This additional notice explains how the Accuity services and the WorldCompliance services (WorldCompliance data and WorldCompliance Online Search Tool) allow our business customers to look-up information about individuals. This notice explains how we use this information.
The WorldCompliance and Accuity service contains information that our business customers can use to screen individuals to prevent and detect fraud, terrorism, money laundering, bribery and corruption, and other crimes. To do this, we allow our customers to conduct checks against the personal information we hold in the WorldCompliance and Accuity database.
WorldCompliance and Accuity collects data from open-source data for use in anti-money laundering (AML), counter-terrorism finance (CTF) and anti-bribery and corruption (ABC) compliance products by our clientele.
We obtain personal information about you from our companies and from other third parties, including:
The data we receive from these third-parties includes the following:
WorldCompliance and Accuity services are not aimed at children. In the limited circumstances where we collect and use personal information about children (for example, because they are the children of a PEP (as defined below)), we comply with industry guidelines and applicable laws.
Access to the services is exclusively available to business customers who are obligated under national AML/CTF/ABC laws and regulations to identify individuals and companies linked to various risk categories in order to comply with regulatory requirements and ensure that they do not engage in business with those who abuse the financial system.
We use personal information to help our customers comply with their regulatory requirements to screen their clients against sanctions and other lists relating to law enforcement and regulatory requirements. We do not decide what our customers do with the results of a check – for example, whether our customer decides to conduct further checks or that they are permitted to do business with a particular client is solely up to them. The personal data we provide to our business customer is one factor they may consider in their assessment.
The following describes the purposes for which we process personal information:
Comply with our legal obligations, resolve disputes, and enforce our agreements.
We provide information to:
We do not monitor the profiles accessed in the database due to AML (anti-money laundering) and CTF (counter-terrorist finance) regulations.
We also disclose your personal information if we have a good faith belief that such disclosure is necessary to:
We retain your personal information for as long as necessary to provide the WorldCompliance and Accuity services and for other essential purposes such as complying with our legal obligations, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements.
The criteria used to determine the storage period will include the length of time your personal information remains relevant to WorldCompliance, legal limitation of liability period, agreed contractual provisions, applicable regulatory requirements and industry standards.
We keep this retention under review and we will remove data as and when we no longer require it.
Your personal information may be stored and processed in your region or another country where LexisNexis Risk Solutions affiliates and our service providers maintain servers and facilities, including Australia, Brazil, France, Germany, Iceland, India, Italy, Ireland, the Netherlands, the Philippines, Singapore, South Africa, the United Kingdom, and the United States. We take steps, including through contracts, intended to ensure that the information continues to be protected wherever it is located in a manner consistent with the standards of protection required under applicable law.
Certain U.S. entities within the LexisNexis Risk Solutions group of companies have certified certain of their services to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. Please view these entities’ Data Privacy Framework Notice here. To learn more about the Data Privacy Framework program, and to view these entities’ certification, please visit https://www.dataprivacyframework.gov.
Where your personal information is included in the WorldCompliance and Accuity database, we process your personal information for our and our customers legitimate interests, which are:
Where the personal information we process includes sensitive or criminal offence data (as defined by the relevant law), we are able to process this data because it is necessary for a legal obligation, there is a substantial public interest, the information was manifestly made public or we have obtained a license for such processing in accordance with the applicable law.
Our customers could not achieve the above objectives without the specialist services offered by third party providers such as WorldCompliance and Accuity. A data subject applying for a product or service with one of our business customers would expect background checks to be carried out during their applications and would be informed so by our business customer (the data controller) at point of application. Therefore, we believe there is a clear and specific legitimate interest, that we have demonstrated necessity and objectively considered the balance of interests.
If you would like more information about the factors we considered you can ask us using the contact us information below.
You have the right to request free of charge access to, restriction, correction or deletion of personal information about you that we hold,
If you would like to exercise any of those rights, please contact us at the address set out below. We will respond to your request consistent with applicable laws. To protect your privacy and security, we may require you to verify your identity.
We will update this Processing Notice from time to time. Any changes will be posted on this page with an updated revision date. If we make any material changes, we will provide notice through the Service or by other means.
Data Protection Officer, LexisNexis Risk Solutions, Global Reach, Dunleavy Drive, Cardiff CF 11 0SN, UK
The data controllers for our Risk and Compliance Services are listed below:
We hope that we can resolve any query or concern you raise about our use of your information but you always have the right to lodge a complaint with a supervisory authority.
Last updated: October 10, 2023