This policy applies to the processing of your personal data when you visit our website at Experian.co.uk and if you take any of Experian’s free or paid-for consumer products, including the free Experian account, our subscription services, our mobile apps. It also applies to your use of any consumer services available on experian.co.uk such as comparison services and the ‘contact us’ functionality for non-Experian customers. Experian’s free and paid-for consumer products are operated by Experian Consumer Services. This is the “consumer-facing” part of our business; the part that you and other consumers interact with.
Experian also operates a number of other businesses (which you may not normally interact with). Different privacy policies apply to those other businesses, and those policies discuss in more detail how your personal data might be processed.
Experian Consumer Services may share your data with some of those additional business functions, so that they may further process your personal data for a different purpose. We talk about this at ‘How we use your information’ and ‘Who we share your information with’, below.
Briefly, the other business functions that may further process your personal data (and their related privacy policies) are as follows:
Experian business function Relevant privacy notice Description Experian Credit Bureau (our credit referencing business) ‘Credit Reference Agency Information Notice’ (CRAIN) The CRAIN provides information on how Experian and the UK’s other main credit reference agencies collect, use and share personal data. Experian Marketing Services (our marketing services business) ‘Consumer Information Portal’ (CIP)
The information you provide to Experian Consumer Services might be used by Experian Marketing Services to: validate and update your address and age details; create models into the ‘make-up’ of the UK population for characteristics across age, gender, number of adults and composition of the household and length of residency; identify when you change address; in linking profiled data about you to a client’s customer file (where you are already their customer) and for screening out of financial marketing where the financial offer is not appropriate for your circumstances.
The CIP provides information on how Experian collects, uses and shares personal data for its clients' marketing purposes and other related activities.
Experian Identity & Fraud Business (ID&F) General Information Notice to Experian’s ID&F Customers (ID&F Notice)
To provide services to help us confirm your identity and authenticate you and carry out new product and services development and research.
Please see the CRAIN, the CIP and the ID&F Notice for more information on how the Experian Credit Bureau, Experian Marketing Services and ID&F use your personal data, and for further information on your rights in relation to your personal data, and how to exercise them.
Please also see this helpful guide explaining what information lenders use about you when deciding whether to give you credit and what happens to the information after that if the lender opens an account for you.
2. Who is Experian and how can you contact us?
Experian is part of a group of companies whose parent company is listed on the London Stock Exchange (EXPN) as Experian plc. The Experian group of companies has its corporate HQ in Dublin, Ireland, and its operational HQs in Costa Mesa, California and Nottingham, UK.
3. What information we collect and process
We will need to ask you for certain personal information to deliver the services you have asked for and to give you the best possible experience when you engage with us (via our websites and apps or otherwise) and when you use our products and services.
We will also collect information about you and the devices you use to access our website, or we may ask third parties to do this for us, in these cases we do so by using technologies such as cookies. See also our Cookies & online marketing page.
We may use Artificial Intelligence, including Machine Learning to provide some aspects of the services, service support, our communications with you and in our analysis. More information about Experian’s use of these tools will be coming soon.
When you sign up for Experian services or if you use our comparison services, we will ask you to provide contact information such as: full name, previous names, residential address, previous residential addresses, date of birth, landline phone number, mobile phone number and email address.
Where you have created an account, we will also keep a record of
- Your preferences for how you want to use our service and how you want us to contact you.
- Information we use to authenticate you.
- Which products you’ve signed up for, how much we’ve charged you and whether payments have been successful.
- Credentials to access your account such as usernames (although this will often be your email address) and passwords.
- Reference codes we may create to help us manage your data
We will extract information from the Experian credit bureau (or, in some cases, from the Equifax or TransUnion credit bureaus) about your credit file in order to show you your Experian Credit Score and other information about your current credit position, or to work out your eligibility for financial products.
We will ask you to provide us with further financial information about you (such as salary information) so we may help you understand your financial situation and to search for financial products.
Where you use our Boost or other open banking services, we will collect bank account information directly from you and collect transaction data from your banking provider.
As described above, more information about credit bureau data is available in the Credit Reference Agency Information Notice (CRAIN) which is shared by Experian, Equifax and TransUnion.
When you sign up for our services, we may also ask you for information related to your credit file or your bank account to enable us to verify your identity using automated decision making. Automated decision-making means computer-based decisions without any human involvement.
Where the services you select carry a cost, we will ask you to provide some payment information such as credit card, debit card or bank account details. These details may be provided using services such as ApplePay.
When you sign up for our services, we may also ask you for payment information (such as credit card numbers) to help verify your identity using automated decision making. We will make it clear whether this information is also being used to pay for products and services.
Where you contact us by phone, email, post, live chat, chat bot, or through social media with queries, complaints or questions about data on the Experian bureau, we will keep records of those conversations. These records include copies of messages, recordings of phone calls, or notes taken by our agents.
Where we send you service messages, marketing messages or messages related to particular product features, we will record what we have to you. We will also record how you responded (see usage, analytics, tracking and feedback data, below).
