Version: 1.7
Date adopted: 2 July 2024
This privacy notice provides information about how we use and share personal data relating to users of our business products and our technical support facilities. It also describes your data protection rights, including a right to object to some of the processing which TransUnion carries out. More information about your rights, and how to exercise them, is set out in section 9 below.
We use personal data to administer your access to our products and monitor the use of our products.
In some circumstances we may provide the organisation you work for with information about your use of our products.
You have the right to object to our use of your personal data. Please see section 9 to find out more.
This privacy notice covers the following topics:
1. Who are we and how can you contact us?
2. What do we use personal data for?
3. What kinds of personal data do we use, and where do we get it from?
4. How long is the personal data kept for?
5. What is our legal basis for handling personal data?
6. Who do we share the personal data with?
7. Where is the personal data stored and sent?
8. Is the personal data used to make decisions about you or to profile you?
10. Who can you complain to if you are unhappy about the use of your personal data?
11. What cookies are used on our websites that offer business product and technical support facilities?
We are TransUnion Information Group (TU UK), which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP. The members of TU UK are listed in section 6 below.
TU UK forms part of a larger group of companies. However, this privacy notice only covers the activities of TU UK.
One or more TU UK companies act as the controller of your personal data for the purposes of this privacy notice, depending on which of them operates the relevant product. The controllers are responsible for ensuring that the personal data is used fairly and lawfully.
TU UK companies sometimes act jointly with one or more of the other TU UK companies when making decisions about your personal data. In particular, this happens when TU UK companies are sharing personal data with each other.
Our members of staff work across TU UK group companies so, where our group companies make decisions jointly, those members of staff will ensure that each company involved complies with data protection rules. Please contact our Consumer Services Team if you want to understand more about the allocation of data protection obligations between our group companies or if you want to exercise your data protection rights.
If you wish to contact us about matters relating to one of our products, please contact the relevant service desk or your client relationship manager.
If you wish to contact us about matters relating to our use of your personal data, or the contents of this notice, you can do so through our Consumer Enquiries page.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.
We use personal data to operate our products and administer the accounts of people who use them.
We hold username and password details in order to control access to the products.
We monitor access to our products in order to help ensure that those products and the data they make available are only accessed by people who are authorised to have access to them. If we detect suspicious activity we may suspend an account and investigate.
Sometimes we share data with clients (or their affiliates, business partners or group companies) about how their members of staff are using our products – for example, how often their staff member is using a product or what they are using it for. Clients might typically ask for this information for routine product management purposes (such as to decide whether they need to continue buying the product), or for staff management purposes (for example, to check whether their staff are only using the products properly and in the course of their employment).
In some cases, such as where the information shows misconduct on the part of a client’s member of staff, the information we provide might be used against the relevant staff member as part of a disciplinary process.
A bank suspects that one of its staff members is performing unauthorised credit report searches on individuals. The bank asks us for details of what searches have been done by that person. The bank uses this information to support its internal investigations into that staff member’s actions.
We use information such as how different people use our products, how long they spend on particular tasks and what sort of information they obtain in order to help customise and improve the products.
This information is also used for security and system administration and to generate aggregate non-personalised information for use by us or our clients.
We may sometimes use personal data while improving, developing or testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise or pseudonymise the data before doing this.
If you contact us with a query about a product or service that we are providing, we will use your personal data in order to provide you with the assistance you ask for. This will include contacting you about your request.
We may sometimes need to contact you about support queries that have been raised by our other users.
We may sometimes need to use your personal data for legal and regulatory purposes.
If you object to us processing your personal data we will need to use your personal data to assess your request.
If you make a complaint about us to our regulators, they will normally ask us to investigate your case. This will involve accessing your personal data in the course of that investigation.
Similarly, if you start court proceedings against us, we will normally need to review how we have used your personal data in order to defend ourselves against your claim.
We obtain and use information from various different sources. These are summarised in the following table.
