Related privacy polices:
This policy applies to the processing of your personal data when you visit our website at Experian.co.uk and if you take any of Experian’s free or paid-for consumer products, including the free Experian account, our subscription services, our mobile apps. It also applies to your use of any consumer services available on experian.co.uk such as comparison services and the ‘contact us’ functionality for non-Experian customers. Experian’s free and paid-for consumer products are operated by Experian Consumer Services. This is the “consumer-facing” part of our business; the part that you and other consumers interact with.
Experian also operates a number of other businesses (which you may not normally interact with). Different privacy policies apply to those other businesses, and those policies discuss in more detail how your personal data might be processed.
Experian Consumer Services may share your data with some of those additional business functions, so that they may further process your personal data for a different purpose. We talk about this at ‘How we use your information’ and ‘Who we share your information with’, below.
Briefly, the other business functions that may further process your personal data (and their related privacy policies) are as follows:
Experian business function Relevant privacy notice Description Experian Credit Bureau (our credit referencing business) ‘Credit Reference Agency Information Notice’ (CRAIN) The CRAIN provides information on how Experian and the UK’s other main credit reference agencies collect, use and share personal data. Experian Marketing Services (our marketing services business) ‘Consumer Information Portal’ (CIP)
The information you provide to Experian Consumer Services might be used by Experian Marketing Services to: validate and update your address and age details; create models into the ‘make-up’ of the UK population for characteristics across age, gender, number of adults and composition of the household and length of residency; identify when you change address; in linking profiled data about you to a client’s customer file (where you are already their customer) and for screening out of financial marketing where the financial offer is not appropriate for your circumstances.
The CIP provides information on how Experian collects, uses and shares personal data for its clients' marketing purposes and other related activities.
Please see the CRAIN and the CIP for more information on how the Experian Credit Bureau and Experian Marketing Services, use your personal data, and for further information on your rights in relation to your personal data, and how to exercise them.
Please also see this helpful guide explaining what information lenders use about you when deciding whether to give you credit and what happens to the information after that if the lender opens an account for you.
Who is Experian and how can you contact us?
Experian is part of a group of companies whose parent company is listed on the London Stock Exchange (EXPN) as Experian plc. The Experian group of companies has its corporate HQ in Dublin, Ireland, and its operational HQs in Costa Mesa, California and Nottingham, UK.
What information we collect
We will need to ask you for certain personal information to deliver the services you have asked for and to give you the best possible experience when you engage with us (via our websites and apps or otherwise) and when you use our products and services.
We will also collect information about you and the devices you use to access our website, or we may ask third parties to do this for us, in these cases we do so by using technologies such as cookies. See also our Cookies & online marketing page.
When you apply for Experian services, we will ask you to provide some contact information. Contact information may include some or all of the following: full name, previous names, residential address, previous residential addresses, date of birth, landline phone number, mobile phone number and email address. We will only retain your contact information for six years after the end of the provision of services in order to answer any queries you may have and - if you have agreed to receive marketing - to let you know about related products and services that may be of interest to you. Where you have agreed to receive marketing, but not signed up for a product (or not held a product for over six years), we will only continue to keep your data for marketing purposes if you have opened or responded to marketing messages in the previous six months. However, information about address links or aliases which you tell us about during registration may be kept indefinitely to help us improve the quality of our data (see below).
If you are using our comparison services but have not created an account, you may be asked for similar information such as:
- Contact details (email / telephone)
In this case this information will be kept for 36 months.
If you use our live chat function but haven’t signed up for a service, we may collect some contact information from you to enable us to support and resolve your query.
Any contact information collected as well as a record of the live chat conversation will be kept for 24 months.
Where the services you select carry a cost, we will ask you to provide some payment information. Payment information may include some or all of the following: credit card and debit card details. We will only retain your payment information for two years after the end of the provision of paid-for services in order to simplify any further payment requirements you may have.
For most of the services you access on our website and through our apps, we will ask you to provide security information that only you will know. Security information may include some or all the following: mother’s maiden name, password and memorable word. We will only retain your security information for six years after the end of the provision of services in order to answer any queries you may have and identify you when you contact us.
For the web monitoring services that are available to some customers, we will ask you to provide your chosen information to be monitored. This may include some or all of the following: passport number, driving licence number, national insurance number, credit card details and any other information you choose to have us monitor. We will only retain your Web Monitoring information for as long as we continue to provide the relevant services and you can delete it at any time.
We will only retain this information for 26 months after the end of the provision of services.
When we provide services to you, we will access data we already hold about you on the Experian Credit Bureau, or we may gather similar information from other credit reference agencies (TransUnion and Equifax). This may include (but is not limited to) some or all the following: information in your credit report (including details of credit accounts held and repayment performance as well as public information such as inclusion on the electoral roll, bankruptcies and county court judgements), your credit score or score band, and your Experian score boost (if you have one). We will only retain the credit information we derive from the Experian Credit Bureau for two years from the query in question in order to enable us to answer your queries. Please see section 4 ‘What kinds of personal data do credit reference agencies hold, and where do they get it from?’ of the CRAIN for further information.
