Experian Business Privacy Policy

Effective date: 22 May 2018

Do you use Experian’s Consumer Products and Services? Experian Consumer Product Privacy Policy

This policy

We take your privacy seriously. This Privacy Policy explains what personal information we collect from you as you use the business pages on our website and how we use it.

We encourage you to read this policy thoroughly. This privacy policy does not describe how Experian will process your personal data if you are, or become an Experian Business customer. If you are, or do become a customer of Experian Business Services, different privacy policies will apply depending on the services you take. You will find those privacy policies on the relevant websites for those services.

Do you deal with Experian as a Consumer? Please see the Experian Consumer Privacy Policy.

1. Who is Experian and how can you contact us?

When we refer to ‘Experian’ in this Privacy Policy, we mean Experian Limited.

Experian is part of a group of companies whose parent company is listed on the London Stock Exchange (EXPN) as Experian plc. The Experian group of companies has its corporate HQ in Dublin, Ireland, and its operational HQs in Costa Mesa, California and Nottingham, UK. You can find out more about the Experian group on our website at www.experianplc.com.

Experian is responsible for processing the personal information you provide to us on this website www.experian.co.uk and is registered with the Information Commissioners Office in the UK.

If there’s anything you’re unsure about in this Privacy Policy, feel free to contact our Data Protection Officer at UK.DPOBusinessEnquiries@Experian.com.

 

2. What information we collect

We will need to ask you for certain personal information to give you the best possible experience when you engage with us (via our websites or otherwise) and when you use our products and services.

We or our third parties will also collect other information about you and the devices you use to access our website. We do this by using technologies like cookies. See also our Cookies policy.

Contact information

When you enquire about any Experian services from this website we will ask you to provide some contact information. Contact information may include some or all of the following: Full Name, Business Phone number, Mobile Phone number and Business Email address.

We will only retain this information for as long as is necessary to provide the requested product or service. For the contact information, you provide we will keep your data for 12 months after your last engagement with us.

We will also collect your marketing preferences so that we know whether or not you want to hear from us for marketing purposes and, if so, by what channels. If you opt out of our B2B marketing communications, we will retain your preferences to ensure you do not receive any B2B marketing communications in the future.

Device information

We also collect certain data automatically from your visit to our website or use of any of the functionality on our website (such as the chat function). This may include (but is not limited to) some or all of the following: How you connect to the internet (including IP address), how you engage with our site, screen resolution, browser data stored on your device (such as cookies – see also our Cookies policy), information about the device software you are using such as internet browser and location data (city, region of the IP address you used when accessing our services).

Information specific to Aperture Data Studio and the SaaS Self Service Portal

Whenever a visitor visits our services, we may collect information from such visitor regarding his or her use of that website or application, such as pages visited, links clicked, non-sensitive text entered, and mouse movements, as well as information more commonly collected such as his/her IP address, referring URL, browser, operating system, cookie information, CSS animations and dynamic content (“Visitors’ Information“). Visitors’ Information, in the aggregate, may be considered as Personal Information as it may be linked to a user identifier or may include Personal Information. Visitors’ Information may include: User unique ID (stored in a cookie for tracking and may be stored on our servers), Visitors’ clicks/touches on elements, changes to input field (like text fields, CSS selector or timestamp), elements and session meta-data, input on fields, system errors, window size and changes to size, User agent (browser, device), mouse position, page snapshot, whether a user clicked on a play or pause button of a video, and other events (scrolling, focusing, hiding pages etc.). Such information may identify the visitor. We use IP addresses to determine End Users’ geolocation (country and city in which you are located) which allows us to block recordings for certain End Users. We do not record any keystrokes. We never record password inputs.

If an End User wishes to prevent all websites from recording his/her activity, s/he can opt out. Opting out will create a cookie that turns off recording. The presence of this cookie is required to continue opting out, so if a User clears its browser cookies, s/he will have to opt out again.

Other

We also collect some further information when you register to attend an Experian event/webinar. This will include dietary, accessibility and accommodation requirements and, in some circumstances, an emergency contact. We only collect the minimum information we need to organise the event/webinar and to accommodate your needs at the event/webinar.

