Scope of this Policy
This Policy applies to the processing of your personal data when you use our Affordability Passport service. Any references to the ‘service’ in this Policy means the Affordability Passport service.
Experian also operates a number of other businesses (which you may not normally interact with). Different privacy policies apply to those other businesses, and those policies discuss in more detail how your personal data might be processed by those other businesses. For more information about these other businesses and the privacy policies that apply to those business, go to https://www.experian.co.uk/privacy/privacy-policies
This service may include links to third-party services, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party services and are not responsible for their privacy statements. When you leave our service, we encourage you to read the privacy notice of every service you visit.
Who is Experian and how can you contact us?
Experian is part of a group of companies whose parent company is listed on the London Stock Exchange (EXPN) as Experian plc. The Experian group of companies has its corporate HQ in Dublin, Ireland, and its operational HQs in Costa Mesa, California and Nottingham, UK.
What information we collect
We will need to ask you for certain personal information to deliver the service you have asked for and to give you the best possible experience when you use this service. How we use the information we collect is explained in the ‘How we use your information’ section of this Policy.
We will also collect information about you and the devices you use to access our service, or we may ask third parties to do this for us. In these cases, we do so by using technologies such as cookies. See also our Cookies page.
When you apply to use our service, we will ask you to provide some contact information. This will include:
- your full name and any previous names
- residential address
- title and date of birth
- email address and telephone numbers (landline and mobile)
We will only retain your contact information for three years after the Affordability Passport expires, which is 30 days after it is provided to you. We retain your contact information so we can deal with any queries you may have about this service and to inform you of any changes to this service. We do not use your contact information for marketing purposes.
So that you can securely access this service to view your Affordability Passport, we will ask you to provide a username or similar identifier and a password. This will allow you to log back in to the service and view your Affordability Passport for up to 30 days from when it is first generated and provided to you. After 30 days have lapsed you will still be able to log in to the service but you will not be able to view your Affordability Passport as it will have been deleted.
To allow us to verify your identity and protect your data from fraud and unauthorised access, we will use some of your contact information including your name, address and date of birth. This is a necessary security step to ensure we can protect your information.
Optionally and where the organisation that has asked you to use the Affordability Passport asks us to, we may ask you to provide us with the following:
- information from your driving licence, passport or government issued ID and a photograph of yourself
We will use this information along with your name, address and date of birth to check and verify your identity on behalf of the organisation that has asked you to use the Affordability Passport.
To provide this service to you, we will access data we already hold about you on the Experian Credit Bureau. This will include (but is not limited to) some or all the following:
- details of credit accounts held and repayment performance
- public information such as inclusion on the electoral roll, bankruptcies and county court judgements.
We will only retain the credit information we obtain from the Experian Credit Bureau for 30 days from the creation and delivery of the Affordability Passport to you. For more information about the types of credit information we hold in the Experian Credit Bureau, please see the privacy notice we have created (CRAIN) for further information.
Bank account information
Where you provide us with consent to access your bank account(s), we will request up to 12 months bank account information. Where you allow us access to a joint account, the bank account information we receive will include transactions made by both you and the other person with whom you share the account.
We (or our partners) will collect some, or all, of the following data from your bank account(s):
- Account name, number and sort code
- Account balance
- Details of the transactions, such as the amount credited or debited, date of transaction and name of payer or recipient
- Product details – fees, charges, interest, benefits/rewards
We will only collect this information from your bank accounts once as you have only given us permission to collect it once. We will retain your bank account information for 30 days from the creation and delivery of the Affordability Passport to you.
We also collect certain data from your device when you access our service. This will include your internet protocol (IP) address and the following information about your device:
- your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology
- usage data including information about how you use our service and our website.
How we use your information
We use your personal data in lots of ways to make our services as effective as possible.
To provide this service to you and enable you to use it
We will use your information to accept you as a new/returning customer, to authenticate you when you use our service and log into your Affordability Passport. We also use it so we can provide this service to you.
To confirm your identity and authenticate the information you provide
As part of providing this service to you we will confirm your identity and authenticate the information you provide for security purposes.
Establishing your identity is important as the services may provide you with your personal credit information and information about your bank accounts and we must be sure you are who you say you are. Identity checking may also involve checking the registration information you give us against information we already hold about you as a credit reference agency. You’ll be able to see a record of this check for up to 12 months if you request a copy of your credit report from us.
If we are unable to confirm your identity from the registration information you provide, we will inform you of this.
