Experian Privacy Policy for MSE Credit Club
Effective date: 8th April 2020
This policy
We take your privacy seriously. This Privacy Policy explains what personal information we collect from you and how we use it.
We encourage you to read this policy thoroughly. To make it easier, we’ve
broken it up into bite-size chunks and some longer sections.
Who is Experian and how can you contact us?
When we refer to
‘Experian’ in this Privacy Policy, we mean Experian Limited.
Experian is part of a group of companies whose parent company is listed on
the London Stock Exchange (EXPN) as Experian plc. The Experian group of
companies has its corporate HQ in Dublin, Ireland, and its operational HQs in
Costa Mesa, California and Nottingham, UK. You can find out more about the
Experian group on our website at
www.experianplc.com.
If there’s anything you’re unsure about in this Privacy Policy, feel free to
contact our Data Protection Officer at
UK.DPO@EXPERIAN.COM
What information we collect
We will need to ask you for certain personal information to give you the best
possible experience when you engage with us (via our websites or otherwise)
and when you use our products and services.
We or our third parties will also collect other information about you and the
devices you use to access our website. We do this by using technologies like
cookies. See also our
Cookies Policy
Contact information
When you apply for Experian services from this website we will ask you
to provide some contact information. Contact information may include
some or all of the following: Full name, previous names, residential
address, previous residential addresses, date of birth, landline phone
number, mobile phone number and email address.
Security
For most of the services you select on our website, we will ask you to
provide security information that only you will know. Security
information may include some or all of the following: mother’s maiden
name, password and memorable word.
Device
We also collect certain data automatically from your visit to our website
or use of our services. This may include (but is not limited to) some or
all of the following. How you connect to the internet (including IP
address), how you engage with our site, screen resolution, browser data
stored on your device (such as cookies – see also our Cookies policy),
information about the device software you are using (such as internet
browser) and location data (city, region of the IP address you used when
accessing our services).
Personal information provided by third parties
Where you are eligible for our products or services through a third
party (such as an added value bank account or insurance product), we
may be provided with some of your personal information, this enables
us to confirm your eligibility, update your details or cancel services you
are no longer eligible for.
How we use your information
We use your personal information in lots of ways to make our products and
services as effective as possible.
To enable you to access our website and use our services
We will use your information to accept you as a new/returning customer and
continue to provide you with our products and services.
To let you know about significant changes to our products, terms or
privacy policy
We will let you know by email, SMS, push notification or when you log in to
the site if there are significant changes to our products, their features, our
terms, or our privacy policy.
To confirm your identity and authenticate the information you
provide
As part of providing our services to you we will confirm your identity and
authenticate the information you provide for security purposes
Establishing your identity is important as the services may provide you with
your personal credit information (such as your credit score or credit report)
and we must be sure you are who you say you are. Identity checking may
also involve checking the registration information you give us against
information we already hold about you as a credit reference agency and
potentially publicly available information about you such as from social media.
If we are unable to confirm your identity from the registration information you
provide, we will let you know by using the contact details you have provided
and you may then have the option to make a written application and provide
further proof of your identity.
To provide and improve customer support
We will use your information to be able to provide and improve the customer
support we provide to you (e.g. when you have questions or when you forget
your log-in information).
To provide alerts
We will use your information to send you alerts where ‘Alerts’ are part of the
service you ask us to provide e.g.
-
Where there are certain changes to your report or score.
To send you service communications
We will use your information to contact you to tell you about changes to or
issues affecting the services you are taking.
Fraud investigation, detection and prevention
We may use your information for fraud investigation, detection and prevention
measures and in order to provide suitable security for your account and your
information that we hold (such as to enable us to prevent others logging in to
your account without your permission from unknown devices).
Investigation, detection and prevention of crime
We may use your information for the investigation, detection and prevention of
crime (other than fraud).
For internal training purposes
We will use your information to ensure that our team has the knowledge and
expertise they need to ensure we provide the best possible experience to our
customers when interacting with us.
Reporting and Analytical purposes
We will use your information for reporting and analytical purposes (e.g. how
many of our customers are in the north or south of the country) to enable us
to improve our products and services and provide appropriate levels of support
to our customers.
To maintain our records and other administrative functions
Like any business, we need to ensure that we maintain comprehensive and
up to date records of the ways we process your personal information and
other operational activities and therefore we will process the information you
provide for record-keeping, updates and general administrative purposes.
