Consumer Contact Privacy Notice

Version: 1.2
Date adopted: 12th April 2019

This document provides information about how we use and share personal data relating to consumers who contact us with an enquiry, request or complaint. It covers the following topics:

  1. Who we are and how you can contact us
  2. What we use personal data for
  3. What kinds of personal data we use, and where we get it from
  4. What our legal grounds for handling personal data are
  5. Who we share the personal data with
  6. Where the personal data is stored and sent
  7. How long the personal data is kept for
  8. Whether the personal data is used to make decisions about you or to profile you
  9. Your rights in relation to the personal data we hold about you
  10. Who you can complain to if you are unhappy about the use of your personal data

You have the right to object to our use of your personal data. Please see section 9 to find out more.


We are TransUnion Information Group (TU UK), which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP. The members of TU UK are listed in section 5 below.

TU UK forms part of a larger group of companies. However, this privacy notice only covers the activities of TU UK.

One or more TU UK companies may act as controller of personal data about consumers who contact us, depending on what they contact us about. The controllers are responsible for ensuring that the personal data is used fairly and lawfully.

You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:

Post: Customer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP


Telephone: 0330 024 7574


This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.

Dealing with your request

We will use your personal data to deal with your request. For example, this might include investigating the matter internally or with external organisations, and contacting you to ask for more information or to let you know the outcome of your enquiry.

The kinds of request that we typically deal with include:

  • Requests for access to personal data, or to challenge the accuracy of personal data that we hold.
  • Support requests relating to our consumer products such as Immobilise.
  • Requests for recognition of a change in gender.

Identity verification

When you contact us we will often need to establish that you are who you say you are. This is necessary in order to ensure that we don’t provide your personal information to people who shouldn’t have access to it.

Asking you for feedback

We may ask you to provide us with feedback or to leave a review about the service you have received from us. Your feedback helps us to improve our services.

Internal reporting

We use aggregated statistics about the enquiries, requests and complaints we receive in order to help manage our services and identify potential problems.

Legal and regulatory purposes

We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have handled your enquiry or used your personal data.


We obtain and use information from various different sources. These are summarised in the following table.

Type of information



Basic information about you and how to contact you

This is information such as your name, address, previous addresses, date of birth, email address and telephone number. These are used to deal with your request and communicate with you about it.

You provide us with this information when you make your request or when we subsequently ask you for it.

Your request

This is what you are asking us about or asking us to do.

Proof of identity or authority, and other supporting documentation

Proof of identity is information or documentation that we may ask you to give us in order to prove that you are who you say you are. If you are making a request on behalf of someone else we may also ask you to prove that you have their authority to do so, such as a power of attorney or letter of authority.


In some cases we may require additional supporting documentation from you. For example, if you are registering a change of gender we will need a copy of the Gender Recognition Certificate.

Information gathered in dealing with your request

Dealing with your request will usually involve investigating the circumstances that you have asked about. This is the information that we obtain from doing so. The type of information gathered will depend on what you have asked us to do.

We gather this ourselves from our other internal records and from external organisations such as clients and suppliers.

Our response and other correspondence

This is our response to your enquiry and other correspondence relating to your request.

We produce this ourselves.

Information about your use of our websites

If you access or submit information to us through our website, we may record information about your visit, such as your IP address, operating system and browser type. This information may be linked with cookies; information about these can be found in the cookie notice on the relevant website.

We gather this ourselves through the website.


You are free to choose whether or not you give us your personal data. However, if you do not give us the information or documentation that we need, we may not be able to comply with your request or respond to your enquiry properly.


This section explains the basis on which we process your personal data when dealing with your enquiries.

Compliance with a legal obligation

The UK’s data protection law allows us to use your personal data where necessary in order to comply with legal obligations that apply to us. This means that if you make a request that we are legally required to deal with or respond to, we will use your personal data on this basis in order to comply with that requirement.

Legitimate interests

The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.

The legitimate interests we are pursuing are:



Reputation and service improvement

We have an interest in dealing with enquiries quickly and efficiently and improving our services so that we earn a better reputation for our business.


