Data protection and privacy


Fully aware of the importance of safeguarding the confidentiality of data and respect for the privacy of its prospects, customers and partners, ISB Group undertakes, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, to implement appropriate measures to ensure the protection, confidentiality and security of collected personal data.

The purpose of this policy is to inform you about ISB Group’s commitments to ensure that your personal data is protected and about your rights regarding the processing of this data.

This policy may evolve according to the legal and regulatory context.



This policy applies to all processing of personal data by ISB Group relating to prospects, customers and partners, hereinafter referred to as ‘Data Subjects’, of one or more of the group’s companies.



‘Personal data’ (hereinafter referred to as ‘Data’) means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’); an ‘identifiable natural person’ is defined as a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier, or to one or more elements specific to their physical, physiological, genetic, psychological, economic, cultural or social identity.

‘Processing’ means any operation or set of operations performed or not using automated processes and applied to personal data or sets of data, such as collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, limitation, erasure or destruction.

‘Controller’ means the natural or legal person, public authority, department or other body which, alone or jointly with others, determines the processing purposes and means; where the processing purposes and means are determined by EU law or the law of a Member State, the controller may be designated or the specific criteria for his or her designation may be provided for by EU law or by the law of a Member State.

‘Consent’ of the data subject means any free, specific, informed and unequivocal expression of will whereby the data subject accepts, by a clear declaration or positive act, that his/her personal data may be processed.

‘Subcontractor’ means the natural or legal person, public authority, department or other body processing personal data on behalf of the controller.

‘Recipient’ means the natural or legal person, public authority, department or other body to whom personal data is sent, whether or not it is a third party. However, public authorities likely to receive personal data in the context of a specific survey mission in accordance with EU or the law of a Member State shall not be considered as recipients; the processing of such data by the public authorities in question shall comply with the applicable data protection rules according to the purposes of the processing.

‘Supervisory Authority’ means an independent public authority responsible for monitoring the application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.



ISB Group ensures that it only collects Data voluntarily transmitted by the Subjects and strictly necessary for the purpose of the processing operations carried out. In particular, data relating to identity (surname, first names, addresses, personal and professional details), the management of the customer account and the management of estimates, orders and invoices are processed.



In the interests of transparency and fairness, the processing of Data of Data Subjects is based on the consent of the Data Subjects.



The processing operations carried out fulfil explicit, legitimate and determined purposes.

Prospect and customer data is processed for the following purposes:

The creation and management of customer accounts

Estimate and order management

Invoice management

The improvement of products and services and their quality

Targeted marketing and business statistical analysis.


Partner Data is processed for:

The improvement of our services and products as well as their quality

Targeted marketing

Business development and business statistical analysis.


These purposes, determined by the controller, are included in ISB Group’s personal data processing register.



Pursuant to Regulation (EU) 2016/679, ISB Group undertakes to inform Subjects about the processing of their Data.

Thus, ISB Group provides, in a clear manner, for each new Data collected, the following information:

The identity and contact details of the controller, ISB France 11 bd Nominoë 35740 Pacé

The contact details of the Data Protection Officer:

The purposes of the processing operation for which the Data is intended and the legal basis of the processing operation

The Data recipients or recipient categories

The period during which the Data is stored or, where this is not possible, the criteria used to determine this period of time

All the rights of natural persons associated with the processing of their Data.



ISB Group solely communicates Subject Data to authorised and established recipients.

The recipients of the Data covered by this policy are the relevant departments of ISB Group’s companies responsible for achieving the purposes defined above, as well as, where applicable, the authorised staff of partner companies or subcontractors contractually subject to compliance, at a level at least similar to that of ISB Group, with the Data processing requirements.



ISB Group stores Data:

From its customers for the period necessary for the execution of the contracts binding them and then for a period of 20 years at the end of this execution

From prospects for a period of 20 years from the date of collection

From partners during the lifetime of the company that employs the partner or the contract that binds the partner to its company



ISB Group implements all security measures of its information system (physical and computer security) in order to ensure the availability, integrity and confidentiality of Subjects’ Data.



We use cookies on ISB Group’s websites to optimise your online experience and to analyse traffic to our sites. You can accept or reject cookies from your Internet browser settings. However, we inform you that by refusing cookies, certain features, pages, spaces of the site may no longer be accessible, for which we cannot be held responsible.



Data Subjects have the right to obtain from the controller confirmation that their Data is or is not being processed and, when it is, access to said Data and the information listed in paragraph 7 of this Policy.

Data Subjects may also assert their rights by requesting from the controller:

The rectification or deletion of their Data, or a limitation of the processing of their Data, or the right to object to such processing for legitimate reasons. The consequences of the exercise of these rights are then the responsibility of the plaintiff.

The withdrawal of their consent, within the limit:

Of compliance with the legitimate exercise of ISB’s interests or

When a legal obligation requires the processing by the controller.

The portability of their Data.


These rights can be exercised by using the form for exercising the right of persons, to be requested at the following address:

Data Subjects may also file a complaint with the national supervisory authority, the Commission Nationale de l’Informatique et des Libertés (CNIL).



For any requests for information regarding this Policy, you can send an email to: