Consumer Contact Privacy Notice

Version: 1.8
Date adopted: 12 September 2023

This privacy notice provides information about how we use and share personal data relating to consumers who contact us with an enquiry, request or complaint.

In Brief

When you contact us with a request, complaint or enquiry, we will use your personal data in order to help us to respond to you.

Sometimes this will mean sharing personal data with third parties. For example, if you dispute the accuracy of information on your credit report, we may need to contact the organisation who provided us with that information to check whether it is correct.

You have the right to object to our use of your personal data. Please see section 9 to find out more.

1. Who are we and how can you contact us?

2. What do we use personal data for?

3. What kinds of personal data do we use, and where do we get it from?

4. How long is the personal data kept for?

5. What is our legal basis for handling personal data?

6. Who do we share the personal data with?

7. Where is the personal data stored and sent?

8. Is the personal data used to make decisions about you or to profile you?

9. What are your rights?

10. Who can you complain to if you are unhappy about the use of your personal data?




About us


We are TransUnion Information Group (TU UK), which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP. The relevant members of TU UK are listed in section 6 below.

TU UK forms part of a larger group of TransUnion companies. However, this privacy notice only covers the activities of TU UK.


Joint controllers


Our group companies each control personal data about consumers who contact us. This means that they are each responsible for ensuring that the personal data is used fairly and lawfully. The group companies often act jointly with one or more of the other group companies when making decisions about your personal data. In particular, they make joint decisions when sharing personal data with each other.

Our members of staff work across TU UK group companies so, where our group companies make decisions jointly, those members of staff will ensure that each company involved complies with data protection rules. You can contact our Consumer Services Team if you want to enquire about any of our group companies or exercise any of your rights in respect of your personal data.


Contact details


You can contact us about issues relating to personal data, including the contents of this notice, through our Consumer Enquiries page.




This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.


Dealing with your enquiry, request or complaint


We will use your personal data to deal with the matter you have contacted us about (which we refer to below as an “enquiry”). For example, this might include investigating the matter internally or with external organisations, and contacting you to ask for more information or to let you know the outcome of your enquiry.

The kinds of enquiry that we typically deal with include:

  • requests for access to personal data, or to challenge the accuracy of personal data that we hold, or to request the erasure of personal data
  • support requests relating to our consumer products such as CreditView
  • requests for recognition of a change in gender
  • complaints
  • general enquiries


Identity verification


When you contact us we will often need to establish that you are who you say you are. This is necessary in order to ensure that we don’t provide your personal information to people who shouldn’t have access to it.

Example: identity verification

If someone contacts us and asks us for a copy of your credit report, we will check that it’s you (or someone authorised by you) who is asking for it. We may do this by, for example, asking for evidence of identity such as copies of your driving licence or a bank statement.

It’s important that we do this because the information in your credit report is valuable and could be used to impersonate you if it were to fall into the wrong hands.

Asking you for feedback


We may ask you to provide us with feedback or to leave a review about the service you have received from us. Your feedback helps us to improve our services.


Products and services


Some types of enquiry that you might raise will result in changes to the personal data that we use in our products and services.

Examples: products and services

If you dispute the accuracy of an entry on your credit file, we will add a “notice of dispute” while the matter is being investigated. This will be shared with other organisations who access the information on your credit report so that they know the data is being challenged.

If we find that the entry does need to be updated, we will update it and remove the notice of dispute. The updated entry will then continue to be used in our products and services.

If you wish to add a note to your credit file explaining something about it (for example, why you missed a payment), this would also be shared with other organisations who access the credit file.

Improving systems and processes; internal reporting


We use information gathered in the course of handling complaints and requests to help us find out what went wrong, fix any problems we find, and to improve the way that we deal with similar complaints and requests in the future.

We use aggregated statistics about the enquiries, requests and complaints we receive in order to help manage our services and identify potential problems.

Example: improving processes

If we find that we are getting a large amount of queries about the accuracy of credit data that has been provided by a particular bank, we can use that information to investigate whether there is something wrong with the way that the bank is providing us with data.

Legal and regulatory purposes


We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have handled your enquiry or used your personal data.




We obtain and use information from various different sources. These are summarised in the following table.

Type of informationDescriptionSource
Basic information about you and how to contact youThis is information such as your name, address, previous addresses, date of birth, email address and telephone number. These are used to deal with your request and communicate with you about it.You provide us with this information when you make your request or when we subsequently ask you for it.
Your requestThis is what you are asking us about or asking us to do.
Proof of identity or authority, and other supporting documentation

Proof of identity is information or documentation that we may ask you to give us in order to prove that you are who you say you are. If you are making a request on behalf of someone else we may also ask you to prove that you have their authority to do so, such as a power of attorney or letter of authority.

In some cases we may require additional supporting documentation from you. For example, if you are registering a change of gender we will need a copy of the Gender Recognition Certificate.

