Version: 1.0
Updated: 4 September 2024
This privacy notice provides information about how we use and share personal data relating to our Argus Advisory Portfolio Analytics services. It also describes your data protection rights, including a right to object to some of the activities we carry out. More information about your rights, and how to exercise them, is set out in section 9 below.
We collect card transaction and account data from credit card companies, combine it together, and use it to produce reports for them containing insights into their products, how consumers use them, and how they compare to other credit card companies. We also use the data to produce models to infer new information about individuals, and we supply this information to our clients.
The data we receive from credit card companies does not include identifiers such as names and addresses, and the reports we provide them with are not about specific individuals. When we infer new information about individuals, however, our clients can link this back to specific customers.
You have the right to object to our use of your personal data. Please see section 9 to find out more.
This privacy notice covers the following topics:
We are TransUnion International UK Limited (“TransUnion UK”), which is a company registered in England and Wales with company number 03961870. Our trading address and registered office is at One Park Lane, Leeds, West Yorkshire LS3 1EP.
We are part of TransUnion, a group of companies with operations in many countries around the world, but this privacy notice only covers our Argus Advisory Portfolio Analytics services.
We are a controller of the personal data covered by this privacy notice. This means that we are responsible for ensuring that the data is used fairly and lawfully.
We sometimes act jointly with one or more of the other TransUnion companies when making decisions about your personal data. In particular, we sometimes make joint decisions when we and another TransUnion company are sharing personal data with each other. In other cases, a TransUnion group company may process data solely on our instructions.
Our members of staff often work across TransUnion group companies so, where our group companies make decisions jointly, those members of staff will ensure that each company involved complies with data protection rules. You can contact us using the details below if you want to enquire about any of our group companies or exercise any of your rights in respect of your personal data.
You can contact us about issues relating to our use of personal data in our Argus Advisory Portfolio Analytics services by emailing us at ArgusUKEnquiries@transunion.com.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.
This section explains the purposes for which we use personal data about you in connection with our Argus Advisory Portfolio Analytics services. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.
We use data to provide portfolio benchmarking services to credit card providers.
Card providers submit card transaction and account data to us. This data has had personal identifiers (such as names and addresses) about the cardholders removed. Instead of names and addresses, the data includes a separate identifier which allows us to connect together data relating to particular individuals without needing to know who those individuals are.
Once we have linked this data together, we use it to produce anonymised reports and analyses for our clients. Our clients may use the reports and analyses for a range of purposes. For example, they may use them to better understand their customers’ financial behaviour across different credit cards, or to understand how their customers’ financial behaviour changes in different economic situations.
We can also use the data to produce insight into the credit card industry as a whole. Our clients can use this information to help them understand trends in the UK credit card market and how their business is performing compared to their competitors.
Additional analytics projects are sometimes undertaken on an ad hoc basis, providing deeper insights into market data to support credit card providers’ strategic priorities.
A credit card company would like to make sure that its products are competitive and well-suited for its customers. To do that, it would like to understand the typical characteristics of its customers, and how their credit card use compares with other credit card companies’ customers.
The company makes a copy of its customer database, removes identifiers such as names and addresses, and adds a standardised reference number to each customer’s data. It supplies that information to us, and we use the reference numbers to match the data to data that we have received from other credit card companies. This allows us to analyse the financial behaviour of the company’s customers across different cards. This is used to generate a report for the company which it uses to improve its product offering.
We use data to carry out profiling activity which involves inferring new information about individuals. This activity includes the creation, validation and use of models and attributes which can be used by our clients for a range of different purposes such as fraud prevention and customer relationship management .
Models help us and our clients to determine the likelihood that a consumer with certain characteristics will act in a way that will produce certain outcomes. For example, an anti-fraud model can help to confirm that particular customers are less likely to intend to commit fraud. This information can be used by our clients to take steps accordingly.
A credit card company would like to prevent fraudulent use of its credit cards. To do this, it wants to identify customers who have a higher likelihood of committing fraud so that it can put in place extra precautions to prevent potentially fraudulent behaviour by those people.
We use the data we hold to create a model which predicts the typical characteristics of a person who is more likely to commit fraud. We use this model on the credit card company’s customer data to generate a fraud risk score for each of the company’s customers. We supply those scores to the credit card company which uses them to implement additional anti-fraud checks for individuals who are considered more likely to commit fraud.
