Equiniti Data Privacy Notice

24 May 2018

Version 1.3

We understand how important your personal data is and are committed to protecting and respecting your privacy.

'Personal Data' means any information relating to or which identifies you. This can include items such as your name, address, phone number, identification numbers (such as an account number or your national insurance number), location data or online identifiers. Personal data can be held electronically or in certain paper records.

The General Data Protection Regulation (GDPR) regulates the processing of personal data. The GDPR seeks to protect your rights to your personal data by setting out, amongst other things, the conditions under which the processing of personal data is lawful, the rights of data subjects and the standards that organisations that handle personal data must adopt. This Privacy Notice is issued in compliance with GDPR and seeks to explain:

  1. Who we are,
  2. Products and services covered by this Privacy Notice,
  3. How we collect your personal data,
  4. Why we collect your personal data,
  5. How long we hold the personal data for,
  6. The conditions under which we may share it with others,
  7. Overseas processing,
  8. How we keep your personal data secure,
  9. Your personal data rights and how to exercise them, and
  10. Useful information

1. Who we are

Equiniti Data is a trading name of Equiniti Data Limited (EQD), which is part of the Equiniti Group of Companies, and is authorised and regulated by the Financial Conduct Authority. Our main business is marketing services and digital communications. Our registered address is 42-50 Hersham Road, Walton-on-Thames, Surrey KT12 1RZ and our ICO registration number is: Z9452802.

EQD is a ‘Data Controller’. This means that we are responsible for deciding how and why we hold and use personal data about you.

In this Privacy Notice, ‘we’, ‘us’ and ‘our’ will always mean EQD, as Data Controller.

If you have any questions about our Privacy Notice, how we use your personal data or if you wish to exercise your rights, you may contact our Compliance Team by email at dataprotection@eqdata.co.uk or our Data Protection Officer at Highdown House, Yeoman Way, Worthing, BN99 3HH, via email DPO@equiniti.com or by calling 0333 207 5962.

2. Products and services covered by this Privacy Notice

This notice applies to all EQD data products and services, all of which are B2B and are listed below. EQD also provides B2B cyber security products and services and if you would like to view the privacy notice for our cybersecurity products and services please email us at dataprotection@eqdata.co.uk.

  • EQ Reach
  • EQ Clarity
  • EQ Pure
  • EQ Engage
  • EQ Connect
  • Marketing services to assist clients in marketing to their existing customers, as well as identify and target new customers (prospects)
  • Insight and analytical services to deliver demographic, attribute, segmentation, modelled and profiled data to enable additional insight about clients’ customers and target audiences
  • Linkage services to resolve identity and validate details across platforms and devices often in relation to online advertising
  • Identity verification
  • Management of credit, risk and fraud
  • Suppression products such as deceased and gone-away processing to keep data accurate and up to date
  • Database verification
  • Tracing services (asset reunification and debtor tracing)
  • Research and statistical purposes

3. How we collect your personal data

We may collect and process the following personal data about you:

Information you provide to us

  • By using our website(s) and mobile device apps;
  • By corresponding with us by post, phone, e-mail, live-chat or otherwise;
  • Application/registration forms/identification documentation;
  • Entering competitions, promotions or surveys; and
  • When you report any problem or complaints with our website, products and services.
  • If you contact us via social media, we may collect details from your social media account.

Information we receive from third parties

  • As part of our identity and financial crime checking procedures with credit reference agencies, fraud detection agencies and registration or stockbroking industry exchanges as well as public information sources;
  • From third parties such as
    • Data partners who collect data on a legitimate interest or consent or contractual basis and share it with third parties such as us;
    • Local Authorities who supply copies of the Open Register to us for use for marketing communications;
    • As a credit reference agency we also obtain copies of the electoral register containing the names and addresses of registered voters from Local Authorities across the UK in accordance with specific legislation for credit reference information purposes but not marketing;
    • Data about UK postal addresses is also obtained from sources like Royal Mail;
    • From online advertising networks (for example Google) through whom we place advertisements. The information we obtain varies from network to network. It often summarises the actions of lots of people and so does not enable us to identify you individually. It relates to what you view, click on, and access through websites in their network, including the subject matter of the website you started at and where you subsequently go. It might also include their analysis of your behaviour across the wider internet and a profile of you. If you are unhappy about this happening you should look out for ‘settings’ and ‘Do Not Track’ options in online advertisements and in the privacy and cookies functionality on your devices and consider changing you setting to block third party cookies in particular. We do not control the information on you that such networks obtain, or the technology they use to do so.

