Privacy Policy
Updated November 2021
Your privacy is important to us.
At the Service Desk Institute we’re all about inspiring the global service desk community to be brilliant – and we want you to be confident that the information you give us when interacting with us is safe and secure.
This Privacy Policy explains how we use your information to give you a better, more personalized SDI experience. We’ll also tell you how and why we collect your personal info, your rights and choices when it comes to these details, as well as the steps SDI will take to keep it secure and confidential.
1. What this Privacy Policy covers
• The personal information we collect;
• How and why we collect and use your personal information;
• Why we process your personal information;
• When and why we will disclose your personal information to other organizations;
• The rights and choices you have when it comes to your personal information;
• Why we use cookies;
• The steps we take to ensure your information is kept secure and confidential;
• How long we will hold your information for; and
• How to contact us.
Our websites contain links to third-party websites that are not subject to this Privacy Policy. Please make sure you read a third party’s terms and conditions and privacy policy carefully before providing any personal information on a third-party website, as we cannot accept any responsibility or liability for those third-party websites.
2. Personal information we collect
- When you register for SDI e-newsletters and update emails you must provide us with your email address
- When you download content from our websites we may collect your email address
- When you complete an online service desk assessment you must provide us with your email address so that you can receive the free assessment report
- When you buy a product or service directly or through our website, or register to become a member, you must provide us with:
- your personal details, including without limitation, your name, postal and billing addresses, work email addresses, work and personal phone numbers, job title, name of organization you work for
- When you register for free resources via forms on our website you may provide us with:
- name, work email addresses, work and personal phone numbers, job title, name of organization you work for and in some cases data on your service desk
- When you visit our websites we will collect information about your online browsing behavior and any devices you have used (including your IP address, browser type and mobile device identifiers).
3. How we collect and use your personal information
This section explains how we collect and use your personal information when you use SDI’s free or paid products and services.
When you registered to access content on SDI’s websites, purchase a product online or submitted your personal information to receive information updates by email, we will also contact you with updates from selected ITSM tools suppliers and other SDI products and services which we think you may be interested in.
Section 8 below explains what to do if you change your mind and decide you don’t want to hear from us any more about these things we think you’d be interested in.
3.1. Monthly e-newsletter email
We collect your email address when you register to receive SDI’s e-newsletter email. We use this to send you the e-newsletter email, usually monthly, and occasional information on other SDI products and services we believe could be of interest to you in your job role.
3.2. Online Assessment
We will collect your work email address and other information about your organization’s service desk. We may use your email address to contact you regarding SDI’s service desk certification service and other SDI products and services we believe could be of interest to you.
3.3. SDI Reports and other free content
We collect information from you when you request certain free reports and access to content via forms on our websites. We use this so that we can manage your request. On occasion we will pass your personal information to a third party to meet your request and we will make this clear at the time you submit your details. We recommend that you read the privacy policies of those third parties.
3.4. Direct and Online Purchases
We use the personal information you provide when you make a purchase of a product or service from SDI to process the product or service you have purchased and send you an invoice.
3.5. Member Login Area
We collect and use your email to enable you to access the member portal on the SDI website. We use your email address to send you your password to enable you to login to the member’s portal once you have purchased a membership.
3.6. SDI’s Service Desk Certification Portal
We use your email address to give you to access the service desk certification portal when you use our service desk audit service. We use your email address to send you your password to enable you to login to the certification portal. The portal will also hold your name, job title and phone number.
3.7. Internal company reporting, insight and analysis
We may also use the personal information referred to in this section 3 to generate aggregated, anonymized data for the purposes of internal reporting, insight and analysis, enabling us to improve our websites, the products we offer and search results for our websites. No information provided will refer to you or your company’s name – you will remain anonymous.
3.8. Site personalization
We may use your personal information to personalize aspects of our websites, enable your details to be moved across our tools to speed up form filling and for market research. We are always working to make our websites better for you and using your personal information in this way helps us to do this. It also means that if you’ve given us permission, any email we send to you is appropriate for your needs.