Bank account information
For the optional open banking related services available to some customers, where you provide Experian with permission to access your bank account(s), we will request your previous 24 months' bank account information. Where you allow us access to a joint account, the bank account information we receive will include transactions made by both you and the other person with whom you share the account.
We (or our partners) will collect some, or all, of the following data from your bank account(s);
- Account name, number and sort code
- Account balance
- Details of the transactions, such as the amount credited or debited, date of transaction and name of payer or recipient
- Product details – fees, charges, interest, benefits/rewards
New transactions are collected each day to ensure the transaction information we process is accurate and up to date.
You can withdraw your permission for us to access this information at any time within the service. We will stop accessing new Bank account information from the point you disconnect your bank account(s), opt out of the service, or where your authentication period ends and you don’t re-authenticate, whichever is sooner. We will also stop using the data for the purposes described within the notice displayed for Experian Boost when you opt-out of the service, or when we’ve had that data for three years, whichever comes first. However, we may continue to keep the data for up to three years from when we had it to comply with legal and regulatory requirements and related record-keeping. Where your authentication period has ended, but you remain opted in to the open banking service, we will retain those bank account details for 12 months to enable you to reconnect this account easily during this time. If you do not want us to retain this data, you should opt-out of the Boost service altogether, and we will then delete this data.
When you use our comparison services
When you use our comparison services, you may be asked to provide additional information in order to obtain the most accurate quotations from brokers, aggregators, insurers, lenders and providers of credit. This includes:
- Employment status
- Your answers to any other questions asked during the comparison journey
We will store this information for up to 36 months from the date we first obtain it. After 36 months this personal information will be securely and permanently deleted. However general comparison services usage data that does not identify any individual user, may be kept for a longer period for reporting and analytics purposes.
Insurance Quotations - In order to display insurance quotes on our website, we need to collect and send your personal information to the panel of insurance partners or insurance brokers we work with that provide quotes. This is so that they can generate a quote for us to display to you on our website. The information we collect and share for this purpose includes:
- Vehicle details (including its usage)
- Insurance claims history
- Driving history (including convictions)
- Medical condition status
- Additional driver details
We will store this information for 36 months from the date we first obtain it.
When you provide it in response to marketing communications
In some marketing communications, we may ask you to provide information about yourself. This may take the form of multiple choice responses and be related to your circumstances such as your financial needs, type of financial produce you may be interested in or policy renewal dates. You can choose whether or not to respond to these questions.
How we use your information
We use your personal information in lots of ways to make our products and services as effective as possible.
To enable you to access our website and use our services
We will use your information to accept you as a new/returning customer, to authenticate you when you attempt to register a new account with us, or to log you into your account. We also use it to provide you with our products and services.
To confirm your identity and authenticate the information you provide
As part of providing services to you we will confirm your identity and authenticate the information you provide for security purposes.
Establishing your identity is important as the services may provide you with your personal credit information (such as your Experian Credit Score or credit report) and we must be sure you are who you say you are. Identity checking may also involve checking the registration information you give us against information we already hold about you as a credit reference agency and potentially publicly available information about you such as from social media.
If we are unable to confirm your identity from the registration information you provide, we will let you know by using the contact details you have provided and you may then have the option to make a written application and provide further proof of your identity.
To process payments and collect arrears
We will use your information to process the payments you commit to when signing up to our services and for the collection of any future payments or overdue amounts for those services.
Your payment card provider may let us know if the card details relating to your Experian payment change. If this happens, we reserve the right to update certain card details to make sure your access to our services isn't interrupted.
So, for example, if you get a new payment card with a later expiry date to the one you currently pay with (but all the other details stay the same), we may update your payment card expiry date accordingly.
To provide you with information from your Experian Credit Report
Depending on the features in your subscription, information from the Experian Credit Bureau will be shared with you in a variety of ways, ranging from the display of the full Experian Credit Report to summarising salient credit report information.
To provide the Experian Credit Score and send you credit score notifications
We will use the Experian Credit Bureau data we hold and profile it to create the ‘Experian Credit Score’ by running the data through an algorithm called a scorecard. We will also use it to monitor and identify changes to your Experian Credit Score and may notify you by email, SMS or app notification about these changes or when a new score is available to be viewed.
To provide you with additional services related to your Credit Report information and Credit Score
The data held in the Experian Credit Bureau will also be used to operate features designed to help you understand and act upon your Experian Credit Score. Different products are included in different subscriptions and include the ability to forecast future score changes, to optimize behaviour for score progression and to understand the factors which build up the Experian Credit Score.
To provide and improve customer support
We will use your information to be able to provide and improve the customer support we provide to you (e.g. when you have questions or when you forget your log-in information).
To provide alerts
We will use your information to send you alerts where they are part of your current subscription e.g.
- web-monitoring when we find your personal details are available to others online.
- where there are certain changes to your credit report.
To send you service communications
We will use your information to contact you to tell you about changes to or issues affecting the services you are taking.
