Business Product & Technical Support Privacy Notice

Version: 1.7
Date adopted: 2 July 2024

This privacy notice provides information about how we use and share personal data relating to users of our business products and our technical support facilities. It also describes your data protection rights, including a right to object to some of the processing which TransUnion carries out. More information about your rights, and how to exercise them, is set out in section 9 below.

In Brief

We use personal data to administer your access to our products and monitor the use of our products.

In some circumstances we may provide the organisation you work for with information about your use of our products.

You have the right to object to our use of your personal data. Please see section 9 to find out more.

This privacy notice covers the following topics:

1. Who are we and how can you contact us?

2. What do we use personal data for?

3. What kinds of personal data do we use, and where do we get it from?

4. How long is the personal data kept for?

5. What is our legal basis for handling personal data?

6. Who do we share the personal data with?

7. Where is the personal data stored and sent?

8. Is the personal data used to make decisions about you or to profile you?

9. What are your rights?

10. Who can you complain to if you are unhappy about the use of your personal data?

11. What cookies are used on our websites that offer business product and technical support facilities?

 

1. WHO ARE WE AND HOW CAN YOU CONTACT US?

 

About Us

 

We are TransUnion Information Group (TU UK), which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP. The members of TU UK are listed in section 6 below.

TU UK forms part of a larger group of companies. However, this privacy notice only covers the activities of TU UK.

One or more TU UK companies act as the controller of your personal data for the purposes of this privacy notice, depending on which of them operates the relevant product. The controllers are responsible for ensuring that the personal data is used fairly and lawfully.

 

Joint controllers

 

TU UK companies sometimes act jointly with one or more of the other TU UK companies when making decisions about your personal data. In particular, this happens when TU UK companies are sharing personal data with each other.

Our members of staff work across TU UK group companies so, where our group companies make decisions jointly, those members of staff will ensure that each company involved complies with data protection rules. Please contact our Consumer Services Team if you want to understand more about the allocation of data protection obligations between our group companies or if you want to exercise your data protection rights.

 

Contact details

 

If you wish to contact us about matters relating to one of our products, please contact the relevant service desk or your client relationship manager.

If you wish to contact us about matters relating to our use of your personal data, or the contents of this notice, you can do so through our Consumer Enquiries page.

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

 

2. WHAT DO WE USE PERSONAL DATA FOR?

 

This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.

 

Operating our products and administering accounts

 

We use personal data to operate our products and administer the accounts of people who use them.

Example

We hold username and password details in order to control access to the products.

 

Security and breach reporting

 

We monitor access to our products in order to help ensure that those products and the data they make available are only accessed by people who are authorised to have access to them. If we detect suspicious activity we may suspend an account and investigate.

 

Feedback to clients

 

Sometimes we share data with clients (or their affiliates, business partners or group companies) about how their members of staff are using our products – for example, how often their staff member is using a product or what they are using it for. Clients might typically ask for this information for routine product management purposes (such as to decide whether they need to continue buying the product), or for staff management purposes (for example, to check whether their staff are only using the products properly and in the course of their employment).

In some cases, such as where the information shows misconduct on the part of a client’s member of staff, the information we provide might be used against the relevant staff member as part of a disciplinary process.

Example

A bank suspects that one of its staff members is performing unauthorised credit report searches on individuals. The bank asks us for details of what searches have been done by that person. The bank uses this information to support its internal investigations into that staff member’s actions.

Monitoring and improving our products

 

We use information such as how different people use our products, how long they spend on particular tasks and what sort of information they obtain in order to help customise and improve the products.

This information is also used for security and system administration and to generate aggregate non-personalised information for use by us or our clients.

Product or systems development and testing

 

We may sometimes use personal data while improving, developing or testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise or pseudonymise the data before doing this.

Providing technical support and responding to queries

 

If you contact us with a query about a product or service that we are providing, we will use your personal data in order to provide you with the assistance you ask for. This will include contacting you about your request.

We may sometimes need to contact you about support queries that have been raised by our other users.

