Business Contact Privacy Notice

Version: 1.11
Date adopted: 16 July 2024

This document provides information about how we use and share personal data relating to our business contacts.

In Brief

We use personal data to:

  • manage our relationship with our business contacts and to keep in touch with them
  • promote our products and services to our customers and potential customers

We use tracking, monitoring and profiling techniques as part of our marketing decisions to help us decide who to contact, about what, and when.

You have the right to object to our use of your personal data. Please see section 9 to find out more.

1.Who are we and how can you contact us?

2.What do we use personal data for?

3.What kinds of personal data do we use, and where do we get it from?

4.How long is the personal data kept for?

5.What is our legal basis for handling personal data?

6.Who do we share the personal data with?

7.Where is the personal data stored and sent?

8.Is the personal data used to make decisions about you or to profile you?

9.What are your rights in relation to the personal data we hold about you?

10.Who can you complain to if you are unhappy about the use of your personal data?

 

1. WHO ARE WE AND HOW CAN YOU CONTACT US?

 

About us

 

We are TransUnion Information Group (TU UK), which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP. The relevant members of TU UK are listed in section 6 below.

TU UK forms part of a larger group of TransUnion companies. However, this privacy notice only covers the activities of TU UK.

 

Joint controllers

 

Our group companies each control personal data about our business contacts and their representatives. This means that they are each responsible for ensuring that the personal data is used fairly and lawfully. The group companies often act jointly with one or more of the other group companies when making decisions about your personal data. In particular, they make joint decisions when sharing personal data with each other.

Our members of staff work across TU UK group companies so, where our group companies make decisions jointly, those members of staff will ensure that each company involved complies with data protection rules. You can contact our Consumer Services Team if you want to enquire about any of our group companies or exercise any of your rights in respect of your personal data.

 

Contact details

 

You can contact us about issues relating to personal data, including the contents of this notice, through our Consumer Enquiries page.

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

 

2. WHAT DO WE USE PERSONAL DATA FOR?

 

This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.

 

Relationship management

 

We use personal data for relationship management purposes. Relationship management is the ongoing maintenance of our relationship with our clients, suppliers and their representatives.

Examples: relationship management

Our relationship management activities may include:

  • letting you know about product changes or planned maintenance activity
  • contacting you with billing enquiries
  • inviting you to events and webinars
  • dealing with your enquiries
  • conducting surveys to collect feedback on your perceptions of us
  • asking you about what sorts of products or product features you want us to develop

Some of our relationship management activity involves profiling – please see section 8 for more details about this.

 

Marketing

 

We use personal data for marketing purposes, typically in relation to current or potential clients and their representatives. This includes providing you with original insight, commentary and research on data and software, early notifications of exclusive events, webinars and updates on our products and services. These communications may relate to any current member of TU UK (see section 6 for examples) and any future members of TU UK.

Examples: marketing

Our marketing activities may include:

  • contacting you by email, telephone or by post to let you know about our products and services
  • monitoring your interactions with us to help us understand which kinds of products and services you may be interested in so that we can tailor our marketing appropriately

Some of our marketing activity involves profiling – please see section 8 for more details about this.

We will not make contact with you for marketing purposes through any particular channel (such as email, telephone or post) if you have told us that you don’t want to hear from us in that way. Please note that if you ask us not to contact you for marketing purposes, you might still hear from us for other reasons – for example, as part of our ordinary relationship management activity.

 

Providing services

 

Sometimes we might need to use your personal data to provide you with information, services, alerts and facilities that you have asked for. For example, if you sign up to one of our webinars we might use your contact details to let you know how to access it.

If you are a registered user of one of our products, your personal data may be used within that product – please refer to the privacy notice available within the product or our Business Product & Technical Support Privacy Notice for more details.

 

Monitoring and improving our websites

 

We use information such as how different people navigate around our websites, how long they spend on particular pages and whether they download any of our content in order to help customise and improve the user experience of our websites. It also allows us to tailor the website to match your interests and preferences better and helps us understand who has visited which pages to determine the most popular areas of the website.

This information is also used for security and system administration and to generate aggregate non-personalised information for use by us, our business contacts, selected third parties, sponsors or advertisers (such as anonymous statistics related to the take up or use of services, or to patterns of browsing).

 

Legal and regulatory purposes

 

We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data.

Examples: legal and regulatory purposes

If you object to us processing your personal data for direct marketing purposes we will add your name to our suppression list in order to remove you from future direct marketing activities.

If you make a complaint about us to our regulators, they will normally ask us to investigate your case. This will involve accessing your personal data in the course of that investigation.

Similarly, if you start court proceedings against us, we will normally need to review how we have used your personal data in order to defend ourselves against your claim.

3. WHAT KINDS OF PERSONAL DATA DO WE USE, AND WHERE DO WE GET IT FROM?

 

We obtain and use information from various different sources. These are summarised in the following table.

