Experian is a responsible marketing services provider. That means we’re committed to ensuring the interests of you, as a consumer, are at the heart of everything we do.
We put safeguards in place to protect your personal data and embrace an ethical approach to ensure you come to no harm as a result of our activities.
Our ethical approach to marketing
Experian believes in an ethical approach to marketing.
We understand that some marketing activities, although perfectly legal, may still cause distress or discomfort. We constantly review the market sectors and types of organisations that we do business with, in the context of any harm or detriment our data, when used for marketing activity, might cause.
By monitoring consumer sentiment across all types of marketing, we constantly react to emerging areas of consumer concern. For example, some time ago, we decided not to provide landline or mobile numbers to organisations for the purposes of prospecting for new customers, as we recognised the intrusiveness of telephone and mobile channels when used for this marketing activity.
We encourage a culture of putting you first and protecting your data privacy rights.
This means making sure our products and services do not cause detriment to you as a consumer.
We tightly control access to our products, to ensure they are not used by brands who offer products and services that we believe could cause detriment to you, be intrusive or which create risk for vulnerable groups of consumers.
And we are members of relevant industry bodies such as the Direct Marketing Association (DMA -see our entry here on the DMA’s website). We are committed to high standards and industry codes of practice where the individual is always put first – codes such as the DMA’s Direct Marketing Code of Practice whose key principles are - respect privacy, be honest and fair, be diligent with data, and take responsibility.
We’re continually developing our safeguards and controls that protect your data privacy.
As part of these safeguarding measures, we:
- Follow industry controls and codes of practice around the use of data for marketing
- Make sure our suppliers and clients are diligently assessed
- Ensure only the minimum amount of personal information needed for processing purposes is collected and retained
- Manage the quality and accuracy of personal data, keeping it up-to-date and fit for purpose
- Ensure we do not process any special category data or any data relating to a child
- Are transparent about your data, how we use it, who we share it with, and how you can opt out of future marketing
- Keep your data secure in the UK and overseas with appropriate security measures
- Only retain your data for a reasonable period of time
- Protect your personal data and rights
Let’s look at some of these safeguards in more detail.
Industry controls and codes of practice
We seek to align to best practices laid down by the Information Commissioner’s Office (ICO) as well as the European Interactive Digital Advertising Alliance (EDAA), and we’re active members of the Direct Marketing Association (DMA).
Plus, we use controls like industry suppression lists to check our data is accurate and that any marketing preferences you have expressed are respected.
Assessing our suppliers and clients
We have processes of due diligence when choosing suppliers and clients to work with, and we continually monitor these relationships. We only work with organisations who meet our high standards of compliance with data protection requirements.
This is to make sure that we don’t use personal data in a way that could cause harm to you. We require both suppliers and clients to use appropriate security measures to safeguard your information.
Collecting the minimum data required
Often referred to in data protection regulation as “data minimisation”, we ensure that only the minimum amount of personal information needed for processing purposes is collected by us.
We do this through measures such as:
- tightly defining the format of any data sent to Experian, ensuring that only variables required for the processing are supplied by our data partners. Our internal processes will reject any data not supplied in the agreed format
- when data is transferred externally to clients, only the minimum amount of data is transferred for the task. This data is anonymised where personal data is not required for processing
Keeping your data secure in the UK and overseas
We take a number of steps to ensure that your data is kept safe. We anonymise personal data wherever possible so that it cannot be used to identify you. We only use and process data for its intended purpose, which is called data minimisation. And we use multiple layers of data encryption where appropriate.
Experian is based in the UK. All personal data we store is held in the UK in purpose-built data centres with multiple forms of physical security.
We and our clients also operate elsewhere in the world, and may access your personal information from these locations as well. While countries in the European Economic Area ensure rigorous data protection laws, other countries may not provide the same level standard of legal protection when it comes to your information.
However, to make sure we keep your personal data safe, we apply strict safeguards when transferring it overseas.
This might mean sending your information to countries approved by the European Commission as having high quality data protection laws, such as Switzerland, Canada and the Isle of Man, or a member organisation that’s similarly approved. Or it might mean putting in place a contract with the recipient of your personal information that provides a suitable level of protection.
Experian’s US group companies are EU-US Privacy Shield certified. This means that they’re considered by the European Commission to have adequate data protection, and can therefore facilitate the transfer of EU data to the United States.
Retaining your data for a reasonable time
We keep your personal information for as long as we need to provide marketing services for our clients, and no longer.
Sometimes we may need to keep your data to comply with our legal obligations, resolve any disputes, or enforce our rights. These reasons can differ based on the type of information and the service we’re offering, so the amount of time we keep your personal data may vary.
In all cases, our need to store and use your personal information will be reassessed on a regular basis. Any information we no longer require is safely disposed of.
Protecting your personal data and rights
At Experian we have a number of processes running through our whole business to ensure we protect your data and rights.
Our Compliance team and our Product and Solutions Review Boards consider the impact of any use of personal data in our products and services before it takes place. This is so any potential negative impacts to you, can be identified and eliminated.
And we regularly run audits of all our marketing activities, giving us independent assurance that data protection and privacy principles are adhered to and that consumers are being treated fairly.
Finally, everyone at Experian must participate in regular data protection training.