Skip to main content

Marketing Services Privacy Notice

Version: 1.6
Last updated: 23 February 2022

This privacy notice provides information about how we use and share personal data relating to consumers for our clients’ marketing purposes. It also describes your data protection rights, including a right to object to some of the processing which TransUnion carries out. More information about your rights, and how to exercise them, is set out in section 9 below.

In Brief

At TransUnion we provide data and data services to clients such as retailers, banks, insurers and other companies. Our marketing-related services include providing names and addresses from the open register to our clients for postal direct marketing. This information may be used by our clients to send you advertising through the post.

You have the right to object to our use of your personal data. Please see section 9 to find out more.

This privacy notice covers the following topics:

  1. 1. Who are we and how can you contact us?
  2. 2. What do we use personal data for?
  3. 3. What kinds of personal data do we use, and where do we get it from?
  4. 4. How long is the personal data kept for?
  5. 5. What is our legal basis for handling personal data?
  6. 6. Who do we share the personal data with?
  7. 7. Where is the personal data stored and sent?
  8. 8. Is the personal data used to make decisions about you or to profile you?
  9. 9. What are your rights?
  10. 10. Who can you complain to if you are unhappy about the use of your personal data?

 

1. WHO ARE WE AND HOW CAN YOU CONTACT US?

 

About us

 

We are Callcredit Marketing Limited, which is a company registered in England and Wales with company number 02733070. Our trading address and registered office is at One Park Lane, Leeds, West Yorkshire LS3 1EP.

We are part of TransUnion Information Group (TU UK), which has its headquarters at the above address. Some of the members of TU UK are listed in section 5 below. TU UK forms part of a larger group of companies but this privacy notice only covers the activities of TU UK.

Except where we state otherwise, we are a controller of the personal data covered by this privacy notice. This means that we are responsible for ensuring that the personal data is used fairly and lawfully.

 

Joint controllers

 

We sometimes act jointly with one or more of the other TU UK companies when making decisions about your personal data. In particular, we make joint decisions when we and another TU UK company are sharing personal data with each other. Section 3 explains when this applies in more detail.

Our members of staff work across TU UK group companies so, where our group companies make decisions jointly, those members of staff will ensure that each company involved complies with data protection rules. Please contact our Consumer Services Team if you want to understand more about the allocation of data protection obligations between our group companies or if you want to exercise your data protection rights.

 

Contact details

 

You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:

Post: TransUnion Consumer Services Team, PO Box 491, Leeds LS3 1WZ

Email: [email protected]

Telephone: 0330 024 7574

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

 

2. WHAT DO WE USE PERSONAL DATA FOR?

 

This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we use for these purposes can be found in section 3 below.

 

Direct marketing

 

The open register (sometimes referred to as the edited electoral roll) is a version of the electoral register containing names and addresses of individuals who have not opted out of having their information used for marketing and other purposes.

We provide names and addresses from the open register to our clients in order for them to send marketing messages by post.

Example

An estate agent may wish to send postal marketing to local residents to inform them of their services. The estate agent can purchase names and addresses from TransUnion for the local area from the open register, and then send a mailing to those individuals.

More information about the open register (and how to opt out of it) is available on the UK Government website.

 

Product or systems development and testing

 

We sometimes use personal data while improving, developing, monitoring, maintaining and testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise, pseudonymise or aggregate the data before doing this.

 

Consumer queries; legal and regulatory purposes

 

If you contact us we will normally need to use your personal data to help us deal with your enquiry. We may also sometimes need to use your personal data for legal and regulatory purposes.

Examples: legal and regulatory purposes

If you object to us processing your personal data for direct marketing purposes we will add your name to our suppression list in order to remove you from future direct marketing activities.

If you make a complaint about us to our regulators, they will normally ask us to investigate your case. This will involve accessing your personal data in the course of that investigation.

Similarly, if you start court proceedings against us, we will normally need to review how we have used your personal data in order to defend ourselves against your claim.