Type of informationDescriptionSource
Name and contact detailsThis is basic personal data about you at your place of work, and how to get in touch with you.This information is usually provided directly by the relevant individuals; it could for example be given over the telephone, in an email, through our websites, or in person at an event.
Organisation-related detailsThis is information about your organisation and your role within it, such as your job title and who your colleagues are.
Login credentialsThis is information such as your username and password, which are recorded if you sign up to any of our web-based services.This information is provided by you or may sometimes be generated by us (for example, if we reset a password for you).
Contact historyThis is information about our dealings with you, such as what information we have sent you, who in TU UK knows you, and what meetings, events or webinars you have attended. It also includes your behaviour in response to our interactions with you, such as whether you have opened our emails, clicked on a link or watched a video.We produce these records ourselves.
Device informationThis is information about the device you are using to access our websites, such as the type of device, its operating system, browser, its IP address, and what cookies are on it.We produce these records ourselves.
Website usageThis is information about your use of our websites, such as what pages you have visited and what content you have downloaded.We produce this information ourselves by monitoring your use of our websites.
Flags and categoriesIn order to manage our contacts we may categorise you into different groups according to particular criteria. For example, we may classify you as a live opportunity if we think you may be interested in one of our products, or as a lapsed contact if we have not heard from you for a long time. We use this information to help us decide things like whether, when and how to contact you.We produce these records ourselves.

 

You are free to choose whether or not you give us your personal data. However, if you are signing up to one of our products or services we might not be able to provide you with that product or service if you do not give us the information we need in order to do so.

 

4. HOW LONG IS THE PERSONAL DATA KEPT FOR?

 

We will not keep your personal data for longer than we need it.

If you are a representative of one of our clients or potential clients, this means that we will normally keep your personal data while you or your employer have an ongoing relationship with us or if you have interacted with us (including our websites or communications) within the past two years. You can request us to delete it earlier as explained in section 9.

 

5. WHAT IS OUR LEGAL BASIS FOR HANDLING PERSONAL DATA?

 

This section explains the basis on which we process your personal data.

 

Legitimate interests

 

The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data. We rely on this condition for most of our processing activities.

The legitimate interests we are pursuing are:

InterestExplanation
Maintaining and using our business relationships; understanding and keeping in touch with our customers and suppliers

We have an interest in maintaining and making use of our relationship with you. For example, if you work for one of our clients we may need to contact you in connection with one of the products that your employer has purchased from us. Or if you work for one of our suppliers we may need to contact you about a product that your employer supplies to us.

We also have an interest in understanding what kinds of people use our products and services and how they use them.

MarketingWe have an interest in promoting our products and services to our clients and potential clients.
Helping people learn about products and services that might be of use to themOur clients and potential clients have an interest in learning about products and services that they might find useful.
Monitoring and securing our systems and dataSome of the ways we use personal data are justified by the need to ensure that our systems and the data we make available through the website are kept secure and only made available to the correct people.
Commercial interestsLike any commercial organisation, we seek to earn revenue through the services that we provide to our customers and clients.

 

Other legal bases

 

In some circumstances, we may have other bases to process personal data. These are set out in the following table, along with examples of the circumstances in which they might apply.

Legal BasisExamples
ConsentWe may in some circumstances rely on your consent. In those circumstances you will specifically be asked whether you agree to us using your data in specified ways, for example when you fill in a web form on our website and tick a box indicating that you wish to receive marketing emails or telephone calls from us. You can withdraw the consent at any time – please see section 9.
Necessary for performance of a contract or to take steps for entering into a contract.If you sign up to one of our products or services, it will often be necessary for us to use your details in order to provide that product or service.
Necessary in order to comply with a legal obligation.Regulators, government bodies and courts have powers to order us to provide information and, like any other organisation, we sometimes have to comply with their requests.

 

6. WHO DO WE SHARE THE PERSONAL DATA WITH?

 

Our group companies

 

We may share your personal data among the members of TU UK. If we do so, then use of the data by those companies will be governed by this privacy notice. A list of relevant TU UK companies is set out below, although the list may be updated from time to time.

Group companyMain trading address and registered office
TransUnion Information Group Limited
(company no. 4968328)
One Park Lane, Leeds, West Yorkshire LS3 1EP
TransUnion International UK Limited
(company no. 3961870)
Callcredit Marketing Limited
(company no. 2733070)
TransUnion Information Group Spain SLU
(tax ID number B87839510)
Av. de la Industria, 18, 28760 Tres Cantos, Madrid, Spain
Confirma Sistemas de Información, S.L.
(tax ID number B86303757)
Soluciones Confirma ASNEF-SIGNE, S.L.
(tax ID number B86016649)

 

We may also share your personal data with other companies within the wider TransUnion group. This includes:

