Scope

Acxiom respects the privacy of every individual about whom we either process information or maintain information in our data products. This privacy notice describes our product and service offerings in the United States and the practices we follow to show that respect.  Please visit www.acxiom.com/privacy for privacy policies and notices that cover other aspects of Acxiom’s business and operations.

Acxiom has two primary lines of business. One is a broad line of data management services to help our clients efficiently manage their customer and prospect information. The second, is a line of data products.  They include two offerings. Clients use one to better market to their existing and prospective customers. The other data product includes a line of fraud detection and prevention data products that help our clients verify consumers’ identities and prevent fraudulent use of a consumer’s information.  These lines of business are described in more detail below.

Acxiom's Data Management Services

We provide end-to-end solutions to help our business clients manage, use, and optimize their customer data and to help them identify and reach potential new customers using analytical tools and marketing/advertising strategy services. Stated differently, we design, build, and host databases for our business clients to help them manage their data, and we provide the tools and resources to help our clients better understand their customers and identify prospective customers who are similar to their best customers.  Our data management services help our clients implement lifecycle marketing improvements, new ways to connect with audiences, and website experience optimization. When we provide data management services, we process our clients’ and their partners’ information according to our contract’s terms and conditions. In that capacity, we are acting as a service provider or processor.

Acxiom's Data Products

Personal Information Collection and Use 

Acxiom offers two types of data products, each containing only the information required for the intended use. Each of Acxiom’s data products is designed for a specific use by our clients that have a legitimate need for the product.

Marketing and Advertising Products: These products contain information about individuals and households in the U.S. and are developed from many sources, including:

  • Public record and publicly available information: Examples include real property record, and assessor records
  • Data from other information providers (sometimes called “data brokers”):
    Examples include demographic information, surveys, and questionnaires with appropriate notice regarding what information is collected, why it is being used, and with whom it is being shared. Acxiom also collects summarized or aggregated purchase information and other aggregated or anonymous information.

Acxiom’s marketing and advertising products do not include specific details about a purchase, detailed financial information, credit information, medical information or Social Security numbers.

We will not knowingly disclose identifiable information on anyone younger than 18 to third parties for use in marketing solicitations.  We do use information related to minors younger than 18 to identify and remove records about them from our and our clients’ marketing files.  We also use information related to minors younger than 18 in creating additional insights solely related to the adult parent of the minor individual, provided, however, we do not disclose identifiable information about the minor as part of the insights created and included within the adult record (For example, Acxiom creates a flag that denotes “presence of children” and “child age ranges.”)  Where permitted by state law, we also use and disclose information about minors for uses not related to marketing, such as identity verification and fraud prevention purposes (for example, in connection with car insurance applications) as further described below.

Acxiom also uses the Association of National Advertisers’ DMAChoice™ Mail, Telephone, and E-mail Preference suppression files, as well as state and federal do-not-call lists in developing our marketing and advertising products.

Acxiom’s marketing products are used by qualified companies, non-profit organizations and political organizations in their marketing, fundraising, customer service, and constituent service and outreach programs. Acxiom does not provide services or data to individual consumers.  Our marketing products can be used to enhance customer and constituent files and provide lists for prospecting and fundraising purposes. Acxiom’s clients use our marketing and advertising products to provide customers and prospects with better service, improved offerings, and special promotions.

Fraud Detection and Prevention Products: These products contain information about individuals and households in the United States for risk mitigation, including identity verification, information verification, fraud detection, and fraud prevention. We will not knowingly collect, use or disclose data for these purposes on anyone younger than 13. These products include information from many different sources, such as:

  • Real property recorder and assessor information; current driver’s license information, where allowed by law; current motor vehicle information, where allowed by law; deceased information, and other suppression
  • Data from other information providers: Surveys and questionnaires with appropriate notice, consumer-provided contact information and identifying information from credit bureaus where permitted by law

These products and access to other information providers’ services may include, where permitted by law, Social Security numbers and other information typically considered sensitive.

Acxiom’s fraud detection and prevention products are used by qualified companies (primarily in the finance, insurance, mortgage, and retail industries), non-profit organizations and government agencies to verify the identity of consumers and to investigate suspicious transactions for fraud prevention. The basic verification service tells our client whether identifying information provided by a consumer is valid, current, and correlates to that individual. To protect the use of this information, Acxiom does not provide our fraud detection and prevention products to individuals.

