Business Product & Technical Support Privacy Notice

Version: 1.2
Date adopted: 12th April 2019

This document provides information about how we use and share personal data relating to users of our business products and our technical support facilities. It covers the following topics:

1. Who we are and how you can contact us

2. What we use personal data for

3. What kinds of personal data we use, and where we get it from

4. What our legal grounds for handling personal data are

5. Who we share the personal data with

6. Where the personal data is stored and sent

7. How long the personal data is kept for

8. Whether the personal data is used to make decisions about you or to profile you

9. Your rights in respect to the personal data we hold about you

10. Who you can complain to if you are unhappy about the use of your personal data

You have the right to object to our use of your personal data. Please see section 9 to find out more.


We are TransUnion Information Group (TU UK), which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP. The members of TU UK are listed in section 5 below.

TU UK forms part of a larger group of companies. However, this privacy notice only covers the activities of TU UK.

One or more TU UK companies act as the controller of your personal data for the purposes of this privacy notice, depending on which of them operates the relevant product. The controllers are responsible for ensuring that the personal data is used fairly and lawfully.

If you wish to contact us about matters relating to one of our products, please contact the relevant service desk or your client relationship manager.

If you wish to contact us about matters relating to our use of your personal data, or the contents of this notice, you can do so by any of the following methods:

Post: Consumer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP


Telephone: 0330 024 7574


This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.

Operating our products and administering accounts

We use personal data to operate our products and administer the accounts of people who use them. For example, we hold username and password details in order to control access to the products.

Security and breach reporting

We monitor access to our products in order to help ensure that those products and the data they make available are only accessed by people who are authorised to have access to them. If we detect suspicious activity we may suspend an account and investigate.

Feedback to clients

Sometimes we share data with clients (or their affiliates, business partners or group companies) about how their members of staff are using our products – for example, how often their staff member is using a product or what they are using it for. Clients might typically ask for this information for routine product management purposes (such as to decide whether they need to continue buying the product), or for staff management purposes (for example, to check whether their staff are only using the products properly and in the course of their employment).

In some cases, such as where the information shows misconduct on the part of a client’s member of staff, the information we provide might be used against the relevant staff member as part of a disciplinary process.

Monitoring and improving our products

We use information such as how different people use our products, how long they spend on particular tasks and what sort of information they obtain in order to help customise and improve the products.

This information is also used for security and system administration and to generate aggregate non-personalised information for use by us or our clients.

Product or systems development and testing

We may sometimes use personal data while improving, developing or testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise or pseudonymise the data before doing this.

Providing technical support and responding to queries

If you create an account on an online technical support facility, or otherwise contact us with a query about a product or service that we are providing, we will use your personal data in order to provide you with the assistance you ask for. This will include contacting you about your request.

We may sometimes need to contact you about support queries that have been raised by our other users. For example, if you use our property registration services we may need to contact you with enquiries that have been raised by someone else about property you have registered.

Legal and regulatory purposes

We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data.


We obtain and use information from various different sources. These are summarised in the following table.

Type of information



Basic information about you and how to contact you

This is information such as your name, email address and job title.

We obtain this information from you or your employer when we set up your account or when we are subsequently told that the information has changed.

Login credentials

This is your username, password and other information used to control access to the product.

Product usage

This is information about how and when you use the product. It includes information about the dates and times on which you accessed the product, the IP address you accessed it from, and how you used the product when you were logged in.

We obtain this information by monitoring your use of the product.

Your requests and enquiries

This is information you provide us with as part of a technical support query or other request or enquiry.

We obtain this information directly from you.

It is mandatory for you to provide us with your personal data in order for us to be able to provide our products correctly. It is not mandatory for you to provide us with your personal data in relation to technical support requests, but we may not be able to help you if you do not provide that information.


This section explains the basis on which we process your personal data in connection with the products.

Legitimate interests

The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.

The legitimate interests we are pursuing are:



Making our products and services available to clients

We need to make our products and services available to clients in order for our business to function.

Developing and improving our products

We have an interest in improving our products in order to help ensure that we remain competitive.

Monitoring and securing our systems and data

Some of the ways we use personal data are justified by the need to ensure that our systems and the data we make available through the website are kept secure and only made available to the correct people.

Maintaining our relationships with our clients

We have an interest in developing and maintaining good relationships with our clients.

Commercial interests

Like any commercial organisation, we seek to earn revenue through the products and services that we provide to our customers and clients. We achieve this through some of the other activities described above, such as improving our products and maintaining good client relationships.


