Data Processing Grounds

Data protection law means that every organisation must have a lawful ground, or reason, for processing any personal information about an individual. Experian processes your personal data under a lawful ground called ‘legitimate interest’.

Fundamentally, as a marketing services organisation our business is dependent on us being able to process personal data in order to provide our services to clients. It is, therefore, in our legitimate interest to do so. We also have a legitimate interest in making sure marketing is relevant for you, so we process your personal data so our clients can send you marketing for products, offers and services that are relevant to you and tailored to your likely interests.

And our clients have a legitimate interest in finding new customers or delivering the best products and services to existing customers through their marketing activities.

When we process your personal information under legitimate interest, we consider your rights under data protection laws as well as any potential impact to you — both positive and negative. We will never place our interests above yours. We will never use your personal data for activities where the impact on you overrides our interests or the interests of our clients.

 


Our Personal data suppliers

We work closely with our data suppliers to make sure you receive information about how your personal data will be processed and used within Experian. This information is provided in our suppliers’ privacy policies along with links to this Portal and set of information pages. This is designed to ensure that your personal data is only used for purposes that you reasonably expect it to be.

We expect high standards of compliance with data protection requirements from our suppliers. We monitor them accordingly to ensure these standards are met.

Our marketing services

We apply high standards of data protection to our own processes too.

We are regulated by the Financial Conduct Authority (FCA) so it is vital we protect you, the consumer. Among other things, this means we must manage our data in accordance with data protection principles, keep comprehensive records, and give full effect to data subject rights.

That’s why we created these information pages — so you can learn how and why your data is processed.

Our clients

We expect our clients to maintain strong data protection in their marketing activities. They must also ensure it is easy for you to indicate if you do not wish to receive marketing from them, and deal quickly with such requests.

We tightly control the types of organisations that can access our marketing services, to ensure you are only contacted by brands and organisations who we believe are not operating services or selling products that could create detriment to individuals or create risk for vulnerable consumer groups.

At Experian we don’t deal with organisations or sectors with a poor record of compliance.

If our clients have a direct and existing relationship with you (for example, if you’re an existing customer), we expect them to tell you how your personal data will be processed for their marketing activity, and explain how this process is lawful according to GDPR.

So, if you volunteer your personal data to Experian we will:

  • Tell you what we intend to do with it
  • Express this clearly through privacy policies and these pages
  • Give full effect to your data subject rights
  • Maintain high standards of compliance with data protection rules
  • Apply an overall ethical approach

And you can tell us at any time if you think your personal details are wrong or you’d prefer us not to process your data for direct marketing purposes by visiting our “Data Subject Rights” page here.

In summary, we will tell you what we intend to do with your data, through notification in our data suppliers’ privacy policies when your data is collected and through these information pages. We’ll then process your data under a Legitimate Interest lawful ground, that’s balanced in line with your data subject rights. You can tell us at any time if you’d prefer us not to process your personal data for direct marketing purposes through our Data Subject Rights page.