To provide you with information from your Experian Credit Report
A summary of your salient credit information that we obtain from the Experian Credit Bureau will be shared with you when you access your Affordability Passport. This information will also be provided to the organisation that has asked you to use this service as part of the service they are providing to you. This information is provided to them to help them make a decision about whether to offer you a service or product.
To provide the CastScore
Optionally and where organisations that have asked you to use the Affordability Passport ask us to, we will use your bank account information and profile it to create the ‘CastScore’ by processing the data through an algorithm called a scorecard. We will provide the CastScore to organisations that have asked you to use the Affordability Passport to help them to make an affordability assessment about whether you could afford the product or service they are offering to you.
To provide customer support and handle complaints
We will use your information to be able to provide customer support to you when you have questions about this service or are unable to access your Affordability Passport.
To provide services that use your bank account information
When you provide us with permission for your bank account information to be collected and used, the main purposes that we may use that data for are:
- to present you with a consolidated view of the transaction data we have obtained from your banks account(s). To do this, we use automated systems to group your transactions into common groups or categories
- to provide the organisation that has asked you to use this service as part of their service to you with a summary of your last 12 months transactions consolidated into common groups or categories. This information is provided to them to help them make a decision about whether to offer you a service or product. The organisation will receive your transaction data along with the consolidated view of your transactions
- for reporting, analysis, training and developing our Affordability Passport service to help us improve it. The development of the service includes using the data to improve the categorisation techniques we use when identifying payments within your bank transactions that fit into certain groups or categories.
To comply with the law
Like any other business, we are required to comply with many laws and regulations. Where necessary (i.e. where it is reasonable and proportionate for us to do so), we will use your personal data to the extent required to enable us to comply with these requirements.
Investigation, detection, prevention of fraud
We may use your information for the investigation, detection, prevention of fraud.
Reporting and analytics
We also aggregate your information for reporting and analytical purposes. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific service feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
To understand how you use our website
We will use some of your usage information from your device to understand how you interact with our service and our website. We do this to help us better understand your interests and how you interact with us.
What are the legal grounds for handling personal information?
Data protection laws require that, where we're processing your personal data, we must satisfy at least one prescribed condition for processing. These are set out in data protection law and we rely on a number of different conditions for the activities we carry out.
Necessary for performance of a contract or to comply with law
In most cases, the information described above will be provided to us by you because you want to take this service from us or engage with us and our use of your information will be governed by contract terms. Giving this information to us is therefore your choice. If you choose not to give all or some of it to us, this may affect our ability to provide this service to you.
We may rely on this condition for processing in the following scenarios:
- to enable you to access our website and use our services
- to confirm your identity and authenticate the information you provide.
- to provide and improve customer support.
- to provide you with information from your Experian Credit Report.
- to provide services that use your bank account information.
- to provide you with additional services using your credit information and bank account information
- to resolve complaints and disputes you may have about this service
- to comply with the law.
- investigation, detection, prevention and fraud.
We obtain your consent when we use non-essential cookies, or technology similar to cookies, and/or collect information about the device you use to access our website. Sometimes we work with third parties who carry out these activities on our behalf. You will be asked to consent to the use of non-essential cookies before using our website. Further information about the cookies is included in our Cookies Policy.
Necessary in our legitimate interests or those of a third party
In the United Kingdom, we can also use personal information where the benefits of doing it are not outweighed by the interests or fundamental rights or freedoms of individuals. The law calls this the "Legitimate Interests" condition for processing. Where we rely on it, the benefits being pursued by us are:
- investigation, detection and prevention and fraud: identifying and stopping fraud, including fraudulent access to our services
- reporting and analytics: to provide management information and information to help improve our services
- to help the organisations that have asked you to use the Affordability Passport make informed decisions about your affordability and credit status. This is to help prevent over-indebtedness and help them make responsible decisions about the products and services they offer you.
Who we share your personal information with
We share your personal information with those persons who need to handle it so we can provide the Affordability Passport service to you. We will also share it with:
- the Experian Credit Bureau so we can provide you and the organisation that has asked you to use this service with summarised information from your Experian Credit Report
- companies within the Experian group who manage some parts of the services for us
- suppliers who provide services to us which require access to your personal information, such as services to verify and confirm your identity. We use an organisation called Onfido https://onfido.com to provide this service. Onfido do not retain any of your personal data
- banks with whom you hold bank accounts
- resellers, distributors and agents involved in delivering this service to you
organisations (our clients) that use information from this service to help them make decisions about whether to offer you a product or service. These are organisations that have asked you to use this service as part of the service they are wanting to provide to you. This could include providers of finance and credit products, residential letting agents and providers of debt management and advice services who may use the information we give them to provide the services that you have requested.