This information will be shared by Experian with third parties who we engage to assist us in arranging and running the event/webinar, such as hotels to book your accommodation. Where we do this, we will take steps, including by putting appropriate contractual agreements in place, to ensure that all such entities keep your personal data confidential and secure. Your personal data will only be retained for as long as necessary to run the event/webinar.

3. How we use your information

We use your personal information in lots of ways to make our products and services as effective as possible.

To enable you to access our website, use the functionality available on it and to enquire about our services. We will pass it to the relevant sales team responsible for the service you are interested in and they will contact you.

To provide and improve customer support

We will use your information to be able to provide and improve the customer support we provide to you (e.g. when you have questions or when you forget your log-in information).

For internal training purposes

We will use your information to ensure that our team has the knowledge and expertise to ensure we provide the best possible experience to you when you interact with us.

For reporting and Analytical purposes

We will use your information for reporting and analytical purposes (e.g. how many of our customers are in the north or south of the country) to enable us to improve our products and services and provide appropriate levels of support to our customers.

For marketing and market research

If you have given us your consent to contact you we will use the information you have submitted through our website for marketing and market research if we think one of our products, services or offers is relevant to you. We may also send you marketing relating to services offered by selected partners we think will be relevant to you, your job or your business. We may contact you about them by email, SMS, on the phone or through the post. If your Experian contract has finished, we may contact you to offer the same or a different service or product. Any communication we send to you about this will include the option to unsubscribe from us contacting you again.

To maintain our records and other administrative purposes

We will use your information to ensure that we maintain comprehensive and up to date records of the ways we process your personal information and other operational activities and therefore we will use the information you provide for record-keeping, updates and general administrative purposes.

To plan and run Experian events/webinars

We will use the personal data you provide to help us organise events/webinars we are running, to make sure that the event/webinar runs smoothly and to ensure that you have the best possible experience when you attend.

For complaint and dispute resolution

Whilst we will try to make sure that you are happy with the service we provide and do not feel the need to complain, if you do complain to us, we will use the information we have about you to help us manage your complaint and to bring it to a close.

To comply with the law

Like any other business, we are required to comply with many laws and regulations. We will, where necessary, use your information to the extent required to enable us to comply with these requirements.

4. Further uses of your personal information not described in this Privacy Policy

If we use your personal information for any purposes that are not set out in this Privacy Policy, we promise to let you know exactly what we will use it for before we go ahead and use it.

5. What are the legal grounds for handling personal information?

Consent

Where we collect other information from you such as when we use cookies to collect information about the device you use to access our website, or sometimes third parties collect it on our behalf. You will be asked to consent to this before using our website. If you choose not to give your consent, or you later remove your consent, this may affect our ability to provide the services you want, to you. We may also rely on the consent ground for using your personal information to contact you for marketing purposes.

Legitimate Interests

In the United Kingdom, we can also use personal information where the benefits of doing it are not outweighed by the interests or fundamental rights or freedoms of data subjects. The law calls this the “Legitimate Interests” condition for processing. E.G:

  • Helping to prevent and detect crime such as fraud and money laundering. Fraud and money laundering cost the British economy many billions of pounds every year. That cost is ultimately passed on to the public in the form of higher prices. By helping to avoid fraud such as identity theft, we help to stop this from happening.
  • Running a credit bureau. By providing credit information to lenders about a consumer’s creditworthiness a credit bureau is helping to avoid over-indebtedness of consumers, especially vulnerable consumers and the negative effects of excessive debt.


Complying with/supporting compliance with legal and regulatory requirements

We must comply with various legal and regulatory requirements. Additionally, the services we provide help other organisations to comply with their own legal and regulatory obligations. For example, Experian is regulated by the Financial Conduct Authority.

To enable you to access our website, to use its functionality and to respond to enquiries you raise,we rely on the legal basis of legitimate interest. This personal data is stored to be able to respond to your contact request, enquiry, request for further information or request to attend an Experian event/webinar.