Additional Terms and Conditions: For a company to use Acxiom’s products and services, it is required to enter into a contract with us.  The terms of these contracts further govern the use of personal information Acxiom collects and maintains.

In addition to disclosures of information in the ordinary course of business, we may disclose personal information as necessary to comply with a legal obligation or to respond to a regulator, such as in response to a subpoena.

Offshoring: Where permitted by law, third parties under contract to Acxiom may have access to the information in Acxiom’s marketing and advertising data products to assist in processing the data. Some of these third-party contractors may reside outside the United States.

Your Rights and How to Contact Us About Our Data Products

California consumers click here for a summary of your state-specific rights 

Opt-Out from Acxiom’s Marketing Products: Acxiom gives consumers the opportunity to opt-out of our marketing products at no cost.

Acxiom utilizes the Association of National Advertisers’ DMAChoice™ Mail, Telephone, and E-mail Preference files, as well as the various state registries and the Federal Trade Commission’s Do-Not-Call Registry in developing our marketing products.

Consumers registered with any of these organizations do not need to also opt out with Acxiom to prevent the use of their information for prospecting purposes. Consumers who wish to opt out of all Acxiom marketing information products may complete and submit an opt-out request form by clicking https://www.acxiom.com/optout/

Except where otherwise required by law, Acxiom will also accept opt-outs from certain qualified third parties. To obtain a copy of Acxiom’s third-party qualification criteria, please e-mail consumeradvo@acxiom.com.

Access to Acxiom’s Fraud Detection and Prevention Products: Acxiom offers access to information in our fraud detection and prevention products at no cost.

Access to information about you in our fraud detection and prevention products will be provided in the form of a US Reference Information Report. You may complete and submit a request form for your US Reference Information Report by clicking here.  California residents click here.  Alternatively, you may email us at referencereport@acxiom.com or by calling 1-877-774-2094 toll-free.  Access to your US Reference Information Report will require identity verification prior to release of the information.  After you receive your US Reference Information Report, you may contact us online, by phone or in writing about the deletion of any inaccurate information with Acxiom and, where available, with the original source of the information.

Complaint Process: Acxiom provides consumers a formal method for filing a complaint about our practices or procedures. This method specifies what information must be included in the complaint and where it should be directed. To learn how to file a complaint, e-mail us at consumeradvo@acxiom.com or call 1-877-774-2094 toll-free.

Other Questions: If you have other questions about Acxiom’s information practices or products, email us at consumeradvo@acxiom.com or call 1-877-774-2094 toll-free.

California Consumer Privacy Act Rights

The California Consumer Privacy Act (“CCPA” or the “Act”) confers new privacy rights for California consumers and imposes corresponding obligations subject to the Act.  The rights conferred to consumers include:  the right to know what personal information covered businesses are collecting about them and how that information is being used and shared; the right to delete personal information held by covered businesses; the right to stop the sale of personal information by covered businesses; and the right to non-discrimination in service and price when exercising privacy rights.

The following is intended to explain California consumers’ rights and the obligations Acxiom has under the CCPA.  Acxiom employees in California should refer to the Privacy Notice in their Associate Handbook.

RIGHT TO KNOW/REQUEST FOR ACCESS TO PERSONAL INFORMATION

As a consumer under the CCPA, you have the right to request that Acxiom disclose what personal information we collect, use, disclose, and sell about you.  We call this your “right to know.”

To take advantage of your right to know, you must submit a request by filling out a request on our online consumer portal found here.

You can also submit your request by mail or telephone.  Our telephone number is 1-877-774-2094.  Our mailing address is:

Acxiom LLC
Consumer Care Advocate
CWY0301-31
Attention:  CCPA Requests
P.O. Box 2000
Conway, AR 72033

To respond to your right to know request, the CCPA permits Acxiom to verify your identity.  We will do this by matching the personal information you supply us to the personal information we maintain about you.  Given the sensitivity of some of the fraud detection and prevention data we have, we need to have a reasonably high degree of certainty you are the person you claim to be.  This will require that you satisfactorily answer a series of authentication questions based on data we have about you. This may also require that you submit certain personal information for us to compare and match to data we have about you.  If you call or mail us and request a consumer access report, an Acxiom associate will call you to administer an authentication test in which you will be required to answer certain questions to verify your identity.

Acxiom will delete the new information collected as part of the identity verification process as soon as practical after fulfilling your request.

