As a responsible marketing services provider, we are committed to ensuring the interests of consumers are at the heart of what we do. This encompasses both the safeguards we have in place to protect your personal data and our ethical approach to how your data is used in a marketing context to ensure you experience no detriment or harm because of our activities.
Experian is committed to the continual development of our safeguards and controls to protect your data privacy and to ensure our use of personal data for marketing (across all channels) does not have an adverse effect and/or create harm to you. These measures include:
- Adherence to industry controls around use of data for marketing purposes (for example, European Interactive Digital Advertising Alliance, industry suppression lists)
- Continued focus on our robust supplier due diligence processes
- Managing data accuracy and quality across the product lifecycle to ensure all personal data is up-to-date and fit for purpose at the time it is provided to clients. This includes data retention policies and periods applicable to the personal data used in each of our services
- Ensuring we do not process any special category data or include any data relating to children for marketing purposes
- Offering full transparency to the individual about how their personal data is to be used, the clients to which this could be passed and how the individual can exercise their rights to opt out of future marketing (See section on Legitimate Interests)
- Defined data retention periods for all personal data to ensure that data is only held by Experian Marketing Services for a reasonable period. We’ll keep your personal data for as long as we need it to provide the marketing services which we provide to our clients. We may also keep it to comply with our legal obligations, resolve any disputes and enforce our rights. These reasons can vary from one piece of information to the next and depend on the service we’re offering, so the amount of time we keep your personal information for may vary. In all cases, our need to use your personal data will be reassessed on a regular basis, and information which is no longer required for any purposes will be disposed of.
- Internal governance processes to protect consumer data and rights illustrated through our organisational approach to protecting your personal data which emphasises the importance of having the whole business involved in mitigating any risk.
Our Internal Audit function undertakes regular audits of all our marketing activities in Experian, focusing on data protection and privacy issues to provide independent assurance that controls are in place and functioning properly and where personal data is being processed, data protection and privacy principles are adhered to and consumers are being treated fairly.
Our Compliance team and our Product and Solutions Review Boards ensure we consider the potential impact of any processing of personal data, ‘up front’ and that we consider any potential resulting negative or detrimental impact on the consumer or their privacy rights.
All colleagues in Experian must undertake regular compulsory data protection training and within the business we encourage a culture of putting the consumer first and protecting consumer data privacy rights.
- Alignment with industry codes of practise. For example, we are active members of the Direct Marketing Association (DMA) and are bound by the DMA’s Code of Practice.
- Client due diligence processes to ensure that, as far as possible, the clients we work with and the uses for which personal data is supplied to our clients, does not involve making decisions about the individual that could have an adverse effect and create harm to individuals. We require clients to implement appropriate security measures to safeguard your information and to notify us of any incidents affecting your information.
- Sending information outside of the UK. Experian is based in the UK, which is where our main databases are. Experian and our clients also operate elsewhere in and outside the European Economic Area, so we may access your personal data from and transfer it to these locations as well. Don’t worry though, any personal information we access from or transfer to these locations is protected to European data protection standards.
While countries in the European Economic Area all have rigorous data protection laws in place, there are parts of the world that may not be quite so rigorous and don’t provide the same quality of legal protection when it comes to your personal data. To make sure we keep your personal data safe, we apply strict safeguards when transferring it overseas. For example:
- Sending your personal information to countries approved by the European Commission as having high quality data protection laws, such as Switzerland, Canada and the Isle of Man.
- Putting in place a contract that has been approved by the European Commission with the recipient of your personal information that provides a suitable level of high quality protection.
Sending your personal information to a member organisation approved by the European Commission as providing a suitable level of high quality protection. For example, the Privacy Shield Scheme that exists in the US.
Our ethical approach to marketing
Experian is fully supportive of an ethical approach to marketing, and we recognise that activities which may be consistent with the letter of the law still have the capacity to cause distress to data subjects, or may simply feel uncomfortable.
We have always viewed our marketing services from an ethical standpoint and will continue to develop this further as we see this as an important way to help oversee and maintain the Legitimate Interests Balance in relation to marketing services. For example:
- We regularly monitor all our products and services to ensure there are no instances of consumer detriment – for example, we do not supply landline or mobile numbers to organisations for marketing purposes. We understand this marketing channel can often be misused and create annoyance.
- Tight controls are maintained over the types of organisations able to access our products to ensure you are only contacted by brands we believe will be of interest to you. For example, we have a robust and consistent set of guidelines on the provision of products/services to specific industries which we consider could have an inappropriate or intrusive impact on individuals if our marketing products and services were used by these organisations.
- We’re committed to and active members of relevant professional and industry bodies such as the Direct Marketing Association that help set industry best practice standards and support good industry behaviours through adherence to various codes of practice. For example, Experian has satisfied and agreed to be bound by the DMA’s terms and conditions of membership and has demonstrated compliance with the Direct Marketing Code of Practice, whose core principle is that of putting the individual first – value your customer, understand their needs and offer relevant products and services (http://www.dma.org.uk/company/experian-marketing-services)