Different features of our products may require us to collect and process other personal data. For example:
- For our web monitoring tools, you may give us additional data points to look out for such as passport number, driving licence number, national insurance number or credit card details.
- Our products will generate alerts about you, including personalised product updates which tell you when we think we can find a better deal for you, credit and fraud alerts which let you know about certain changes in your credit file, score alerts for when your score has changed, or web monitoring alerts, when your information has been found.
- When you use Experian boost, we will categorise your transactions and use those to work out your boosted score.
Information used to personalise our services
A key feature of Experian’s consumer services is that they are tailored to you. This personalisation is based on how you interact with us, and other segmentation data we get from Experian Marketing Services. You can find out more about it here.
Usage, tracking, feedback data
We carefully monitor how our products are operating and how they are used to try to improve them. This involves collection of information about you, your devices and your use of our services:
- Data about web browser and app interaction – this is collected automatically as you browser our websites.
- Searches and search results – our product comparison features will collect information about your personal circumstances, what you are searching for and what results you are seeing. This may include information such as income and employment status when searching for cards and loans.
- Diagnostic information – we may collect other data (such as which device you are using and how often you log in) to help us monitor our services are operating and operating securely.
- Where we sent you email, SMS or in-app messages, we may record whether you have opened or read each message. We may also record how you have interacted with specific elements of a communication for example whether you used a specific link provided. We may also record any feedback you give us on or within our communications, to improve relevancy and content.
- From time to time, we may ask you to complete surveys, take part in market research, or to take part in beta tests of new products or features. Where we do, we’ll store your answers and details of how you interact with any test features and process them to product aggregate summaries.
4. How long do we keep your information?
Profile information Up to 8 years from the closure of any agreement you have with us, 3 years since you last searched with us or 6 months from when you last responded to an email (whichever is longer) Financial information
Up to 3 years from when we collected the information from you or on your behalf in the provision of our services. We may also use your data at an aggregated level for analytics purposes for 5 years from when we collected the information from you.
Payment information Up to 3 years from when we last collected payment. Communications history Up to 6 years from the closure of any agreement you have with us or from the resolution of a complaint or query (whichever is longer) Product information
Up to 3 years from the closure of any agreement you have with us.
We may also use your data at an aggregated level for analytics purposes for up to 5 years from the closure of the agreement you have with us.
Information used to personalise our services Up to 6 years from the closure of any agreement you have with us or 6 months from when you last responded to an email (whichever is longer) Usage, tracking and feedback data
Up to 3 years from when the information was collected.
We may also use your data at an aggregated level for analytics purposes for 5 years from when the information was collected.
We may also keep your information to comply with our legal obligations, resolve any disputes and enforce our rights. These reasons can vary from one piece of information to the next and depend on the products or services you're signed up to, so the amount of time we keep your personal information for may vary.
In all cases, our need to use your personal information will be reassessed on a regular basis, and information which is no longer required for any purposes will be disposed of.
5. How we use your information
To enable you to access our website and use our services
We will use your information to accept you as a new/returning customer, to authenticate you when you attempt to register a new account with us, or to log you into your account. We also use it to provide you with our products and services.
To confirm your identity and authenticate the information you provide
As part of providing services to you we will confirm your identity and authenticate the information you provide for security purposes, sometimes using automated decision-making.
Establishing your identity is important as the services may provide you with your personal credit information (such as your Experian Credit Score or credit report) and we must be sure you are who you say you are. Identity checking may also involve checking the registration information you give us against information we already hold about you as a credit reference agency and potentially publicly available information about you such as from social media.
Identity checking and re-verification may result in services not being offered, being suspended or being withdrawn. We may automate some elements of our identity checking. Automated decisions are designed to make the service more efficient and to ensure that policies and procedures are applied consistently. If we are unable to confirm your identity from the registration information you provide, we will let you know by using the contact details you have provided and you may then have the option to make a written application and provide further proof of your identity.
To process payments and collect arrears
We will use your information to process the payments you commit to when signing up to our services and for the collection of any future payments or overdue amounts for those services.
Your payment provider may let us know if the payment details relating to your Experian payment change. If this happens, we reserve the right to update certain card details to make sure your access to our services isn’t interrupted.
So, for example, if you get a new payment card with a later expiry date to the one you currently pay with (but all the other details stay the same), we may update your payment card expiry date accordingly.
To provide you with information from your Experian Credit Report
Depending on the features in your subscription, information from the Experian Credit Bureau will be shared with you in a variety of ways, ranging from the display of the full Experian Credit Report to summarising salient credit report information.
To provide the Experian Credit Score and send you credit score notifications
We will use the Experian Credit Bureau data we hold and profile it to create the ‘Experian Credit Score’ by running the data through an algorithm called a scorecard. We will also use it to monitor and identify changes to your Experian Credit Score and may notify you by email, SMS or app notification about these changes or when a new score is available to be viewed.
To provide you with additional services related to your Credit Report information and Credit Score
The data held in the Experian Credit Bureau will also be used to operate features designed to help you understand and act upon your Experian Credit Score. Different products are included in different subscriptions and include the ability to forecast future score changes, to optimize behaviour for score progression and to understand the factors which build up the Experian Credit Score.
