WorldCompliance and Accuity Processing Notice

The LexisNexis Risk Solutions Privacy Policy describes how we collect and treat personal information when you use our websites, mobile applications and other services.

This additional notice explains how the Accuity services and the WorldCompliance services (WorldCompliance data and WorldCompliance Online Search Tool) allow our business customers to look-up information about individuals. This notice explains how we use this information.

The WorldCompliance and Accuity service contains information that our business customers can use to screen individuals to prevent and detect fraud, terrorism, money laundering, bribery and corruption, and other crimes. To do this, we allow our customers to conduct checks against the personal information we hold in the WorldCompliance and Accuity database.

WorldCompliance and Accuity collects data from open-source data for use in anti-money laundering (AML), counter-terrorism finance (CTF) and anti-bribery and corruption (ABC) compliance products by our clientele.

We obtain personal information about you from our companies and from other third parties, including:

• Other members of our companies, which in turn receive personal information from other third-parties. For more information on the information we receive from these companies, please see https://www.lexisnexis.com/en-us/privacy/world-compliance-privacy-info.page;
• Publicly-available sources and data suppliers from which we obtain data to validate or supplement the information we hold, such as government watch lists, court and insolvency records, electoral registers and public company information.

The data we receive from these third-parties includes the following:

• Data used to identify individuals, such as names, identification documents.
• Information about business activities, such as affiliation with and ownership of businesses, employment/role details
• Information about court judgments and criminal activity, such as details of offences and court dispositions.
• Sanctions lists, watch lists and lists of politically exposed persons, including your presence on such lists and you (or your family members’ or business associates’) affiliations with government officials.
• Information from public media, such as information in published news sources that may reveal connections to suspected criminal activity.
• Family circumstances information (e.g. your marital status and dependents) if you are a PEP or a close associate of a PEP.
• Professional and personal affiliations (for example, organisations and individuals that you may be associated with in your professional or personal capacity).

WorldCompliance and Accuity services are not aimed at children. In the limited circumstances where we collect and use personal information about children (for example, because they are the children of a PEP (as defined below)), we comply with industry guidelines and applicable laws.

Access to the services is exclusively available to business customers who are obligated under national AML/CTF/ABC laws and regulations to identify individuals and companies linked to various risk categories in order to comply with regulatory requirements and ensure that they do not engage in business with those who abuse the financial system.

We use personal information to help our customers comply with their regulatory requirements to screen their clients against sanctions and other lists relating to law enforcement and regulatory requirements. We do not decide what our customers do with the results of a check – for example, whether our customer decides to conduct further checks or that they are permitted to do business with a particular client is solely up to them. The personal data we provide to our business customer is one factor they may consider in their assessment.

The following describes the purposes for which we process personal information:

• Allowing our business customers to comply with their regulatory requirements: the WorldCompliance and Accuity data enables our business customers to check whether doing business with a client or potential client could create a risk of financial crime, such as corruption or money laundering. For example, when individuals apply for an account, the bank may search their names against sanctions lists, watch lists, lists of politically exposed persons, media reports and other publicly-available information, to determine whether opening an account creates a risk of violating regulatory requirements, and the bank will be responsible to carry out their own due diligence.

Comply with our legal obligations, resolve disputes, and enforce our agreements.

We provide information to:

• Our companies, trade names, and divisions within the LexisNexis Risk Solutions of companies worldwide (for a list, click here) and certain RELX companies that provide technology, customer service and other shared services functions;
• Our service providers, suppliers, agents and representatives, including, but not limited to, editors, customer support, and IT service providers; to process the information for us based on our instructions and in compliance with this privacy policy and any other appropriate confidentiality and security measures.
  
  as well as

• Our business customers. These are primarily organisations in the regulated sectors (e.g. financial services or payment service providers), or other businesses that must screen individuals for compliance with counter-terrorism, anti-corruption and anti-money laundering regulations, anywhere in the world.

We do not monitor the profiles accessed in the database due to AML (anti-money laundering) and CTF (counter-terrorist finance) regulations.

We also disclose your personal information if we have a good faith belief that such disclosure is necessary to:

• meet any applicable law, regulation, legal process or other legal obligation;
• detect, investigate and help prevent security, fraud or technical issues;
• protect the rights, property or safety of LexisNexis Risk Solutions, our users, employees and others;
• or as part of a corporate transaction, such as a transfer of assets to or an acquisition by or merger with another company.

We retain your personal information for as long as necessary to provide the WorldCompliance and Accuity services and for other essential purposes such as complying with our legal obligations, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements.

The criteria used to determine the storage period will include the length of time your personal information remains relevant to WorldCompliance, legal limitation of liability period, agreed contractual provisions, applicable regulatory requirements and industry standards.

We keep this retention under review and we will remove data as and when we no longer require it.

Your personal information may be stored and processed in your region or another country where LexisNexis Risk Solutions affiliates and our service providers maintain servers and facilities, including Australia, Brazil, France, Germany, Iceland, India, Italy, Ireland, the Netherlands, the Philippines, Singapore, South Africa, the United Kingdom, and the United States. We take steps, including through contracts, intended to ensure that the information continues to be protected wherever it is located in a manner consistent with the standards of protection required under applicable law.

Certain U.S. entities within the LexisNexis Risk Solutions group of companies have certified certain of their services to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. Please view these entities’ Data Privacy Framework Notice here. To learn more about the Data Privacy Framework program, and to view these entities’ certification, please visit https://www.dataprivacyframework.gov.

Where your personal information is included in the WorldCompliance and Accuity database, we process your personal information for our and our customers legitimate interests, which are:

• to deliver our products to our customers and their end users;
• to detect or prevent fraud;
• to protect the security of our systems customers and users;
• to further develop our products;
• to provide customer service or support; and
• to enable our customers to comply with their legal obligations.

Where the personal information we process includes sensitive or criminal offence data (as defined by the relevant law), we are able to process this data because it is necessary for a legal obligation, there is a substantial public interest, the information was manifestly made public or we have obtained a license for such processing in accordance with the applicable law.

Our customers could not achieve the above objectives without the specialist services offered by third party providers such as WorldCompliance and Accuity. A data subject applying for a product or service with one of our business customers would expect background checks to be carried out during their applications and would be informed so by our business customer (the data controller) at point of application. Therefore, we believe there is a clear and specific legitimate interest, that we have demonstrated necessity and objectively considered the balance of interests.

If you would like more information about the factors we considered you can ask us using the contact us information below.

You have the right to request free of charge access to, restriction, correction or deletion of personal information about you that we hold,

If you would like to exercise any of those rights, please contact us at the address set out below. We will respond to your request consistent with applicable laws. To protect your privacy and security, we may require you to verify your identity.

We will update this Processing Notice from time to time. Any changes will be posted on this page with an updated revision date. If we make any material changes, we will provide notice through the Service or by other means.

If you have any questions, comments or requests regarding this privacy policy or our processing of your information, please contact us online or in writing:

For U.S. Privacy requests, click here to submit online.
For non-U.S. Privacy requests, click here to submit online.

Data Protection Officer, LexisNexis Risk Solutions, Global Reach, Dunleavy Drive, Cardiff CF 11 0SN, UK

The data controllers for our Risk and Compliance Services are listed below:

WorldCompliance, Inc.
Accuity Inc.

We hope that we can resolve any query or concern you raise about our use of your information but you always have the right to lodge a complaint with a supervisory authority.

Last updated: October 10, 2023