If we are unable to satisfactorily verify your identity, we will be unable to fulfill your right to know request. In that case, please see the information below concerning Acxiom’s data collection, maintenance, and sale practices.

TYPES OF PERSONAL INFORMATION ACXIOM COLLECTS  

Right to Know about Personal Information Collected, Disclosed or Sold
Business and Commercial Purposes for which Personal Information is Collected:  We collect personal information for our own business purposes, including internal research, internal operations, auditing, detecting security incidents, improving our services, quality control, and legal compliance.  We also collect personal information for commercial purposes.  Acxiom licenses the categories of personal information described below from the third-party sources categorized below in developing Acxiom’s marketing and advertising products as well as our fraud detection and prevention products as previously described. Acxiom licenses such data products to categories of third parties as described in the table below.
Categories of Personal Information Collected
  • Personal identifiers (e.g., name, alias, postal address, IP address, email address, account name, Social Security number, driver’s license number, passport number, state identification card number, or similar identifiers)
  • Personal Characteristics (e.g., characteristics of protected classifications under California and federal law like race and gender)
  • Personal Property or Buying Activity/Interest (e.g., commercial or transaction information)
  • Internet Activity (interest based on web site type, source URL)
  • Geo Location
  • Employment Information
  • Education Information
  • Inferences (e.g., inferences drawn to create a profile about a consumer reflecting the consumer’s preferences)
Categories of Sources from Which Personal Information Was CollectedMarketing Products

Public Record and Publicly Available Information
Website Directories
Website Listings
Real Property Recorder Information
Assessor Information
Information from Other Data Brokers
Demographic Marketing Information
Surveys and Questionnaires
Summarized or Aggregated Purchase Information
Fraud Detection and Prevention Products
Public Record and Publicly Available Information
Assessor Information
Driver’s License Information (where allowed by law)
Motor Vehicle Information (where allowed by law)
Deceased Information
Other Suppression Information
Information from Other Data Brokers
Telephone Companies
Surveys and Questionnaires (with appropriate notice)
Consumer-Provided Contact Information
Identifying Information from Credit Bureaus (where permitted by law)
Categories of Third Parties with Which Personal Information is Sold Agriculture, Forestry and Fishing (for example, farm cooperatives)
Automotive (for example, car manufacturers and dealerships)
Business Services/Agency (for example, data brokers)
Communications (for example, wireless carriers)
Construction (for example, real estate development companies)
Consumer Packaged Goods (for example, companies that sell personal and household products)
Education (e.g., colleges and universities)
Energy and Utilities (for example, electric and gas companies)
Entertainment (for example, movie and television studios and streaming services)
Financial Services (for example, banks and investment companies)
Government (for example, state and federal agencies and political parties and candidates)
Healthcare (for example, hospitals)
Insurance (for example, insurance carriers)
Manufacturing (for example, consumer product manufacturers)
Media and Publishing (for example, magazines, retail catalogs)
Non-Profit (for example, charitable organizations)
Real Estate (for example, real estate brokerage companies)
Retail (for example, department stores, hardware stores)
Services-Non Professional (for example, consulting firms)
Services-Professional (for example, advertising agencies and financial planners)
Sports (for example, professional sports teams)
Technology (for example, software and hardware providers, social media platforms)
Transportation (for example, railway companies, airlines, rental car companies)
Travel and Tourism (for example, cruise lines, hotels, online travel services)
Categories of Service Providers with Whom Personal Information is Disclosed for a Business PurposeCloud computing and storage vendors,; security contractors,; consultants, analysis providers, marketing analytics platforms; programmatic advertising marketplaces/platforms; premium social publishers; measurement platforms;
onboarding partners

Acxiom does not collect data directly from consumers for use in our data products.  Please also note that Acxiom does not collect biometric information from consumers who are not Acxiom employees.  Lastly, Acxiom does not collect sensory information such as voice, visual, thermal, olfactory, or similar sensory information.

DISCLOSURE AND SALE OF PERSONAL INFORMATION

During the last year, Acxiom has sold personal information it has collected to our third-party clients for their business and commercial purposes.  More specifically, Acxiom licenses personal information to our clients for the purpose of enabling marketing and advertising campaigns.  We also license personal information for the purpose of identity verification and fraud detection and prevention.  Acxiom does not sell personal information to individual consumers.

During the last year, Acxiom has disclosed personal information to service providers (e.g., cloud computing and storage vendors; security contractors, consultants and analysis providers), for Acxiom’s own operational business purposes.

