Updated November 2021
Your privacy is important to us.
At the Service Desk Institute we’re all about inspiring the global service desk community to be brilliant – and we want you to be confident that the information you give us when interacting with us is safe and secure.
• The personal information we collect;
• How and why we collect and use your personal information;
• Why we process your personal information;
• When and why we will disclose your personal information to other organizations;
• The rights and choices you have when it comes to your personal information;
• The steps we take to ensure your information is kept secure and confidential;
• How long we will hold your information for; and
• How to contact us.
2. Personal information we collect
- When you register for SDI e-newsletters and update emails you must provide us with your email address
- When you download content from our websites we may collect your email address
- When you complete an online service desk assessment you must provide us with your email address so that you can receive the free assessment report
- When you buy a product or service directly or through our website, or register to become a member, you must provide us with:
- your personal details, including without limitation, your name, postal and billing addresses, work email addresses, work and personal phone numbers, job title, name of organization you work for
- When you register for free resources via forms on our website you may provide us with:
- name, work email addresses, work and personal phone numbers, job title, name of organization you work for and in some cases data on your service desk
- When you visit our websites we will collect information about your online browsing behavior and any devices you have used (including your IP address, browser type and mobile device identifiers).
3. How we collect and use your personal information
This section explains how we collect and use your personal information when you use SDI’s free or paid products and services.
When you registered to access content on SDI’s websites, purchase a product online or submitted your personal information to receive information updates by email, we will also contact you with updates from selected ITSM tools suppliers and other SDI products and services which we think you may be interested in.
Section 8 below explains what to do if you change your mind and decide you don’t want to hear from us any more about these things we think you’d be interested in.
3.1. Monthly e-newsletter email
We collect your email address when you register to receive SDI’s e-newsletter email. We use this to send you the e-newsletter email, usually monthly, and occasional information on other SDI products and services we believe could be of interest to you in your job role.
3.2. Online Assessment
We will collect your work email address and other information about your organization’s service desk. We may use your email address to contact you regarding SDI’s service desk certification service and other SDI products and services we believe could be of interest to you.
3.3. SDI Reports and other free content
We collect information from you when you request certain free reports and access to content via forms on our websites. We use this so that we can manage your request. On occasion we will pass your personal information to a third party to meet your request and we will make this clear at the time you submit your details. We recommend that you read the privacy policies of those third parties.
3.4. Direct and Online Purchases
We use the personal information you provide when you make a purchase of a product or service from SDI to process the product or service you have purchased and send you an invoice.
3.5. Member Login Area
We collect and use your email to enable you to access the member portal on the SDI website. We use your email address to send you your password to enable you to login to the member’s portal once you have purchased a membership.
3.6. SDI’s Service Desk Certification Portal
We use your email address to give you to access the service desk certification portal when you use our service desk audit service. We use your email address to send you your password to enable you to login to the certification portal. The portal will also hold your name, job title and phone number.
3.7. Internal company reporting, insight and analysis
We may also use the personal information referred to in this section 3 to generate aggregated, anonymized data for the purposes of internal reporting, insight and analysis, enabling us to improve our websites, the products we offer and search results for our websites. No information provided will refer to you or your company’s name – you will remain anonymous.
3.8. Site personalization
We may use your personal information to personalize aspects of our websites, enable your details to be moved across our tools to speed up form filling and for market research. We are always working to make our websites better for you and using your personal information in this way helps us to do this. It also means that if you’ve given us permission, any email we send to you is appropriate for your needs.
3.9. Contacting you
We collect and may use your personal information to:
3.9.1 Contact you in response to the communications that you have directed at us. We want to be able to help you so we use personal data to provide clarification or assistance in response to your communications;
3.9.2 Invite you to take part in questionnaires and other market research activities carried out by us. Any feedback you provide will remain anonymous and will become part of aggregated data and may be published in a report.
3.9.3 Award you a prize if you have won a competition we’re running.
We will periodically review your personal information to ensure that we do not keep it for longer than is permitted by law (see section 12 below).