Our group companies

We may share your personal data among the members of TU UK where necessary for the purposes specified in section 2. If we do so, then use of the data by those companies will be governed by this privacy notice. A list of TU UK companies is set out below, although the list may be updated from time to time.

Group company

Main trading address

Registered office

TransUnion Information Group Limited

(company no. 4968328)

One Park Lane, Leeds, West Yorkshire LS3 1EP

TransUnion International UK Limited

(company no. 3961870)

Callcredit Marketing Limited

(company no. 2733070)

Callcredit Data Solutions Limited

(company no. 5749125)

Callcredit Lead Generation Limited

(company no. 5373447)

DecisionMetrics Limited

(company no. 5202547)

Recipero Limited

(company no. 3794898)

Callcredit Public Sector Limited

(company no. 4152031)

3rd Floor, Red Lion Buildings, 12 Cock Lane Smithfield, London EC1A 9BU

Callcredit Spain, S.L.

(tax ID number B87839510)

Paseo de la Castellana, 259C, 16th floor, 28046 Madrid, Spain

Confirma Sistemas de Información, S.L.

(tax ID number B86303757)

Av. de la Industria, 18, 28760 Tres Cantos, Madrid, Spain

Soluciones Confirma ASNEF-SIGNE, S.L.

(tax ID number B86016649)

Aspireview, Inc

(company no. 5953359)

The Corporation Trust Center, 1209 Orange Street, Wilmington, Delaware 19801, USA

Recipero, Inc

(company no. 5542430)

720 S. Colorado Boulevard, Penthouse North, Denver, Colorado 80246, USA

TransUnion Baltics, UAB

(company no. 302689020)

4th Floor, Zalgirio Arena, Karaliaus, Mindaugo pr. 50, Kaunas LT- 44333, Lithuania

Vilniaus m. sav . Vilniaus m. J. Jasinskio g. 16B, LT-01112, Lithuania


As mentioned in section 2, we may supply information about your use of the product to your employer (or to its affiliates, business partners or group companies) if they ask us to do so.

Service providers

We may provide your information to third parties who help us use it for the purposes described in section 2. For example:

  • Our products may be hosted by third parties on our behalf.
  • We may use a third party email broadcasting service in order to send you service emails about your account.

These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.

Third parties who help us deal with enquiries

Sometimes we may need to supply information to third parties in order to deal with a support request or other enquiry. For example, if you make an enquiry about a device registered on our property registration services we may need to contact a third party who has already registered that property as lost or stolen.

If you engage with us through social media, or access our technical support services through a social media login function, then we may interact with you through that social media platform. This will involve the information being handled by the relevant platform operator.

Business transfers

If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.


We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.

Sharing of anonymised data with third parties

We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.


Within Europe

We are based in the United Kingdom, and will access and use your information from here. However, we also have operations elsewhere in the European Union – currently the Netherlands, Lithuania and Spain – and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.


We also send information elsewhere in the world. For example:

  • When one of our overseas Group companies or branch offices based overseas needs to use the information in accordance with this notice. Currently, these overseas offices are in Dubai the United States.
  • Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that database for purposes such as technical support or system development and testing.

While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:

  • Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
  • Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection. One example is the “Privacy Shield” scheme that has been agreed between the European and US authorities.

If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.


We will keep your personal data for as long as you are a registered user of any of our products and may keep it for an additional period of time from when your account is closed. We keep the data for that additional period of time in order to investigate any data supply or data load issues, restore our systems in the event of a data loss incident, and in order to investigate and respond to any complaints, claims and enquiries that we may receive from you, your employer (or its affiliates) or our regulators.


We do not use automated decision-making or profiling to make any decisions that will significantly affect you.


You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.

  • Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it.
  • Withdrawal of consent: We do not rely on consent to use your personal data (see section 4 above) so your right to withdrawal of consent does not apply.
  • Objection to direct marketing: We do not use your personal data for direct marketing purposes so your right to object to us using your personal data for direct marketing purposes does not apply.
  • Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
  • Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your personal data (see section 4 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
  • Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it.
  • Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
  • Portability: We do not rely on consent to use your personal data (see section 4 above) so your right to data portability does not apply.


We do our utmost to ensure that your data is used appropriately and in compliance with data protection legislation but if you are not happy you should make contact so that we can investigate your concerns. Please contact us using these details:

Post: Customer Relations Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP


Telephone: 0330 024 7574

You can also contact our Data Protection Officer at

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.