Version: 1.9
Date adopted: 10 September 2024
This privacy notice provides information about how we use and share personal data relating to consumers who contact us with an enquiry, request or complaint. Please see our other privacy notices for details of our other activities.
When you contact us with a request, complaint or enquiry, we will use your personal data in order to help us to respond to you.
Sometimes this will mean sharing personal data with third parties. For example, if you dispute the accuracy of information on your credit report, we may need to contact the organisation who provided us with that information to check whether it is correct. If you ask us to communicate with you in a particular format, such as Braille, we may share your personal data with a service provider to help us to do so. We do not sell your data to third parties or share it unnecessarily within TransUnion.
You have the right to object to our use of your personal data. Please see section 9 to find out more.
1. Who are we and how can you contact us?
2. What do we use personal data for?
3. What kinds of personal data do we use, and where do we get it from?
4. How long is the personal data kept for?
5. What is our legal basis for handling personal data?
6. Who do we share the personal data with?
7. Where is the personal data stored and sent?
8. Is the personal data used to make decisions about you or to profile you?
10. Who can you complain to if you are unhappy about the use of your personal data?
We are TransUnion Information Group (TU UK), which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP. The relevant members of TU UK are listed in section 6 below.
TU UK forms part of a larger group of TransUnion companies. However, this privacy notice only covers the activities of TU UK.
Our group companies each control personal data about consumers who contact us. This means that they are each responsible for ensuring that the personal data is used fairly and lawfully. The group companies often act jointly with one or more of the other group companies when making decisions about your personal data. In particular, they make joint decisions when sharing personal data with each other.
Our members of staff work across TU UK group companies so, where our group companies make decisions jointly, those members of staff will ensure that each company involved complies with data protection rules. You can contact our Consumer Services Team if you want to enquire about any of our group companies or exercise any of your rights in respect of your personal data.
You can contact us about issues relating to personal data, including the contents of this notice, through our Consumer Enquiries page.
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.
We will use your personal data to deal with the matter you have contacted us about (which we refer to below as an “enquiry”). For example, this might include investigating the matter internally or with external organisations, and contacting you to ask for more information or to let you know the outcome of your enquiry.
The kinds of enquiry that we typically deal with include:
Where you have provided us with additional information about yourself, such as information about a disability or vulnerability, we will use that information to help deal with your enquiry in the way that's most appropriate to you. If you have any questions or concerns about this, please let us know.
When you contact us we will often need to establish that you are who you say you are. This is necessary in order to ensure that we don’t provide your personal information to people who shouldn’t have access to it.
If someone contacts us and asks us for a copy of your credit report, we will check that it’s you (or someone authorised by you) who is asking for it. We may do this by, for example, asking for evidence of identity such as copies of your driving licence or a bank statement.
It’s important that we do this because the information in your credit report is valuable and could be used to impersonate you if it were to fall into the wrong hands.
We may ask you to provide us with feedback or to leave a review about the service you have received from us. Your feedback helps us to improve our services.
Some types of enquiry that you might raise will result in changes to the personal data that we use in our products and services.
If you dispute the accuracy of an entry on your credit file, we will add a “notice of dispute” while the matter is being investigated. This will be shared with other organisations who access the information on your credit report so that they know the data is being challenged.
If we find that the entry does need to be updated, we will update it and remove the notice of dispute. The updated entry will then continue to be used in our products and services.
If you wish to add a note to your credit file explaining something about it (for example, why you missed a payment), this would also be shared with other organisations who access the credit file. This type of note is called a "Notice of Correction", or NoC.
We use information gathered in the course of handling complaints and requests to help us find out what went wrong, fix any problems we find, and to improve the way that we deal with similar complaints and requests in the future.
We use aggregated statistics about the enquiries, requests and complaints we receive in order to help manage our services and identify potential problems.
If we find that we are getting a large amount of queries about the accuracy of credit data that has been provided by a particular bank, we can use that information to investigate whether there is something wrong with the way that the bank is providing us with data.
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have handled your enquiry or used your personal data.
We obtain and use information from various different sources. These are summarised in the following table.