To provide and improve customer support we rely on the legal basis of legitimate interest to ensure you receive a high level of customer service.

For internal training purposes we rely on the legal basis of legitimate interest to ensure you receive a high level of customer service.

For reporting and analytical purposes, we rely on the legal basis of legitimate interest. This will enable us to improve our products and services, and to provide appropriate levels of support to our customers.

For Experian B2B marketing communications we rely on the legal basis of consent given at the point you contact us. You can opt out of receiving these B2B marketing communications at any time by visiting this website: /business-services/marketing-preferences/.

For market research we rely on the legal basis of consent given at the point you contact us. Any invitation to share your feedback will include the option to not take part in future surveys.

To maintain our records and other administrative purposes we rely on the legal basis of legitimate interest. Like any business, we need to ensure that we maintain comprehensive and up to date records of the ways we process your personal information and other operational activities and therefore we will use the information you provide for record-keeping, updates and general administrative purposes.

To plan and run Experian events/webinars we rely on the legal basis of legitimate interest. It is in our legitimate interest to ensure that the event/webinar is well-run and that you have a good experience when you attend an event/webinar that we are running.

For complaint and dispute resolution we rely on the legal basis legitimate interest. Whilst we will try to make sure that you are happy with the service we provide and do not feel the need to complaint, if you do complain to us, we will use the information we have about you to help us manage your complaint and to bring it to a close.

To comply with the law, we rely on the legal basis of ‘Processing is necessary for compliance with a legal obligation’.

6. Who we share your personal information with

We share your personal information only with those persons who need to handle it so we can provide the Experian products and services you’ve signed up to. We also share it with companies within the Experian group who manage some parts of the services for us; with suppliers who provide services to us which require access to your personal information only; and with resellers, distributors and agents involved in delivering the services we provide where necessary for them to do so.

Lastly, we may also provide your personal information to fraud prevention agencies. This is to protect the Experian group of companies and our customers, to keep our systems secure, or where it’s necessary to protect either yours or our best interests.

Group companies

As a member of the Experian group of companies, we can benefit from the large IT infrastructure and expertise that exists within our business. This means that the personal data you provide to us may be accessed by members of our group of companies for support and administrative purposes.

Suppliers

We use a number of service providers to support our business and these service providers may have access to our systems in order to provide services to us and/or to you on our behalf. This includes, for example, the third party company who provides the livechat function on our website and third parties who help us run the events/webinars we organise.

Public bodies, law enforcement and regulators

The police and other law enforcement agencies, as well as public bodies such as local and central authorities can sometimes request personal information. This may be for the purposes of preventing or detecting crime, apprehending or prosecuting offenders, assessing or collecting tax, investigating complaints or assessing how well a particular industry sector is working.

Individuals

You can obtain a copy of the information we hold about you. See section Your rights to how we use your personal information for further information on how you can do this.

7. Where in the world do we send information?

Experian is based in the UK, which is where our main databases are. We also operate elsewhere in and outside the European Economic Area, so we may access your personal information from and transfer it to these locations as well. Don’t worry though, any personal information we access from or transfer to these locations is protected by European data protection standards.

While countries in the European Economic Area all ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and don’t provide the same quality of legal protection when it comes to your personal information.

To make sure we keep your personal information safe, we apply strict safeguards when transferring it overseas. For example:

  • Sending your personal information to countries approved by the European Commission as having high quality data protection laws, such as Switzerland, Canada and the Isle of Man
  • Putting in place a contract that has been approved by the European Commission with the recipient of your personal information that provides a suitable level of high quality protection, or
  • Sending your personal information to a member organisation approved by the European Commission as providing a suitable level of high quality protection. For example, the Privacy Shield Scheme that exists in the US.

Still want to know more about the safeguards we use to protect your personal information overseas? Feel free to contact us at UK.DPOBusinessEnquiries@Experian.com

8. Your rights to how we use your personal information

If our right to process or share your personal information is based on the fact that you’ve given us consent, you have the right to withdraw that consent at any time on our website.