To provide and improve customer support
We will use your information to be able to provide and improve the customer support we provide to you (e.g. when you have questions or when you forget your log-in information).
To provide alerts
We will use your information to send you alerts where they are part of your current subscription e.g.
- web-monitoring when we find your personal details are available to others online.
- where there are certain changes to your credit report or your credit file is searched
- where your credit score (or the elements that make it up) change
To Lock or unlock your Experian Credit Report
Where the Experian CreditLock feature is part of your subscription we can use your information and the information held in the Experian Credit Bureau to lock and unlock your Experian Credit Report when you ask us to (or to unlock your file if you cancel your subscription to a product which includes this feature). Locking your Experian Credit Report helps to provide enhanced protection against the risk of identity fraud.
To send you service communications
We will use your information to contact you to tell you about changes to or issues affecting the services you are taking.
To provide comparison services and create eligibility ratings
When you use our comparison service to search for products, the information you provide is used to retrieve information about products relevant to your search and create a table which allows you to compare them.
Where eligibility ratings are available, the information you provide (including personal information such as your name and address) and your current and historical credit information from the Experian Credit Bureau (and sometimes the other credit reference agencies TransUnion and Equifax) has been profiled by running it through an algorithm known as a scorecard to create the eligibility rating displayed. The eligibility rating is to help you understand whether you are likely to be accepted based on the lender’s criteria.
To pre-populate partner applications
In some circumstances - for example, to make it easier for you when you select on our website or mobile app that you want to submit an application to a particular broker, aggregator, lender or other provider, we will share limited information with them so that their application process can be pre-populated and save you the hassle of re-inputting information you’ve already told us.
Typically, the information that we will share would include your name, address, phone number and email address.
To provide information related to your use of our comparison services
When you search for products, we may contact you by email or SMS to confirm activity relating to use of our comparison services, such as details of the searches you have made, results that you have seen when searching, or information about introductions you've requested to brokers, lenders or other financial services providers.
To send you personalised product updates
The personalised product updates feature provides you with information to help you identify ways to save money or benefit from new products or services. This information can be provided on screen, when using our free service (which is available to all customers) and by email, SMS, post or push notification via the App.
Product eligibility updates
Experian will use the information you provide including personal information such as your name and address, information we have about you from other Experian features, products and services you use, such as Experian Boost or search information or results from our comparison services, how you interact with those features, products and services and your current and historical credit information (whether it’s from the Experian Credit Bureau or the other two main credit reference agencies, Equifax and TransUnion).
We will use this to profile you to assess your eligibility for third party products or services based on a product providers’ criteria and depending on the outcome of the assessment and the eligibility rating, to decide whether to alert you to opportunities, products and services that you may be eligible for. In the alert we may compare the outcome of the assessment with an earlier assessment to help you understand what’s changed. You can find more information around how we assess your eligibility in the above section ‘To provide comparison services and create eligibility ratings’.
We will check your eligibility for third party products and services, and may provide eligibility updates:
- when you interact with our service, e.g. when you use our website or mobile app, or engage with our communications;
- when you request an eligibility check;
- between your interactions with our service (whilst you're still signed up to our service);
- when new credit products and services are added to the website;
- when there is a change to your Experian Credit Bureau data or your ‘Experian Credit Score’ (and we may pro-actively check your Experian Credit Bureau data and Experian Credit Score to do this – which will not affect your credit rating);
- when we predict you may be interested in a new product or service, for example if your existing promotional period is coming to an end.
Updates when you might save money or benefit from new products
As part of our free service (which is available to all customers), Experian will profile your current and historical credit information (from Experian’s Credit Bureau) by applying an automated set of rules designed to identify opportunities where we think you could potentially save money or benefit from new, features, products and services.
The type of credit information we will retrieve includes whether you're carrying a balance on a credit card, loan or mortgage account, what payments you have made, promotional indicators, how long you've had the account for, who your accounts are with and your credit score. It will also include information that appears on your credit file relating to quotation searches that you have received from lenders, insurers or other financial services providers when you have previously searched for credit or insurance, either through Experian’s service, or elsewhere in the market. Based on this credit information and other information we have about you from other Experian features, products and services you use such as Experian Boost or how you interact with those features, products and services, and depending on the outcome of our assessment, we may notify you of new opportunities and may invite you to compare products available as part of our panel.
When we send you personalised product updates, we may also refer to elements of your credit information to explain the opportunity that we have identified for you. For example, if we let you know that you may be able to pay less interest on an existing credit card balance, we may reference your current balance amount, or the amount that you are repaying.
Managing your updates and notifications
The sending of personalised product updates via email, SMS or post and the use of your personal data to create them can be managed within your Messaging Settings from your Experian Account page. From there you can also close your account if you no longer want to receive the onscreen updates.
If you have our mobile app, we may also notify you in the app and via app notifications. These notifications and the associated use of your personal data can be managed in the settings or your device settings.
We may also notify you of these updates when you log in to Experian.