Complaint and dispute resolution
Whilst we will try to make sure that you are happy with the service we
provide and do not feel the need to complain, if you do complain to us, we
will use the information we have about you to help us manage your
complaint.
To comply with the law
Like any other business, we are required to comply with many laws and
regulations. We will, where necessary, use your personal data to the extent
required to enable us to comply with these requirements.
To improve data accuracy and completeness
Personal information you provide to us may be used to improve the credit
bureau information we already hold about you in our role as a credit
reference agency. E.g. if you provide a different address or alias to the one
we hold already we may store the new address or alias in the credit bureau
information to aid quicker identification of you and ensure that lenders can
see a full picture of you when making lending decisions, it also aids
identification and verification in the credit application process.
The Eligibility Service
As part of this service, you will receive a list of products that you are eligible to apply for. In order to enable us to find the most suitable products for you we may use public information (including electoral roll and shared credit performance data) held by us and other Credit Reference Agencies. If you have a financial associate their data may also be provided.
It is important to note that, whilst we will provide you with information about the products which we think are most appropriate for you, there may be other products available from lenders who are not represented by this service.
How will CRAs handle your information?
When we do a credit search a quotation search footprint will be placed Won your Experian Credit Report. A quotation footprint cannot be seen by other lenders.
When we share your information with another CRA and they complete a credit search this will leave a quotation search footprint on your credit report with them. They will do this regardless of whether or not you decide to apply for the product.
Each time you log into Credit Club a quotation footprint will be left on your credit reports. This is to ensure that you are always presented with the most up to date and valid offers based on the most up to date credit report information.
Affordability Service
We will input your information (including information about your income and expenditure) into our calculator and mimic how lenders may calculate your affordability at the point you apply for credit with them.
At the point of registration a footprint will be left on your credit report, this will be a Credit Report footprint, and is not seen by lenders.
Your Experian Credit Score (if applicable to the service your Experian Credit Report) is updated every 30 days irrespective of the number of times you log into the Credit Club until you unsubscribe from the Credit Club. As a result of this update, a Credit Report footprint will be left on your Credit Report every 30 days following the initial registration, and none of these subsequent footprints will be seen by lenders.
Further uses of your personal information not described in this Privacy Policy
If we use your personal information for any purposes that are not set out in this Privacy Policy, we promise to let you know exactly what we will use it for before we go ahead and use it and obtain your consent where appropriate.
What are the legal grounds for handling personal information?
Data protection laws require that, where were process your personal data, we must satisfy at least one prescribed condition for processing. These are set out in data protection law and we rely on a number of different conditions for the activities we carry out.
Necessary for performance of a contract or to comply with law
In most cases, the information described above will be provided to us by you because you want to take services from us or engage with us and our use of your information will be governed by
contract terms. Giving this information to us is therefore your choice. If you choose not to give all or some of it to us, this may affect our ability to provide the services you want, to you. In particular, we may rely on this condition for processing in the following scenarios:-
- To enable you to access our website and use our services.
- To let you know about significant changes to product, terms or privacy policy.
- To confirm your identity and authenticate the information you provide.
- To provide and improve customer support.
- To provide alerts.
- To send you service communications.
Consent
Where we collect other information from you such as when we use cookies to collect information about the device you use to access our website, or sometimes third parties collect it on our behalf. You will be asked to consent to this before using our website. If you choose not to give your consent, or you later remove your consent, this may affect our ability to provide the services you want, to you.
Necessary in our legitimate interests or those of a third party
In the United Kingdom, we can also use personal information where the benefits of doing it are not outweighed by the interests or fundamental rights or freedoms of individuals. The law calls this the “Legitimate Interests” condition for processing. Where we rely on it, the benefits being pursued by us are: -
-
Helping to prevent and detect crime such as fraud and money laundering.
Fraud and money laundering cost the British economy many billions of pounds every year. That cost is ultimately passed on to the public in the form of higher prices. By helping to avoid fraud such as identity theft, we help to stop this from happening.
-
Complying with/supporting compliance with legal and regulatory requirements.
We must comply with various legal and regulatory requirements. Additionally, the services we provide help other organisations to comply with their own legal and regulatory obligations. For example, Experian is regulated by the Financial Conduct Authority.
- Internal training purposes – to enable us to train our staff to better provide services to our customers.
