Here you can find the Marketing Register Description, the Recruitment Register Description and the User and Usability Study Register Description. All of which have been created following the General Data Protection Regulation EU 2016/679.
EXPIAN’S CUSTOMER AND MARKETING REGISTER
At Expian, we value the privacy of our customers, partners and other stakeholders. As a data controller, we need to collect and process personal data in order to provide all of our stakeholders with the best possible content. In particular, we process contact information of representatives of our corporate customers . We do the same with regard to potential customers. Personal data is any information that relates to an identified or identifiable individual, such as a name, email address and photograph.
We process personal data related to all persons belonging to the aforementioned groups in accordance with this privacy notice and the applicable legislation. We may update the privacy notice as our operations develop and the legislation changes.
Protection of Privacy
Data submitted by persons visiting our website/ordering newsletters/signing up for events is considered confidential and is used by Expian solely for marketing purposes, website visitor tracking to improve our website, and to enhance the services we provide for our customers.
Expian will respect your privacy under all circumstances. Your name, address, email address, telephone number and other personal data will be processed in the manner required to ensure that your privacy is protected.
Personal data processed and data-gathering methods
In general, Expian collects personal data related to customers and potential customers from the person in question. With regard to potential sales leads, we may also gather data from LinkedIn or company websites. Our website and any forms posted on it constitute another important source of personal data related to this group. Based on use of the Expian website, we also use Google Analytics and Zoho, to gather data. In addition, we gather data related to the corporate customer and its contact persons during the customer relationship. Personal data is also gathered via sign-ins for events we arrange and, occasionally, from seminars arranged in cooperation with partners.
Expian may process the following personal data held on its marketing register:
- first name and surname
- email address
- work phone number
- subscriber data for marketing correspondence
- employer company, its contact and other information, and business ID
- customer account level and/or lifecycle stage
- “buyer persona” allocated to employee
- Expian’s tasks (calls/emails/meetings)
- notes (calls/meetings/other)
- sales history
- email correspondence
- data collected through forms on the website, such as: IP addresses, completed forms, email openings and clicks, clicks in response to call-to-action prompts, data on website use and various activities related to use (dates, quantities, traffic sources)
- marketing opt-ins/opt-outs.
Purpose of using personal data and grounds for processing it
Expian uses the aforementioned personal data for marketing and communications purposes and the development of its website. We target our marketing at persons in the register in accordance with their profile, in order to provide everyone with interesting and relevant information on our services and industry. We also use the data gathered for the continuous development of our website, to better meet the information needs of our users. Data gathered for sales support purposes in relation to a certain customer account is used for the customer relationship management of the account.
Expian processes the personal data described in this privacy notice in pursuit of its legitimate interests, which include customer communications and direct marketing to the contact persons of potential corporate customers. In some cases, the processing of personal data may also be consent-based, in which case we will ask you separately for your consent.
Processing, handover and transfer of data outside the European Economic Area
In general, data in our marketing and customer register is processed by Expian employees for whom the processing of such data is a key element of the duties. Throughout our operations, we ensure that personal data is handled confidentially, in compliance with the law and solely on our own behalf.
We do not disclose data to third parties but may share it with other companies within our group where necessary. In addition, data may be disclosed if so, required under law, by a court of law, or by the competent authorities. We may also hand over personal data that is in our possession if we are involved in a company or business acquisition.
Data we process, on behalf of our customers may be generated from outside the UK and some of our service providers we use will involve a transfer of data outside of the EU. Service providers of this kind include Zoho and AWS. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded subject to appropriate safeguards as permitted under the applicable data protection laws. Specifically, when your personal information is transferred out of the UK without adequate safeguards, we have the required contractual provisions for transferring personal information in place with the third parties to which your information is transferred. For such transfers, we rely on legal transfer mechanisms such as Standard Contractual Clauses.
Data security, protection and storage
The personal data held by Expian is duly protected from unauthorised access and accidental or unlawful erasure, alteration, handover, transfer, or unlawful processing in any other manner. Only employees who need to process such data for work-related reasons are entitled to use systems containing the data. Personal data is protected by a password and firewall in a secure cloud service/and database.
Personal data is stored only as long as required for the purpose in question, or for as long as the related contract or legislation requires. The storage time of data can vary, depending on the purpose for which it is used, the legal grounds for its processing, and the circumstances. Furthermore, personal data can be erased if the data subject withdraws his or her consent, or requests that it be erased (unless Expian has other legal grounds for processing the data), or if the contractual relationship is terminated, or the data becomes obsolete or incorrect. We attempt to update or erase superfluous, incorrect or obsolete data at least once a year.
Click on this link for further information on managing and erasing cookies http://www.allaboutcookies.org/manage- cookies/.
You are guaranteed several rights under the applicable data protection legislation. Expian is committed to respecting these rights in its operations. With respect to the processing of your personal data, you have the following rights under certain additional legal provisions:
- the right to request that we provide you with a copy of any personal data concerning you which we have in our possession, and with certain information on the processing of such data;
- the right to request the restriction, in certain circumstances, of the processing of your personal data, for example if you dispute the accuracy of such data or we no longer need it for the original purposes for which we were processing it, but it is still needed in order to draw up or present a legal claim, or for legal defence against such a claim;
- the right to request the erasure of your personal data in certain circumstances, such as a situation in which your personal data is no longer needed for the purposes for which it was originally gathered or processed (the so-called right to be forgotten);
- the right to object to the processing of data conducted in the pursuit of our legitimate interests;
- the right, at any time, to withdraw your consent to our processing of your data when such processing is based on your consent;
- the right to request that we update your personal data, or correct inaccurate data; and
- the right to file a complaint with the local competent authority, such as the Data Protection Ombudsman in Finland (https://tietosuoja.fi/en/home).
Should you wish to exercise the aforementioned rights, you may do so by contacting Expian (see the contact information below). We may have to ask you for further details on your identity before fulfilling your request, in order to ensure that you are entitled to make such a request.
You can contact Expian by using the following contact details:
8-12 Camden High Street