To provide services that use your bank account information
When you provide us with permission for your bank account information to be collected and used as part of our optional open banking related services, the main purposes that we may use that data for are;
- To present you with a consolidated view of the transaction data we have used when assessing if your score should be boosted, including showing you the transactions that have been categorised as payments that are having a positive impact on your credit score.
- If your credit score increases, we’ll share a summary of the data used to create your Boost score (such as how many times we can see you have paid Council Tax) with participating lenders when you apply for credit or check your eligibility, alongside the other information from your credit report. This data may be used by these lenders when deciding if you're eligible. Lenders include providers of traditional financial services such as mortgages, loans and credit cards but can also be firms who can charge for services after you use them, such as mobile phone companies and utility providers, as well as retailers who offer store cards or goods on finance. Lenders may use this information to help them provide accurate eligibility ratings (both directly and through price comparison websites) and to decide whether to offer you credit and on what terms. This may include using the information to assess how much you can afford to pay. Lenders will not receive your actual bank transactions if you apply for credit with them or check your eligibility.
- Where you use our comparison services, we will show you where your summarised bank transaction data has been factored into the results presented to you
- To use the full transaction history we hold about you since you joined Boost (and our categorisation of those transactions) for reporting, analysis, training and developing the Experian Boost service to help us improve this service. The development of the Experian Boost service includes using the data for the following purposes;
- Developing and updating the way bank account information is used within the calculation of your credit score
- Improving the categorisation techniques we use when identifying payments within your bank transactions that fit into certain categories (for example, digital payments)
- Allowing lenders with whom you have or in the past have had a relationship (i.e. previously/currently hold an account with, have previously applied to for credit or who have provided you with a quotation / eligibility rating via our comparison services) to analyse a summary of 12 months of your bank transactions from within the full transaction history we hold on you since you joined Experian Boost. This is to help lenders develop their own lending strategies, which will benefit Boost customers through enabling more lenders to factor summarised bank transactions into their future decisions.
- To ensure that you can maximise the benefit of the Experian Boost service, we will notify Experian’s Pre-qualification Services business unit when you opt into Experian Boost. This will enable a summary of your bank transactions to be used in the decisions made by participating lenders and other price comparison sites who use Experian’s Pre-qualification Services if you seek a quotation or eligibility rating directly from them. Further information is provided in the ‘Who we share your personal information with’ section below.
- We will show you which bank accounts you’ve given us permission to access and when the permission will expire. We’ll keep a record of that permission, its expiry as well as when you joined Experian Boost.
- To give you an indication of whether you could afford to take on additional credit/ borrowing based on your existing income and spending.
- To show you a breakdown and categorisation of your spending habits and how you could make changes to increase the amount you could afford to borrow.
- to send you marketing communications by email, post, SMS and in-app notifications;
- to enable digital advertising including retargeting with partners such as Google and Meta;
- to enable marketing through affiliate partnerships who refer leads to our website; and
- to create marketing content and to refine our marketing strategies.
For Experian Boost:
In addition to the main purposes your bank account information is processed for, it will also be processed for ancillary purposes which are explained in this document, such as sending you service emails related to Experian Boost or providing customer support if you contact us for support related to Experian Boost.
For affordability assessment services:
To comply with the law
Like any other business, we are required to comply with many laws and regulations. Where necessary (i.e. where it is reasonable and proportionate for us to do so), we will use your personal data to the extent required to enable us to comply with these requirements. This could include sending you information that Experian is legally required to send for consumer products or another part of the Experian business (for example, where Experian makes updates to the CIP in relation to processing carried out by Experian Marketing Services).
Investigation, detection and prevention of crime
We may use your information for the investigation, detection and prevention of crime (other than fraud).
Experian may select customers and invite them to be involved in market research. If you accept this invitation, we will use the feedback you give us to improve our products and services.
Administration of prize draws, competitions, membership offers, surveys and other promotional activities
From time to time we will run prize draws, competitions, promotions and surveys and, we will use the personal data you provide to us, to run such activities and to do what we agree to do as part of them.
We will use the personal data we hold about you for marketing purposes in 4 ways:
Marketing communications sent by email, post, SMS and in-app notifications
We will send marketing communications if we think one of our products, services or offers, or those of our third-party partners, may interest you. We will improve relevancy and timeliness of the communications you receive and the content of the communications by identifying customer groups (profiles) and by personalising the data, messages, and images in communications.
We will use your contact information, your credit information, information about how you use our services and any information you may have given us in response to a marketing message, in the sending of these marketing communications. This information includes how frequently you login, your score and score band, how you interact with direct marketing channels and any responses to questions in marketing communications, how recently you have searched for credit and products. If you have searched, we will also use the type of credit, purpose, period, amount, eligibility, and results information. We may as part of our service use this information to create profiles about you in order to tailor our communications for relevancy and communication preference.
If your Experian subscription has finished, we may also contact you and invite you to resubscribe to the same or a different service or product, or to use certain free features on our website and app.