To provide comparison services and create eligibility ratings
When you use our comparison service to search for products, the information you provide is used to retrieve information about products relevant to your search and create a table which allows you to compare them.
Where eligibility ratings are available, the information you provide (including personal information such as your name and address) and your current and historical credit information from the Experian Credit Bureau (and sometimes the other credit reference agencies TransUnion and Equifax) has been profiled by running it through an algorithm known as a scorecard to create the eligibility rating displayed. The eligibility rating is to help you understand whether you are likely to be accepted based on the lender’s criteria.
To pre-populate partner applications
In some circumstances - for example, to make it easier for you when you select on our website or mobile app that you want to submit an application to a particular broker, aggregator, insurer, lender or other provider, we will share limited information with them so that their application process can be pre-populated and save you the hassle of re-inputting information you’ve already told us.
Typically, the information that we will share would include your name, address, phone number and email address.
To provide information related to your use of our comparison services
When you search for products, we may contact you by email or SMS to confirm activity relating to use of our comparison services, such as details of the searches you have made, results that you have seen when searching, or information about introductions you've requested to brokers and lenders.
If you have also used our insurance comparison service and our system identifies that your insurance renewal is due, we may contact you to remind you and may include details of what your quotes could be based on the information you provided for your previous search.
To send you personalised product updates
The personalised product updates feature provides you with information to help you identify ways to save money or benefit from new products or services. This information can be provided on screen, when using our free service (which is available to all customers) and by email, SMS, post or push notification via the App.
Product eligibility updates
Experian will use the information you provide including personal information such as your name and address, information we have about you from other Experian features, products and services you use, such as Experian Boost or search information or results from our comparison services, how you interact with those features, products and services and your current and historical credit information (whether it’s from the Experian Credit Bureau or the other two main credit reference agencies, Equifax and TransUnion).
We will use this to profile you to assess your eligibility for third party products or services based on a product providers’ criteria and depending on the outcome of the assessment and the eligibility rating, to decide whether to alert you to opportunities, products and services that you may be eligible for. In the alert we may compare the outcome of the assessment with an earlier assessment to help you understand what’s changed. You can find more information around how we assess your eligibility in the above section ‘To provide comparison services and create eligibility ratings’.
We will check your eligibility for third party products and services, and may provide eligibility updates:
- when you interact with our service, e.g. when you use our website or mobile app, or engage with our communications;
- when you request an eligibility check;
- between your interactions with our service (whilst you're still signed up to our service);
- when new credit products and services are added to the website;
- when there is a change to your Experian Credit Bureau data or your ‘Experian Credit Score’ (and we may pro-actively check your Experian Credit Bureau data and Experian Credit Score to do this – which will not affect your credit rating);
- when we predict you may be interested in a new product or service, for example if your existing promotional period is coming to an end.
Updates when you might save money or benefit from new products
As part of our free service (which is available to all customers), Experian will profile your current and historical credit information (from Experian’s Credit Bureau) by applying an automated set of rules designed to identify opportunities where we think you could potentially save money or benefit from new, features, products and services.
The type of credit information we will retrieve includes whether you're carrying a balance on a credit card, loan or mortgage account, what payments you have made, promotional indicators, how long you've had the account for who your accounts are with and your credit score. It will also include information that appears on your credit file relating to quotation searches that you have received from lenders and insurers when you have previously searched for credit or insurance, either through Experian’s service, or elsewhere in the market. Based on this credit information and other information we have about you from other Experian features, products and services you use such as Experian Boost or how you interact with those features, products and services, and depending on the outcome of our assessment, we may notify you of new opportunities and may invite you to compare products available as part of our panel.
When we send you personalised product updates, we may also refer to elements of your credit information to explain the opportunity that we have identified for you. For example, if we let you know that you may be able to pay less interest on an existing credit card balance, we may reference your current balance amount, or the amount that you are repaying.
Managing your updates and notifications
The sending of personalised product updates via email, SMS or post and the use of your personal data to create them can be managed within your Messaging Settings from your Experian Account page. From there you can also close your account if you no longer want to receive the onscreen updates.
If you have our mobile app, we may also notify you in the app and via app notifications. These notifications and the associated use of your personal data can be managed in the settings or your device settings.
We may also notify you of these updates when you log in to Experian.
To provide services that use your bank account information
When you provide us with permission for your bank account information to be collected and used as part of our optional open banking related services, the main purposes that we may use that data for are;
- To present you with a consolidated view of the transaction data we have used when assessing if your score should be boosted, including showing you the transactions that have been categorised as payments that are having a positive impact on your credit score.
- If your credit score increases, we’ll share a summary of the data used to create your Boost score (such as how many times we can see you have paid Council Tax) with participating lenders when you apply for credit or check your eligibility, alongside the other information from your credit report. This data may be used by these lenders when deciding if you're eligible. Lenders include providers of traditional financial services such as mortgages, loans and credit cards but can also be firms who can charge for services after you use them, such as mobile phone companies and utility providers, as well as retailers who offer store cards or goods on finance. Lenders may use this information to help them provide accurate eligibility ratings (both directly and through price comparison websites) and to decide whether to offer you credit and on what terms. This may include using the information to assess how much you can afford to pay. Lenders will not receive your actual bank transactions if you apply for credit with them or check your eligibility.
