Argus Advisory Portfolio Analytics Privacy Notice

Version: 1.0

Updated: 4 September 2024

This privacy notice provides information about how we use and share personal data relating to our Argus Advisory Portfolio Analytics services. It also describes your data protection rights, including a right to object to some of the activities we carry out. More information about your rights, and how to exercise them, is set out in section 9 below.

In brief

We collect card transaction and account data from credit card companies, combine it together, and use it to produce reports for them containing insights into their products, how consumers use them, and how they compare to other credit card companies. We also use the data to produce models to infer new information about individuals, and we supply this information to our clients.

The data we receive from credit card companies does not include identifiers such as names and addresses, and the reports we provide them with are not about specific individuals. When we infer new information about individuals, however, our clients can link this back to specific customers.

You have the right to object to our use of your personal data. Please see section 9 to find out more.

This privacy notice covers the following topics:

  1. Who are we and how can you contact us?
  2. What do we use personal data for?
  3. What kinds of personal data do we use, and where do we get it from?
  4. How long is the personal data kept for?
  5. What is our legal basis for handling personal data?
  6. Who do we share the personal data with?
  7. Where is the personal data stored and sent?
  8. Is the personal data used to make decisions about you or to profile you?
  9. What are your rights?
  10. Who can you complain to if you are unhappy about the use of your personal data?
 

1. Who are we and how can you contact us?

 

About us

 

We are TransUnion International UK Limited (“TransUnion UK”), which is a company registered in England and Wales with company number 03961870. Our trading address and registered office is at One Park Lane, Leeds, West Yorkshire LS3 1EP.

We are part of TransUnion, a group of companies with operations in many countries around the world, but this privacy notice only covers our Argus Advisory Portfolio Analytics services.

We are a controller of the personal data covered by this privacy notice. This means that we are responsible for ensuring that the data is used fairly and lawfully.

 

Joint controllers

 

We sometimes act jointly with one or more of the other TransUnion companies when making decisions about your personal data. In particular, we sometimes make joint decisions when we and another TransUnion company are sharing personal data with each other. In other cases, a TransUnion group company may process data solely on our instructions.

Our members of staff often work across TransUnion group companies so, where our group companies make decisions jointly, those members of staff will ensure that each company involved complies with data protection rules. You can contact us using the details below if you want to enquire about any of our group companies or exercise any of your rights in respect of your personal data.

 

Contact details

 

You can contact us about issues relating to our use of personal data in our Argus Advisory Portfolio Analytics services by emailing us at ArgusUKEnquiries@transunion.com.

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

 

2. What do we use personal data for?

 

This section explains the purposes for which we use personal data about you in connection with our Argus Advisory Portfolio Analytics services. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.

 

Benchmarking services and analytics projects

 

We use data to provide portfolio benchmarking services to credit card providers.

Card providers submit card transaction and account data to us. This data has had personal identifiers (such as names and addresses) about the cardholders removed. Instead of names and addresses, the data includes a separate identifier which allows us to connect together data relating to particular individuals without needing to know who those individuals are.

Once we have linked this data together, we use it to produce anonymised reports and analyses for our clients. Our clients may use the reports and analyses for a range of purposes. For example, they may use them to better understand their customers’ financial behaviour across different credit cards, or to understand how their customers’ financial behaviour changes in different economic situations.

We can also use the data to produce insight into the credit card industry as a whole. Our clients can use this information to help them understand trends in the UK credit card market and how their business is performing compared to their competitors.

Additional analytics projects are sometimes undertaken on an ad hoc basis, providing deeper insights into market data to support credit card providers’ strategic priorities.

Example: credit card benchmarking

A credit card company would like to make sure that its products are competitive and well-suited for its customers. To do that, it would like to understand the typical characteristics of its customers, and how their credit card use compares with other credit card companies’ customers.

The company makes a copy of its customer database, removes identifiers such as names and addresses, and adds a standardised reference number to each customer’s data. It supplies that information to us, and we use the reference numbers to match the data to data that we have received from other credit card companies. This allows us to analyse the financial behaviour of the company’s customers across different cards. This is used to generate a report for the company which it uses to improve its product offering.