  • TransUnion LLC, 555 West Adams Street, Chicago, Illinois 60661
  • TransUnion Global Technology Centre LLP, 9th Floor, Block 2,DLF IT/ITES Special Economic Zone Shivaji Gardens, Moonlight Stop, Manapakkam Saidapet Tamil Nadu 600089
  • TransUnion Global Capability Centre Africa (Pty) Ltd, G floor, 9 & 10 floor,11 Alice Lane, Sandton, 2196, Gauteng, Johannesburg, South Africa 2197 
  • TransUnion Global Capability Center Costa Rica Limitada, San Jose-Escazu San Rafael, Trejos Montealegre, De Escazu Village, Three Hundred Meters to the West, Banco General Building, Sixth Floor


Service providers

 

We may provide your information to third parties who help us use it for the purposes described in section 2. For example:

  • Our database of personal data may be hosted by third parties on our behalf. For example, we use cloud-based services such as Salesforce and Eloqua to help us host, manage, analyse and use our databases of personal data.
  • We may use external service providers to help us perform and manage sales and relationship management activity.
  • We use printing companies to produce and send personalised direct mail or other correspondence.
  • We use market research companies to help us better understand our customers.
  • Our auditors may obtain access to personal data in the course of accounting audits.
  • Some of our products and services rely on us sending personal data to third parties who then analyse or enhance it and return the results to us.

These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.

 

Online advertising platforms

 

We may use third party advertising platform providers such as Google to serve advertisements to you. These third parties may use information about your visits to our and other websites in order to provide you with advertising about products and services that may be of interest to you.

Sometimes we may provide information associated with you to third parties who operate other websites (such as social media platforms) so that we can show you relevant advertisements while you are using those websites. This information will be protected so that you can only be identified if the third party already knows you – the information we provide only tells them that you are a business contact of ours.

You can configure your advertising preferences on social media such as Facebook, Twitter, Instagram or Pinterest by accessing your settings or preference options on the relevant platform. If you no longer want to receive personalised advertising on any website you visit, you can usually opt out directly through the privacy policy of the particular website you are accessing. Please note that this will not block ads that are displayed on the websites you visit; it will simply stop you receiving advertising that has been tailored to your interests. This opt-out relies on a cookie, so if you wipe all your cookies then that website will no longer know that you have opted out. The same applies if you use a different internet browser or use a new computer to access the internet. You can also opt out of such advertising by visiting the IAB opt-out platform at www.youronlinechoices.com, but please note that this and other platforms only allow you to opt out of interest-based advertising delivered by registered members.

 

Business transfers

 

If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.

 

Regulators

 

We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.

 

Sharing of anonymised data with third parties

 

We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.

 

7. WHERE IS THE PERSONAL DATA STORED AND SENT?

 

Within the UK and EU

 

We are based in the United Kingdom, and will access and use your information from here. However, we also have operations elsewhere in Europe and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.

 

Elsewhere

 

We also send information elsewhere in the world. For example:

  • We make use of TransUnion group service companies (referred to as Global Capability Centres, or GCCs) located in India, South Africa, Costa Rica and the United States. See section 6 for more details.
  • When one of other our overseas group companies based overseas needs to use the information in accordance with this notice.
  • Where we use cloud-based technology or a data centre or backup facility overseas. For example, our marketing database is currently hosted by a service provider in the Netherlands. People in other countries, including South Africa and India, may also need to access that database for purposes such as technical support or system development and testing.

While the UK and countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:

  • Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
  • Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection.

If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.

 

8. IS THE PERSONAL DATA USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU?

 

We perform the following automated decision-making and profiling activities using your personal data. When we refer to profiling, we mean using personal data to make predictions about you, or to categorise you into particular groups.

 

Individual-level profiling

 

We use certain profiling techniques in order to help us to understand our clients and potential clients. This in turn helps us to understand which people might be interested in which of our products and services.

Examples: profiling

We categorise our business contacts according to the type of organisation and job they work in and target our advertising accordingly. For example, we might decide that managers who work in the risk team of a bank would be interested in hearing about our credit risk assessment products, and we may contact them about those products accordingly.

We use information about a person’s past history of dealings with us in order to predict whether and when they might wish to purchase a particular product from us. We use this to help decide when to contact them and what products to tell them about.

Decision-making

 

The activities covered by this privacy notice do not include any automated decision-making by us that has legal or similarly significant effects on you. For example, we do not use it to set the prices that we charge for our products and services.

 

9. WHAT ARE YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU?

 

You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please contact us through our Consumer Enquiries page.

  • Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it.
  • Withdrawal of consent: When we rely on your consent to use your data (see section 5 above), you have the right to withdraw that consent at any time. You can do this by contacting us, or (in the case of emails that are sent on the basis of consent) by clicking the “unsubscribe” link.
  • Objection to direct marketing: You have the right to object to us using your personal data for direct marketing purposes. If you do this we will stop using it for those purposes.
  • Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
  • Objection to legitimate interests: If you disagree with us relying on the legitimate interests legal basis for using your personal data (see section 5 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
  • Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it.
  • Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
  • Portability: You have the right to receive some limited kinds of information in a portable format.

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

 

10. WHO YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA

 

We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us through our Consumer Enquiries page.

You can also contact our Data Protection Officer at ukdpo@transunion.com.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.