Information gathered in dealing with your requestDealing with your request will usually involve investigating the circumstances that you have asked about. This is the information that we obtain from doing so. The type of information gathered will depend on what you have asked us to do.We gather this ourselves from our other internal records and from external organisations such as clients and suppliers.
Our response and other correspondenceThis is our response to your enquiry and other correspondence relating to your request.We produce this ourselves.
Information about your use of our websitesIf you access or submit information to us through our website, we may record information about your visit, such as your IP address, operating system and browser type. This information may be linked with cookies; information about these can be found in the cookie notice on the relevant website.We gather this ourselves through the website.

You are free to choose whether or not you give us your personal data. However, if you do not give us the information or documentation that we need, we may not be able to comply with your request or respond to your enquiry properly.




We will keep your personal data for as long as we are handling your request and for an additional period of time from when we have completed it. That additional period is determined according to the purposes for which the personal data may be needed, such as:

  • demonstrating that we have appropriate processes in place to deal with enquiries, requests and complaints, and that we are doing so fairly and in accordance with our regulatory requirements;
  • responding to any requests from you or a regulator about how we have dealt with your request, and to show that we have dealt with your request properly;
  • defending any potential legal claims or regulatory action that might arise as a result of the request.




This section explains the basis on which we process your personal data when dealing with your enquiries.


Compliance with a legal obligation


The UK’s data protection law allows us to use your personal data where necessary in order to comply with legal obligations that apply to us. This means that if you make a request that we are legally required to deal with or respond to, we will use your personal data on this basis in order to comply with that requirement.


Legitimate interests


The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.

The legitimate interests we are pursuing are:

SecurityWe have an interest in keeping your personal data secure. This means that when (for example) we receive a request from you for a copy of your credit report, we need to verify your identity in order to make sure that it really is you who is making the request.
Reputation and service improvementWe have an interest in dealing with enquiries quickly and efficiently and improving our services so that we earn a better reputation for our business.




Our group companies


We may share your personal data among the members of TU UK to the extent necessary to deal with your request. This will depend on which companies your request relates to, and which companies hold the relevant information. If we do this, then use of the data by those companies will be governed by this privacy notice. A list of TU UK companies is set out below, although the list may be updated from time to time.

Group companyMain trading address and registered office
TransUnion Information Group Limited
(company no. 4968328)
One Park Lane, Leeds, West Yorkshire LS3 1EP
TransUnion International UK Limited
(company no. 3961870)
Callcredit Marketing Limited
(company no. 2733070)
TransUnion Information Group Spain SLU
(tax ID number B87839510)
Av. de la Industria, 18, 28760 Tres Cantos, Madrid, Spain
Confirma Sistemas de Información, S.L.
(tax ID number B86303757)
Soluciones Confirma ASNEF-SIGNE, S.L.
(tax ID number B86016649)
TransUnion Baltics, UAB
(company no. 302689020)
Karaliaus Mindaugo pr. 50, Kaunas LT- 44334, Lithuania


Service providers


We may provide your information to third parties who help us use it for the purposes described in section 2. For example:

  • we may use third party service providers to receive requests and enquiries from individuals and to handle them on our behalf in accordance with our policies and procedures;
  • we may use third parties to hold personal data on our behalf.

These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.


Data suppliers and other third parties


If your request relates to data which has been supplied to us by third parties, we will often need to provide your personal data to those third parties so that your request can be properly handled. For example, if you dispute the accuracy of an entry on your credit file we will often contact the organisation which provided us with that information in order to check whether it is correct.

We may occasionally also need to check the information you provide with other third parties. For example, if you are asking us to erase your credit file because you are concerned about your personal safety, we may check what you are saying with the police or the UK Protected Persons Services.


Other credit reference agencies


For some kinds of request, such as those relating to gender recognition or victims of fraud, we have agreed a common procedure with the UK’s two other consumer credit reference agencies, Equifax Limited and Experian Limited. If you give us permission to do so, we will share your information with them in order to help ensure that your request is dealt with at all three credit reference agencies without the need for you to deal with each one separately.


Business transfers


If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.




We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.


Sharing of anonymised data with third parties


We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.




Within Europe


We are based in the United Kingdom, and will access and use your information from here. However, we also have operations elsewhere in Europe – currently Lithuania and Spain – and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.




We also send information elsewhere in the world. For example:

  • When one of our overseas group companies based overseas needs to use the information in accordance with this notice. Further details about those group companies can be found in the table in section 6.
  • Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that database for purposes such as technical support or system development and testing.

While the UK and countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:

  • Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
  • Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection.

If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.




We do not use automated decision-making or profiling in relation to your personal data where this would have a legal or similarly significant impact on you.




You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.

  • Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it.
  • Withdrawal of consent: We do not rely on consent to use your personal data (see section 5 above) so your right to withdraw consent does not apply.
  • Objection to direct marketing: We do not use the personal data that this notice applies to for direct marketing purposes, but you nonetheless have a right to object to us using your data for those purposes if you wish.
  • Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
  • Objection to legitimate interests: If you disagree with us relying on the legitimate interests legal basis for using your personal data (see section 5 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
  • Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it.
  • Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.




We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us through our Consumer Enquiries page.

You can also contact our Data Protection Officer at

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.