1. About This Processing Notice
This processing notice applies to the personal information (the "Content") processed in the LexisNexis products and services (the "Services"), including our due diligence and compliance, media monitoring, reputation management, and research and insights services. The customers of the Services that we provide are referred to in this processing statement as our "Customers".
2. Why We Collect Personal Information
The Content in our Services enables our Customers to comply with their Know Your Customer (KYC), anti-bribery and corruption (ABC), financial crime, anti-money laundering (AML), counter-terrorist financing (CTF), and other similar obligations. Customers also use our Services for supplier risk management, ethical conduct, mergers and acquisitions, fact checking, competitive intelligence, policy research and other business processes.
Our Content is designed to allow our Customers to comply with their legal and regulatory obligations to conduct due diligence and other screening activities, and to conduct other risk management activities for which there is a substantial public interest.
Our Content is also designed to provide organisations with information that may impact their organisation, brand, or customer base, and enable informed commercial and business risk decisions. Such Customer use includes:
- media, industry, market, investment, fundraising, legal, political, property, corporate and journalistic research;
- background and credit checking;
- identification of industry trends or generating new business insights; and
- identification of media influencers and new sales and marketing opportunities.
As a data aggregator, we do not exercise editorial control over the personal information that appears in the source material we collect.
We use the Content for research and analytical purposes to improve the Services we offer to our Customers as detailed above.
3. Information Processed
The Content we provide to our Customers is aggregated from public records, publicly available information such as news and business information, and other third party sources. This includes data providers, biographical sources, broadcast content providers, social media providers and public source information such as watch and sanction lists. In some cases, our source materials contain personal information, and where this is the case that personal information will also appear in our Content. Such information may include:
- name, age, date of birth, gender, photograph, country of residence and visa status;
- government identification numbers such as social security or national insurance numbers;
- employment and education details, which may include details of public, religious, political or trade union roles;
- personal and professional affiliations;
- information from case law and legal analysis;
- information from intellectual property filings;
- information from newspapers, blogs, social media and other websites;
- financial information relating to income or wealth, such as credit history, property ownership, net worth, charitable donations, and bankruptcy or insolvency filings;
- inclusion on a sanctions list or a public list of disqualified directors or other positions of responsibility;
- in relation to a politically exposed person ("PEP") as defined under the Financial Action Task Force Recommendations, or close associates of PEPs, details of family circumstances, such as marital status and dependents, and in limited circumstances, PEP passport details; and / or
- reported allegations of money laundering, terrorism financing, bribery and corruption and similar activities.
4. Who We Hold Information On
Our Content includes personal information about:
- individuals mentioned in news and other media sources such as websites, blogs and social media;
- individuals mentioned in biographies published in business research publications;
- officers, directors and shareholders published in company reports;
- individuals mentioned in court, regulatory or other government sources;
- judges, legal representatives, expert witnesses and other individuals involved in cases and proceedings;
- journalists, bloggers and analysts, including information such as social media handles, contact details, articles, posts and blogs; and
- parliamentary, local government or other politicians
Personal information may also appear in Content if our source materials indicate that an individual is:
- a PEP or a close personal or business associate of a PEP;
- within a category of predicate offenses under anti-money laundering, terrorist financing, bribery or corruption laws or regulations;
- mentioned on the website of any public authority in relation to money-laundering, terrorist financing, bribery, corruption or similar activities;
- included on a government or other international body's sanctions list; and/or
- investigated, indicted, suspected of, or convicted for, an offence which is considered a pre-cursor to money laundering or terrorist financing (e.g. arms trafficking, smuggling or fraud).
Our Customers make their own decisions as to how to use the personal information within our content. We do not make any decisions about an individual. Furthermore, our Customers are required to conduct their own checks to verify the accuracy of the data, and, are prohibited from using our data as the sole basis of any decision making that may affect individuals whose personal information is contained within the content. Our Customer’s privacy notices / policies will tell you more about how they use personal information, including information regarding the Services they have used and the information they have obtained from our Content.
5. Information Recipients
We share information:
- with our Customers and our service providers and other processors;
- where we have a good faith belief that such disclosure is necessary to meet any applicable law, regulation, legal process or other legal obligation; detect, investigate and help prevent security, fraud or technical issues; and/or protect the rights, property or safety of LexisNexis, our users, employees or others; and
- as part of a corporate transaction, such as a transfer of assets or an acquisition by or merger with another company.
6. Grounds For Processing
When we collect, publish or otherwise process personal information, we do so:
- where necessary for compliance with a legal obligation;
- where the processing is in the public interest; and/or
- as necessary to operate our business, protect the security of our systems, customers and users, detect or prevent fraud, or fulfil our other legitimate interests as described above, except where our interests are overridden by the individual's privacy rights.
There is a substantial public interest in our processing of personal information in order to enable our Customers to comply with their legal obligations and to effectively manage their risks, make informed decisions, and run themselves in an ethical manner.
Where we rely on legitimate interests to process personal information, the individuals to whom the personal information relates have the right to object.
7. Locations of Processing
Your personal information may be stored and processed in your region or another country where LexisNexis, its affiliates and their service providers maintain servers and facilities, including Australia, France, Germany, India, Ireland, the Netherlands, the Philippines, Singapore, the United Kingdom and the United States. We take steps, including through contracts, intended to ensure that the information continues to be protected wherever it is located in a manner consistent with the standards of protection required under applicable law.
8. Data Subject Rights
You have the right under certain privacy and data protection laws, as may be applicable, to request free of charge:
- access to your personal information;
- rectification or erasure of your personal information; and
- restriction of our processing of your personal information, or to object to our processing;
If you wish to exercise these rights, please submit your request via our privacy centre. We will respond to your request consistent with applicable laws. Your rights to object, restrict or delete your personal data may be limited where we are legally required to process your personal data or have compelling reasons to override your request. To protect your privacy and security, we may require you to verify your identity.
9. Data Retention
We retain personal information for only as long as necessary to provide the Services and fulfil the transactions our Customers have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements.
10. Data Security
We implement technical and organisational measures to seek to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the integrity, confidentiality, and availability of personal information.
We will update this processing notice from time to time. Any changes will be posted on this page with an updated revision date. If we make any material changes, we will provide notice through the Services or by other means.
If you have any questions, comments, complaints or requests regarding this processing notice please contact us via our privacy centre. You may also lodge a complaint to a data protection authority in the applicable jurisdiction.
The LexisNexis company that owns or administers the Services, as identified therein, is the primary controller of the personal information processed therein.
The data protection representative for our businesses that are processing personal data within the scope of European Union data protection laws and established outside of the European Economic Area (EEA) and Switzerland is LexisNexis Business Information Solutions B.V., Radarweg 29, Amsterdam 1043 NX, The Netherlands.
The data protection representative for our businesses that are processing personal data within the scope of United Kingdom (UK) data protection laws and established outside of the UK is RELX (UK) Limited, trading as LexisNexis, Lexis House, 30 Farringdon Street, London EC4A 4HH, United Kingdom.