3.9. Contacting you
We collect and may use your personal information to:
3.9.1 Contact you in response to the communications that you have directed at us. We want to be able to help you so we use personal data to provide clarification or assistance in response to your communications;
3.9.2 Invite you to take part in questionnaires and other market research activities carried out by us. Any feedback you provide will remain anonymous and will become part of aggregated data and may be published in a report.
3.9.3 Award you a prize if you have won a competition we’re running.
If you’re providing us with another person’s personal information you should first ask them to read our Privacy Policy and Terms and Conditions. By giving us personal information about another person you are confirming that they have given you consent to provide the personal information to us and that they understand how their details will be used.
We will periodically review your personal information to ensure that we do not keep it for longer than is permitted by law (see section 12 below).
All personal information that we hold can be deleted when you email us to request deletion at DataRequest@sdi-e.com
4. Why do we process your personal information?
We will only collect and use your personal information (as described in sections 2 and 3) in accordance with the data protection laws. Our grounds for processing your personal information are as follows:
• Consent – Where necessary we will only collect and process your personal information if you have given us consent. For example, when you register for the e-newsletter, we will use your personal information to provide the services detailed at section 3.1;
• Legitimate Interests – We may use and process some of your personal information where we have legitimate business grounds for doing so. Under European privacy laws there is a concept of “legitimate interests” as a justification for processing your personal information. Our legitimate interests for processing your personal information are:
o to enable you to access and use the websites and content within it;
o to communicate with you about SDI and related third party products, such as free reports, information and updates from ITSM tool suppliers which we think you may be interested in; and
to improve our websites. We are always working to improve our websites and using your personal information in this way helps us to do this.
From 25 May 2018, you will have the right to object to our use of your personal information for these legitimate interests (see section 8 below).
5. Use of children’s personal information
We do not knowingly collect or store any personal information about children under the age of 16. If you are aged under 16 get your parent or guardian’s permission before you provide any personal information to us.
6. Sharing your personal information with approved partners within the SDI Global Group
SDI has agreements with a limited number of affiliate organizations outside of Europe who represent SDI and the marketing of SDI products and services in their local region. We will share your information with them only when you have expressed an interest in an SDI product or service that they deliver locally to your place of work; for example if you work in Latin America or the Middle East. This information includes name and contact details such as phone numbers and email addresses.
7. Disclosure of your personal information to other organizations
The personal information that we collect when you use our website is confidential. We may disclose your personal information to a third party only in the following circumstances:
7.1. Event sponsors – delegate list containing names, job title and company only
7.2. Webinar sponsors – registrants names, job title, company and email address to the company sponsoring the webinar
7.3. Mailing house – we may give your name, job title, company and address to our mailing house in order to send communications by post from SDI such as a members’ newspaper
7.4. Venues – we may be required by our event venues to pass them your name and company details for security or rooming purposes. Your data will only be used for the purposes of allowing you access to the venue for that particular event.
7.5. SDI Partners – we work with third parties who provide training, consulting, auditing and sales services which may require them to access and use information about you. If an SDI service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
7.6. Payment information – we collect certain payment information when you register online for our paid services. This may include payment information such as payment card details which we collect via Barclay’s secure payment processing services.
7.7. Diversified Communications – we may pass over your name, job title, company and email address once a year to the organizer of the Service Desk & IT Support Show in order to invite you as a VIP guest to their exhibition. They will only use your information to invite you to register for a VIP pass to the show and your information will be discarded by Diversified following the email communication. If you accept the invitation, please make sure you read their terms and conditions and privacy policy carefully before providing any personal information, as we cannot accept any responsibility or liability once you have registered with them.
7.8. Peoplecert – when you book a training course that includes the SDA or SDM examination or any future examination SDI intend to deliver, we will supply your name, job title, company and email to Peoplecert who will use the information to process your examination booking. Please make sure you read their terms and conditions and privacy policy.
7.9. Third party training providers – when you buy a training course from SDI that is delivered by a third party supplier we will pass them your name, job title, company and email so that the third party can deliver the course. Please make sure you read their terms and conditions and privacy policy.