For the purposes of sending you these marketing communications, we will also use profiled data about you, your household or the area in which you live, which is received from Experian Marketing Services. This profiled data from Experian Marketing Services is not actual information about you but rather modelled predictions about the likely characteristics of individuals, households and geographic locations in the UK, such as preferred leisure pursuits, supermarkets likely to be used for shopping or likely social media usage.
More information about the personal data used by Experian Marketing Services and the purposes for which the data are processed is explained in the CIP, which includes information about modelling (the predictions we make) and data profiling.
You can also opt out of marketing communications by post, email or SMS from Experian Consumer Services at any time by following the instructions in the email or SMS or by contacting us at email@example.com. If you opt-out of receiving marketing messages from Experian Consumer Services, your data will still be used for marketing purposes as described below.
You can turn off app notifications at any time using the settings on your mobile device.
Digital advertising with partners such as Google and Meta including retargeting
To help us promote our services, where you have agreed to it in our Cookie and Online Marketing Settings, we will use data about you to help us optimise the adverts we display online on third party websites and social media platforms.
We use tools provided by social media platforms, advertising networks and search engines including Google, Meta and Bing to optimise our advertising on their and third-party websites. As a result, you may receive advertising based on information about you that we have provided to them such as which pages you have visited on our websites, which subscriptions you hold, what you’ve searched for in our marketplace and what results you saw including eligibility scores, basic credit information such as your credit score band, or whether you’ve previously started to sign up for a service but not finished. Equally, you might see an advert because you fall into a group whose attributes we have selected on their platform or if your profile looks like groups that we have provided to them.
When we share your data with Meta, Google or Bing, we use a number of techniques including "hashing" to make sure that your data is secure and that third parties can only identify you if they already hold information about you which can be matched to the data we provide.
Please also see the section headed ‘Social media platforms, advertising networks, affiliate networks and search engines’ in the ‘Who we share your personal information with’ section of this privacy notice.
You can opt-out from having your personal data used for digital advertising purposes by amending your cookie preferences through our Cookies & online marketing settings.
For affiliate marketing
We work with partners who help us generate visitors to our website. For us to track which visitors to our website originated from each partner (so that we can evaluate the benefits of the partnership and, where appropriate, compensate the partner), we will provide certain identifier information to them. Typically the information we share will just be a reference code they sent to us and details of whether you completed a desired action (such as signing up for a free account) but the partner will not be able to identify you or your device unless they already hold information about you as a result of their relationship with you.
To create marketing content and to refine our marketing strategies
We will sometimes anonymise the data we hold and use it for analysis purposes in order to create marketing content (for example, people in your area have an average credit score of 750) or to refine our marketing strategies (e.g. understand which factors influence when customers might be interested in taking out a credit card). When we do this, the information will not identify you but analysing aggregate information is useful in informing us and helping us make decisions about our marketing strategy.
Fraud, investigation, detection and prevention
We may use your information for fraud investigation, detection and prevention measures and in order to provide suitable security for your account and your information that we hold (such as to enable us to prevent others logging in to your account without your permission).
Internal training purposes
We will use your information to ensure that our team has the knowledge and expertise they need to ensure we provide the best possible experience to our customers when interacting with us.
Reporting, analytics and product development
We will use your information including the credit information we hold about you on our Experian Credit Bureau (including any quotation searches you have done when you have previously searched for credit, either through Experian’s service, or elsewhere in the market), your behaviour on our websites and in our apps, IDs created when you use our services (which are used for data linkage and communication between systems) and how you respond to our emails to understand you, your credit needs and how you use our services. We can, where applicable, combine this with information provided by third parties or other parts of the Experian business.
This analysis or the data will be used to enable us to continue to provide the services efficiently and at scale, in the sending of service communications, to improve and promote our products and services, develop new products, to provide educational content, generate consumer insight (e.g. how many of our customers are in the north or south of the country) and to provide appropriate levels of support to our customers. It may also be used to develop new products for Experian’s businesses outside of Experian Consumer Services, such as Experian's ID&F business as explained in the ID&F Notice. Where appropriate, for these purposes. we can process your data using privacy enhancing techniques, resulting in data which is anonymised (so that it is no longer personal data).
For these reporting and analytical purposes, we will use profiled data about you, your household or the area in which you live, which is received from Experian Marketing Services. This profiled data is not actual information about you but rather modelled predictions about the likely characteristics of individuals, households and geographic locations in the UK, such as preferred leisure pursuits, supermarkets likely to be used for shopping or likely social media usage.
More information about the personal data used by Experian Marketing Services and the purposes for which the data are processed is explained in the CIP, which includes information about modelling (the predictions we make) and data profiling.
Please see Section 4 ‘What kinds of personal data do credit reference agencies hold, and where do they get it from?’ of the CRAIN for further information on the data in the Experian Credit Bureau.
As part of improving our products and services, we may also share this analysis with selected lenders, brokers and other financial services providers so they can determine whether they can improve the products or the terms under which their products are offered to Experian customers. You have the right to opt out of this processing by cancelling your agreement with us.
Our website also uses a website recording service which records mouse clicks, mouse movements, page scrolling and any text keyed into website forms. Data collected by this service is used to improve our website usability and is not shared with anyone else.