Acxiom does not knowingly sell personal information about consumers younger than 18 for the purpose of marketing or advertising directly to the minor.  Acxiom does use personal information from minors younger than 18 to suppress matching records from marketing lists and to facilitate identity verification and fraud prevention.

RIGHT TO DELETE PERSONAL INFORMATION 

Pursuant to the CCPA, California consumers have a right to request deletion of personal information about them that Acxiom has collected or maintained.

To take advantage of your right to delete, you need to submit a request by filing out a request on our online consumer portal, which is found here.

You can also submit your request by mail or telephone.  Our telephone number is 1-877-774-2094.  Our mailing address is:

Acxiom LLC
Consumer Care Advocate
CWY0301-31
Attention:  CCPA Requests
301 Dave Ward Dr.
P.O. Box 2000
Conway, AR 72033

To respond to your right to delete request, the CCPA permits Acxiom to verify your identity.  We will do this by matching the personal information you supply us to the personal information we maintain about you.  Given the sensitivity of some of the fraud detection and prevention data we have, we need to have a reasonably high degree of certainty you are the person you claim to be.  This will require that you satisfactorily answer a series of authentication questions based on data we have about you. This may also require that you submit certain personal information for us to compare and match to data we have about you.  If you call or mail us and request deletion of personal information, an Acxiom associate will call you to administer an authentication test in which you will be required to answer certain questions to verify your identity.

Acxiom will delete the new information collected as part of the identity verification process as soon as practical after fulfilling your request.

If we are unable to satisfactorily verify your identity, we will either request additional information as permitted by the CCPA or provide a limited response (for example, by providing a report with categories of personal information rather than specific pieces of information).  Even assuming a verifiable request, Acxiom will retain certain personal information in our data products as necessary to comply with a legal obligation (including ensuring the deletion request is honored and CCPA record-keeping obligations), detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for the activity. In such cases, Acxiom will retain only the minimum amount of information that does not qualify for a statutory or regulatory exception, and only use the remaining data for the purposes provided by the statutory or regulatory exception.

RIGHT TO OPT OUT

California consumers have a right to opt out from Acxiom selling their personal information for marketing purposes by Acxiom.

To take advantage of your right to opt out, you need to submit a request by filing out a request here.

You can also submit your request by mail or telephone.  Our telephone number is 1-877-774-2094.  Our mailing address is:

Acxiom LLC
Consumer Care Advocate
CWY0301-31
Attention:  CCPA Requests
301 Dave Ward Dr.
P.O. Box 2000
Conway, AR 72033

RIGHT TO NON-DISCRIMINATION

The CCPA protects California consumers who exercise their rights from discrimination.  Acxiom will not discriminate against consumers who request access to personal information about them, request deletion, or request that Acxiom opt them out of future sales.

RIGHT TO USE AUTHORIZED AGENTS TO EXERCISE RIGHTS 

The CCPA allows California consumers to use authorized agents to submit requests to Acxiom on their behalf.  Acxiom requires that the authorized agent verify its identity and provide written authorization from the consumer to act on the consumer’s behalf.  If the agent is a business, it must also be registered with the secretary of state of the authorized agent’s state of incorporation and provide proof of such registration.

In the case of an authorized agent’s request for access to personal information, the resulting report will be delivered to the consumer directly.  Prior to any release of the report to the consumer, Acxiom will require the consumer to complete the identity verification process described above to minimize the risk of unauthorized access to personal information and potential resulting harm.

HOW TO CONTACT US FOR MORE INFORMATION   

If you have questions regarding your rights under CCPA or Acxiom’s data collection, use and disclosure practices, you may contact us by phone, mail, or email.

Our telephone number is 1-877-774-2094.  Our email address is consumeradvo@acxiom.com.  Our mailing address is:

Acxiom LLC
Consumer Care Advocate
CWY0301-31
Attention:  CCPA Requests
301 Dave Ward Dr.
P.O. Box 2000
Conway, AR 72033

You may also contact the California attorney general.  Please visit https://www.oag.ca.gov/, for more information.

STATISTICAL INFORMATION 

The CCPA requires certain businesses to compile and disclose information by July 1 of each year regarding their compliance with the CCPA for the previous twelve-month period.  Acxiom has elected to provide an interim report for the period of January 1 – July 1, 2020. Statistics for the reporting period of July 1, 2020 – July 1, 2021 will be updated in 2021.