Legal and regulatory purposes

 

We may sometimes need to use your personal data for legal and regulatory purposes.

Examples: legal and regulatory purposes

If you object to us processing your personal data we will need to use your personal data to assess your request.

If you make a complaint about us to our regulators, they will normally ask us to investigate your case. This will involve accessing your personal data in the course of that investigation.

Similarly, if you start court proceedings against us, we will normally need to review how we have used your personal data in order to defend ourselves against your claim.

3. WHAT KINDS OF PERSONAL DATA DO WE USE, AND WHERE DO WE GET IT FROM?

 

We obtain and use information from various different sources. These are summarised in the following table.

Type of informationDescriptionSource
Basic information about you and how to contact youThis is information such as your name, email address and job title.We obtain this information from you or your employer when we set up your account or when we are subsequently told that the information has changed.
Login credentials

This is your username, password and other information used to control access to the product.

Product usageThis is information about how and when you use the product. It includes information about the dates and times on which you accessed the product, the IP address you accessed it from, and how you used the product when you were logged in.We obtain this information by monitoring your use of the product.
Your requests and enquiriesThis is information you provide us with as part of a technical support query or other request or enquiry.We obtain this information directly from you.

 

It is mandatory for you to provide us with your personal data in order for us to be able to provide our products correctly. It is not mandatory for you to provide us with your personal data in relation to technical support requests, but we may not be able to help you if you do not provide that information.

 

4. HOW LONG IS THE PERSONAL DATA KEPT FOR?

We will keep your personal data for as long as you are a registered user of any of our products and may keep it for an additional period of time from when your account is closed. We keep the data for that additional period of time in order to investigate any data supply or data load issues, restore our systems in the event of a data loss incident, and in order to investigate and respond to any complaints, claims and enquiries that we may receive from you, your employer (or its affiliates) or our regulators.

 

5. WHAT IS OUR LEGAL BASIS FOR HANDLING PERSONAL DATA?

This section explains the legal basis on which we process your personal data.

 

Legitimate interests

 

The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.

The legitimate interests we are pursuing are:

InterestExplanation
Making our products and services available to clientsWe need to make our products and services available to clients in order for our business to function.
Developing and improving our productsWe have an interest in improving our products in order to help ensure that we remain competitive.
Monitoring and securing our systems and dataSome of the ways we use personal data are justified by the need to ensure that our systems and the data we make available through the website are kept secure and only made available to the correct people.
Maintaining our relationships with our clientsWe have an interest in developing and maintaining good relationships with our clients.
Commercial interests

Like other commercial organisations, we seek to earn revenue through the products and services that we provide to our customers and clients. We achieve this through some of the other activities described above, such as improving our products and maintaining good client relationships.

 

6. WHO DO WE SHARE THE PERSONAL DATA WITH?

 

Our group companies

 

We may share your personal data among the members of TU UK where necessary for the purposes specified in section 2. If we do so, then use of the data by those companies will be governed by this privacy notice. A list of TU UK companies is set out below, although the list may be updated from time to time.

Group company

Main trading address and registered office

TransUnion Information Group Limited
(company no. 4968328)

One Park Lane, Leeds, West Yorkshire LS3 1EP

TransUnion International UK Limited
(company no. 3961870)

Callcredit Marketing Limited
(company no. 2733070)

TransUnion Information Group Spain SLU
(tax ID number B87839510)

Av. de la Industria, 18, 28760 Tres Cantos, Madrid, Spain

Confirma Sistemas de Información, S.L.
(tax ID number B86303757)

Soluciones Confirma ASNEF-SIGNE, S.L.
(tax ID number B86016649)

 

We may also share your personal data with other non-UK based companies within the wider TransUnion group. This includes:

  • TransUnion LLC, 555 West Adams Street, Chicago, Illinois 60661
  • TransUnion Global Technology Centre LLP, 9th Floor, Block 2,DLF IT/ITES Special Economic Zone Shivaji Gardens, Moonlight Stop, Manapakkam Saidapet Tamil Nadu 600089
  • TransUnion Global Capability Centre Africa (Pty) Ltd, G floor, 9 & 10 floor,11 Alice Lane, Sandton, 2196, Gauteng, Johannesburg, South Africa 2197 
  • TransUnion Global Capability Center Costa Rica Limitada, San Jose-Escazu San Rafael, Trejos Montealegre, De Escazu Village, Three Hundred Meters to the West, Banco General Building, Sixth Floor

 

Clients

 

As mentioned in section 2, we may supply information about your use of the product to your employer (or to its affiliates, business partners or group companies) if they ask us to do so.