4. Why we collect your personal data

We collect and process Personal Data for the legitimate interests of us and our customers for:

  • Marketing services to assist clients in marketing to their existing customers, as well as identify and target new customers (prospects)
  • Insight and analytical services to deliver demographic, attribute, segmentation, modelled and profiled data to enable additional insight about clients’ customers and target audiences
  • Linkage services to resolve identity and validate details across platforms and devices often in relation to online advertising
  • Identity Verification
  • Management of risk and fraud
  • Suppression products such as deceased and gone-away processing to keep data accurate and up to date
  • Database verification
  • Tracing services (asset reunification and debtor tracing)
  • Research and statistical purposes

5. How long we hold your personal data for

Personal data will not be retained for longer than necessary for us to achieve the purpose for which we obtained your personal data. We will then either securely delete it or anonymise it so that it cannot be linked back to you. We review our retention periods for personal data on a regular basis.

We will retain personal data for a period of up to 12 years for the reasons noted below:

  • To respond to enquiries and complaints
  • To maintain records to meet rules and regulatory requirements that are applicable to the administration of the contract

We may keep your data for longer than 12 years if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes

For full details of our retention policies, please contact the Data Protection Officer using the above details.

6. The conditions under which we may share your personal data with others

The information we hold about you is confidential and we will only share your personal information to enable us to deliver your product(s) or service(s), examples are as follows:

  • Our B2B clients
  • Other Equiniti Group entities who help us deliver our products and services, such as Equiniti Limited and Equiniti India
  • Non Equiniti entities, who help us deliver our products and services, including:
  • Printers in order to print postal marketing communications
  • Service suppliers to facilitate email, IT and administration services
  • Our professional advisors, for example, our lawyers and technology consultants, when they need it to provide advice to us
  • Other credit reference agencies and our fraud detection agencies as part of our identification procedures, for example, Experian and TraceSmart
  • Market Research Agencies to measure or understand the effectiveness of advertising we serve to you and others. We may do this ourselves or appoint an agency to do this on our behalf. This will include your use of social media sites

We will only transfer your personal information to trusted third parties who provide sufficient security guarantees and who demonstrate a commitment to compliance with applicable law and this policy. Where third parties are processing personal information on our behalf, they will be required to agree, by contractual means, to process the personal information in accordance with the applicable law. This contract will stipulate, amongst other things, that the third party and its representatives shall act only on our instructions, or as permitted by law.

We are also required share your personal data with external third parties as follows (but not limited to):

  • Regulators and supervisory authorities e.g. Her Majesty’s Revenue and Customs (HMRC), domestic or foreign tax authority, Credit Industry Fraud Avoidance System (Cifas); Financial Ombudsman Service (FOS)
  • Where the law requires or permits disclosure, or there is a duty to the public to reveal it
  • When we need to defend or exercise our legal rights or those of a third party
  • Efforts to trace you if our clients lose contact with you e.g. to reunite you with your assets
  • Police and other law enforcement agencies for the prevention and detection of crime and where a valid permission is applicable
  • As a result of a court order or other regulatory instruction
  • Our insurers and insurance brokers where required for underwriting our risks and as part of ongoing risk assessments
  • We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. At all times, we take steps to ensure your privacy rights continue to be protected as per this Privacy Notice.

7. Overseas Processing

We process Personal Data where Equiniti Group affiliates and their service providers maintain servers and facilities, including the UK and Ireland. We take steps, including through contracts, intended to ensure that the information continues to be protected wherever it is located in a manner consistent with the standards of protection required under applicable law.

8. How we keep your personal data secure

We take appropriate steps to ensure that Personal Data we process remains secure.

Once your personal data is received by us, we take its security very seriously. We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your personal data across all our computer systems, networks, websites, offices and stores as much as possible. In particular, our Information Security policy set is aligned to ISO 27001, which is an internationally recognised security standard.

We also use secure means to communicate with you where appropriate, such as ‘‘https’’ and other security and encryption protocols. This is indicated by a lock icon on the bottom of the web browser, or the address will include the letters https in the top left-hand corner.

If you have any concerns about the security of your own personal computers and mobile devices, we suggest you read the advice of Get Safe Online, which can be accessed at www.getsafeonline.org.

