UK Privacy Policy (Archive)

This is an archive. To view the latest version of the this page, click here.

UK Privacy Policy

Thank you for visiting Acxiom’s Privacy Policy which relates to data collected for use in our products and services. Our full Privacy Policy is available below the following video which, we believe, will help you understand Acxiom and how we use the data to help businesses deliver better marketing experiences to people.

Scope

We respect the right of individuals to privacy. Our Privacy Policy explains:

Who we are
What kinds of personal data we may hold about you
How we obtain data about you
What we do with personal data
Who we may share your personal data with
Data retention, security and transfers
Your rights
Other data protection information.

Who we are

Our company is Acxiom Limited. Our registered office is 17 Hatfields, London, SE1 8DJ and company registered number is 1182318. Individuals wishing to contact us about data protection issues may do so by writing to us at Consumer Services Department, Acxiom Limited, 17 Hatfields, London SE1 8DJ or by calling 020 7526 5226 or by emailing us at [email protected].

What kinds of personal data we may hold about you

Acxiom holds personal data such as names, addresses, ages, dates of birth, emails, telephone numbers, transactional data, lifestyle and demographic data. This information may be kept in its identifiable form, or in an aggregated form (so that individuals cannot be identified), for the purposes listed below.

How we obtain data about you

We obtain data from partner companies who in turn obtain information from people who volunteer information when they complete lifestyle surveys or when they buy goods or subscribe to clubs or services. In the past, we also collected information directly from our own lifestyle questionnaire program which we no longer run. We obtain data through various channels such as online, by telephone or in paper format. In common with many marketing companies, we also use information that we obtain from public sources, such as the open electoral register and register of company directors along with data made available under the open government licence such as the census, HM Land Registry data and DWP area level statistics. Click here for examples of the kinds of companies and sources we mean.

What we do with personal data

We use this data to create solutions to be used for insight, recognition and contact purposes.

Insight: we use this data to create a marketing picture of individuals throughout the country. This includes demographics such as age and income, hobbies and interests that relate to people’s lifestyle choices and market specific predictors such as technology and financial product ownership. We use a combination of actual data held (at individual level or summarised at household, address, postcode or other geographical level) and derived information (through statistical modelling or by applying a logical rule set) which indicates an individual’s likelihood of having a particular attribute, e.g. their likelihood to have pets or to fall within a particular marketing segment such as “technology early adopters”. The resulting dataset is then used by others to make marketing more relevant as further explained in the next section. We do not hold nor do we derive any sensitive personal data on people.

Recognition: we use the data for matching and linking to other databases. For example, an advertiser sends us a list of names and addresses, then we match those names and addresses to our product. Where there is a match, we add the lifestyle information we hold on those matched individuals to the advertiser file; or instead of adding lifestyle information we append a persistent key to the advertiser file which can then be used to recognise records that have the same key appended to them. Another example is where an advertiser sends us names and email addresses, then we match those names and email addresses to our file and where there is a match we add the “bricks and mortar” address we hold on those individuals to the advertiser file.

Contact: we use contact information from this data to create a direct marketing file. For example, we create a file of names and addresses of individuals which is used for marketing.

We do not carry out any marketing ourselves with these solutions, and businesses using them to contact people need separately to ensure they may do so in accordance with data protection law.

Who we may share your personal data with

We share information with our commercial partners – such as brands, agencies, public authorities and marketing companies – in all industry sectors to help them deliver better marketing and service/communication experiences to people. They may use this personal data for the following purposes:

to send you relevant marketing or other communications
to improve the relevance of marketing or other communications through the use of lifestyle and demographic insight data
to clean, validate and enhance marketing or other databases
to undertake research and analysis
for product development and testing
for identity validation and fraud reduction
to support client relationship
to connect and link your data to other marketing and advertising databases and platforms
for work planning, management and strategic decision making and
for the fulfilment of statutory functions, for example reminding people about TV licences.

Some examples of the industry types you can expect data to be used in are: automotive, charity, education, gaming, retail, leisure, financial services (including retail banking, investments, loans, credit cards, insurance, wills and funeral plans), politics, health/mobility, home improvements, mail order, market research, publishing, media, FMCG (toiletries/cosmetics/food and drink), travel, telecoms and utilities.

We share data directly with brands and via agencies. We also share data (usually in a form where individuals cannot be directly identified) with other marketing companies such as social media and programmatic platforms. We make sure the recipients of our data are reputable entities by conducting appropriate checks on them. Before we share our data we enter into written agreements with recipients which contain data protection terms that safeguard your data.

Personal data used in Acxiom’s data products and services may also be passed to and used by members of the Acxiom group of companies worldwide. We may also pass data to other companies that process personal data on our behalf to help us conduct our business. When we do so, we ensure that appropriate contractual safeguards are put in place.

Acxiom may also disclose personal data as required by law and to comply with legal process.

