.html","enabled":true},{"name":"email","url":"?subject=Policy for the Processing of Data Governed by the GDPR - IHS Markit&body=http%3a%2f%2fihsmarkit.com%2fLegal%2fdata-governed-gdpr.html","enabled":true},{"name":"whatsapp","url":"https://api.whatsapp.com/send?text=Policy+for+the+Processing+of+Data+Governed+by+the+GDPR+-+IHS+Markit http%3a%2f%2fihsmarkit.com%2fLegal%2fdata-governed-gdpr.html","enabled":true}]}, {"name":"rtt","enabled":true,"mobdesc":"Top"} ]}
Filter Sort