- Where you use our comparison services, we will show you where your summarised bank transaction data has been factored into the results presented to you
- To use the full transaction history we hold about you since you joined Boost (and our categorisation of those transactions) for reporting, analysis, training and developing the Experian Boost service to help us improve this service. The development of the Experian Boost service includes using the data for the following purposes;
- Developing and updating the way bank account information is used within the calculation of your credit score
- Improving the categorisation techniques we use when identifying payments within your bank transactions that fit into certain categories (for example, digital payments)
- Allowing lenders with whom you have or in the past have had a relationship (i.e. previously/currently hold an account with, have previously applied to for credit or who have provided you with a quotation / eligibility rating via our comparison services) to analyse a summary of 12 months of your bank transactions from within the full transaction history we hold on you since you joined Experian Boost. This is to help lenders develop their own lending strategies, which will benefit Boost customers through enabling more lenders to factor summarised bank transactions into their future decisions.
- To ensure that you can maximise the benefit of the Experian Boost service, we will notify Experian’s Pre-qualification Services business unit when you opt into Experian Boost. This will enable a summary of your bank transactions to be used in the decisions made by participating lenders and other price comparison sites who use Experian’s Pre-qualification Services if you seek a quotation or eligibility rating directly from them. Further information is provided in the ‘Who we share your personal information with’ section below.
- We will show you which bank accounts you’ve given us permission to access and when the permission will expire. We’ll keep a record of that permission, its expiry as well as when you joined Experian Boost.
- To give you an indication of whether you could afford to take on additional credit/ borrowing based on your existing income and spending.
- To show you a breakdown and categorisation of your spending habits and how you could make changes to increase the amount you could afford to borrow.
- to send you marketing communications sent by email, post, SMS and in-app notifications);
- to enable digital advertising including retargeting with partners such as Google and Facebook;
- to enable marketing through affiliate partnerships who refer leads to our website; and
- to create marketing content and to refine our marketing strategies.
For Experian Boost:
In addition to the main purposes your bank account information is processed for, it will also be processed for ancillary purposes which are explained in this document, such as sending you service emails related to Experian Boost or providing customer support if you contact us for support related to Experian Boost.
For affordability assessment services:
To comply with the law
Like any other business, we are required to comply with many laws and regulations. Where necessary (i.e. where it is reasonable and proportionate for us to do so), we will use your personal data to the extent required to enable us to comply with these requirements. This could include sending you information that Experian is legally required to send for consumer products or another part of the Experian business (for example, where Experian makes updates to the CIP in relation to processing carried out by Experian Marketing Services).
Investigation, detection and prevention of crime
We may use your information for the investigation, detection and prevention of crime (other than fraud).
Experian may select customers and invite them to be involved in market research. If you accept this invitation, we will use the feedback you give us to improve our products and services.
Administration of prize draws, competitions, membership offers, surveys and other promotional activities
From time to time we will run prize draws, competitions, promotions and surveys and, we will use the personal data you provide to us, to run such activities and to do what we agree to do as part of them.
We will use the personal data we hold about you for marketing purposes in 4 ways:
Marketing communications sent by email, post, SMS and in-app notifications
We will send marketing communications if we think one of our products, services or offers, or those of our third-party partners, may interest you. We will improve relevancy and timeliness of the communications you receive and the content of the communications by identifying customer groups (profiles) and by personalising the data, messages, and images in communications.
We will use your contact information, your credit information information about how you use our services and any information you may have given us in response to a marketing message, in the sending of these marketing communications. This information includes how frequently you login, your score and score band, how you interact with direct marketing channels and any responses to questions in marketing communications, how recently you have searched for credit and products. If you have searched, we will also use the type of credit, purpose, period, amount, eligibility, and results information.
If your Experian subscription has finished, we may also contact you and invite you to resubscribe to the same or a different service or product, or to use certain free features on our website and app.
For the purposes of sending you these marketing communications, we will also use profiled data about you, your household or the area in which you live, which is received from Experian Marketing Services. This profiled data from Experian Marketing Services is not actual information about you but rather modelled predictions about the likely characteristics of individuals, households and geographic locations in the UK, such as preferred leisure pursuits, supermarkets likely to be used for shopping or likely social media usage.
More information about the personal data used by Experian Marketing Services and the purposes for which the data are processed is explained in the CIP, which includes information about modelling (the predictions we make) and data profiling.
You can also opt out of marketing communications by post, email or SMS from Experian Consumer Services at any time by following the instructions in the email or SMS or by contacting us at email@example.com. If you opt-out of receiving marketing messages from Experian Consumer Services, your data will still be used for marketing purposes as described below.
You can turn off app notifications at any time using the settings on your mobile device.