You can also ask for access to the personal information we hold about you and request that we correct any mistakes, restrict or stop processing or delete it. It’s worth noting that in some cases if you do ask us to correct, delete or stop processing it, we won’t always be required to do so. If that is the case, we will explain why. To request a copy of the personal information we hold about you, please follow this link:
https://www.experian.co.uk/consumer/data-access.

In certain circumstances (e.g. where you provide your information to us (a) with consent to process it or (b) where the processing is necessary for the performance of our contract with you) you can require that we provide the information we hold about you either to you or a third party in a commonly used format. This only applies if we are processing it using automated means. If you would like more information about this, let us know by contacting us at
UK.DPOBusinessEnquiries@Experian.com.

9. Problems with how we handle your information or rights

We will try to ensure that we deliver the best levels of customer service but if you think we are falling short of that commitment, please let us know by contacting us at UK.DPOBusinessEnquiries@Experian.com. You may also see our full complaints handling procedure and how to make a complaint.

If we cannot resolve things under that procedure, then you may have the right to refer your complaint, free of charge, to the Financial Ombudsman Service. The contact details for the Financial Ombudsman Service are: Telephone: 0300 123 9 123, or from outside the UK +44 20 7964 1000 E: complaint.info@financial-ombudsman.org.uk W: www.financial-ombudsman.org.uk Financial Ombudsman Service Exchange Tower London E14 9SR.

You also have the right to contact the Information Commissioner’s Office (ICO), the supervisory authority that regulates the handling of personal information in the UK. You can contact them by:

  1. Going to their website at https://ico.org.uk/
  2. Phone on 0303 123 1113
  3. Post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

You may also have the option to register your complaint using the European Commission Online Dispute Resolution (ODR) platform. This is a web-based platform that is designed to help consumers who have bought goods or services online to deal with issues arising from their purchase.

10. How we keep your personal information secure

Online privacy and security is the most important aspect of any customer service and we take it extremely seriously. We use a variety of the latest technologies and procedures to protect your personal information from unauthorised access, destruction, use or disclosure.

Experian have a comprehensive Global Security Policy based on internationally recognised standards of security (known as ISO27001 standard) and holds ISO27001 certification in the key areas of Global Security Admin team who are responsible for administering logical access to systems and in the Data Centre.

Experian has a dedicated Cyber Security Investigations team who safeguard Experian’s key assets such as its systems and storage facilities. This team, identify and effectively manage any security developments that may threaten Experian's people, process, or technology through intervention and the thorough investigation of security incidents. Experian holds Cyber Essentials Certification and performs risk assessments against our critical and external facing applications annually.

Experian is annually audited by an External QSA (Qualified Security Assessor) from Trustwave and have successfully maintained compliance since 2010.

11. How long we keep your personal information for

We’ll keep your personal information for the periods set out in the section ‘What information we collect’ above, and where we were not able to give a specific period, we will keep it only as long as we need it to provide the Experian products and services you’ve signed up to. We may also keep it to comply with our legal obligations, resolve any disputes and enforce our rights. These reasons can vary from one piece of information to the next and depend on the products or services you’re signed up to, so the amount of time we keep your personal information for may vary.

Contact Information

Contact information such as names and addresses are kept while there is a continuing need for us to have it. We will keep your data for 12 months after your last engagement with us. If you opt out of our B2B marketing communications, we will retain your preferences to ensure you do not receive any B2B marketing communications in the future.

Device Information

Device information such as how you connect to the internet and screen resolution are kept while there is a continuing need to retain it.

Other

We also collect some further information when registering for an Experian event/webinar. This data will only be retained for as long as necessary to administer the event/webinar.

In all of these cases, our need to use your personal information will be reassessed on a regular basis, and information which is no longer required for any purposes will be deleted/disposed of securely.

12. Changes to this Privacy Policy

We can update this Privacy Policy at any time and ideally you should check it regularly for updates. We won’t alert you to every little change, but if there are any really important changes to the Policy or how we use your information we’ll let you know and where appropriate ask for your consent.