Privacy Policy


ISM is a division of Pondergrove Ltd (Co. No. 02320108).  Our registered address is at 62 Wilson Street, London, EC2A 2BU.

This privacy policy applies to our website
Last updated: 14 May 2018

How we collect your data

When you visit our website, we collect personal data.

Information you provide to us directly: This is information you provide via our contact forms on our website and includes your name, organisation name, job title, address, telephone number and email address, together with any other information you specifically set out in the form but which we do not explicitly request.

Information we collect automatically: We collect some information about you automatically using cookies. A cookie is a small text file that’s placed on your computer or mobile device when you visit one of our websites. Information gathered in this way may include your IP address, which pages you visited and which links you clicked on.  This information enables us to understand how visitors use and find our website and allows us to improve our website. We use Google Analytics and Google AdWords and the information gathered does not personally identify you.

How we use your data

When we collect personal data we only use it to initially respond to any queries or comments you submit and thereafter only:

  • to perform a contract with you e.g. if you order a product from us or request us to perform services, or
  • where we have legitimate interests to process the personal data e.g. to enhance or develop our website/services, or
  • in accordance with a legal obligation

Sharing your information

We will only share your personal data with third party service providers and partners who assist us in supporting the delivery of or provide functionality on the website, or to market or promote our goods and services to you.  These include CRM systems, associates and (where you enter into a contract with us) accounting systems.  Where we use data processors in this way we have written contracts in place which enable us to retain control of the data.

We may use the personal data we collect about you to produce aggregated and anonymised analytics and reports, which we may share with third parties in which case you are never personally identifiable.

We may also need to share your personal data with regulators, law enforcement bodies, government agencies, courts or other third parties where necessary to comply with applicable laws or regulations.

International Data Transfers

We may store your data outside of the EEA.  Where your personal data is transferred outside of the EEA it will only be transferred to countries that have been identified as providing adequate protection for EEA data or to a third party where there are approved transfer mechanisms in place to protect your personal data e.g. Privacy Shield.

How long do we keep your personal data?

The length of time we keep your personal data depends on what data it is and whether there is an ongoing business need to retain it, for example in order to comply with legal, tax or accounting requirements.

We only retain your personal data for as long as we have a business relationship with you and for a period of time afterwards where we have an ongoing business need to retain it.  This usually means any personal data is deleted after six years following the end of our final dealing with you.

Your rights

Under the GDPR you have the following rights:

  • to know what personal data we hold about you and to ensure it is correct and up to date
  • request a copy of your personal data, or ask us to restrict processing/delete your personal data
  • object to our continued processing of your personal data.

You can exercise these rights at any time by sending an email to

If you are not happy with how we are processing your personal data you can complain to the Information Commissioner’s Office at  However in the unlikely event that this is the case please do let us know by emailing and we will do our best to resolve your concerns.