Digital advertising with partners such as Google and Facebook including retargeting
To help us promote our services, where you have agreed to it in our Cookie and Online Marketing Settings, we will use data about you to help us optimise the adverts we display online on third party websites and social media platforms.
We use tools provided by social media platforms, advertising networks and search engines including Google, Facebook and Bing to optimise our advertising on their and third-party websites. As a result, you may receive advertising based on information about you that we have provided to them such as which pages you have visited on our websites, which subscriptions you hold, what you’ve searched for in our marketplace and what results you saw including eligibility scores, basic credit information such as your credit score band, or whether you’ve previously started to sign up for a service but not finished. Equally, you might see an advert because you fall into a group whose attributes we have selected on their platform or if your profile looks like groups that we have provided to them.
When we share your data with Facebook, Google or Bing, we use a number of techniques including "hashing" to make sure that your data is secure and that third parties can only identify you if they already hold information about you which can be matched to the data we provide.
Please also see the section headed ‘Social media platforms, advertising networks, affiliate networks and search engines’ in the ‘Who we share your personal information with’ section of this privacy notice.
You can opt-out from having your personal data used for digital advertising purposes by amending your cookie preferences through our Cookies & online marketing settings.
For affiliate marketing
We work with partners who help us generate visitors to our website. For us to track which visitors to our website originated from each partner (so that we can evaluate the benefits of the partnership and, where appropriate, compensate the partner), we will provide certain identifier information to them. Typically the information we share will just be a reference code they sent to us and details of whether you completed a desired action (such as signing up for a free account) but the partner will not be able to identify you or your device unless they already hold information about you as a result of their relationship with you.
To create marketing content and to refine our marketing strategies
We will sometimes anonymise the data we hold and use it for analysis purposes in order to create marketing content (for example, people in your area have an average credit score of 750) or to refine our marketing strategies (e.g. understand which factors influence when customers might be interested in taking out a credit card). When we do this, the information will not identify you but analysing aggregate information is useful in informing us and helping us make decisions about our marketing strategy.
Investigation, detection and prevention and fraud
We may use your information for fraud investigation, detection and prevention measures and in order to provide suitable security for your account and your information that we hold (such as to enable us to prevent others logging in to your account without your permission).
Internal training purposes
We will use your information to ensure that our team has the knowledge and expertise they need to ensure we provide the best possible experience to our customers when interacting with us.
Reporting, analytics and tracking and product development
We will use your information including the credit information we hold about you on our Experian Credit Bureau (including any quotation searches you have done when you have previously searched for credit or insurance, either through Experian’s service, or elsewhere in the market), your behaviour on our websites and in our apps, IDs created when you use our services (which are used for data linkage and communication between systems) and how you respond to our emails to understand you, your credit needs and how you use our services. We can, where applicable, combine this with information provided by third parties.
This analysis will be used to enable us to continue to provide the services efficiently and at scale, to improve and promote our products and services, develop new products, to provide educational content, generate consumer insight (e.g. how many of our customers are in the north or south of the country) and to provide appropriate levels of support to our customers. Where appropriate, we will use anonymised aggregate data for this purpose.
For these reporting and analytical purposes, we will use profiled data about you, your household or the area in which you live, which is received from Experian Marketing Services. This profiled data is not actual information about you but rather modelled predictions about the likely characteristics of individuals, households and geographic locations in the UK, such as preferred leisure pursuits, supermarkets likely to be used for shopping or likely social media usage.
More information about the personal data used by Experian Marketing Services and the purposes for which the data are processed is explained in the CIP, which includes information about modelling (the predictions we make) and data profiling.
Please see Section 4 ‘What kinds of personal data do credit reference agencies hold, and where do they get it from?’ of the CRAIN for further information on the data in the Experian Credit Bureau.
As part of improving our products and services, we may also share this analysis with selected lenders, insurers and brokers so they can determine whether they can improve the products or the terms under which their products are offered to Experian customers. You have the right to opt out of this processing by cancelling your agreement with us.
Our website also uses a website recording service which records mouse clicks, mouse movements, page scrolling and any text keyed into website forms. Data collected by this service is used to improve our website usability and is not shared with anyone else.
More details of how we may track your interactions with our websites, apps and emails is available on our Cookies & online marketing page.
To personalise your experiences in our websites and apps
When you are logged in to our services, we will use the information we know about you including your behaviour on our websites and your credit history to help make our services as relevant and easy to use as possible. For example, where we can see that you have a high credit score, we may be more likely to talk to you about features and offers related to taking out a mortgage.
To maintain our records and other administrative functions
Like any business, we need to ensure that we maintain comprehensive and up to date records of the ways we process your personal information and other operational activities and therefore we will process the information you provide for record-keeping, updates and general administrative purposes.
Complaint and dispute resolution
Whilst we will try to make sure that you are happy with the service we provide and do not feel the need to complain, if you do complain to us, we will use the information we have about you to help us manage your complaint.