- Running a marketing services and data business – like any commercial organisation, we run a business and process information where necessary to do so. We also provide services to third parties which help them to run their businesses more effectively and efficiently. We have put in place various safeguards to ensure that individuals’ whose personal information we handle are not unduly harmed by the activities we use their personal data for. These include making information available to individuals so that they understand how their personal data will be used by Experian, explaining their rights to obtain the information we hold and to have their information corrected or restricted and providing information about how individuals can complain if they are dissatisfied.
- Reporting and analytic purposes – to provide management information and information to improve our services.
- Tracking activity – to help us to improve our services.
- To maintain our records and other administrative purpose – to enable Experian to provide the most accurate data for our customers and clients.
- Complaint and dispute resolution – we will need to use customer data when looking into queries and complaints.
- To improve data accuracy and completeness – when you register for our services you may supply us with additional information about yourself which we will use to improve our data accuracy and completeness.
- Email tracking – in order to improve our communications to our customers.
- Invitations to participate in market research – in order to improve the service we offer to customers, we may ask you to participate in research from time to time. It is entirely up to you whether you choose to do so.
Who we share your personal information with
We share your personal information only with those persons who need to handle it so we can provide the Experian products and services you’ve signed up to. We also share it with companies within the Experian group who manage some parts of the services for us; with suppliers who provide services to us which require access to your personal information only; and with resellers, distributors and agents involved in delivering the services we provide where necessary for them to do so.
Lastly, we may also provide your personal information to fraud prevention agencies. This is to protect the Experian group of companies and our customers, to keep our systems secure, or where it’s necessary to protect either yours or our best interests.
The following section explains more about who and why we share your information with others.
- Group companies
As a member of the Experian group of companies, we can benefit from the large IT infrastructure and expertise that exists within our business. This means that the personal data you provide to us may be accessed by members of our group of companies for support and administrative purposes.
- Suppliers
We use a number of service providers to support our business and these service providers may have access to our systems in order to provide services to us and/or to you on our behalf.
-
Fraud prevention agencies
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. Law enforcement agencies may access and use this information.
If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies can be obtained by writing to us at Experian Ltd, PO Box 8000, Nottingham, NG80 7WF.
We and other organisations may access and use the information recorded by fraud prevention agencies from other countries.
More information about your rights in relation to the personal data we hold can be found in the 'Your rights to how we use your personal information' section of this Privacy Policy.
- Public bodies, law enforcement and regulators
The police and other law enforcement agencies, as well as public bodies such as local and central authorities can sometimes request personal information. This may be for the purposes of preventing or detecting crime, apprehending or prosecuting offenders, assessing or collecting tax, investigating complaints or assessing how well a particular industry sector is working.
-
Brokers, lenders and providers of credit and financial products
In some circumstances, we will share credit report information and your personal information (such as name and address) with brokers, lenders and providers of credit and financial products themselves for purposes that may include:
- verifying your eligibility for the products;
- verifying suitability of products;
- those set out in the lender’s terms and conditions and/or its privacy policy relevant to the product you are searching for;
- assisting you in completing your application to the lender (which may include pre-populating the application form on their website);
- contacting you regarding credit and financial products; and complying with any contractual, legal and/or regulatory obligations.
- Individuals
You can obtain a copy of the information we hold about you. See section Your rights to how we use your personal information for further information on how you can do this.
Where in the world do we send information?
Experian is based in the UK, which is where our main databases are. We also operate elsewhere in and outside the European Economic Area, so we may access your personal information from and transfer it to these locations as well. Don’t worry though, any personal information we access from or transfer to these locations is protected by European data protection standards.
While countries in the European Economic Area all ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and don’t provide the same quality of legal protection when it comes to your personal information.
To make sure we keep your personal information safe, we apply strict safeguards when transferring it overseas. For example:
- Sending your personal information to countries approved by the European Commission as having high quality data protection laws, such as Switzerland, Canada and the Isle of Man.
- Putting in place a contract that has been approved by the European Commission with the recipient of your personal information that provides a suitable level of high quality protection.
- Sending your personal information to a member organisation approved by the European Commission as providing a suitable level of high quality protection. For example, the Privacy Shield Scheme that exists in the US.
Your rights to how we use your personal information
It is important that you understand your rights in relation to your personal information and how you can contact us if you have questions or concerns.
