Version: 1.9
Date adopted: 23 February 2024
This privacy notice provides a high-level overview about how we use and share personal data across TransUnion Information Group. More detailed information can be found at the TransUnion Privacy Centre or in other privacy information you may have been given.
At TransUnion we provide data and services to our clients for a wide range of purposes. These include:
We also perform evaluations to find out whether data would be of use to us or our clients, and we share data for that purpose too.
Like any business, TransUnion also processes personal data to support its routine business operations. This includes handling data relating to business and consumer contacts and members of staff.
You have the right to object and withdraw your consent to our use of your personal data. Please see section 9 to find out more.
This notice covers the following topics:
1. Who are we and how can you contact us?
2. What do we use personal data for?
3. What kinds of personal data do we use, and where do we get it from?
4. How long is the personal data kept for?
5. What is our legal basis for handling personal data?
6. Who do we share the personal data with?
7. Where is the personal data stored and sent?
8. Is the personal data used to make decisions about you or to profile you?
9. What are your rights in relation to the personal data we hold about you?
10. Who can you complain to if you are unhappy about the use of your personal data?
We are TransUnion Information Group (TU UK), which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP. The members of TU UK are listed in section 4 below. TU UK forms part of a larger group of TransUnion companies but this privacy notice only covers the activities of TU UK.
Different companies in TU UK have different roles and responsibilities for different sets of personal data. Where a member of TU UK acts as a controller of personal data it is responsible for ensuring that the data is used fairly and lawfully.
TU UK companies sometimes act jointly with other TU UK companies when making decisions about your personal data. In particular, joint decisions are made when two or more TU UK companies are sharing personal data with each other.
Our members of staff work across TU UK group companies so, where our group companies make decisions jointly, those members of staff will ensure that each company involved complies with data protection rules. You can contact our Consumer Services Team if you want to enquire about any of our group companies or exercise any of your rights in respect of your personal data.
You can contact us about issues relating to personal data, including the contents of this notice, through our Consumer Enquiries page.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we use for these purposes can be found in section 3 below.
Many of our products and services rely on personal data. For example:
If you apply for a loan from a bank or other lender, they may ask us for data about you to help them make a decision about whether or not you are likely to repay the loan, and whether you can afford the repayments. To help them with that assessment, we can provide them with information about how well you have managed your previous financial commitments, how much income goes into your current account, and whether you have had any CCJs, bankruptcies or other adverse financial circumstances.
We use and share data for evaluation purposes. This includes assessing its suitability for a particular purpose and, for example, deciding whether or not it would be useful to us as part of a product or service. Sometimes it may be necessary to share data with a third party in order for them to be able to match it to data that they hold and return additional data to us.
When we evaluate data, we apply a range of safeguards to protect the interests of consumers. For example, we anonymise or pseudonymise the data where possible, we ensure it is protected with appropriate security measures, and we limit the quantities of data and the period for which it is used and retained.
Similarly, we sometimes provide data to our clients for them to evaluate it. This can help them understand whether our services would be of use to them. Data is only shared in this way for limited periods of time and is subject to strict restrictions on use.
We use personal data as part of our own internal operations. For example:
We use a wide variety of personal data in our business, and we get it from many different sources. Some of the main types of data are described in section 2 above. For more details about the kinds of data used for each of the purposes described in section 2, please visit the privacy notice referred to above, or go to www.transunion.co.uk/privacy.