Before we share any of your information with them you will be able to check certain personal details (for example, name, address and date of birth) and, in certain cases, to re-categorise your bank account transactions. Once you are comfortable that the information is accurate we will ask you to agree to us sharing it with the organisation.
- public bodies, law enforcement and regulators may request access to your personal information so they can prevent or detect crime, apprehend or prosecute offenders, assess or collect tax, investigating complaints or assessing how well a particular industry sector is working.
- individuals. You can obtain a copy of the information we hold about you. See section 'Your rights to how we use your personal information' for further information on how you can do this.
Where in the world do we send information?
Experian is based in the UK, which is where our main databases are. We also operate elsewhere in and outside the European Economic Area, so we may access your personal information from and transfer it to these locations as well. Don't worry though, any personal information we access from or transfer to these locations is protected by European data protection standards.
While countries in the European Economic Area all ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and don't provide the same quality of legal protection when it comes to your personal information.
To make sure we keep your personal information safe, we apply strict safeguards when transferring it overseas. For example:
- Sending your personal information to countries approved by the European Commission as having high quality data protection laws, such as Switzerland, Canada and the Isle of Man.
- Putting in place a contract that has been approved by the European Commission with the recipient of your personal information that provides a suitable level of protection.
- Sending your personal information to an organisation which is a member of a programme certified by the European Commission as having in place equivalent protections to those in the EEA and UK.
Your rights to how we use your personal information
It is important that you understand your rights in relation to your personal information and how you can contact us if you have questions or concerns. Where you've given us consent to process your personal information in relation to cookies, you have the right to withdraw that consent at any time by changing your preferences on our website.
You can also ask for access to the personal information we hold about you by visiting http://www.experian.co.uk/consumer/data-access.
You have the right to object to our use of your personal data. We will do as you ask where possible and in line with applicable law.
You also have the right to request that we correct any mistakes, restrict processing or delete your data. It’s worth noting that in some cases if you do ask us to correct, delete or stop processing data, we won’t always be required to do so and where that is the case we will inform you of this.
We will try to ensure that we deliver the best levels of customer service but if you think we are falling short of that commitment, please let us know by contacting our data protection officer at firstname.lastname@example.org.
In certain circumstances (e.g. where you provide your information to us (a) with consent to process it or (b) where the processing is necessary for the performance of our contract with you) you can require that we provide the information we hold about you either to you or a third party in a commonly used format. This only applies if we are processing it using automation only. If you would like more information about this, let us know by contacting us at mailto:email@example.com
If you’re still unhappy with any aspect of how we handle your personal information you also have the right to contact the Information Commissioner’s Office (ICO), the supervisory authority that regulates handling of personal information in the UK. You can contact them by:
- going to their website at https://ico.org.uk/
- phone on 0303 123 1113
- post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
You may also see our full complaints handling procedure and how to make a complaint. If we cannot resolve things under that procedure, then you may have the right to refer your complaint, free of charge, to the Financial Ombudsman Service.
The contact details for the Financial Ombudsman Service are:
- telephone: 0300 123 9 123, or from outside the UK +44 20 7964 1000
- email: firstname.lastname@example.org
- website: www.financial-ombudsman.org.uk
- address: Financial Ombudsman Service Exchange Tower London E14 9SR
How we keep your personal information secure
Online privacy and security is the most important aspect of any customer service and we take it extremely seriously. We use a variety of the latest technologies and procedures to protect your personal information from unauthorised access, destruction, use or disclosure.
Experian have a comprehensive Global Security Policy based on internationally recognised standards of security (known as ISO27001 standard) and holds ISO27001 certification in the key areas of Global Security Admin team who are responsible for administering logical access to systems and in the Data Centre.
Experian has a dedicated Cyber Security Investigations team who safeguard Experian's key assets such as its systems and storage facilities. This team, identify and effectively manage any security developments that may threaten Experian's people, process, or technology through intervention and the thorough investigation of security incidents. Experian holds Cyber Essentials Certification and performs risk assessments against our critical and external facing applications annually.
Experian is annually audited by an External QSA (Qualified Security Assessor) from Trustwave and have successfully maintained compliance since 2010.
How long we keep your personal information for
We'll keep your personal information for as long as we need it to provide this service to you. We may also keep it to comply with our legal obligations, resolve any disputes and enforce our rights.
In some circumstances we may anonymise and aggregate your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.