To improve data accuracy and completeness
Personal information you provide to us during registration, when you search for credit products in our comparison services or when we search on your behalf may be used to improve the Experian Credit Bureau information we already hold about you in our role as a credit reference agency e.g. if you provide a different address or alias to the one we hold already we may add to your details in the bureau the new address or alias to aid quicker identification of you and ensure that lenders can see a full picture of you when making lending decisions, it also aids identification and verification in the credit application process.
Please see Section 4 ‘What kinds of personal data do credit reference agencies hold, and where do they get it from?’ of the CRAIN for further information.
Invitations to participate in market research
In order to improve the service we offer to customers, we may ask you to participate in research from time to time. It is entirely up to you whether you choose to do so.
To use special category data in order to generate insurance quotations
In order to provide motor insurance quotes, we may ask you to provide information about yourself which data protection laws define as "special category" data. This includes information about your health (such as any medical conditions). We may also ask you to provide information relating to criminal convictions or alleged or actual criminal offences, for example traffic offences. We need to collect this information and share it with brokers and insurers so that they can provide quotes. For more information around how and why we handle this information please see the "Public Interests" section under "What are the legal grounds for handling personal information?".
What are the legal grounds for handling personal information?
Data protection laws require that, where we're processing your personal data, we must satisfy at least one prescribed condition for processing. These are set out in data protection law and we rely on a number of different conditions for the activities we carry out.
Necessary for performance of a contract or to comply with law
In most cases, the information described above will be provided to us by you because you want to take services from us or engage with us and our use of your information will be governed by contract terms. Giving this information to us is therefore your choice. If you choose not to give all or some of it to us, this may affect our ability to provide the services you want, to you. We may rely on this condition for processing in the following scenarios:-
- To enable you to access our website and use our services.
- To confirm your identity and authenticate the information you provide.
- To process payments and collect arrears.
- To provide and improve customer support.
- To provide you with information from your Experian Credit Report.
- To provide you with additional services related to your Experian Credit Report information and Experian Credit Score.
- To provide alerts.
- To send you service communications.
- To resolve complaints and disputes where:
- you are an existing Experian customer and/or;
- your complaint/dispute relates to an FCA regulated part of our services
- To provide comparison services and create eligibility ratings.
- To provide information related to your use of our comparison services.
- To send you personalised product updates.
- To provide the Experian Credit Score and send you credit score notifications.
- To provide services that use your bank account information.
- To comply with the law.
- Investigation, detection and prevention of crime.
We obtain your consent when we use non-essential cookies, or technology similar to cookies, and/or collect information about the device you use to access our website. Sometimes we work with third parties who carry out these activities on our behalf. You will be asked to consent to the use of non-essential cookies before using our website. Further information about the cookies is included in our Cookies & online marketing page.
We may also rely on consent in the following scenarios:-
- Market research – we may send you invitations to participate in market research (see below). If you do so, your feedback is given with your consent.
- Administration of prize draws, competitions, membership offers, surveys and other promotional activities.
Necessary in our legitimate interests or those of a third party
In the United Kingdom, we can also use personal information where the benefits of doing it are not outweighed by the interests or fundamental rights or freedoms of individuals. The law calls this the "Legitimate Interests" condition for processing. Where we rely on it, the benefits being pursued by us are:-
To send you communications (whether by post, email, SMS or in app), for digital advertising with partners such as Google and Facebook, for affiliate marketing and to create marketing content and refine our marketing strategies.
- Investigation, detection and prevention and fraud
Identifying and stopping fraud, including fraudulent access to our services.
- Internal training purposes
To enable us to train our staff to better provide services to our customers.
- To maintain our records and other administrative functions.
- Reporting, analytical and tracking purposes
To provide management information and information to continue to provide our services efficiently at scale, to help improve our services and communications, and those of our partners.
- To personalise your experiences on our websites and apps so that we can tailor the services we provide to you and how we communicate with you.
- To resolve complaints and disputes where you are no longer an Experian customer and your complaint or dispute is not about an FCA regulated part of our services – we will need to use customer data when looking into queries and complaints.
- To improve data accuracy and completeness
When you register for or use our services you may supply us with information about yourself which we will use to improve our data accuracy and completeness across our wider business (including sharing your data with the Experian Credit Bureau for these purposes) and enable Experian to provide the most accurate data for our customers and clients.
- Invitations to participate in market research
In order to improve the service we offer to customers, we may ask you to participate in research from time to time. It is entirely up to you whether you choose to do so.
- To provide and improve customer support for non-Experian customers.
- To use special category data in order to generate insurance quotations.
Where we collect special category data (such as information relating to health) and criminal conviction or offence data for the purposes of providing motor insurance quotations, we process this data for the purposes of arranging your insurance and because it is necessary in the substantial public interest to do so. We will also need to share this data with the insurers, brokers and aggregators for insurance purposes so that we can arrange your insurance for you. These third parties need this information to enable them to generate quotes.
It may also be necessary for us to retain a copy of any special category data and criminal conviction or offence data for the purpose of making or defending claims or preventing or detecting crime, including fraud.