Type of information | Description | Source |
---|---|---|
Basic information about you and how to contact you | This is information such as your name, email address and job title. | We obtain this information from you or your employer when we set up your account or when we are subsequently told that the information has changed. |
Login credentials | This is your username, password and other information used to control access to the product. | |
Product usage | This is information about how and when you use the product. It includes information about the dates and times on which you accessed the product, the IP address you accessed it from, and how you used the product when you were logged in. | We obtain this information by monitoring your use of the product. |
Your requests and enquiries | This is information you provide us with as part of a technical support query or other request or enquiry. | We obtain this information directly from you. |
It is mandatory for you to provide us with your personal data in order for us to be able to provide our products correctly. It is not mandatory for you to provide us with your personal data in relation to technical support requests, but we may not be able to help you if you do not provide that information.
We will keep your personal data for as long as you are a registered user of any of our products and may keep it for an additional period of time from when your account is closed. We keep the data for that additional period of time in order to investigate any data supply or data load issues, restore our systems in the event of a data loss incident, and in order to investigate and respond to any complaints, claims and enquiries that we may receive from you, your employer (or its affiliates) or our regulators.
This section explains the legal basis on which we process your personal data.
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
The legitimate interests we are pursuing are:
Interest | Explanation |
---|---|
Making our products and services available to clients | We need to make our products and services available to clients in order for our business to function. |
Developing and improving our products | We have an interest in improving our products in order to help ensure that we remain competitive. |
Monitoring and securing our systems and data | Some of the ways we use personal data are justified by the need to ensure that our systems and the data we make available through the website are kept secure and only made available to the correct people. |
Maintaining our relationships with our clients | We have an interest in developing and maintaining good relationships with our clients. |
Commercial interests | Like other commercial organisations, we seek to earn revenue through the products and services that we provide to our customers and clients. We achieve this through some of the other activities described above, such as improving our products and maintaining good client relationships. |
We may share your personal data among the members of TU UK where necessary for the purposes specified in section 2. If we do so, then use of the data by those companies will be governed by this privacy notice. A list of TU UK companies is set out below, although the list may be updated from time to time.
Group company | Main trading address and registered office |
---|---|
TransUnion Information Group Limited | One Park Lane, Leeds, West Yorkshire LS3 1EP |
TransUnion International UK Limited | |
Callcredit Marketing Limited | |
TransUnion Information Group Spain SLU | Av. de la Industria, 18, 28760 Tres Cantos, Madrid, Spain |
Confirma Sistemas de Información, S.L. | |
Soluciones Confirma ASNEF-SIGNE, S.L. |
We may also share your personal data with other non-UK based companies within the wider TransUnion group. This includes:
As mentioned in section 2, we may supply information about your use of the product to your employer (or to its affiliates, business partners or group companies) if they ask us to do so.
We may provide your information to third parties who help us use it for the purposes described in section 2. For example:
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.
Sometimes we may need to supply information to third parties (such as our service providers or other companies in the TransUnion group) in order to deal with a support request or other enquiry.
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if required by law, or if required for the legal protection of our legitimate interests in compliance with applicable laws. For example, we may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.
We are based in the United Kingdom and will access and use your information from here. However, we also have operations in the European Union, and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.
We also send information elsewhere in the world. For example:
While the United Kingdom and countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:
If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.
We do not use automated decision-making or profiling to make any decisions that will significantly affect you in connection with the activities described in this privacy notice.
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please visit our Consumer Enquiries page.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us using our Consumer Enquiries page.
You can also contact our Data Protection Officer at ukdpo@transunion.com.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
We use cookies and similar technologies on our websites that offer business product and technical support facilities (referred to below as the business product website(s)) to distinguish you from other users of the business product website. This helps us to provide you with a good user experience and also allows us to personalise and improve the business product website (including its security).
A cookie is a small file of letters and numbers that we put on your device. We use the following kinds of cookie:
You can find more information about the individual cookies we use and the purposes for which we use them on each of the relevant business product website (to the extent applicable). In addition, each of our business product websites use the following strictly necessary cookie:
Name | Purpose |
---|---|
_cfduid, _cf_bm | Third party cookie used for security and fraud prevention purposes (namely the detection of malicious visitors). |
You can block cookies using your browser settings that allow you to refuse all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access parts of our business product websites or use some of its features. For more information about this, and about cookies in general, you may wish to visit www.aboutcookies.org.