Type of information | Description | Source |
---|---|---|
Basic information about you and how to contact you | This is information such as your name, address, previous addresses, date of birth, email address and telephone number. These are used to deal with your request and communicate with you about it. | You provide us with this information when you make your request or subsequently. |
Your request | This is what you are asking us about or asking us to do. | |
Other information you tell us about yourself | You may wish to share other information about yourself during your interactions with us. For example, you may wish to provide additional background to your request, or to tell us about a disability or vulnerability so that we can take it into account when communicating with you. | |
Proof of identity or authority, and other supporting documentation | Proof of identity is information or documentation that we may ask you to give us in order to prove that you are who you say you are. If you are making a request on behalf of someone else we may also ask you to prove that you have their authority to do so, such as a power of attorney or letter of authority. In some cases we may require additional supporting documentation from you. For example, if you are registering a change of gender we will need a copy of the Gender Recognition Certificate. | |
Information gathered in dealing with your request | Dealing with your request will usually involve investigating the circumstances that you have asked about. This is the information that we obtain from doing so. The type of information gathered will depend on what you have asked us to do. | We gather this ourselves from our other internal records and from external organisations such as clients and suppliers. |
Our response and other correspondence | This is our response to your enquiry and other correspondence relating to your request. | We produce this ourselves. |
Information about your use of our websites | If you access or submit information to us through our website, we may record information about your visit, such as your IP address, operating system and browser type. This information may be linked with cookies; information about these can be found in the cookie notice on the relevant website. | We gather this ourselves through the website. |
You are free to choose whether or not you give us your personal data. However, if you do not give us the information or documentation that we need, we may not be able to comply with your request or respond to your enquiry properly.
We will keep your personal data for as long as we are handling your request and for an additional period of time from when we have completed it. This is three years for data disputes or three months for call recordings, but the period can be longer for some types of data. The additional period is determined according to the purposes for which the personal data may be needed, such as:
This section explains the basis on which we process your personal data when dealing with your enquiries.
The UK’s data protection law allows us to use your personal data where necessary in order to comply with legal obligations that apply to us. This means that if you make a request that we are legally required to deal with or respond to, we will use your personal data on this basis in order to comply with that requirement.
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
The legitimate interests we are pursuing are:
Interest | Explanation |
---|---|
Security | We have an interest in keeping your personal data secure. This means that when (for example) we receive a request from you for a copy of your credit report, we need to verify your identity in order to make sure that it really is you who is making the request. |
Reputation and service improvement | We have an interest in dealing with enquiries quickly and efficiently and improving our services so that we earn a better reputation for our business and avoid regulatory action. |
We may share your personal data among the members of TU UK to the extent necessary to deal with your request. This will depend on which companies your request relates to, and which companies hold the relevant information. If we do this, then use of the data by those companies will be governed by this privacy notice. A list of TU UK companies is set out below, although the list may be updated from time to time.
Group company | Main trading address and registered office |
---|---|
TransUnion Information Group Limited (company no. 4968328) | One Park Lane, Leeds, West Yorkshire LS3 1EP |
TransUnion International UK Limited (company no. 3961870) | |
Callcredit Marketing Limited (company no. 2733070) |
We may also share your personal data with other non-UK based companies within the wider TransUnion group. In particular, consumer enquiries are often handled by consumer services agents in South Africa (TransUnion Global Capability Centre Africa (Pty) Ltd, G floor, 9 & 10 floor, 11 Alice Lane, Sandton, 2196, Gauteng, Johannesburg, South Africa 2197).
We may also make use of services provided by other TransUnion companies such as:
We may provide your information to third parties who help us use it for the purposes described in section 2. For example:
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.
If your request relates to data which has been supplied to us by third parties, we will often need to provide your personal data to those third parties so that your request can be properly handled. For example, if you dispute the accuracy of an entry on your credit file we will often contact the organisation which provided us with that information in order to check whether it is correct.
We may occasionally also need to check the information you provide with other third parties. For example, if you are asking us to erase your credit file because you are concerned about your personal safety, we may check what you are saying with the police or the UK Protected Persons Service.
For some kinds of request, such as those relating to gender recognition or victims of fraud, we have agreed a common procedure with the UK’s two other consumer credit reference agencies, Equifax Limited and Experian Limited. If you give us permission to do so, we will share your information with them in order to help ensure that your request is dealt with at all three credit reference agencies without the need for you to deal with each one separately.
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.
We are based in the United Kingdom, and will access and use your information from here. However, we also have operations elsewhere in Europe and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.
We also send information elsewhere in the world. For example:
While the UK and countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:
If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.
We do not use automated decision-making or profiling in relation to your personal data where this would have a legal or similarly significant impact on you.
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us through our Consumer Enquiries page.
You can also contact our Data Protection Officer at ukdpo@transunion.com.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.