IHS Inc. and its subsidiaries around the world (collectively, “IHS”) are committed to respecting and protecting the privacy of those from whom they collect personal information.
This policy establishes and communicates the key principles IHS follows in protecting the personal information that it collects. Please note that some privacy rights and obligations may differ in certain locations based on local law, in which case IHS will comply with the local legal requirements.
Data Subject is any individual about whom IHS holds personal data.
Personal data is any information that allows an individual to be identified directly or indirectly (e.g., name, date of birth, title, address, telephone number and email address).
Sensitive personal data is that which, in cases of misuse, may cause unlawful or arbitrary discrimination or other serious risk to a data subject (e.g., racial or ethnic origin, nationality, political opinion, religious and philosophical beliefs, and physical or mental health conditions).
Collectively, personal data and sensitive personal data are referred to as “personal information.”
Collecting and Processing Personal Information
IHS collects and processes personal information that is necessary for legitimate business purposes, which will be disclosed to the data subject at the time of collection. IHS will use and process this information only for the purposes for which it was collected, retaining the personal information only for so long as is required for the specific purpose for which the information was collected.
IHS will not collect sensitive personal data except when permitted or required to do so by law, and will do so only for legitimate business purposes. If in any other instance a need arises to collect sensitive personal data, IHS will do so only with the data subject’s express consent, which can be withdrawn at any time.
IHS will not sell, disclose or rent personal information for direct marketing purposes.
When part of their job responsibilities, colleagues who collect and process personal information must comply with this policy and any applicable data protection procedures. In particular, they must:
- Ensure the personal information is collected and processed in accordance with this policy;
- Check that the personal information provided is accurate and up to date;
- Ensure timely updates to related internal company files;
- Check the information IHS distributes and provide details regarding processing notices on relevant communications; and
- Take reasonable precautions to protect the personal information from unauthorized disclosure, loss, or destruction.
Transferring Personal Information
IHS may transfer the personal information outside the data subject’s home country when: (i) it has the consent of the data subject; (ii) it is necessary or appropriate as permitted by law to do so because it is relevant to IHS’s dealings with the data subject; or (iii) it is required by law. IHS will comply with notification, registration or approval requirements imposed under local law regarding the cross-border transfer of personal information. IHS will implement reasonable measures to protect the security and confidentiality of personal information and provide an adequate level of protection in each IHS location where the information is transferred.
In limited circumstances, IHS may disclose personal information to a third party who is providing a service to IHS. IHS will only disclose personal information if the third party has provided satisfactory assurances to IHS of its ability to provide appropriate and sufficient data privacy and security safeguards to protect the personal information from unauthorized disclosure, use or loss. Where IHS learns that a third party is using or disclosing personal information in a manner contrary to this policy, IHS will take reasonable steps to discontinue such use or disclosure.
Disclosures to third parties will be only for the purposes described in this policy, for a compatible purpose, or for a purpose authorized by the data subject.
IHS gives data subjects the opportunity to choose not to have his or her personal information transferred to third parties for use in a manner incompatible with the purpose for which it was originally collected. An employee may not opt out of the transfer of his or her personal information to a third party if it is being conducted for the purpose of: (1) meeting applicable legal requirements, or (2) furthering the legitimate employment relationship with IHS. Prior to transferring sensitive personal data for use in a manner incompatible with the purpose for which it was originally collected, explicit (opt in) choice will be sought.
Security of Personal Information
IHS has organizational, physical, administrative and technical measures in place to protect the personal information the company collects and maintains. IHS monitors to ensure that its information security program is operating in a manner to reasonably protect the personal information it collects and processes and upgrades information safeguards as necessary to limit risks of unauthorized disclosure or use.
Only authorized colleagues with a valid, work-related need may access a data subject’s personal information. In the event of a data breach, IHS will issue breach notifications as may be required under applicable law.
Data Subject Rights
While personal information is maintained by IHS, a data subject may access the information pertaining to him/her to the extent required by local law to review, update and correct inaccuracies. To do so, the data subject should contact the IHS Global Privacy Officer or the Privacy Officer in the data subject’s home country (if one has been appointed). Additionally, a data subject may ask IHS to correct, update, supplement or delete personal information held on him/her.
IHS may, in its discretion, charge a reasonable, cost-based fee for access or photocopying of this information. For security purposes, IHS may require verification of identity before providing access to personal information.
If a data subject has a question about this policy or a complaint about the way IHS has collected, processed, used or disclosed his/her personal information and is located in Germany, the data subject should contact his or her local Privacy Officer. Data subjects located in any other country should contact the IHS Global Privacy Officer. Both individuals will promptly and courteously address any complaints or disputes regarding personal information. IHS’s Privacy Officers have the responsibility to ensure that each IHS office complies with this policy around the world. It is also the responsibility of these persons to deal with and respond to all inquiries from governmental authorities. Any finding of misuse of personal information by IHS or a breach of this policy shall be remedied as soon as reasonably possible.
IHS has certified its participation in and compliance with the U.S. - EU Safe Harbor Framework and the U.S. - Swiss Safe Harbor Framework. The principles of Safe Harbor compliance are notice, choice, onward transfer, security, data integrity, access, and enforcement.
To verify its compliance with the Safe Harbor Principles, IHS will periodically conduct a self-assessment to ensure that: (a) this policy is accurate, comprehensive, prominently displayed, completely implemented and accessible, and conforms to the Safe Harbor Principles; (b) employees are informed of the internal arrangements for handling complaints and the independent mechanisms through which they may pursue complaints; and (c) IHS has in place procedures for training the appropriate employees on the implementation of this policy and disciplining those who fail to comply.
Changes to this Policy
Contact information for the IHS Global Privacy Officer is as follows:
321 Inverness Drive South
Englewood, CO 80112
Attn: Global Privacy Officer
Contact information for the IHS German Privacy Officer can be obtained by contacting the Global Privacy Officer at the address listed above.