More details of how we may track your interactions with our websites, apps and emails is available on our Cookies & online marketing page.
To help our partners develop and improve the products and services they offer you
Where you use our comparison services, we may also share your personal data with lenders or brokers returned as part of your search to enable them to conduct their own analysis, in order to develop and improve the products and services they offer.
Your data may also be shared with other lenders or brokers as part of services we have developed to help them understand customer behaviours (for example, to enable them to understand which products customers took where their product was returned as part of a search). Where possible, this information will be provided in an anonymised or pseudonymised way.
To personalise your experiences in our websites and apps
When you are logged in to our services, we will use the information we know about you including your behaviour on our websites and your credit history to help make our services as relevant and easy to use as possible. For example, where we can see that you have a high credit score, we may be more likely to talk to you about features and offers related to taking out a mortgage.
To maintain our records and other administrative functions
Like any business, we need to ensure that we maintain comprehensive and up to date records of the ways we process your personal information and other operational activities and therefore we will process the information you provide for record-keeping, updates and general administrative purposes.
Complaint and dispute resolution
Whilst we will try to make sure that you are happy with the service we provide and do not feel the need to complain, if you do complain to us, we will use the information we have about you to help us manage your complaint.
To improve data accuracy and completeness
Personal information you provide to us during registration, when you search for credit products in our comparison services or when we search on your behalf may be used to improve the Experian Credit Bureau information we already hold about you in our role as a credit reference agency e.g. if you provide a different address or alias to the one we hold already we may add to your details in the bureau the new address or alias to aid quicker identification of you and ensure that lenders can see a full picture of you when making lending decisions, it also aids identification and verification in the credit application process.
Please see Section 4 ‘What kinds of personal data do credit reference agencies hold, and where do they get it from?’ of the CRAIN for further information.
Invitations to participate in market research
In order to improve the service we offer to customers, we may ask you to participate in research from time to time. It is entirely up to you whether you choose to do so.
6. What are the legal grounds for handling personal information?
Data protection laws require that, where we're processing your personal data, we must satisfy at least one prescribed condition for processing. These are set out in data protection law and we rely on a number of different conditions for the activities we carry out.
Necessary for performance of a contract or to comply with law
In most cases, the information described above will be provided to us by you because you want to take services from us or engage with us and our use of your information will be governed by contract terms. Giving this information to us is therefore your choice. If you choose not to give all or some of it to us, this may affect our ability to provide the services you want, to you. We may rely on this condition for processing in the following scenarios:-
- To enable you to access our website and use our services.
- To confirm your identity and authenticate the information you provide.
- To process payments and collect arrears.
- To provide and improve customer support.
- To provide you with information from your Experian Credit Report.
- To provide you with additional services related to your Experian Credit Report information and Experian Credit Score.
- To provide alerts.
- To Lock or unlock your Experian Credit Report.
- To send you service communications.
- To resolve complaints and disputes where:
- you are an existing Experian customer and/or;
- your complaint/dispute relates to an FCA regulated part of our services
- To provide comparison services and create eligibility ratings.
- To provide information related to your use of our comparison services.
- To send you personalised product updates.
- To provide the Experian Credit Score and send you credit score notifications.
- To provide services that use your bank account information.
- To comply with the law.
- Investigation, detection and prevention of crime.
We obtain your consent when we use non-essential cookies, or technology similar to cookies, and/or collect information about the device you use to access our website. Sometimes we work with third parties who carry out these activities on our behalf. You will be asked to consent to the use of non-essential cookies before using our website. Further information about the cookies is included in our Cookies & online marketing page.
We may also rely on consent in the following scenarios:-
- Market research – we may send you invitations to participate in market research (see below). If you do so, your feedback is given with your consent.
- Administration of prize draws, competitions, membership offers, surveys and other promotional activities.
Necessary in our legitimate interests or those of a third party
In the United Kingdom, we can also use personal information where the benefits of doing it are not outweighed by the interests or fundamental rights or freedoms of individuals. The law calls this the "Legitimate Interests" condition for processing. Where we rely on it, the benefits being pursued by us are:-
To send you communications (whether by post, email, SMS or in app), for digital advertising with partners such as Google and Meta, for affiliate marketing and to create marketing content and refine our marketing strategies.
- Fraud investigation, detection and prevention
Identifying and stopping fraud, including fraudulent access to our services.
- Internal training purposes
To enable us to train our staff to better provide services to our customers.
- To maintain our records and other administrative functions.
- Reporting, analytics and product development
To provide management information and information to continue to provide our services efficiently at scale, to help improve our services and communications, and those of our partners. To develop our products and those of other Experian businesses outside of Experian Consumer Services. We may create anonymous data for these purposes.
- To help our partners develop and improve the products and services they offer you.
- To personalise your experiences on our websites and apps so that we can tailor the services we provide to you and how we communicate with you.
- To resolve complaints and disputes where you are no longer an Experian customer and your complaint or dispute is not about an FCA regulated part of our services – we will need to use customer data when looking into queries and complaints.
