LexisNexis Processing Notice

Last updated: May 17, 2018

  1. 1. About This Processing Notice

  1. This processing notice applies to the personal information (the "Content") processed in the LexisNexis products and services (the "Services"), including our Due Diligence and Compliance, Media Monitoring, Reputation Management, and Research and Insights Services. The customers of the Services that we provide are referred to in this processing statement as our "Customers".

  2. 2. Why We Collect Personal Information

    The Content in our Services enables our Customers to comply with their Know Your Customer, anti-bribery and corruption, financial crime, anti-money laundering, counter terrorist financing, and other similar obligations. Customers also use our Services for supplier risk management, ethical conduct, mergers and acquisitions, fact checking, competitive intelligence, policy research and other business processes.

    Our Content is designed to allow our Customers to comply with their legal and regulatory obligations to conduct due diligence and other screening activities, and to conduct other risk management activities for which there is a substantial public interest.

    Our Content is also designed to provide organisations with information that may impact their organisation, brand, or customer base, and enable informed commercial and business risk decisions. Such Customer use includes:

    • media, industry, market, investment, legal, political, and journalistic research;
    • identification of industry trends or generating new business insights; and
    • identification of media influencers and new sales and marketing opportunities.

    As a data aggregator, we do not exercise editorial control over the personal information that appears in the source material we collect.

    We use the Content for research and analytical purposes to improve the Services we offer to our Customers as detailed above. 

  3. 3. Information Processed

    The Content we provide to our Customers is aggregated from public records, publicly available information such as news and business information, and other third party sources. This includes data providers, biographical sources, broadcast content providers, social media providers and public source information such as government watch and sanction lists. In some cases, our source materials contain personal information, and where this is the case that personal information will also appear in our Content. Such information

    may include:

    • name, age, date of birth, gender, country of residence;
    • government identification numbers such as social security or national insurance numbers;
    • employment and education details, which may include details of public, religious, political or trade union roles;
    • personal and professional affiliations;
    • information from newspapers blogs, social media and other websites;
    • financial information relating to income or wealth, such as net worth, bankruptcy or insolvency filings;
    • inclusion on a sanctions list or a public list of disqualified directors or other positions of responsibility;
    • in relation to a politically exposed person ("PEP") as defined under the Financial Action Task Force Recommendations, or close associates of PEPs, details of family circumstances, such as marital status and dependents, and in limited circumstances, PEP passport details; and / or
    • reported allegations of money laundering, terrorism financing, bribery and corruption and similar activities.
  4. 4. Who We Hold Information On

    Our Content includes personal information about:

    • individuals who are referenced within news and other media publications;
    • biographies published in business research publications;;
    • journalists, bloggers and analysts, which includes information such as social media handles, contact details, articles, posts and blogs; and
    • Political biographies.

    Personal information may also appear in Content if our source materials indicate that an individual is:

    • a PEP, a close personal or business associate of a PEP;
    • within a category of predicate offenses under anti-money laundering, terrorist financing, bribery or corruption laws or regulations;
    • mentioned on the website of any public authority in relation to money-laundering, terrorist financing, bribery, corruption or similar activities;
    • included on a government or other international body's sanctions list; and/or
    • investigated, indicted, suspected of, or convicted for, an offence which is considered a pre-cursor to money laundering or terrorist financing (e.g. arms trafficking, smuggling or fraud).

    Our Customers make their own decisions as to how to use the personal information within our content. We do not make any decisions about an individual. Furthermore, our Customers are required to conduct their own checks to verify the accuracy of the data, and, are prohibited from using our data as the sole basis of any decision making that may affect individuals whose personal information is contained within the content. Our Customer’s privacy notices / policies will tell you more about how they use personal information, including information regarding the Services they have used and the information they have obtained from our Content.

  5. 5. Information Recipients

    We share attribute information:

    • with our Customers and our processors;
    • where we have a good faith belief that such disclosure is necessary to meet any applicable law, regulation, legal process or other legal obligation; detect, investigate and help prevent security, fraud or technical issues; and/or protect the rights, property or safety of LexisNexis, our users, employees or others; and
    • as part of a corporate transaction, such as a transfer of assets or an acquisition by or merger with another company.
  6. 6. Grounds For Processing

    When we collect or otherwise process personal information which is subject to European data protection laws, we do so:

    • (a) where necessary for compliance with a legal obligation;
    • (b) where the processing is in the public interest; and/or
    • (c) as necessary to operate our business, protect the security of our systems, customers and users, detect or prevent fraud, or fulfil our other legitimate interests as described above, except where our interests are overridden by the individual's privacy rights.

    In particular, we note that there is a substantial public interest in our processing of personal information in order to enable our Customers to comply with their legal obligations and to effectively manage their risks, make informed decisions, and run themselves in an ethical manner.

    Where we rely on legitimate interests to process personal information, the individuals to whom the personal information relates have the right to object. See Section 9 of this notice for further details.

  7. 7. Locations of Processing

    Your personal information may be stored and processed in your region or another country where LexisNexis, its affiliates and their service providers maintain servers and facilities, including Australia, France, Germany, India, Ireland, the Netherlands, the Philippines, Singapore, the United Kingdom and the United States. We take steps, including through contracts, intended to ensure that the information continues to be protected wherever it is located in a manner consistent with the standards of protection required under applicable law.

    Where personal information is transferred from the European Economic Area (“EEA”) or Switzerland to a country that has not received an adequacy decision by the European Commission, we rely on appropriate safeguards, such as the European Commission-approved Standard Contractual Clauses and the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, to transfer the data.

    Certain U.S. entities within the LexisNexis group of companies have certified certain of their services to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce. Please view these entities’ Privacy Shield Notice here. To learn more about the Privacy Shield program, and to view these entities’ certification, please visit www.privacyshield.gov.

  8. 8. Data Subject Rights

    You have the right under European and certain other privacy and data protection laws, as may be applicable, to request free of charge:

    • access to your personal information;
    • rectification or erasure of your personal information; and
    • restriction of our processing of your personal information, or to object to our processing;

    If you wish to exercise these rights, please submit your request in writing via the contact details below. We will respond to your request consistent with applicable laws. Your rights to object, restrict or delete your personal data may be limited where we are legally required to process your personal data or have compelling reasons to override your request. To protect your privacy and security, we may require you to verify your identity.

  9. 9. Data Retention

    We retain personal information for only as long as necessary to provide the Services and fulfil the transactions our Customers have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements.

  10. 10. Data Security

    We implement technical and organisational measures to seek to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the integrity, confidentiality, and availability of personal information.

  11. 11. Changes

    We will update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. If we make any material changes, we will provide notice through the Service or by other means.

  12. 12. Contact

  1. If you have any questions, comments, complaints or requests regarding this processing notice please contact Data Protection Officer via our privacy centre. You may also lodge a complaint to a data protection authority in the applicable jurisdiction. 

    LexisNexis Business Information Solutions B.V. is the Data Controller of the personal information we use in these Services.

    The data protection representative for our businesses that are processing personal information in the Content within the scope of European data protection laws and located outside of the EEA and Switzerland is RELX (UK) Limited trading as LexisNexis.