Experian EU-U.S. Privacy Shield Privacy Policy

Effective Date: May 20, 2020

Experian Holdings, Inc. and its subsidiaries including Experian Marketing Solutions, LLC, Experian Information Solutions, Inc., and Consumerinfo.com, Inc. (together, “Experian”), participate in the EU-U.S. Privacy Shield Framework. This Experian EU-U.S. Privacy Shield Privacy Policy (the “Policy”) applies to European Union (EU) and United Kingdom personal data in connection with the following offerings and activities:

• Global Data Network
• International Developed Profiles
• Experian Consumer Services UK data storage
• CrossCore
• Prove ID
• Experian Data Quality Email Validations
• Targeting Data Hosting Services
• Experian Developer Portal
• Experian Decision Analytics UK Data Hosting Services

Experian complies with the EU-U.S. Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom to the United States in reliance on Privacy Shield.  Experian has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Where Experian is responsible for the processing of personal data it receives under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf, Experian complies with the Privacy Shield Principles for all onward transfers of personal data from the EU.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Experian is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Experian may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Collection and Use of Personal Data

We may collect the following types of personal data from you directly as follows:

• When you are a point of contact for a service provider or similar business partner, we may collect your name, title, email address, phone number, company name, company address and industry so we may communicate with you and generally maintain and administer our business relationship.

We may collect the following types of personal data from you indirectly as follows:

• In connection with our Global Data Network (GDN) and International Developed Profiles, we may collect information about a queried business through public sources. Some business information we obtain may relate to individuals and include personal data such as names as they appear in the name of a sole proprietorship; the names, addresses, birthdates, nationalities and dates of appointment of directors; the names and ownership interests of shareholders; and the names, addresses, dates of appointment and dates of resignation of corporate secretaries. We use this information to create reports about queried businesses for our customers who purchase them.
• In connection with data storage services provided to our affiliate, Experian Consumer Services UK, we may host information related to their consumer services offerings.
• In connection with the CrossCore platform, we may process your name, billing address, shipping address, phone number, email, date of birth, credit card number, and transaction-related passwords and/or security codes. We use this information to provide customers with a multi-solution platform (including some Experian solutions like Fraudnet and Prove ID as well as other third-party solutions) for their own fraud detection and data storage purposes.
• In connection with ProveID, we may process your name, address and date of birth related to an interaction or transaction you may have with one of our customers. We compare this information against motor vehicle data, property ownership data and other data obtained from various public record sources and the Office of Foreign Assets Control to provide our customers with identity verification for their own business purposes.
• In connection with Experian Data Quality, we may process email addresses, physical addresses, and phone numbers supplied by our customers. We compare this information against physical addresses, phone numbers and email addresses obtained from telephone directories, and other authorized data providers, to provide our customers with more accurate information about you to be used in their own marketing efforts.
• In connection with Targeting Data Hosting Data Services, we may host information our customers have collected about you. As for our Targeting information services, we may process names, physical addresses, phone numbers and email addresses supplied by our customers. We compare this information against names, physical addresses, phone numbers, and email addresses obtained from various sources such as local tax assessor and recorded deed files, consumer surveys, telephone directories, publications, subscriptions and published directories, summarized U.S. Census information, calculations using existing data, online and mobile sites, apps and advertisements and other authorized data providers, to provide our customers with more accurate information about you to be used in their own marketing efforts.
• In connection with our Experian Developer Portal, we may collect personal information from you to facilitate login to our developer portal. The personal data will be collected upon registration and will include first name, last name, password, email address, company name and phone number. The data will be used to generate an identification token and password for login access to the portal.
• In connection with data hosting services provided to our affiliate Experian Decision Analytics UK, we may receive and host information such as first name, last name, email address and login information to facilitate a user authentication protocol.

When we obtain your personal data from public sources, we will only use that information for the specific reason for which it was provided to us.

Disclosures of Personal Data

We may share personal data we obtain about you from public sources with our customers and third party business partners for the provision of our services.

We may share your personal data with third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your personal data only as necessary to provide these services to us. These services may include data storage services and customer service and business operations.

In certain situations, Experian may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We may also disclose your personal data as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

If Experian is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or notice on our website, of any change in ownership, uses of your personal data, and choices you may have regarding your personal data.

We may also disclose your personal data to any other third party as permitted by law.

Security, Retention and Data Integrity

Experian follows generally accepted standards and maintains physical, electronic and procedural safeguards to protect the personal data submitted to us. Experian continually monitors access to its systems to detect unauthorized attempts to gain access to information. We may retain your information for as long as your account is active or as needed to provide services, comply with our legal obligations, resolve disputes and enforce our agreements.

Access

With regard to personal data Experian controls, upon request, we will provide you with information about whether we hold any of your personal data. You may access, correct, or request deletion of your personal data by contacting us at privacyshield@experian.com. This right of access applies only to personal data about the individual making the request and is subject to other limitations as defined by law, or where the burden or expense of providing access would be disproportionate to the risks related to the privacy of the individual or where the rights of other individuals would be violated.

As a processor, Experian acknowledges that you have the right to access your personal data. Experian has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or seeks to correct, amend or delete inaccurate data should direct their query to Experian’s customer, the data controller. If you contact us with the name of an Experian customer to whom you provided your personal data, we will refer your request to the customer and support them in responding to your access request. If requested to remove data by the data controller, we will respond within a reasonable timeframe.

Choice

We provide choices and means for individuals to limit the use of their personal data. In addition to providing individuals with choices regarding our use of their information, we will remove an individual’s name and related information from our direct marketing information products if they request it. You may access, correct, or request deletion of your personal data by contacting us at privacyshield@experian.com.  

In certain circumstances, we may be required by law to retain your personal data or may need to retain your personal data to continue providing a service.

Changes to this Policy

We may update this Privacy Policy to reflect changes to our information practices. If we make any material change to this Privacy Policy, we will notify you by means of a notice on this website. We encourage you to periodically review this page for the latest information on our privacy practices.

If you have questions or concerns, you may contact Experian by mail at:

Chief Privacy Officer
Compliance Department
Experian
475 Anton Blvd.
Costa Mesa, CA 92626