- To improve data accuracy and completeness
When you register for or use our services you may supply us with information about yourself which we will use to improve our data accuracy and completeness across our wider business (including sharing your data with the Experian Credit Bureau for these purposes) and enable Experian to provide the most accurate data for our customers and clients.
- Invitations to participate in market research
In order to improve the service we offer to customers, we may ask you to participate in research from time to time. It is entirely up to you whether you choose to do so.
- To provide and improve customer support for non-Experian customers.
7. Who we share your personal information with
We share your personal information with those persons who need to handle it so we can provide the Experian products and services you’ve signed up to. We also share it with:
- the Experian Credit Bureau (who may pass this on to Experian Marketing Services);
- Experian’s ID&F business to provide services to help us confirm your identity and authenticate you and for product and services development and research;
- companies within the Experian group who manage some parts of the services for us; social media platforms, advertising networks, affiliate networks and search engines to help target and measure our digital marketing;
- suppliers who provide services to us which require access to your personal information; and
- resellers, distributors and agents involved in delivering the services we provide where necessary for them to do so.
Lastly, we may also provide your personal information to fraud prevention agencies. This is to protect the Experian group of companies and our customers, to keep our systems secure, or where it’s necessary to protect either yours or our best interests.
- Additional Experian business functions
- Experian Credit Bureau
Personal data that you provide during registration (as described in the section ‘What information we collect’) is shared with Experian’s Credit Bureau for the purposes of improving data accuracy and completeness. The Experian Credit Bureau may subsequently provide your data to Experian Marketing Services. Please see Section 4 ‘What kinds of personal data do credit reference agencies hold, and where do they get it from?’ of the CRAIN for further information.
- Experian Marketing Services
- Experian Pre-qualification Services
Personal data that you provide during registration (limited to your date of birth, surname, postcode and an internal ID) is shared with Experian’s Pre-qualification Services if you opt into Experian Boost. This is to ensure that a summary of your bank information is taken into consideration if you use another price comparison site or directly request a quotation or eligibility rating from a participating lender (who use Experian’s Pre-qualification services).
- Experian Credit Bureau
- Group companies
As a member of the Experian group of companies, we can benefit from the large IT infrastructure and expertise that exists within our business. This means that the personal data you provide to us may be accessed by members of our group of companies for support and administrative purposes.
- Social media platforms, advertising networks, affiliate networks and search engines
Subject to your preference settings, we will share information about you including your Contact Information, Credit information, information you provide to us when you use our services or interact with us, information about your visits to our website and other insight we learn about you, with social media platforms, advertising networks, search engines and affiliate networks such as Meta, Google, Bing (Microsoft) and Affiliate Window.
We use techniques to make sure we don’t give information such as your email address to someone who hasn’t already got it but are still able to work with partners to know when you’ve been to our website, and also been to – for example – Meta or an affiliate partner who introduced you to us.
We take steps to ensure all partners we share personal information treat it securely and only in accordance with our instructions where they are providing a service to us. However, in some instances, they may become joint or independent controllers of your data. For more information about our Partners and their processing of your personal data, see below.
When we share data with Meta, Meta Ireland 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland will be a joint controller of your personal data. You can read more about how Meta Ireland will process your personal data including what lawful basis they rely on and how you can exercise your rights in their Data Policy.
We have entered into a joint controller agreement with Meta Ireland which sets out our respective obligations in relation to the processing of your personal data. We have agreed as follows: -
- (a) we are responsible for providing you with a link to the Meta Data Policy; and
- (b) Meta Ireland is responsible for ensuring that you can exercise your data protection rights when it comes to personal data held by Meta Ireland.
We have a contract in place with Google and they agree to process the personal data we provide to them for the purposes of providing the services to us and no other purposes. You can read more about how Google advertising works here and exercise your right to opt out and delete the information Google holds about you here.
Affiliate Window tracks devices who have visited our website from an affiliate partner website or certain advertisements or offers aimed at driving traffic to our site. We have a contract in place with Affiliate Window. You may opt out of this tracking here: https://www.awin.com/fr/cgv/optout although this may interfere with your ability to earn cashback from sites such as TopCashback and Quidco which rely on this tracking.
We use several service providers to support our business and these service providers may have access to our systems and data in order to provide services to us and/or to you on our behalf.
- Resellers, distributors and agents
We sometimes use organisations to help provide our products and services to clients and customers. Personal data may be provided to them in connection with this purpose.
- Fraud prevention agencies
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. Law enforcement agencies may access and use this information.
If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies can be obtained on the Cifas website.
We and other organisations may access and use the information recorded by fraud prevention agencies from other countries.
- Public bodies, law enforcement and regulators
The police, other law enforcement agencies, regulators, as well as public bodies such as local and central authorities can sometimes request personal information. This may be for the purposes of preventing or detecting crime, apprehending or prosecuting offenders, assessing or collecting tax, investigating complaints or assessing how well a particular industry sector is working.