We sometimes use personal data while improving, developing, monitoring, maintaining and testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise, pseudonymise or aggregate the data before doing this.
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data.
Because we do not receive personal identifiers such as names and addresses from our clients, we will need different kinds of information from you in order to find your data in our database. This might include, for example, details of your credit card accounts and examples of some of your transactions.
If you object to us processing your personal data we will need to use your personal data to assess your request.
If you make a complaint about us to our regulators, they will normally ask us to investigate your case. This will involve accessing your personal data in the course of that investigation.
Similarly, if you start court proceedings against us, we will normally need to review how we have used your personal data in order to defend ourselves against your claim.
We obtain and use information from various different sources. These are summarised in the following table. As explained above, when we receive this information it has had direct identifiers such as names and addresses removed so that – although we can link together data which we believe relates to the same individuals – we do not know who those individuals are.
Type of information | Description | Source |
---|---|---|
Cardholder data | This includes information about your card account and your transactions. It includes information such as your credit card type, credit limit, billing cycle dates, account balance, delinquency status and details of individual card transactions. | This information is obtained from our clients. |
Model scores | This includes scores and attributes that we calculate based on the other data we hold. | We create this information ourselves. |
Other data | We sometimes combine our clients’ data with data that we create ourselves or receive from other third parties to provide additional insight and analysis. For example, we may combine client data with geodemographic data about the people who live in particular postcodes. | This information is created by us or obtained from other members of the TransUnion group or independent third party suppliers. |
The cardholder data we receive for use in our Argus Advisory Portfolio Analytics services is generally kept for thirty years. This is because our services involve studying changes in card usage behaviour over long periods of time, including during different parts of the economic cycle and during significant events such as recessions and pandemics.
This section explains the basis on which we process your personal data.
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
The legitimate interests we are pursuing are:
We sometimes need to use your personal data in order to comply with a legal obligation that we are under. For example, if you submit a request to us for a copy of your personal data, either directly or through a third party that you have authorised to act on your behalf, we will be legally required to search for and provide that personal data. See section 9 below for details of what requests you can make and how to make them.
Our benchmarking services generally do not involve returning personal data to our clients . Instead, our clients receive a report setting out, at an aggregated level, information relating to their credit card portfolio and how it compares to the wider market.
As part of our model building services we provide our clients with model scores and attributes relating to specific individuals.
In some cases our clients may appoint an intermediary to act on their behalf; these intermediaries will often receive the output from our services too.
We may share your personal data with other members of the TransUnion group. If we do so, then those companies will use the data ways which are consistent with this privacy notice. A list of relevant TransUnion companies is set out below, although the list may be updated from time to time.
Group company | Address |
---|---|
TransUnion Information Group Limited (company no. 4968328) | One Park Lane, Leeds, West Yorkshire LS3 1EP |
Argus Information and Advisory Services Limited (company no. 06445823) | |
Callcredit Marketing Limited (company no. 2733070) |
We may also share your personal data with non-UK based companies within the wider TransUnion group. This includes:
We may provide your information to third parties who help us use it for the purposes described in section 2. These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if required by law, or if required for the legal protection of our legitimate interests in compliance with applicable laws. For example, we may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.
We are based in the United Kingdom, and will access and use your information from here. The TransUnion group also has operations elsewhere in Europe, and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.
We also send information elsewhere in the world. For example:
While the UK and countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:
If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.
We perform the following automated decision-making and profiling activities using your personal data. When we refer to profiling, we mean using personal data to make predictions about you, or to categorise you into particular groups.
Our benchmarking services use data to predict or infer information about groups of individuals, and we use that information to provide aggregated insights to our clients about their credit card portfolios.
Our model building services include individual-level profiling, such as inferring new information about specific consumers.
We do not use the data we receive to perform automated decision-making that has legal or similarly significant effects for you. Some of our clients could use the information we provide to help them with decision-making; in these cases you will need to refer to their privacy notice for information about that activity.
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please refer to the contact details in section 1.
It is normally not possible for us to identify specific individuals in the data we hold. This is because the data does not include individuals’ names, addresses or other such identifiers which can be used to directly link you to the data we might hold about you. In order for you to exercise your rights, you will therefore need to provide us with further information to enable us to find your data, such as details of recent bank transactions or other account details.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please email us at ArgusUKEnquiries@transunion.com.
You can also contact our Data Protection Officer at ukdpo@transunion.com.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.