9. Your personal data rights and how to exercise them

Your Rights

Your rights in respect of the personal information that we hold about you Explanatory detail
The right to be informed about how we use your personal data. This Privacy Notice provides you with the details on how we use and process your data.
The right of access to a copy of any personal data EQD processes about you, together with certain additional information. If you request to see your personal data, your initial request will be free of charge; subsequent requests may attract an administration fee. The additional information includes details of the categories and recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data.
The right to request us to rectify or update it. This will be relevant where the personal data we hold is or has become inaccurate or incomplete, taking into account the purposes of the processing. Please explain why you consider the data inaccurate or incomplete.
The right to request us to erase your personal data in certain circumstances. The circumstances when erasure can apply include when we no longer need it to meet a lawful basis for processing unless that basis is consent and you withdraw your consent or you object to the processing or the processing is unlawful.
However, certain exclusions apply - where the processing is necessary for compliance with a legal obligation or to establish, exercise or defend legal claims.
The right to request us to restrict processing it. This request can be used to stop us processing your personal data if you disagree over the accuracy of the personal data, the reason for processing or if you wish us to retain your personal data for longer than our retention period, e.g. to establish, exercise or defend a legal claim.
The right to request a copy of your information for data portability purposes. If you have provided personal data to us under contract or because you consented to the processing and use the data by automated means, then you have the right to instruct us to transmit that personal data to you or another data controller in a machine-readable format.
The right to object to us processing your personal data. You have a right to object to us processing your data where we are processing it for the purpose of legitimate interests.
You can also object to direct marketing communications from us about products, offers, competitions, or services and any profiling that we may perform in relation to direct marketing. You can do this at the point of data collection, through the use of any opt-out functionality on text and emails, via your preference centre or by contacting your helpline service.
You can update your marketing preferences at any time through the use of the opt-out functionality.
You have the right to withdraw your consent at any time. However, this will not affect the lawfulness of processing before the withdrawal.
If you would like to receive the marketing described above, please ensure you have indicated your preferences accordingly.
Rights related to decisions based solely on automated processing. Where this processing produces legal effects or significantly affects you, you can object to this processing unless the processing is necessary as part of our contract, or is required by legislation.
Right to lodge a complaint with a supervisory authority. If you wish to raise a complaint on how we have handled your personal data, please contact our Data Protection team who will investigate the matter and report back to you.
If you remain unsatisfied with our response or believe we are not processing your personal data in accordance with the law, you are able to contact the data protection authority in your country. In the UK, it is the Information Commissioner’s Office (ICO) who regulates Data Controllers compliance with data protection legislation. They can be contacted by email: casework@ico.org.uk, post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or by telephone: 0303 123 1113.

10. Useful information

10.1 - Use of 'cookies'

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity, and do not identify you as an individual. This helps us to improve our website and deliver a better more personalised service.

It is possible to switch off cookies by setting your browser preferences. However, turning cookies off may result in a loss of functionality when using our website. For more information on how to switch off cookies on your computer, visit our full Cookies Policy.

10.2 - Links to other websites

Our websites may contain links to other websites run by other organisations, or other Equiniti companies. This Privacy Notice applies only to EQD websites, where the link appears. When you are on another website, we encourage you to read their privacy statements as it will take precedence over this Policy. We cannot be responsible for the privacy policies and practices of other sites.

10.3 - Social media, blogs, reviews, and similar services

Any social media posts or comments you make to us (e.g. on our own Facebook page) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) on which they are made and could be made public by that platform. These platforms are controlled by other organisations, and so we are not responsible for this sharing. You should review the terms and conditions and privacy policies of the social media platforms you use to ensure you understand how they will use your information, what information relating to you they will place in the public domain and how you can stop them from doing so if you are unhappy about it.

Any blog, review or other posts or comments you make about us, our products and Services on any of our blog, review or user community services will be shared with all other members of that service and the public at large.

You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.

10.4 - Changes to this policy

We review our use of personal data regularly. In doing so, we may change what personal data we collect, how we keep it and or what we do with it. As a result, we may change this Privacy Notice. from time to time to keep it relevant and up to date.

This policy was issued on 24 May 2018.

If you require copies of previous versions of the EQD Privacy Notice, please contact the Data Protection Officer using the contact details noted above.

Version 1.3