- Brokers, lenders, aggregators and providers of credit and financial products
In some circumstances, we will share credit report information and your personal information (such as name and address) with brokers, lenders and providers of credit and financial products themselves for purposes that may include:
- verifying your eligibility for the products;
- verifying suitability of products;
- assisting you in completing your application to the financial services product provider (which may include pre-populating the application form on their website);
- contacting you regarding credit and financial products; and complying with any contractual, legal and/or regulatory obligations;
- providing analysis and insight to help the financial services providers to improve the products and services that they offer to our customers.
We may also share your personal and credit information with lenders or brokers returned as part of your search to enable them to conduct their own analysis, in order to develop and improve the products and services they offer.
Where we share your personal and credit information with these firms, they become controller of your data.
You can obtain a copy of the information we hold about you. See section 'Your rights to how we use your personal information' for further information on how you can do this.
8. Where in the world do we send information?
Experian is based in the UK, which is where our main databases are. We also operate elsewhere in and outside the European Economic Area, so we may access your personal information from and transfer it to these locations as well. Don't worry though, any personal information we access from or transfer to these locations is protected by European data protection standards.
While countries in the European Economic Area all ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and don't provide the same quality of legal protection when it comes to your personal information.
To make sure we keep your personal information safe, we apply strict safeguards when transferring it overseas. For example:
- Sending your personal information to countries approved by the European Commission as having high quality data protection laws, such as Switzerland, Canada and the Isle of Man.
- Putting in place a contract that has been approved by the European Commission with the recipient of your personal information that provides a suitable level of protection.
- Sending your personal information to an organisation which is a member of a programme certified by the European Commission as having in place equivalent protections to those in the EEA and UK.
9. Your rights to how we use your personal information
It is important that you understand your rights in relation to your personal information and how you can contact us if you have questions or concerns.
If you've given us consent to process your personal information, you have the right to withdraw that consent at any time by contacting us at firstname.lastname@example.org. You can also make changes to that preference in your Experian account. If the consent relates to cookies, you can withdraw or amend your consent by at any time by using the “Cookies & online marketing” link at the bottom of each page.
You can also ask for access to the personal information we hold about you by visiting https://www.experian.co.uk/consumer/data-access.
You have the right to object to our use of your personal data. We will do as you ask where possible and in line with applicable law.
You also have the right to request that we correct any mistakes, restrict processing or delete your data. It’s worth noting that in some cases if you do ask us to correct, delete or stop processing data, we won’t always be required to do so. For example, some of the data we hold about you is data we have created from profiling activities to predict certain things about you, such as the data referred to in sections 'To provide the Experian Credit Score and send you credit score notifications', 'To provide services that use your open banking information' and 'Marketing' in respect of the data we receive from Experian Marketing Services. This created data is not factual data, it is Experian’s opinion and you do not have a right to correct it if you disagree with Experian’s opinion. Where your rights don’t apply, we will explain why. To use these rights, contact us at email@example.com.
We will try to ensure that we deliver the best levels of customer service but if you think we are falling short of that commitment, please let us know by contacting our data protection officer at firstname.lastname@example.org.
The section ‘Marketing’ tells you how to opt-out of marketing.
In certain circumstances (e.g. where you provide your information to us (a) with consent to process it or (b) where the processing is necessary for the performance of our contract with you) you can require that we provide the information we hold about you either to you or a third party in a commonly used format. This only applies if we are processing it using automation only. If you would like more information about this, let us know by contacting us at email@example.com.
We will try to ensure that we deliver the best levels of customer service but if you think we are falling short of that commitment, please let us know by contacting us at firstname.lastname@example.org.
If you’re still unhappy with any aspect of how we handle your personal information you also have the right to contact the Information Commissioner’s Office (ICO), the supervisory authority that regulates handling of personal information in the UK. You can contact them by:
- Going to their website at https://ico.org.uk/.
- Phone on 0303 123 1113
- Post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
You may also see our full complaints handling procedure and how to make a complaint. If we cannot resolve things under that procedure, then you may have the right to refer your complaint, free of charge, to the Financial Ombudsman Service.
The contact details for the Financial Ombudsman Service are:
Telephone: 0300 123 9 123, or from outside the UK +44 20 7964 1000
Address: Financial Ombudsman Service Exchange Tower London E14 9SR
10. How we keep your personal information secure
Online privacy and security is the most important aspect of any customer service and we take it extremely seriously. We use a variety of the latest technologies and procedures to protect your personal information from unauthorised access, destruction, use or disclosure.
Experian have a comprehensive Global Security Policy based on internationally recognised standards of security (known as ISO27001 standard) and holds ISO27001 certification in the key areas of Global Security Admin team who are responsible for administering logical access to systems and in the Data Centre.
Experian has a dedicated Cyber Security Investigations team who safeguard Experian's key assets such as its systems and storage facilities. This team, identify and effectively manage any security developments that may threaten Experian's people, process, or technology through intervention and the thorough investigation of security incidents. Experian holds Cyber Essentials Certification and performs risk assessments against our critical and external facing applications annually.
Experian is annually audited by an External QSA (Qualified Security Assessor) from Trustwave and have successfully maintained compliance since 2010.