Data retention, security and transfers

The data we hold is non-sensitive personal data and not subject to any sector specific data retention requirements. That said, our data retention periods are as follows:

Personal data not used for any purpose is deleted. If someone objects to us processing their data the record is added to a deletion file that is released every two weeks to be applied to our in market products. Their data is then removed from our environment in full in accordance with our data deletion cycle (typically nine months, during which time their data is not used) unless we have a valid justification to hold on to it such as to resolve disputes or comply with our legal obligations. We also retain that which is necessary to keep on a suppression file so if we obtain someone’s data again we know not to use it.

Security

Acxiom takes security seriously. We make considerable investments and use an industry-recognised security objective control framework to keep our sites and systems secure and to prevent personal data from being made available to any unauthorised persons or businesses. Examples of measures we take to ensure data security are as follows:

Physical Data Security: Personal data is only loaded and accessed by authorised Acxiom staff in a locked and secure environment. All media containing personal data are stored in a locked and secure environment and all personal data and media are returned to the supplying company or destroyed at the expiration or termination of the relevant agreement or applicable retention period.

Data and System Security: Logical security of the personal data contained within our data centre is protected by multiple layers and techniques that conform to security industry standards and guidelines such as the combination of unique terminal identifiers and passwords.

Document Security and Confidentiality: Acxiom associates are instructed to ensure that their working areas are left clear with all working information locked away at the end of each business day and when away from their normal place of work for any significant period during the working day.

Data Back-up: Acxiom backs up all disk system files to the appropriate tape media on daily, weekly, or monthly cycles, according to available processing schedules and periods. One or more generations of a back-up cycle are retained and either stored in an alternate building or moved and stored at a secure offsite location.

Building and Personnel Security: All Acxiom buildings have a security guard on duty 24 hours a day and access is only granted to personnel displaying a valid security badge. Visitors must identify themselves and sign in before being escorted into an Acxiom facility.

Security Officer: Acxiom has a designated member of staff responsible for all aspects of security. Their function is to ensure that all Acxiom staff are aware of security responsibilities, that procedures are being followed and to carry out periodic audits and compliance spot checks on adherence to security procedures.

Business Partner Security: We expect recipients of our data to have in place similar security measures, and we carry out checks to assess their suitability and put in place adequate contractual safeguards before any data is shared with them.

Transfers

Your personal data cannot be transferred outside the EEA unless a valid adequacy mechanism is in place legitimising such a transfer. We will only transfer personal data outside the EEA once an appropriate transfer mechanism is in place. This might include either EU model clauses, or in the case of US recipients, a Privacy Shield certification.

Our parent company Acxiom LLC is registered with the US Department of Commerce on www.privacyshield.gov in accordance with the Privacy Shield agreement between the EU and the USA.

Safeguards afforded by the EU model clauses may be accessed here: https://ico.org.uk/media/1571/model_contract_clauses_international_transfers_of_personal_data.pdf

Your rights

Individuals may request access to or deletion of their personal data, or object to the use of their data (including for automated decision-making and profiling) by going to our Consumer Preference Portal. Individuals wishing to contact us about other data protection issues (such as their right to restrict the use of or correct their data) may do so by writing to us at Consumer Services Department, Acxiom Limited, 17 Hatfields, London, SE1 8DJ or by calling 020 7526 5226 or by emailing us at [email protected]. Our data protection officer may be contacted at our registered address or by emailing [email protected].

Where Acxiom obtained personal data from you under the Data Protection Act 1998 on a consent basis it is now processed on a legitimate interests’ basis, but Acxiom will provide you with (and you may exercise) any further rights you would have if that data were still being processed on the consent ground.

In the event of a complaint you may contact the relevant supervisory authority which in the UK is the Information Commissioner’s Office whose address is Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Other data protection information

Acxiom uses and shares personal data based on its legitimate commercial interests, and those of its partner businesses, in accordance with Article 6(1)(f) of the General Data Protection Regulation. Please click here for a summary of our legitimate interests’ balancing test. We take great care to handle all personal data in accordance with data protection law and to ensure that it is never used in ways that unduly prejudice individuals’ interests. Users of our data are prohibited by contractual restrictions from using our data in a way which discriminates unfairly against individuals or produces legal or similar effects. You have the right to object to this processing and if you wish to do so please inform us by using one of the contact channels in the preceding section.

TRANSFER OF ASSETS

As Acxiom develops its business, there may be a change of control of Acxiom or divisions, subsidiaries, affiliates or portions of Acxiom. In this situation, personal data is typically considered a transferable asset. Also, in the event that Acxiom or a part of its divisions, affiliates or subsidiaries are purchased, personal data will be one of the transferred assets.

CHANGES TO OUR PRIVACY POLICY

Acxiom reserves the right to update and revise this Privacy Policy from time to time to take into account legislative and other developments. Any changes we may make to our Privacy Policy will be posted on this page and contain an “effective date” reflecting when the last changes occurred.

Effective date: 12th March 2020

Elevating Heathrow’s customer experience: a data-driven success story with Acxiom

Channel 4 uses Acxiom’s InfoBase® data to optimise advertising on their streaming platform

How a leading motor company leveraged CDPs to drive media optimisations

5 trends every brand needs to know: transform CX in 2025

The Mass Martech Modernization

Acxiom recognised as a leader in Snowflake’s modern marketing data stack report

What every C-suite executive needs to know about AI