Experian EU-U.S. Privacy Shield Privacy Policy

Effective Date: March 1, 2019

Experian Holdings, Inc. and its subsidiaries including Experian Marketing Solutions, LLC, Experian Information Solutions, Inc., and Consumerinfo.com, Inc. (together, “Experian”), participate in the EU-U.S. Privacy Shield Framework. This Experian EU-U.S. Privacy Shield Privacy Policy (the “Policy”) applies to European Union (EU) and United Kingdom personal data in connection with the following offerings and activities:

Global Data Network
International Developed Profiles
Experian Consumer Services UK data storage
CrossCore
Fraudnet
Prove ID
ASSIST Watchlist
AutoDoc
Resolve
Experian Data Quality
Targeting marketing insights
Targeting data storage

Experian is committed to, and certifies that, it complies with the Privacy Shield Framework and its Principles as set forth by the US Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union and the United Kingdom to the United States in reliance on Privacy Shield. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.

Where Experian is responsible for the processing of personal data it receives under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf, Experian complies with the Privacy Shield Principles for all onward transfers of personal data from the EU.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Experian is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Experian may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Collection and Use of Personal Data

We may collect personal data from you directly as follows:

When you are a point of contact for a service provider or similar business partner, we may collect your name, title, email address, phone number, company name, company address and industry so we may communicate with you and generally maintain and administer our business relationship.

We may collect personal data from you indirectly as follows:

In connection with our Global Data Network (GDN) and International Developed Profiles, we may collect information about a queried business through public sources. Some business information we obtain may relate to individuals and include personal data such as names as they appear in the name of a sole proprietorship; the names, addresses, birthdates, nationalities and dates of appointment of directors; the names and ownership interests of shareholders; and the names, addresses, dates of appointment and dates of resignation of corporate secretaries. We use this information to create reports about queried businesses for our customers who purchase them.
In connection with data storage services provided to our affiliate, Experian Consumer Services UK, we may host information related to their consumer services offerings.
In connection with the CrossCore platform, we may process your name, billing address, shipping address, phone number, email, date of birth, credit card number, and transaction-related passwords and/or security codes. We use this information to provide customers with a multi-solution platform (including some Experian solutions like Fraudnet and Prove ID as well as other third-party solutions) for their own fraud detection and data storage purposes.
In connection with Fraudnet, we may process information from your web session on a customer’s site (including HTTPS headers, IP address, and session identifiers), name, billing address, shipping address, phone number, email, credit card number, transaction-related passwords and/or security codes. We compare this information against device attributes, BIN information lookup time zones, country code lookup data, country code lookup data time zones, Internet provider lookup data, and/or Internet provider lookup geolocation data to provide our customers with a risk score for their own fraud detection purposes.
In connection with ProveID, we may process your name, address and date of birth related to an interaction or transaction you may have with one of our customers. We compare this information against motor vehicle data, property ownership data and other data obtained from various public record sources and the Office of Foreign Assets Control to provide our customers with identity verification for their own business purposes.
In connection with AutoDoc, we may process images of identification documents taken with your smartphone camera and/or uploaded to our customers’ websites. This may include sensitive information such as government identification numbers.
In connection with Resolve, we may process IDFV (identifier for vendors, Apple iOS identifier for advertising), Android ID, Advertising IDs, ASHWID (Microsoft’s Application Specific Hardware ID), and ANID ID (Ariba Network Identification Number) related to your access of our customers’ websites and similar digital properties. We combine this data with a device, browser and consumer provided data to help our customers link device and browsing identifiers in their own datasets so they can develop fraud strategies for consumers at the household and individual level.
In connection with ASSIST Watchlist, we may process company name, date of constitution, and Tax ID for businesses; and consumer name, Date of Birth and Social Security Number for consumers related to an interaction or transaction you may have with one of our customers. We compare this information against a list maintained by the Office of Foreign Assets Control to provide our customers with sanctions and national security-related verifications for their own business purposes.
In connection with Experian Data Quality, we may process email addresses, physical addresses, and phone numbers supplied by our customers. We compare this information against physical addresses, phone numbers and email addresses obtained from telephone directories, and other authorized data providers, to provide our customers with more accurate information about you to be used in their own marketing efforts.
In connection with Targeting data storage services, we may host information our customers have collected about you. As for our Targeting information services, we may process names, physical addresses, phone numbers and email addresses supplied by our customers. We compare this information against names, physical addresses, phone numbers, and email addresses obtained from various sources such as local tax assessor and recorded deed files, consumer surveys, telephone directories, publications, subscriptions and published directories, summarized U.S. Census information, calculations using existing data, online and mobile sites, apps and advertisements and other authorized data providers, to provide our customers with more accurate information about you to be used in their own marketing efforts.

When we obtain your personal data from public sources, we will only use that information for the specific reason for which it was provided to us.

Disclosures of Personal Data

We may share personal data we obtain about you from public sources with our customers and third party business partners for the provision of our services.

We may share your personal data with third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your personal data only as necessary to provide these services to us. These services may include data storage services and customer service and business operations.

In certain situations, Experian may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We may also disclose your personal data as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

If Experian is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or notice on our website, of any change in ownership, uses of your personal data, and choices you may have regarding your personal data.

We may also disclose your personal data to any other third party as permitted by law.

Security, Retention and Data Integrity

Experian follows generally accepted standards and maintains physical, electronic and procedural safeguards to protect the personal data submitted to us. Experian continually monitors access to its systems to detect unauthorized attempts to gain access to information. We may retain your information for as long as your account is active or as needed to provide services, comply with our legal obligations, resolve disputes and enforce our agreements.

Access

With regard to personal data Experian controls, upon request, we will provide you with information about whether we hold any of your personal data. You may access, correct, or request deletion of your personal data by contacting us at privacyshield@experian.com. This right of access applies only to personal data about the individual making the request and is subject to other limitations as defined by law, or where the burden or expense of providing access would be disproportionate to the risks related to the privacy of the individual or where the rights of other individuals would be violated.

As a processor, Experian acknowledges that you have the right to access your personal data. Experian has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or seeks to correct, amend or delete inaccurate data should direct their query to Experian’s customer, the data controller. If requested to remove data by the data controller, we will respond within a reasonable timeframe.

In certain circumstances, we may be required by law to retain your personal data of may need to retain your personal data to continue providing a service.

Changes to this Policy

We may update this Privacy Policy to reflect changes to our information practices. If we make any material change to this Privacy Policy, we will notify you by means of a notice on this website. We encourage you to periodically review this page for the latest information on our privacy practices.

If you have questions or concerns, you may contact Experian by mail at:

Chief Privacy Officer
Compliance Department
Experian
475 Anton Blvd.
Costa Mesa, CA 92626

Experian and the Experian marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the property of their respective owners.