If we sell part or all of our business, your information may be part or all of the transferred business assets. If this happens, your information may be disclosed by the successors of our business for them to use for the purposes set out in this Policy.
8. How you can change permissions
Your privacy is important to us. All emails or other forms of communication directly from us to you will include clear instructions on how to unsubscribe. In addition, if you don’t want to be contacted by us any more, you can email DataRequest@sdi-e.com. Section 9 below also sets out other information rights.
9. Your information rights and responsibilities
9.1. You already have certain rights under existing data protection legislation, including a right to request a copy of the personal information we hold on you, if you request it in writing. From 25 May 2018 you will have the following rights:
9.1.1. Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete;
9.1.2. Right to erase: the right to request that we delete or remove your personal information from our systems;
9.1.3. Right to restrict our use of your information: the right to ‘block’ us from using your personal information or limit the way in which we can use it;
9.1.4. Right to data portability: the right to request that we move, copy or transfer your personal information;
9.1.5. Right to object: the right to object to our use of your personal information where we use it for our legitimate interests. If you raise an objection we will stop processing your personal information. We will use reasonable efforts consistent with our legal duty to provide you with your rights in accordance with data protection legislation.
9.2. To make enquiries, exercise any of your rights set out in this Privacy Policy and/or make a complaint please contact DataRequest@sdi-e.com or write to the Data Protection Officer at The Service Desk Institute, Aston House, 50 Wheatlands, Southwell, Portland, Dorset, DT5 2EB
9.3. If you’re not satisfied with the way any complaint you make in relation to your personal information is handled by us, then you may be able to refer your complaint to the relevant data protection regulator. In the UK, this is the Information Commissioner’s Office.
10. Cookies
10.1. We use cookies (files which are sent by us to your computer or other access device) and tracking technology to help to improve the functionality and performance of our websites.
10.2. The information derived from our use of cookies will be aggregated to provide statistical information about the usage of our websites. We will only use information derived from cookies, and associated IP addresses once we collect your associated email address directly from you.
10.3. Some third-party technology we use (e.g. embedded videos, social sharing) also drop cookies to improve your experience on their sites.
10.4. For details on what cookies we use, information on how to stop them being stored or how to delete ones already stored, read our Cookie Policy.
11. Keeping your personal information secure
11.1. Keeping information about you secure is very important to us so we store and process your personal information in accordance with the high standards required under data protection legislation. From time to time and for operational reasons the personal information we collect from you may be transferred to and stored in countries outside of the European Economic Area (“EEA”). Different countries have different data protection and security laws and some of these do not offer the same level of protection as you enjoy under UK data protection legislation. However, when we appoint our service providers to help us provide products and services to you, we take care to ensure that they have appropriate security measures in place.
11.2. We do our best to keep the information you disclose to us secure. However, we can’t guarantee its security. By using our websites you accept the inherent risks of providing information online and will not hold us responsible for any breach of security.
12. How long do we keep your personal information?
Unless a longer retention period is required or permitted by law, we will only hold your personal information on our systems for the period necessary to fulfil the purposes outlined in this Privacy Policy or until you request it is deleted. If, having registered for any of our services, you do not use them for a reasonable time (which may vary depending on the service(s) you’ve registered for) we may contact you to ensure you’re still happy to receive communications from us. Even if we delete your personal information it may persist on back-up or archival media for legal, tax or regulatory purposes.
13. How to contact us
If you have any queries relating to our use of your personal information or any other related data protection questions, please contact us at DataRequest@sdi-e.com
14. Changes
This policy is effective from 25 May 2018 and replaces with immediate effect any and all previous Privacy Policies. We may, from time to time, make changes to this Privacy Policy to reflect any changes to our privacy practices in accordance with changes to legislation, best practice or website enhancements. We will let you know what these changes are by posting them to this web page. Where the changes are significant, we may also choose to email you with the new details and get your consent to make these changes where required by law. It is your responsibility as a user to make sure that you are aware of changes posted on this web page, by checking for any changes on a regular basis. Changes posted on this page will become effective as soon as they are posted.
Effective as of: 25 May 2018