Who we share your personal information with
We share your personal information with those persons who need to handle it so we can provide the Experian products and services you’ve signed up to. We also share it with:
- the Experian Credit Bureau (who may pass this on to Experian Marketing Services);
- companies within the Experian group who manage some parts of the services for us; social media platforms, advertising networks, affiliate networks and search engines to help target and measure our digital marketing;/li>
- suppliers who provide services to us which require access to your personal information; and
- resellers, distributors and agents involved in delivering the services we provide where necessary for them to do so.
Lastly, we may also provide your personal information to fraud prevention agencies. This is to protect the Experian group of companies and our customers, to keep our systems secure, or where it’s necessary to protect either yours or our best interests.
- Additional Experian business functions
- Experian Credit Bureau
Personal data that you provide during registration (as described in the section ‘What information we collect’) is shared with Experian’s Credit Bureau for the purposes of improving data accuracy and completeness. The Experian Credit Bureau may subsequently provide your data to Experian Marketing Services. Please see Section 4 ‘What kinds of personal data do credit reference agencies hold, and where do they get it from?’ of the CRAIN for further information.
- Experian Marketing Services
- Experian Pre-qualification Services
Personal data that you provide during registration (limited to your date of birth, surname, postcode and an internal ID) is shared with Experian’s Pre-qualification Services if you opt into Experian Boost. This is to ensure that a summary of your bank information is taken into consideration if you use another price comparison site or directly request a quotation or eligibility rating from a participating lender (who use Experian’s Pre-qualification services).
- Experian Credit Bureau
- Group companies
As a member of the Experian group of companies, we can benefit from the large IT infrastructure and expertise that exists within our business. This means that the personal data you provide to us may be accessed by members of our group of companies for support and administrative purposes.
- Social media platforms, advertising networks, affiliate networks and search engines
Subject to your preference settings, we will share information about you including your Contact Information, Credit information, information you provide to us when you use our services or interact with us, information about your visits to our website and other insight we learn about you, with social media platforms, advertising networks, search engines and affiliate networks such as Facebook, Google, Bing (Microsoft) and Affiliate Window.
We use techniques to make sure we don’t give information such as your email address to someone who hasn’t already got it but are still able to work with partners to know when you’ve been to our website, and also been to – for example – Facebook or an affiliate partner who introduced you to us.
We take steps to ensure all partners we share personal information treat it securely and only in accordance with our instructions where they are providing a service to us. However, in some instances, they may become joint or independent controllers of your data. For more information about our Partners and their processing of your personal data, see below.
When we share data with Facebook, Facebook Ireland 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland will be a joint controller of your personal data. You can read more about how Facebook Ireland will process your personal data including what lawful basis they rely on and how you can exercise your rights in their Data Policy.
We have entered into a joint controller agreement with Facebook Ireland which sets out our respective obligations in relation to the processing of your personal data. We have agreed as follows: -
- (a) we are responsible for providing you with a link to the Facebook Data Policy; and
- (b) Facebook Ireland is responsible for ensuring that you can exercise your data protection rights when it comes to personal data held by Facebook Ireland.
We have a contract in place with Google and they agree to process the personal data we provide to them for the purposes of providing the services to us and no other purposes. You can read more about how Google advertising works here and exercise your right to opt out and delete the information Google holds about you here.
Affiliate Window tracks devices who have visited our website from an affiliate partner website or certain advertisements or offers aimed at driving traffic to our site. We have a contract in place with Affiliate Window. You may opt out of this tracking here: https://www.awin.com/fr/cgv/optout although this may interfere with your ability to earn cashback from sites such as TopCashback and Quidco which rely on this tracking.
We use several service providers to support our business and these service providers may have access to our systems and data in order to provide services to us and/or to you on our behalf.
- Resellers, distributors and agents
We sometimes use organisations to help provide our products and services to clients and customers. Personal data may be provided to them in connection with this purpose.
- Fraud prevention agencies
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. Law enforcement agencies may access and use this information.
If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies can be obtained on the Cifas website.
We and other organisations may access and use the information recorded by fraud prevention agencies from other countries.
- Public bodies, law enforcement and regulators
The police, other law enforcement agencies, regulators, as well as public bodies such as local and central authorities can sometimes request personal information. This may be for the purposes of preventing or detecting crime, apprehending or prosecuting offenders, assessing or collecting tax, investigating complaints or assessing how well a particular industry sector is working.
- Brokers, lenders, insurers, aggregators and providers of credit and financial products
In some circumstances, we will share credit report information and your personal information (such as name and address) with brokers, lenders and providers of credit and financial products themselves for purposes that may include:
- verifying your eligibility for the products;
- verifying suitability of products;
- assisting you in completing your application to the lender (which may include pre-populating the application form on their website);
- contacting you regarding credit and financial products; and complying with any contractual, legal and/or regulatory obligations;
- providing analysis and insight to help the lender, broker or insurer to improve the products and services that they offer to our customers.
You can obtain a copy of the information we hold about you. See section 'Your rights to how we use your personal information' for further information on how you can do this.