If you’ve given us consent to process your personal information, you have the right to withdraw that consent at any time by contacting us on
UK.DPO@EXPERIAN.COM. You can also make changes to that preference in your Experian account.
You can also ask for access to the personal information we hold about you and request that we correct any mistakes, restrict or stop processing or delete it. We will assess your request and subject to legal or overriding requirements to keep it we will act on your request, but please note that this does not mean that we will delete negative information about you if it is confirmed to be correct.
If that is the case, we will explain why. To request a copy of the personal information we hold about you by contacting us
https://www.experian.co.uk/consumer/data-access. or write to Experian Ltd, PO Box 9000, Nottingham, NG80 7WP
In certain circumstances (e.g. where you provide your information to us (a) with consent to process it or (b) where the processing is necessary for the performance of our contract with you) you can require that we provide the information we hold about you either to you or a third party in a commonly used format. This only applies if we are processing it using automation only. If you would like more information about this, let us know by contacting us at
UK.DPO@EXPERIAN.COM.
Problems with how we handle your information or rights
We will try to ensure that we deliver the best levels of customer service but if you think we are falling short of that commitment, please let us know by contacting us at
UK.DPO@EXPERIAN.COM. You may also see our full
complaints handling procedure and how to make a complaint.
If you’re still unhappy with any aspect of how we handle your personal information you also have the right to contact the Information Commissioner’s Office (ICO), the supervisory authority that regulates the handling of personal information in the UK. You can contact them by:
- Going to their website at https://ico.org.uk/
- Phone on 0303 123 1113
- Post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
You may also see our full complaints handling procedure and how to make a complaint. If we cannot resolve things under that procedure, then you may have the right to refer your complaint, free of charge, to the Financial Ombudsman Service. The contact details for the Financial Ombudsman Service are: Telephone: 0300 123 9 123, or from outside the UK +44 20 7964 1000 E: complaint.info@financial-ombudsman.org.uk W: www.financial-ombudsman.org.uk Financial Ombudsman Service Exchange Tower London E14 9SR
You may also have the option to register your complaint using the
European Commission Online Dispute Resolution (ODR) platform. This is a web-based platform that is designed to help consumers who have bought goods or services online to deal with issues arising from their purchase.
How we keep your personal information secure
Online privacy and security is the most important aspect of any customer service and we take it extremely seriously. We use a variety of the latest technologies and procedures to protect your personal information from unauthorised access, destruction, use or disclosure.
Experian have a comprehensive Global Security Policy based on internationally recognised standards of security (known as ISO27001 standard) and holds ISO27001 certification in the key areas of Global Security Admin team who are responsible for administering logical access to systems and in the Data Centre.
Experian has a dedicated Cyber Security Investigations team who safeguard Experian’s key assets such as its systems and storage facilities. This team, identify and effectively manage any security developments that may threaten Experian's people, process, or technology through intervention and the thorough investigation of security incidents. Experian holds Cyber Essentials Certification and performs risk assessments against our critical and external facing applications annually.
Experian is annually audited by an External QSA (Qualified Security Assessor) from Trustwave and have successfully maintained compliance since 2010.
How long we keep your personal information for
We’ll keep your personal information for the periods set out below, and where we were not able to give a specific period, we will keep it only as long as we need it to provide the Experian products and services you’ve signed up to.. We may also keep it to comply with our legal obligations, resolve any disputes and enforce our rights. These reasons can vary from one piece of information to the next and depend on the products or services you’re signed up to, so the amount of time we keep your personal information for may vary.
Contact information
We will only retain your contact information for up to 7 years after the end of the provision of services in order to answer any queries you may have. However, information about address links or aliases which you tell us about during registration may be kept while there is a continuing need to retain it to help us improve the quality of our data (see below).
Security
We will only retain your security information for six years after the end of the provision of services in order to answer any queries you may have and identify you when you contact us.
Device
We will only retain your Device information for 26 months after the end of the provision of Services .
Personal information provided by third parties
We will retain these files for the duration of the contract we have with the third party.
In all cases, our need to use your personal information will be reassessed on a regular basis, and information which is no longer required for any purposes will be disposed of.
Changes to this Privacy Policy
We can update this Privacy Policy at any time and ideally you should check it regularly for updates. We won’t alert you to every little change, but if there are any really important changes to the Policy or how we use your information we’ll let you know and where appropriate ask for your consent.
Previous Privacy Policy – effective date 25th May 2018