 

Model building

 

We use data to carry out profiling activity which involves inferring new information about individuals. This activity includes the creation, validation and use of models and attributes which can be used by our clients for a range of different purposes such as fraud prevention and customer relationship management .

Models help us and our clients to determine the likelihood that a consumer with certain characteristics will act in a way that will produce certain outcomes. For example, an anti-fraud model can help to confirm that particular customers are less likely to intend to commit fraud. This information can be used by our clients to take steps accordingly. 

Example: fraud models

A credit card company would like to prevent fraudulent use of its credit cards. To do this, it wants to identify customers who have a higher likelihood of committing fraud so that it can put in place extra precautions to prevent potentially fraudulent behaviour by those people.

We use the data we hold to create a model which predicts the typical characteristics of a person who is more likely to commit fraud. We use this model on the credit card company’s customer data to generate a fraud risk score for each of the company’s customers. We supply those scores to the credit card company which uses them to implement additional anti-fraud checks for individuals who are considered more likely to commit fraud.

 

Product or systems development and testing  

 

We sometimes use personal data while improving, developing, monitoring, maintaining and testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise, pseudonymise or aggregate the data before doing this.

 

Consumer queries; legal and regulatory purposes

 

We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data.

Because we do not receive personal identifiers such as names and addresses from our clients, we will need different kinds of information from you in order to find your data in our database. This might include, for example, details of your credit card accounts and examples of some of your transactions.

 

 

Examples: legal and regulatory purposes

If you object to us processing your personal data we will need to use your personal data to assess your request.

If you make a complaint about us to our regulators, they will normally ask us to investigate your case. This will involve accessing your personal data in the course of that investigation.

Similarly, if you start court proceedings against us, we will normally need to review how we have used your personal data in order to defend ourselves against your claim.

 

3. What kinds of personal data do we use, and where do we get it from?

 

We obtain and use information from various different sources. These are summarised in the following table. As explained above, when we receive this information it has had direct identifiers such as names and addresses removed so that – although we can link together data which we believe relates to the same individuals – we do not know who those individuals are.

Type of informationDescriptionSource
Cardholder dataThis includes information about your card account and your transactions. It includes information such as your credit card type, credit limit, billing cycle dates, account balance, delinquency status and details of individual card transactions.This information is obtained from our clients.
Model scores This includes scores and attributes that we calculate based on the other data we hold.We create this information ourselves.
Other dataWe sometimes combine our clients’ data with data that we create ourselves or receive from other third parties to provide additional insight and analysis. For example, we may combine client data with geodemographic data about the people who live in particular postcodes. This information is created by us or obtained from other members of the TransUnion group or independent third party suppliers.
 

4. How long is the personal data kept for?

 

The cardholder data we receive for use in our Argus Advisory Portfolio Analytics services is generally kept for thirty years. This is because our services involve studying changes in card usage behaviour over long periods of time, including during different parts of the economic cycle and during significant events such as recessions and pandemics. 

 

5. What is our legal basis for handling personal data?

 

This section explains the basis on which we process your personal data.

 

Legitimate interests

 

The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.

The legitimate interests we are pursuing are:

  • Consumer insights for clients: Our clients have an interest in understanding, tracking and optimising their credit card portfolios and how their products compare to the rest of the market. This helps them to remain competitive and provide better products to their customers. Our clients also have an interest in understanding the likely behaviour of specific individuals, including the risk that they might act fraudulently.
  • Commercial interests: Like any commercial organisation, we and our clients seek to earn revenue through the services that we provide to our customers and clients.
 

Necessity for compliance with a legal obligation

 

We sometimes need to use your personal data in order to comply with a legal obligation that we are under. For example, if you submit a request to us for a copy of your personal data, either directly or through a third party that you have authorised to act on your behalf, we will be legally required to search for and provide that personal data. See section 9 below for details of what requests you can make and how to make them.

 

6. Who do we share the personal data with?

 

Our clients

 

Our benchmarking services generally do not involve returning personal data to our clients  . Instead, our clients receive a report setting out, at an aggregated level, information relating to their credit card portfolio and how it compares to the wider market.

As part of our model building services we provide our clients with model scores and attributes relating to specific individuals.