All personal information that we hold can be deleted when you email us to request deletion at [email protected]
4. Why do we process your personal information?
We will only collect and use your personal information (as described in sections 2 and 3) in accordance with the data protection laws. Our grounds for processing your personal information are as follows:
• Consent – Where necessary we will only collect and process your personal information if you have given us consent. For example, when you register for the e-newsletter, we will use your personal information to provide the services detailed at section 3.1;
• Legitimate Interests – We may use and process some of your personal information where we have legitimate business grounds for doing so. Under European privacy laws there is a concept of “legitimate interests” as a justification for processing your personal information. Our legitimate interests for processing your personal information are:
o to enable you to access and use the websites and content within it;
o to communicate with you about SDI and related third party products, such as free reports, information and updates from ITSM tool suppliers which we think you may be interested in; and
to improve our websites. We are always working to improve our websites and using your personal information in this way helps us to do this.
From 25 May 2018, you will have the right to object to our use of your personal information for these legitimate interests (see section 8 below).
5. Use of children’s personal information
We do not knowingly collect or store any personal information about children under the age of 16. If you are aged under 16 get your parent or guardian’s permission before you provide any personal information to us.
6. Sharing your personal information with approved partners within the SDI Global Group
SDI has agreements with a limited number of affiliate organizations outside of Europe who represent SDI and the marketing of SDI products and services in their local region. We will share your information with them only when you have expressed an interest in an SDI product or service that they deliver locally to your place of work; for example if you work in Latin America or the Middle East. This information includes name and contact details such as phone numbers and email addresses.
7. Disclosure of your personal information to other organizations
The personal information that we collect when you use our website is confidential. We may disclose your personal information to a third party only in the following circumstances:
7.1. Event sponsors – delegate list containing names, job title and company only
7.2. Webinar sponsors – registrants names, job title, company and email address to the company sponsoring the webinar
7.3. Mailing house – we may give your name, job title, company and address to our mailing house in order to send communications by post from SDI such as a members’ newspaper
7.4. Venues – we may be required by our event venues to pass them your name and company details for security or rooming purposes. Your data will only be used for the purposes of allowing you access to the venue for that particular event.
7.5. SDI Partners – we work with third parties who provide training, consulting, auditing and sales services which may require them to access and use information about you. If an SDI service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
7.6. Payment information – we collect certain payment information when you register online for our paid services. This may include payment information such as payment card details which we collect via Barclay’s secure payment processing services.
If we sell part or all of our business, your information may be part or all of the transferred business assets. If this happens, your information may be disclosed by the successors of our business for them to use for the purposes set out in this Policy.
8. How you can change permissions
Your privacy is important to us. All emails or other forms of communication directly from us to you will include clear instructions on how to unsubscribe. In addition, if you don’t want to be contacted by us any more, you can email [email protected]. Section 9 below also sets out other information rights.
9. Your information rights and responsibilities
9.1. You already have certain rights under existing data protection legislation, including a right to request a copy of the personal information we hold on you, if you request it in writing. From 25 May 2018 you will have the following rights:
9.1.1. Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete;
9.1.2. Right to erase: the right to request that we delete or remove your personal information from our systems;
9.1.3. Right to restrict our use of your information: the right to ‘block’ us from using your personal information or limit the way in which we can use it;
9.1.4. Right to data portability: the right to request that we move, copy or transfer your personal information;
9.1.5. Right to object: the right to object to our use of your personal information where we use it for our legitimate interests. If you raise an objection we will stop processing your personal information. We will use reasonable efforts consistent with our legal duty to provide you with your rights in accordance with data protection legislation.
9.3. If you’re not satisfied with the way any complaint you make in relation to your personal information is handled by us, then you may be able to refer your complaint to the relevant data protection regulator. In the UK, this is the Information Commissioner’s Office.
11. Keeping your personal information secure
11.1. Keeping information about you secure is very important to us so we store and process your personal information in accordance with the high standards required under data protection legislation. From time to time and for operational reasons the personal information we collect from you may be transferred to and stored in countries outside of the European Economic Area (“EEA”). Different countries have different data protection and security laws and some of these do not offer the same level of protection as you enjoy under UK data protection legislation. However, when we appoint our service providers to help us provide products and services to you, we take care to ensure that they have appropriate security measures in place.
11.2. We do our best to keep the information you disclose to us secure. However, we can’t guarantee its security. By using our websites you accept the inherent risks of providing information online and will not hold us responsible for any breach of security.
12. How long do we keep your personal information?
13. How to contact us
If you have any queries relating to our use of your personal information or any other related data protection questions, please contact us at [email protected]
Effective as of: 25 May 2018