Our group companies

We may share your personal data among the members of TU UK to the extent necessary to deal with your request. This will depend on which companies your request relates to, and which companies hold the relevant information. If we do this, then use of the data by those companies will be governed by this privacy notice. A list of TU UK companies is set out below, although the list may be updated from time to time.

Group company

Main trading address

Registered office

TransUnion Information Group Limited

(company no. 4968328)

One Park Lane, Leeds, West Yorkshire LS3 1EP

TransUnion International UK Limited

(company no. 3961870)

Callcredit Marketing Limited

(company no. 2733070)

Callcredit Data Solutions Limited

(company no. 5749125)

Callcredit Lead Generation Limited

(company no. 5373447)

DecisionMetrics Limited

(company no. 5202547)

Recipero Limited

(company no. 3794898)

Callcredit Public Sector Limited

(company no. 4152031)

3rd Floor, Red Lion Buildings, 12 Cock Lane Smithfield, London EC1A 9BU

Callcredit Spain, S.L.

(tax ID number B87839510)

Paseo de la Castellana, 259C, 16th floor, 28046 Madrid, Spain

Confirma Sistemas de Información, S.L.

(tax ID number B86303757)

Av. de la Industria, 18, 28760 Tres Cantos, Madrid, Spain

Soluciones Confirma ASNEF-SIGNE, S.L.

(tax ID number B86016649)

Aspireview, Inc

(company no. 5953359)

The Corporation Trust Center, 1209 Orange Street, Wilmington, Delaware 19801, USA

Recipero, Inc

(company no. 5542430)

720 S. Colorado Boulevard, Penthouse North, Denver, Colorado 80246, USA

TransUnion Baltics, UAB

(company no. 302689020)

4th Floor, Zalgirio Arena, Karaliaus, Mindaugo pr. 50, Kaunas LT- 44333, Lithuania

Vilniaus m. sav . Vilniaus m. J. Jasinskio g. 16B, LT-01112, Lithuania

Service providers

We may provide your information to third parties who help us use it for the purposes described in section 2. For example, we may use third parties to hold personal data on our behalf.

These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.

Data suppliers

If your request relates to data which has been supplied to us by third parties, we will often need to provide your personal data to those third parties so that your request can be properly handled. For example, if you dispute the accuracy of an entry on your credit file we will contact the organisation which provided us with that information in order to check whether it is correct.

Other credit reference agencies

For some kinds of request, such as those relating to gender recognition or victims of fraud, we have agreed a common procedure with the UK’s two other consumer credit reference agencies, Equifax Limited and Experian Limited. If you give us permission to do so, we will share your information with them in order to help ensure that your request is dealt with at all three credit reference agencies without the need for you to deal with each one separately.

Business transfers

If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.


We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.

Sharing of anonymised data with third parties

We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.


Within Europe

We are based in the United Kingdom, and will access and use your information from here. However, we also have operations elsewhere in the European Union – currently the Netherlands, Lithuania and Spain – and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.


We also send information elsewhere in the world. For example:

  • When one of our overseas Group companies or branch offices based overseas needs to use the information in accordance with this notice. Currently, these overseas offices are in Dubai and the United States.
  • Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that database for purposes such as technical support or system development and testing.

While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:

  • Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
  • Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection. One example is the “Privacy Shield” scheme that has been agreed between the European and US authorities.

If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.


We will keep your personal data for as long as we are handling your request and for an additional period of up to six years from when we have completed it. The personal data is kept for the additional period of time in case you or a regulator have any enquiries about how we have dealt with your request, and to show that we have dealt with your request properly.


We do not use automated decision-making or profiling in relation to your personal data.


You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.

  • Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it.
  • Withdrawal of consent: We do not rely on consent to use your personal data (see section 4 above) so your right to withdrawal of consent does not apply.
  • Objection to direct marketing: We do not use the personal data that this notice applies to for direct marketing purposes, so your right to object to us using that personal data for direct marketing purposes does not apply.
  • Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
  • Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your personal data (see section 4 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
  • Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it.
  • Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.


We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us using these details:

Post: Customer Relations Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP


Telephone: 0330 024 7574

You can also contact our Data Protection Officer at

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.