Under our legitimate interest processing ground, we think it is important that your data privacy rights are respected across everyone involved in processing your personal data - our data suppliers, our own marketing services, and our clients.
We work closely with our data suppliers to make sure you receive information about how your personal data will be processed and used within Experian. This information is provided in our suppliers’ privacy policies along with links to this Portal and set of information pages. This is designed to ensure that your personal data is only used for purposes that you reasonably expect it to be.
We expect high standards of compliance with data protection requirements from our suppliers. We monitor them accordingly to ensure these standards are met.
We apply high standards of data protection to our own processes too.
We are regulated by the Financial Conduct Authority (FCA) so it is vital we protect you, the consumer. Among other things, this means we must manage our data in accordance with data protection principles, keep comprehensive records, and give full effect to data subject rights.
That’s why we created these information pages — so you can learn how and why your data is processed.
We expect our clients to maintain strong data protection in their marketing activities. They must also ensure it is easy for you to indicate if you do not wish to receive marketing from them, and deal quickly with such requests.
We tightly control the types of organisations that can access our marketing services, to ensure you are only contacted by brands and organisations who we believe are not operating services or selling products that could create detriment to individuals or create risk for vulnerable consumer groups.
At Experian we don't deal with organisations or sectors with a poor record of compliance.
If our clients have a direct and existing relationship with you (for example, if you're an existing customer), we expect them to tell you how your personal data will be processed for their marketing activity, and explain how this process is lawful according to GDPR.