The name of our company is Acxiom, LLC.  Our principal place of business is 301 Dave Ward Drive, Conway, Arkansas, USA.  Individuals wishing to contact us about data protection issues may reach us online at the Acxiom Consumer International Rights Portal.  You may also contact us by direct mail or telephone.  Our telephone number is 001-501-342-2722.  Our mailing address is: 

Acxiom LLC

Consumer Care Advocate
P.O. Box 2000
Conway, AR, USA 72033 

or by emailing us at [email protected].

Our data protection officer is Mr. J. Abbott, who may be reached at our principal place of business or by emailing [email protected].

Acxiom holds personal data such as names, addresses, ages, dates of birth, emails, telephone numbers, transactional data, lifestyle and demographic data. This information may be kept in its identifiable form, or in an aggregated form (so that individuals cannot be identified), for the purposes listed below.  This information is primarily obtained from third parties and publicly accessible sources. These sources may include, but not limited to, public records, website directories, website listings, professional license information, demographic marketing information, surveys and questionnaires, summarized or aggregated purchase information, telephone records, and consumer-provided contact information.

We do not hold special categories of personal data, as defined by GDPR, on citizens of the European Union and the United Kingdom.

We use personal data to create solutions to be used for insight, recognition, and contact purposes. 

Insight: we use this data to create a marketing picture of individuals. This includes demographics such as age, income, hobbies and interests that relate to people’s lifestyle choices and market specific predictors such as technology and financial product ownership. We use a combination of actual data held (at individual level or summarized at household, address, postcode or other geographical level) and derived information (through statistical modeling or by applying a logical rule set) which indicates an individual’s likelihood of having a particular attribute, e.g. a person’s likelihood to have pets or to fall within a particular marketing segment such as “technology early adopters.” The resulting dataset is then used by others to make marketing more relevant as further explained in the next section. 

Recognition: we use this data for matching and linking to other databases. For example, an advertiser sends us a list of names and addresses, we then match those names and addresses to our product. Where there is a match, we add the lifestyle information we hold on those matched individuals to the advertiser file; or instead of adding lifestyle information we append a persistent key to the advertiser file which can then be used to recognize records that have the same key appended to them. In some cases, we may do both.  Another example is where an advertiser sends us names and email addresses, we then match those names and emails addresses to our file and where there is a match we add the “bricks and mortar” address we hold on those individuals to the advertiser file. 

Contact: we use contact information from this data to create a direct marketing file. For example, we create a file of names and addresses of individuals which is used for marketing. 

We do not carry out any marketing ourselves with these solutions, and businesses using them to contact people, need to ensure they may do so in accordance with data protection law. 

We use personal data collected from our clients and prospective clients to contact them and conduct business.

We share information with our clients – such as brands, agencies and marketing companies – in all industry sectors to help them deliver better marketing experiences to people. They may use this personal data for the following purposes: 

• to send you relevant marketing communications 
• to improve the relevance of marketing communications through the use of lifestyle and demographic insight data 
• to clean, validate, and enhance marketing databases 

• to undertake research and analysis 
• for product development and testing 
• for identity verification, fraud detection, and prevention 
• to support client relationships 
• to connect and link your data to other marketing and advertising databases and platforms 
• for campaign planning, management and strategic decision making. 

Some examples of the industry types you can expect data to be used in are: automotive, charity, education, gaming, retail, leisure, financial services (including, retail banking, investments, loans, credit cards, insurance, wills & funeral plans), politics, health/mobility, home improvements, mail order, market research, publishing, media, consumer products, travel, telecoms and utilities. 

We share data directly with brands and via agencies. We also share data (usually in a form where individuals cannot be directly identified) with other marketing companies such as social media and programmatic platforms. We make sure the recipients of our data are reputable entities by conducting appropriate checks on them. Before we share our data, we enter into written agreements with recipients which contain data protection terms that safeguard your data. 

Personal data used in Acxiom’s data products and services may also be passed to and used by members of the Acxiom group of companies worldwide. We may also pass data to other companies that process personal data on our behalf to help us conduct our business. When we do so, we ensure that appropriate contractual safeguards are put in place. 

Acxiom may also disclose personal data as required by law and to comply with legal process.

The data we hold is non-sensitive personal data and not subject to any sector specific data retention requirements. Our data retention periods are as follows: 

Personal data that is not used for any purpose is deleted within 90 days.  If a data subject under GDPR objects to us processing their data, we will remove it from our data products, and then from our environment in accordance with our data deletion cycle, unless we have a valid justification to hold on to it, such as to resolve disputes or comply with our legal obligations. We also retain personal data which is necessary to keep on a suppression file so if we obtain someone’s data again, we will know not to use it.

Acxiom takes security seriously. We maintain security procedures designed to ensure information we own, license and process is not accessed by any unauthorized person or business. We use a variety of multi-level security systems to control access to our services and information products. Acxiom associates and all users at client locations must have access codes and the authorization to access certain data and applications.

We also regularly conduct risk assessments and audits on our internal and external information systems. These security measures help us continually assess our ability to maintain the security of our data. Our enterprise network security operations center maintains real-time monitoring for information system vulnerabilities and unauthorized access attempts into Acxiom’s systems. We also maintain strict physical security for our facilities and limit access to critical areas of our business.

Where business needs exist, Acxiom intends to transfer your personal data to entities outside the US and EU.  However, your personal data will not be transferred unless a valid transfer mechanism is in place legitimizing such a transfer.  In the case of transfers referred to in Article 46, 47, or the second paragraph of Article 49(1), this will involve EU standard contractual clauses.  Safeguards afforded by the EU standard contractual clauses may be accessed here:

Individuals may request access to, deletion or correction of their personal data, or restrict or object to the use of their data by writing to us at 

Consumer Advocate
Acxiom
P.O. Box 2000
Conway, AR, USA 72033-9928 

or by calling 001-501-342-2722 or by emailing us at [email protected]. 

If you are a data subject in any of the following countries and would like to submit a subject access, deletion, restriction or withdrawal consent request, please click on the appropriate link: 

In the event of a complaint, you may contact the relevant supervisory authority in your country. A contact list of EU Data Protection Authorities may be found here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. The data protection authority for the United Kingdom is the Information Commissioner’s Office (www.ico.org.uk). The data protection authority for Switzerland is the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/task.html.

Acxiom uses and shares personal data based on its legitimate commercial interests, and those of its partner businesses, or consent where necessary, for direct marketing, fraud prevention, information security, and organizational purposes, in accordance with Article 6(1)(f) or 6(1)(a) of the GDPR. We take care to handle all personal data in accordance with data protection law and to ensure that it is not used in ways that unduly prejudice individuals’ interests. Users of our data are prohibited by contractual restrictions from using our data in a way which discriminates unfairly against individuals or produces legal or similar effects. You have the right to object to this processing if you wish and if you wish to do so, please inform us by using one of the contact channels in the preceding section.