In some cases our clients may appoint an intermediary to act on their behalf; these intermediaries will often receive the output from our services too.

 

Our group companies

 

We may share your personal data with other members of the TransUnion group. If we do so, then those companies will use the data ways which are consistent with this privacy notice. A list of relevant TransUnion companies is set out below, although the list may be updated from time to time.

Group companyAddress
TransUnion Information Group Limited (company no. 4968328) One Park Lane, Leeds, West Yorkshire LS3 1EP
Argus Information and Advisory Services Limited (company no. 06445823) 
Callcredit Marketing Limited (company no. 2733070) 
 

We may also share your personal data with non-UK based companies within the wider TransUnion group. This includes:

  • Argus Information & Advisory Services Inc, 50 Main Street, Floor 6, White Plains, NY 10606
  • TransUnion LLC, 555 West Adams Street, Chicago, Illinois 60661
  • TransUnion Global Technology Centre LLP, 9th Floor, Block 2,DLF IT/ITES Special Economic Zone Shivaji Gardens, Moonlight Stop, Manapakkam Saidapet Tamil Nadu 600089
  • TransUnion Global Capability Centre Africa (Pty) Ltd, G floor, 9 & 10 floor,11 Alice Lane, Sandton, 2196, Gauteng, Johannesburg, South Africa 2197 
  • TransUnion Global Capability Center Costa Rica Limitada, San Jose-Escazu San Rafael, Trejos Montealegre, De Escazu Village, Three Hundred Meters to the West, Banco General Building, Sixth Floor
 

Service providers

 

We may provide your information to third parties who help us use it for the purposes described in section 2. These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.

 

Business transfers

 

If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.

 

Regulators and law enforcement

 

Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if required by law, or if required for the legal protection of our legitimate interests in compliance with applicable laws. For example, we may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.

 

Sharing of anonymised data with third parties

 

We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.

 

7. Where is the personal data stored and sent?

 

Within Europe

 

We are based in the United Kingdom, and will access and use your information from here. The TransUnion group also has operations elsewhere in Europe, and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.

 

Elsewhere

 

We also send information elsewhere in the world. For example:

  • Data is sent to and stored by Argus Information & Advisory Services Inc in the United States.
  • On some occasions our overseas group companies or branch offices based overseas may need to use the information in accordance with this notice.
  • We may use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that database for purposes such as technical support or system development and testing.

While the UK and countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:

  • Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
  • Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection. One example is the Data Privacy Framework that has been agreed between the UK, EU and US authorities.

If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.

 

8. Is the personal data used to make automated decisions about you or to profile you?

 

We perform the following automated decision-making and profiling activities using your personal data. When we refer to profiling, we mean using personal data to make predictions about you, or to categorise you into particular groups.

 

Profiling

 

Our benchmarking services use data to predict or infer information about groups of individuals, and we use that information to provide aggregated insights to our clients about their credit card portfolios.

Our model building services include individual-level profiling, such as inferring new information about specific consumers.

 

Decision-making

 

We do not use the data we receive to perform automated decision-making that has legal or similarly significant effects for you. Some of our clients could use the information we provide to help them with decision-making; in these cases you will need to refer to their privacy notice for information about that activity.

 

9. What are your rights in respect of the personal data that we hold about you?

 

You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please refer to the contact details in section 1.

It is normally not possible for us to identify specific individuals in the data we hold. This is because the data does not include individuals’ names, addresses or other such identifiers which can be used to directly link you to the data we might hold about you. In order for you to exercise your rights, you will therefore need to provide us with further information to enable us to find your data, such as details of recent bank transactions or other account details.

  • Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it. 
  • Objection to direct marketing: We do not use your personal data for direct marketing purposes  but you have the right to object to us doing so in the future.
  • Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
  • Objection to legitimate interests: If you disagree with us relying on the legitimate interests legal basis for using your personal data (see section 5 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
  • Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it.
  • Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

 

10. Who can you complain to if you are unhappy about the use of your personal data?

 

We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please email us at ArgusUKEnquiries@transunion.com.

You can also contact our Data Protection Officer at ukdpo@transunion.com

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries. 

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.