CCPA Reporting Requirements Metrics for Interim Reporting Period ending July 1, 2020 
Total Volume of Requests to Know Received 349 
Number of Requests to Know Fulfilled 158 
Number of Requests to Know Denied 188 
Median Number of Days to Respond to Requests to Know 6 
  
  
Total Volume of Requests to Delete Received** 229 
Number of Requests to Delete Fulfilled 89 
Number of Requests to Delete Denied 140 
Median Number of Days to Respond to Requests to Delete 2.5 
  
Total Volume of Requests to Opt-Out Received 10,357 
Number of Opt-Out Requests Fulfilled 10,357 
Number of Opt-Out Requests Denied 0 
Median Number of Days to Respond to Requests to Opt-Out** 14 
**The total deletion requests received includes requests that were abandoned by the consumer prior to completion of an identity verification process.

**This number reflects the number of days until it is processed. We typically respond and start honoring the request within two (2) days

 

This CCPA Privacy Notice is effective July 31, 2020. 

Other Important Information

European Union Model Contracts: As a global company, Acxiom complies with many countries’ privacy laws. Acxiom maintains an industry-recognized leadership role in consumer privacy. In addition to being certified under the EU-US Privacy Shield Framework, Acxiom has executed EU-approved model clauses with its EU affiliates to ensure ongoing compliance with the international transfer principle as set out in the EU’s General Data Protection Regulation.

Accuracy: Acxiom maintains quality control procedures to ensure the information we compile and process is as accurate and complete as possible. Acxiom responds promptly to questions from clients and consumers about the accuracy of information.

Security: Acxiom maintains security procedures designed to keep information we own, license and process from being accessed by any unauthorized person or business. We use a variety of multi-level security systems to control access to our services and data products. All users at client locations, as well as all Acxiom associates, must have the appropriate access codes and be authorized to access certain data and applications.

Acxiom conducts risk assessments and regular audits on our internal and external information systems to assess our ability to maintain the integrity of client and Acxiom data. Our enterprise security operations center maintains real-time monitoring for information system vulnerabilities and unauthorized access attempts into our internal systems. We also maintain physical security for our facilities and limit access to certain critical areas of our business.

We take reasonable precautions to ensure that our security procedures are adequate for the protection of our computer systems and data, but this does not eliminate the possibility that our security will be breached. If a security breach causes Acxiom leadership to believe individual consumers are at actual risk for identity theft or other fraudulent activities that may cause substantial harm or inconvenience to consumers or if such breach otherwise requires public notification, Acxiom will post a security alert notice on our website (www.acxiom.com) that will provide relevant information for consumers and Acxiom clients to consider to protect against fraudulent and other harmful actions that may result from the unauthorized access.

Compliance: Acxiom participates in industry efforts to establish fair and workable guidelines above and beyond current laws and regulations and believes such actions are an effective way to protect privacy in the marketplace. We also support legislation and regulatory efforts to introduce fair and workable guidelines that protect privacy of consumers.

We actively work to ensure that such guidelines are consistent with and complement established self-regulatory measures and that they enable the consumer to continue receiving the benefits that appropriate information use, sophisticated marketing techniques, and transaction-processing services provide.
When Acxiom provides data management services to our clients, we process their information in strict accordance with the terms and conditions of the contract. Some of the services we provide companies such as financial institutions and healthcare organizations are governed by laws including the Fair Credit Reporting Act, Gramm-Leach-Bliley, the USA PATRIOT Act, and the Health Insurance Portability and Accountability Act. In these and similar situations, Acxiom works closely with our clients to ensure the processing we perform is in accordance with all the laws governing those activities.

Awareness: Acxiom is committed to privacy education. We provide education to our clients, our associates, and the industry about the issues, guidelines and laws surrounding individual consumer privacy issues, corresponding responsibilities and Acxiom’s privacy policies and practices. Acxiom provides education and consultation to clients about privacy compliance and about the laws and industry guidelines that protect consumers. Acxiom advocates speak at various events and emphasize the importance of responsible data collection and use.

Privacy Policy Changes: From time to time Acxiom may update and revise our privacy policy based on changes in our business environment and changes to applicable law. We urge consumers and clients to periodically visit our website to understand any changes that may have occurred.

Our privacy policy contains an “effective date” reflecting when the last changes occurred.

Effective Date: July 31, 2020

Previous Version