Acting as processors on our clients’ behalf

 

Some clients provide us with their own data about individuals (which will typically have been collected under the client’s separate privacy notices), and ask us to enhance it with further information. When this happens, we can provide the client with information about the properties or areas in which the relevant individuals live.

In doing this, we are acting as the client’s data processor; this means that the client remains responsible for ensuring that the personal data is used fairly and lawfully. You will need to refer to the privacy notices of the individual client for more detailed information about what data the client collects, what they use it for, and how to exercise your rights.

 

3. WHAT KINDS OF PERSONAL DATA DO WE USE AND WHERE DO WE GET IT FROM?

 

We obtain and use information from various different sources. These are summarised in the following table.

Type of information

Description Source
Contact details 

We hold names, postal addresses and, in some cases, dates of birth. This information can be used for contacting people.

We do not hold or share email addresses or telephone numbers for the purposes described in this privacy notice.

Callcredit Marketing Limited and TransUnion International UK Limited act as joint controllers of this data.

We obtain postal addresses from the open version of the electoral register (the “open register”), which we get from local authorities across the UK and the Isle of Man.
Client input data

Our clients often provide us with information about their existing or potential customers for us to analyse or add more information on to. We do not use this data for our own purposes.

The client acts as controller of this data, and Callcredit Marketing Limited acts as the client’s processor.

This data is provided to us by our clients for specific jobs.

 

4. HOW LONG IS THE PERSONAL DATA KEPT FOR?

 

Type of information Retention period
Contact details

Contact data obtained from the open version of the electoral register is retained while you remain on the open register plus an additional two months.

For details of how long TransUnion International UK Limited keeps electoral register data in its capacity as a credit reference agency, please refer to the Credit Reference Agency Information Notice.

Client input data We retain copies of client input data for up to 15 months.

 

In some cases we may need to keep information indefinitely. For example, if you object to us using your data for marketing purposes (see section 9) we will need to keep some limited information about you such as your name, address and date of birth so that we can remove or suppress your record from any data that we may receive in the future.

 

5. WHAT IS OUR LEGAL BASIS FOR HANDLING PERSONAL DATA?

 

This section explains the legal basis on which we process your personal data.

 

Legitimate interests

 

The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.

The legitimate interests we are pursuing are:

 

Interest Explanation
Direct marketing Our clients have an interest in promoting their products and services to consumers, including their existing customers.
Monitoring and securing our systems and data Some of the ways we use personal data are justified by the need to ensure that our systems are kept secure. For example, our security teams may need to monitor databases in order to check whether they have been accessed by third parties.
Complying with legal and regulatory requirements We have an interest in complying with legal and regulatory requirements to which we are subject, thereby avoiding sanctions and reputational damage.
Commercial interests Like other commercial organisations, we seek to earn revenue through the services that we provide to our customers and clients.

 

6. WHO DO WE SHARE THE PERSONAL DATA WITH?

 

Our clients and resale partners

 

We share personal data with our clients for the purposes described in section 2 above. Our clients will each have their own privacy notices which will provide more information about how they (specifically) use the data we supply.

Our clients typically operate in the following sectors:

  • financial services (including banks, loans, credit cards, mortgages, pensions, and investments and savings providers)
  • insurance
  • gaming / gambling
  • retail (including online retailers)
  • telecoms and utilities
  • marketing agencies acting for other organisations

In some cases our clients may appoint an intermediary to act on their behalf; these intermediaries will often receive the data too.

We also appoint data resale partners who will distribute open register data to their clients in a similar manner to the ways we do. Our current resale partner is The REaD Group Limited. Please see their privacy notice for more detail about their activities.

We do not provide data for use in relation to road traffic accident or personal injury claims, medical or clinical negligence claims, PPI compensation claims, pornography or political campaigning.

 

Our group companies

 

We may share your personal data among the members of TU UK. If we do so, then use of the data by those companies will be governed by this privacy notice. A list of relevant TU UK companies is set out below, although the list may be updated from time to time.

