Additional Privacy Information for certain Accuity services
This additional notice explains how the Accuity risk and compliance services (the “Risk and Compliance Services”) allow our customers to look-up information about individuals. This notice explains how we use this information.
More information about the data controllers for our Risk and Compliance Services is set out in the contact us section of this notice.
Information We Collect
The Risk and Compliance Services contain information that our customers can use to screen individuals to prevent and detect fraud, terrorism, money laundering, bribery and corruption, and other crimes. To do this, we allow our customers to conduct checks against the personal information we hold in the Risk and Compliance Services.
We obtain personal information about you from our group companies and from other third parties, including:
- Other members of our group of companies, which in turn receive personal information from other third-parties. For more information on the information we receive from these companies, please see https://www.lexisnexis.com/en-us/privacy/world-compliance-privacy-info.page;
- Publicly-available sources and data suppliers from which we obtain data to validate or supplement the information we hold, such as government watch lists, court and insolvency records, electoral registers and public company information.
The data we receive from these third-parties includes the following:
- Data used to identify individuals, such as names, identification documents.
- Information about business activities, such as affiliation with and ownership of businesses.
- Information about court judgments and criminal activity, such as details of offences and court dispositions.
- Sanctions lists, watch lists and lists of politically exposed persons, including your presence on such lists and you (or your family members’ or business associates’) affiliations with government officials.
- Information from public media, such as information in published news sources that may reveal connections to suspected criminal activity.
- and please also refer to https://www.lexisnexis.com/en-us/privacy/world-compliance-privacy-info.page for further information.
How We Use Your Information
We use personal information to help our customers comply with their regulatory requirements to screen their clients against sanctions and other lists relating to law enforcement and regulatory requirements. We do not decide what our customers do with the results of a check – for example, whether our customer decides to conduct further checks or that they are permitted to do business with a particular client is solely up to them. The personal information we provide to them is only one factor they consider. The following describes the purposes for which we process personal information:
- Allowing our customers to comply with their regulatory requirements: the Risk and Compliance Services enable our customers to check whether doing business with a client or potential client could create a risk of financial crime, such as corruption or money laundering. For example, when individuals apply for an account, the bank may search their names against sanctions lists, watch lists, lists of politically exposed persons, media reports and other publicly-available information, to determine whether opening an account creates a risk of violating regulatory requirements, and the bank will be responsible to carry out their own due diligence.
- Comply with our legal obligations, resolve disputes, and enforce our agreements.
Sharing of your Information
We provide information to:
- Our group companies, trading names and divisions within the Reed Business Information group of companies worldwide (for a list, click here) and certain RELX Group companies that provide technology, customer service and other shared services functions; and
- Our service providers, suppliers, agents and representatives, including but not limited to, editors, customer support, IT service providers;
We also disclose your personal information if we have a good faith belief that such disclosure is necessary to:
- meet any applicable law, regulation, legal process or other legal obligation;
- detect, investigate and help prevent security, fraud or technical issues;
- protect the rights, property or safety of Reed Business Information, our users, employees and others;
- or as part of a corporate transaction, such as a transfer of assets to or an acquisition by or merger with another company.
Sharing with our customers
If your information is included in the Risk and Compliance Services, then this will be available to customers who use the Risk and Compliance Services. These are primarily organisations in the regulated sectors (e.g. financial services or payment service providers), or other businesses that must screen individuals for compliance with counter-terrorism, anti-corruption and anti-money laundering regulations, anywhere in the world.
We retain your personal information for as long as necessary to provide the Risk and Compliance Services and for other essential purposes such as complying with our legal obligations, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements.
We retain identification data (such as names and addresses) whilst there is a continuing need for us to utilise it. We keep this retention under review and we will remove data as and when we no longer require it.
Locations of Processing
Your personal information may be stored and processing in your region or another country where Reed Business Information, its group companies and our service providers maintain servers and facilities, including Australia, Brazil, France, Germany, Italy, Ireland, the Netherlands, Singapore, South Africa, the United Kingdom, and the United States. We take steps including through our contracts, intended to ensure that the information continues to be protected wherever it is located in a manner consistent with the standards of protection required under applicable law.
Where personal information is transferred from the European Economic Area or Switzerland to a country that has not received an adequacy decision by the European Commission, we rely on adequate safeguards, such as the European Commission-approved Standard Contractual Clauses and the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, to transfer the data.
Accuity Inc. has certified certain of their services to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce. Please view these entities’ Privacy Shield Notice here. To learn more about the Privacy Shield program, and to view these entities’ certification, please visit www.privacyshield.gov.
Grounds for Processing
Where your personal information is included in the Risk and Compliance Services, we process your personal information for our and our licensees’ legitimate interests, which are: to deliver our products to our customers and their end users; to detect or prevent fraud; to protect the security of our systems customers and users; to further develop our products; to conduct direct marketing; to operate our business (by processing payments/invoices and conduct credit checks on customers, suppliers and leads, perform sales and customer relations management, supplier management, as well as incidental processing in our back office for these purposes); to provide customer service or support; and to enable our customers to comply with their legal obligations.
Where the personal information we process includes sensitive or criminal offence data (as defined by the relevant law), we are able to process this data because it is necessary for a legal obligation, there is a substantial public interest, the information was manifestly made public or we have obtained a license for such processing in accordance with the applicable law.
If you would like more information about the factors we considered you can ask us using the contact us information below.
You have the right to request free of charge:
- access to and correction or deletion of other personal information about you that we hold,
- that we cease using your personal information,
- a copy or portability of your personal information.
If you would like to exercise any of those rights, please contact us at the address set out below. We will respond to your request consistent with applicable laws. To protect your privacy and security, we may require you to verify your identity.
The data controllers for our Risk and Compliance Services are listed below:
|Reed Business International Ltd.||Accuity Inc|
How to complain
We hope that we can resolve any query or concern you raise about our use of your information but you always have the right to lodge a complaint with a supervisory authority.
Last updated: May 23, 2018