Some of our most important types of data are:
Information type | Description | Source |
---|---|---|
Electoral register data | We hold information from the electoral register (also known as the ‘Electoral Roll’). There are two versions of this. One is known as the open register (also known as the ‘Edited Electoral Roll’ or ‘EER’) and can be used for a variety of purposes including marketing. The other is the full register which we can only use for limited purposes. | This data is supplied by local authorities across the UK and the Isle of Man. |
Credit account performance data | We receive personal data about how people are managing to repay their credit commitments. The data includes the name of the lending organisation, the date the account was opened, the account number, the amount of debt outstanding (if any), any credit available (including overdraft limits) and the repayment history on the account, including late and missing payments. | This data is provided from banks, building societies and other financial services providers such as credit card companies, home credit suppliers, credit unions and hire purchase companies. It is also provided by utilities companies, mobile phone networks, retail and mail order companies and insurance companies. |
Bank account turnover data and application salary data | This data includes the name of the organisation providing current accounts, current account numbers, sort codes, the number of account holders, the transactions made on the current accounts (credits and in some cases debits), and a figure for all credits on each current account (less refunds and intra bank transfers). Application salary data consists of the salary declared by a person when they are applying for credit. It also includes whether that figure is net or gross, and whether the salary has been verified (e.g. with copies of salary slips). This data also includes the date that an application was made. | This data is provided from organisations which offer people current accounts, such as banks and building societies. |
Judgment data | We obtain data about court judgments and decrees. This may include, for example, the name of the court, the nature of the judgment, how much money was owed, and whether the judgment has been satisfied. | The government makes court judgments and other decrees and administrative orders publicly available through statutory public registers. These are maintained by Registry Trust Limited, which supplies the data on the registers to us. |
Insolvency data | We obtain data about insolvency-related events. This includes data about bankruptcies, administration orders, individual voluntary arrangements, debt relief orders, sequestrations, trust deeds and debt arrangement schemes. This data includes the start and end dates of the relevant insolvency or arrangement. | This data is obtained from The Insolvency Service, the Accountant in Bankruptcy, The Stationary Office and Northern Ireland’s Department for the Economy – Insolvency Service, the London, Belfast and Edinburgh Gazettes and Registry Trust Limited. Business insolvency data is obtained from the London, Belfast and Edinburgh Gazettes. |
We keep personal data only for as long as is necessary for the purposes for which it is held. You will need to contact us (see section 1) or refer to the privacy notices at www.transunion.co.uk/privacy for our specific activities in order to find out exactly how long the data is kept for. The main points we think you might be interested in are:
This section explains the legal basis on which we process your personal data.
The UK’s data protection law allows the use of personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
Most of our processing activities are based on the legitimate interests condition. This includes almost all our credit referencing and data marketing services. For more details about the legitimate interests we are pursuing, please refer to the relevant privacy notices (see links above).
We sometimes rely on consent to process personal data, but this is relatively rare. Again, please refer to the relevant privacy notices at www.transunion.co.uk/privacy for more details.
If you sign up for one of our online services, we agree to provide you with services as set out in the Terms & Conditions on the relevant website. We need to use some of your personal data to be able to provide you with those services. Please refer to the privacy notice on the relevant website for more details.
We also use this basis for processing some of our staff data.
We may share personal data among TU UK companies where appropriate. A list of TU UK companies is set out below, although the list may be updated from time to time.
Group company | Main trading address and registered office |
---|---|
TransUnion Information Group Limited (company no. 4968328) | One Park Lane, Leeds, West Yorkshire LS3 1EP |
TransUnion International UK Limited (company no. 3961870) | |
Callcredit Marketing Limited (company no. 2733070) |
We share personal data with our clients for the purposes described in section 2 above. Our clients will each have their own privacy notices which will provide more information about how they (specifically) use the data we supply.
Our clients typically operate in the following sectors:
In some cases our clients may appoint an intermediary to act on their behalf; these intermediaries will often receive the data too. We also appoint data resale partners who will distribute our data to third parties.
We and our clients may provide your information to third parties who help us use it for the purposes described in section 2. For example:
These service providers are generally not allowed to use information for their own purposes or on behalf of other organisations.
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.
We are based in the United Kingdom, and will access and your information from here. However, we also have operations elsewhere in Europe - currently Lithuania and Spain - and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.
We also send information elsewhere in the world. For example:
While countries within the UK and European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information when required. For example, these safeguards might include:
If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.
We perform the following automated decision-making and profiling activities using your personal data. When we refer to profiling, we mean using personal data to make predictions about you, or to categorise you into particular groups.
We and our clients use personal data to predict or infer new information about you. In particular:
A bank wants to send postal marketing to some of its customers who may be interested in their new premium credit card. We hold information about the typical residents of each postcode and the type of each property, and can add that information to the bank’s customer list. The bank can then identify which customers are most likely to be interested in the new card, which allows it to target its advertising towards those customers.
A high street retailer is deciding where to target its advertising. It provides us with its customer list. We add information about the postcodes and properties where those customers live, and analyse it to find out what kind of people shop at the retailer’s stores. We then look at where similar kinds of people live. This helps the retailer decide where to target its local advertising.
We and our clients also use personal data to predict or infer information about the areas that people live in. This includes information such as the lifestyle, age or wealth of the typical residents of those areas. This information is used for the purposes described in section 2 above.
We generally do not use personal data or profiling to make automated decisions that have significant effects for you, but some of our clients may do so. For example, clients who receive credit scores from us may use those scores to help them decide whether to grant you credit.
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use our Consumer Enquiries page.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us through our Consumer Enquiries page.
You can also contact our Data Protection Officer at ukdataprotectionofficer@transunion.com.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.