Group company Role Main trading address and registered office
TransUnion Information Group Limited
(company no. 4968328)
Group holding company One Park Lane, Leeds, West Yorkshire LS3 1EP
TransUnion International UK Limited
(company no. 3961870)
Collects open register data from local authorities and supplies it to Callcredit Marketing Limited for onward supply to clients for direct marketing purposes.
Callcredit Marketing Limited
(company no. 2733070)
Trading company which provides clients with the services described in section 2 above.
TransUnion Baltics, UAB
(company no. 302689020)
Provides some back-office data processing functions on behalf of the other members of TU UK. This company does not use the data identified in section 3 above for its own purposes but rather to support the other members of TU UK. Karaliaus Mindaugo pr. 50, Kaunas LT- 44334, Lithuania

 

Service providers

 

We and our clients may provide your information to third parties who help us use it for the purposes described in section 2. For example, we might decide to use a third party data hosting company, or a data processing company to perform some of the data processing on our behalf.

These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.

 

Business transfers

 

If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.

 

Regulators and law enforcement

 

Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if required by law, or if required for the legal protection of our legitimate interests in compliance with applicable laws. For example, we may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.

 

Sharing of anonymised data with third parties

 

We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.

 

7. WHERE IS THE PERSONAL DATA STORED AND SENT?

 

Within the UK and the EU

 

We are based in the United Kingdom and will access and use your information from here. However, we also have operations in Lithuania, and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.

 

Elsewhere

 

We also send information elsewhere in the world. For example:

  • When one of our overseas group companies or branch offices based overseas needs to use the information in accordance with this notice.
  • Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that database for purposes such as technical support or system development and testing.

While the United Kingdom and countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:

  • Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
  • Sending the information to an organisation which is a member of a scheme that has been approved by the authorities as providing a suitable level of protection.

If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.

 

8. IS THE PERSONAL DATA USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU?

 

We do not use any personal data to make automated decisions or to profile you when we are acting as a controller.

We do perform profiling when acting as a client’s processor. For example, we may take a client’s marketing list and add information about your property or neighbourhood, which the client may use to help predict your likely preferences and lifestyle in order to aid their marketing decisions. This may result in you receiving more relevant marketing from our clients who already hold your contact details. If you do not want to receive this marketing, you should contact the sender of the marketing in order to object.

 

9. WHAT ARE YOUR RIGHTS?

 

You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please email us at [email protected], telephone us on 0330 024 7574, or refer to the other contact details in section 1.

  • Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it.
  • Objection to direct marketing: You have the right to object to us using your personal data for direct marketing purposes, including any profiling or similar activities which are performed as a precursor to direct marketing. If you do this we will stop using it for those purposes.

In addition:

  • Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
  • Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your personal data (see section 5 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
  • Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it. For example, if you object to us using your data for direct marketing purposes we will need to keep a record of that objection so that we do not subsequently begin direct marketing activities in relation to you if we receive your data again.
  • Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
  • Portability: In some circumstances you have the right to receive some limited kinds of information in a portable format. However, this does not apply to the data to which this privacy notice applies.
  • Withdrawal of consent: We do not rely on your consent in order to perform the activities described in this privacy notice, so this right does not apply.

Please note that these rights apply only where we are acting as a controller of your personal data. When we are processing your data on behalf of a particular client, you will normally need to contact the client in order to exercise your rights.

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

 

10. WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA?

 

We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us using these details:

Post: TransUnion Customer Relations Team, PO Box 491, Leeds LS3 1WZ

Email: [email protected]

Telephone: 0330 024 7574

You can also contact our Data Protection Officer at [email protected].

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

If you’re a consumer with questions or issues related to your personal credit report, drivers history report, disputes, fraud, identity theft, credit report freeze or credit monitoring services, please visit our Customer Support Center for assistance.

Contact Us

TransUnion would like to send you original insight, commentary and research on data, software and analytics, early notifications of exclusive events and information about our products and services. If you would like to receive that information, please let us know using the following options:

For Sales enquiries please call (+44) 0113 868 2600

Alternatively, for all other enquiries please call us on (+44) 0113 388 4300

Please read our privacy notice , which explains who we are, how we collect and use your personal information and how you can exercise your privacy rights.

We're sorry, your request failed. Please try again in a little while.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.