 

Service providers

 

We may provide your information to third parties who help us use it for the purposes described in section 2. For example:

  • Our products may be hosted by third parties on our behalf.
  • We may use a third party email broadcasting service in order to send you service emails about your account.

These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.

 

Third parties who help us deal with enquiries

 

Sometimes we may need to supply information to third parties (such as our service providers or other companies in the TransUnion group) in order to deal with a support request or other enquiry.

 

Business transfers

 

If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.

 

Regulators and law enforcement

 

Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if required by law, or if required for the legal protection of our legitimate interests in compliance with applicable laws. For example, we may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.

 

Sharing of anonymised data with third parties

 

We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.

 

7. WHERE IS THE PERSONAL DATA STORED AND SENT?

Within the UK and EU

 

We are based in the United Kingdom and will access and use your information from here. However, we also have operations in the European Union, and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.

 

Elsewhere

 

We also send information elsewhere in the world. For example:

  • We make use of TransUnion group service companies (referred to as Global Capability Centres, or GCCs), located in India, South Africa, Costa Rica and the United States. See section 6 for more details.
  • When one of our other overseas group companies or branch offices based overseas needs to use the information in accordance with this notice.
  • Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that database for purposes such as technical support or system development and testing.

While the United Kingdom and countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:

  • Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
  • Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection. One example is the Data Privacy Framework that has been agreed between the UK, European and US authorities.

If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.

 

8. IS THE PERSONAL DATA USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU?

We do not use automated decision-making or profiling to make any decisions that will significantly affect you in connection with the activities described in this privacy notice.

 

9. WHAT ARE YOUR RIGHTS?

You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please visit our Consumer Enquiries page.

  • Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it.
  • Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
  • Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your personal data (see section 5 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
  • Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it.
  • Withdrawal of consent: We do not rely on consent to use your personal data (see section 5 above) so your right to withdrawal of consent does not apply.
  • Objection to direct marketing: We do not use your personal data for direct marketing purposes but you have the right to object to us doing so in the future.
  • Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
  • Portability: We do not rely on consent to use your personal data (see section 5 above) so your right to data portability does not apply.

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

 

10. WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA?

We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us using our Consumer Enquiries page.

You can also contact our Data Protection Officer at ukdpo@transunion.com.

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

 

11. WHAT COOKIES ARE USED ON OUR WEBSITES THAT OFFER BUSINESS PRODUCT AND TECHNICAL SUPPORT FACILITIES?

We use cookies and similar technologies on our websites that offer business product and technical support facilities (referred to below as the business product website(s)) to distinguish you from other users of the business product website. This helps us to provide you with a good user experience and also allows us to personalise and improve the business product website (including its security).

A cookie is a small file of letters and numbers that we put on your device. We use the following kinds of cookie:

  • Strictly necessary cookies. These are cookies that are required for the operation of the business product website. They include, for example, cookies that enable you to log into secure areas of the business product website.
  • Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around the business product website when they are using it. This helps us to improve the way our business product website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These are used to recognise you when you return to our business product website. This enables us to personalise our content for you, greet you by name and remember your preferences.

You can find more information about the individual cookies we use and the purposes for which we use them on each of the relevant business product website (to the extent applicable). In addition, each of our business product websites use the following strictly necessary cookie:

Name

Purpose

_cfduid, _cf_bm

Third party cookie used for security and fraud prevention purposes (namely the detection of malicious visitors).

You can block cookies using your browser settings that allow you to refuse all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access parts of our business product websites or use some of its features. For more information about this, and about cookies in general, you may wish to visit www.aboutcookies.org.