This Privacy Notice explains how Moody’s Analytics, Inc. ("Moody’s", "we", "us", "our"), a Moody’s Corporation company, of C/O The Corporation Trust Company, Corporation Trust Center, 1209 Orange Street, Delaware 19801, processes Personal Data in connection with the Entity Verification Index (the “Product”).
"Personal Data" means information which identifies, or can be used to identify, living individuals, including, depending on applicable law, sole traders, and unincorporated partnerships.
The Product grants access to cached data retrieved from our KYC Application Programming Interface (“API”) which retrieves information from national registries and company databases in countries where such data is publicly available. Moody’s collects and processes specific Personal Data related to individuals and unincorporated partnerships, as detailed further below.
Our clients include leading financial institutions, accounting companies and legal advisors, as well as companies in a variety of sectors and industries. Clients use the Product for legal compliance, risk assessment and business intelligence purposes, including:
Our clients use information in the Product together with other information, including information provided to them directly, other third-party sources, and general internet searches.
While the focus of the Product is corporate entities, it contains some limited information about key individuals connected with businesses, such as owners, directors, shareholders, managers, professional advisers and information about businesses which are not corporate entities (for example, sole traders).
The types of Personal Data in the Product include:
Moody’s sources the Personal Data in the Product from public records, i.e., publicly available national commercial registries and company databases.
Below we set out a description of the ways Personal Data is used and shared in the Product:
• Use by clients: As described above, our clients use the Product for legal compliance, risk assessment, and business intelligence purposes. Clients are responsible for how they use Personal Data in the Product. Where relevant under applicable law, Moody’s is the “data controller” for the collection, aggregation, and distribution to its clients of Personal Data in the Product, and Moody’s clients are independent “data controllers” in their use of the Product for the purposes described above. Moody’s does not make any decisions for clients, including any decision as to whether an individual searched by a client is an individual whose Personal Data is in the Product, nor any decision or recommendation to clients whether to do business with an individual or entity. Clients make decisions based on information provided to them directly, other third-party sources, and in accordance with law and regulation.
The Personal Data is stored for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure, and the applicable legal, regulatory, tax, accounting, or other requirements.
You may have rights under applicable data privacy laws. If you would like to request to review, correct, update, suppress, delete, or otherwise limit our use of your Personal Data, you may make a request by contacting us using the information provided in the “Contacts & Queries” section below.
You may also have the right to complain to your local data protection authority if you have concerns about how we process your Personal Data. However, we hope we can solve any queries or concerns you may have, so please contact us directly in the first instance.
We process Personal Data in the Product under the legitimate interest’s basis of the EU General Data Protection Regulation (“GDPR”) as it is within our and our clients’ legitimate interests to process limited Personal Data about company-related individuals:
To transfer Personal Data outside of the EEA, Switzerland and the UK within Moody’s Corporation, we use EU standard contractual clauses to ensure that an equivalent level of data protection applies. To request a copy of these clauses, please email us at privacy@moodys.com.
To access your Personal Data contained in the Product and exercise your rights of correction, objection, restriction, erasure, and digital testament, please email us at privacy@moodys.com.
You may also have the right to complain to your local data protection authority if you have concerns about how we process your Personal Data. However, we hope we can solve any queries or concerns you may have, so please contact us directly in the first instance.
If you have any queries about our privacy practices or would like to contact us, please email us at privacy@moodys.com or write to us at:
Legal Department
Moody’s Corporation
7 World Trade Center at 250 Greenwich Street
New York, NY 10007
Phone: +1-212-553-1653 or 1-866-995-9659
E-mail: privacy@moodys.com
The most current version of this Privacy Notice will always be available here. You can check the “effective date” posted at the top to see when this Privacy Notice was last updated.