Experian complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.  Experian has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  To learn more about the Safe Harbor program, and to view Experian’s certification, please visit https://2016.export.gov/safeharbor/eu/eg_main_018365.asp.

The following Experian entities are safe harbor certified and participate in the U.S. Safe Harbor:

- Experian Marketing Solutions, Inc.

  • Targeting
  • Cheetahmail
  • Conversen

- Experian Information Solutions, Inc.

  • Costa Mesa (CA) Tech Center
  • McKinney (TX) Data Center
  • Business Information Services, a business unit

- 41st Parameter

- LeadSpend, Inc.

- ConsumerInfo.com, Inc.

Personal information that is transferred to Experian in the United States (Experian NA) from the European Union (EU) falls under one of the following two situations:

Processor on Behalf

When acting in the capacity of a processor on behalf, Experian NA acts only on the instructions of its “data controller” clients and does not control or share such data without direction from the client.  For such processing, Experian NA enters into appropriate agreements with the clients providing that the client is the data controller for the purpose of the EU Data Directive and is in compliance with the applicable data protection laws.

Data Controller

When acting in the capacity of a data controller, Experian NA is required to comply with all EU Safe Harbor Principles:

Notice

Where Experian NA collects non-public personal information directly from EU data subjects, Experian NA provides the individuals with notice regarding the manner and circumstances in which the personal information will be used and transferred to third parties.  Where Experian receives transfers of personal information from the EU to the United States, Experian NA requires contractual provisions from the EU data controller that the personal information has been provided to Experian NA in accordance with the applicable EU Member State data protection law to ensure the individuals have been provided with appropriate notice regarding how their information will be used.

Choice

Where Experian NA collects non-public personal information directly from EU data subjects, Experian NA provides the individuals with choice regarding the manner and circumstances in which the personal information will be used and shared with third parties.  Where Experian NA receives transfers of personal information from the EU to the United States, Experian requires contractual provisions from the EU data controller that the personal information has been provided to Experian NA in accordance with the applicable data protection laws to ensure the individuals have been provided with appropriate choice regarding how their information may be used.

Onward Transfer

Experian NA complies with the Notice and Choice principles above for all data disclosed or transferred to a third party.  In the event Experian NA utilizes data processors to perform tasks on behalf of and/or under the instruction of Experian NA, Experian requires its data processors to enter into a written agreement with Experian which requires them to provide the same level of protection that Experian provides.

Security

Experian NA maintains physical, electronic and procedural safeguards to protect personal information.  Experian NA continually monitors access to its systems to detect unauthorized attempts to gain access to information.

Data Integrity

Experian NA takes reasonable steps to ensure that personal information is accurate, complete, current, and reliable for its intended use.

Access

An individual may contact Experian NA to learn whether or not information data relating to him or her is found in Experian NA’s databases.  This right applies only to personal information about the individual making the request and is subject to other limitations as defined by law, or where the burden or expense of providing access would be disproportionate to the risks related to the privacy of the individual or where the rights of other individuals would be violated.

Enforcement

The U.S. Direct Marketing Association (DMA) serves as Experian NA’s third-party dispute resolution provider.

If you believe Experian NA is not complying with the Safe Harbor principles or this policy, contact our company by mail or email at:

Experian Holdings, Inc.
Attn: EU Safe Harbor Compliance
949 West Bond Street
Lincoln, NE 68521

Email – EUSafeHarbor@Experian.com

If your inquiry with Experian NA has not been satisfactorily addressed, you may contact the DMA Safe Harbor Dispute Resolution Program at:

Safe Harbor
Direct Marketing Association
1615 L Street, N.W., Suite 1100
Washington, DC  20036-5624