Where in the world do we send information?
Experian is based in the UK, which is where our main databases are. We also operate elsewhere in and outside the European Economic Area, so we may access your personal information from and transfer it to these locations as well. Don't worry though, any personal information we access from or transfer to these locations is protected by European data protection standards.
While countries in the European Economic Area all ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and don't provide the same quality of legal protection when it comes to your personal information.
To make sure we keep your personal information safe, we apply strict safeguards when transferring it overseas. For example:
- Sending your personal information to countries approved by the European Commission as having high quality data protection laws, such as Switzerland, Canada and the Isle of Man.
- Putting in place a contract that has been approved by the European Commission with the recipient of your personal information that provides a suitable level of protection.
- Sending your personal information to an organisation which is a member of a programme certified by the European Commission as having in place equivalent protections to those in the EEA and UK.
Your rights to how we use your personal information
It is important that you understand your rights in relation to your personal information and how you can contact us if you have questions or concerns.
If you've given us consent to process your personal information, you have the right to withdraw that consent at any time by contacting us at firstname.lastname@example.org. You can also make changes to that preference in your Experian account. If the consent relates to cookies, you can withdraw or amend your consent by at any time by using the “Cookies & online marketing” link at the bottom of each page.
You can also ask for access to the personal information we hold about you by visiting https://www.experian.co.uk/consumer/data-access.
You have the right to object to our use of your personal data. We will do as you ask where possible and in line with applicable law.
You also have the right to request that we correct any mistakes, restrict processing or delete your data. It’s worth noting that in some cases if you do ask us to correct, delete or stop processing data, we won’t always be required to do so. For example, some of the data we hold about you is data we have created from profiling activities to predict certain things about you, such as the data referred to in sections ‘To provide the Experian Credit Score and send you credit score notifications’, ’To provide services that use your open banking information’ and ‘Marketing’ in respect of the data we receive from Experian Marketing Services. This created data is not factual data, it is Experian’s opinion and you do not have a right to correct it if you disagree with Experian’s opinion. Where your rights don’t apply, we will explain why. To use these rights, contact us at email@example.com.
We will try to ensure that we deliver the best levels of customer service but if you think we are falling short of that commitment, please let us know by contacting our data protection officer at firstname.lastname@example.org.
The section ‘Marketing’ tells you how to opt-out of marketing.
In certain circumstances (e.g. where you provide your information to us (a) with consent to process it or (b) where the processing is necessary for the performance of our contract with you) you can require that we provide the information we hold about you either to you or a third party in a commonly used format. This only applies if we are processing it using automation only. If you would like more information about this, let us know by contacting us at email@example.com.
We will try to ensure that we deliver the best levels of customer service but if you think we are falling short of that commitment, please let us know by contacting us at firstname.lastname@example.org.
If you’re still unhappy with any aspect of how we handle your personal information you also have the right to contact the Information Commissioner’s Office (ICO), the supervisory authority that regulates handling of personal information in the UK. You can contact them by:
- Going to their website at https://ico.org.uk/.
- Phone on 0303 123 1113
- Post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
You may also see our full complaints handling procedure and how to make a complaint. If we cannot resolve things under that procedure, then you may have the right to refer your complaint, free of charge, to the Financial Ombudsman Service.
The contact details for the Financial Ombudsman Service are:
Telephone: 0300 123 9 123, or from outside the UK +44 20 7964 1000
Address: Financial Ombudsman Service Exchange Tower London E14 9SR
How we keep your personal information secure
Online privacy and security is the most important aspect of any customer service and we take it extremely seriously. We use a variety of the latest technologies and procedures to protect your personal information from unauthorised access, destruction, use or disclosure.
Experian have a comprehensive Global Security Policy based on internationally recognised standards of security (known as ISO27001 standard) and holds ISO27001 certification in the key areas of Global Security Admin team who are responsible for administering logical access to systems and in the Data Centre.
Experian has a dedicated Cyber Security Investigations team who safeguard Experian's key assets such as its systems and storage facilities. This team, identify and effectively manage any security developments that may threaten Experian's people, process, or technology through intervention and the thorough investigation of security incidents. Experian holds Cyber Essentials Certification and performs risk assessments against our critical and external facing applications annually.
Experian is annually audited by an External QSA (Qualified Security Assessor) from Trustwave and have successfully maintained compliance since 2010.
How long we keep your personal information for
We'll keep your personal information for as long as we need it to provide the Experian products and services you've signed up to, and to make it easier for you to continue to use those services in future, for example, if you have connected to our Boost service, and your authentication period on your bank account has ended, we will retain those bank account details for 12 months, to make it easier for you to reconnect this account in future, if you choose to do so. We may also keep it to comply with our legal obligations, resolve any disputes and enforce our rights. These reasons can vary from one piece of information to the next and depend on the products or services you're signed up to, so the amount of time we keep your personal information for may vary.
In all cases, our need to use your personal information will be reassessed on a regular basis, and information which is no longer required for any purposes will be disposed of.