Skip to main content

Open Banking Service Privacy

TRANSUNION OPEN BANKING SERVICE PRIVACY NOTICE

Version: 2.5
Date adopted:10th June 2022

This document provides an overview about how we use and share personal data that we receive and use in connection with the account information services we provide to consumers and the TransUnion Open Banking service that we provide to our business clients.

In Brief

We will use and share your personal data in connection with the account information service we provide to you and the TransUnion Open Banking service that we provide to our business clients. This includes:

  • Providing our business client with information about your Account (including account details, transactions and regular payments) as well as our analysis of this information.

  • Storing copies of your personal data for reporting and audit purposes.

  • Using your personal data while improving, developing or testing our products and systems.

  • Using your personal data for legal and regulatory purposes. This includes performing an anti-money laundering check on you (including verifying your identity), which we are required to do by law. This check will leave a non-score impacting footprint on your credit file.

  • If requested by our business client, providing them with fraud prevention services which may leave a non-score impacting footprint on your credit file.

You have the right to object to our use of your personal data. Please see section 9 to find out more.

This privacy notice covers the following topics:

1. Who we are and how you can contact us?

2. What we use personal data for?

3. What kinds of personal data we use, and where we get it from?

4. What are our legal grounds for handling personal data?

5. Who do we share the personal data with?

6. Where is the personal data stored and sent?

7. how long is the personal data is kept for?

8. Is the personal data used to make automated decisions about you or to profile you?

9. What are your rights in relation to the personal data that we hold about you?

10. Who can you complain to if you are unhappy about the use of your personal data?

11. What cookies are used on the website?

You have the right to object to our use of your personal data. Please see section 9 to find out more.

This privacy notice should be read together with the Terms of Service for the Service we are providing to you. A copy of the Terms of Service is available [here]. It contains the meanings of certain words we use here, such as “Account”, “Service”, “Referring Company” and “Bank”.

 

1 WHO WE ARE AND HOW YOU CAN CONTACT US?

 

We are TransUnion International UK Limited, which is a company registered in England and Wales with company number 03961870. Our trading address and registered office is at One Park Lane, Leeds, West Yorkshire LS3 1EP.

TransUnion International UK Limited forms part of a larger group of companies known as the TransUnion Information Group, however this privacy notice only applies to the use of personal data obtained by TransUnion International UK Limited in connection with the delivery of this Service unless we say otherwise.

We are a controller of the personal data covered by this privacy notice. This means that we are responsible for ensuring that your personal data is used fairly and lawfully.

You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:

Post: Consumer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP

Email: [email protected]

Telephone: 0330 024 7574

 

2. WHAT DO WE USE PERSONAL DATA FOR?

 

This section explains the purposes for which we use personal data about you. More details about the types of personal data that we might use for these purposes can be found in section 3 below.

  • Providing you with the Service

We use your personal data to provide you with the Service, as described in the Terms of Service, a copy of which is available [here]. In order to provide you with this Service, we will need to obtain your personal data and share your personal data with the Referring Company.

As part of providing you with the Service, we also store copies of your personal data for reporting and audit purposes.

  • Providing the TransUnion Open Banking service to the organisation that has directed you to us (also called the “Referring Company” in this notice)

We use your personal data to provide the TransUnion Open Banking service (as described in section 4 below<) to the Referring Company that you are dealing with. In particular, we electronically provide the organisation with information about your Account (including account details, transactions and regular payments) as well as our analysis of this information. This is to save you from having to provide paper copies of your Account information to the Referring Company.

Each Referring Company will have its own intended use for the Account information we provide to them. We will explain the intended use on the website when we ask you for permission to access this data. We recommend contacting the Referring Company that you are dealing with if you require further information about how they will use the personal data we provide to them in the delivery of the TransUnion Open Banking service.

As part of the TransUnion Open Banking service we provide to the Referring Company, we also store copies of your personal data for reporting and audit purposes.

  • Prevention and detection of fraud and other crime

In order to detect or prevent fraud (for example, to confirm you have only provided information about an Account that belong to you), we may use your personal data to identify suspicious or fraudulent behaviours, if we are requested to do so by the Referring Company.

We may retain and re-use this data but solely for the purposes of identity verification and the prevention of fraud, money laundering or other financial crime.

  • Product/systems improvement, development and testing

We may sometimes use your personal data while improving, developing or testing our products and systems. This includes making sure that our data categorisation is accurate and that our security measures are working properly. Where possible, we will anonymise or pseudonymise (partially anonymise) the data before doing this.

  • Legal and regulatory purposes

We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data. This includes performing anti-money laundering checks on you (including verifying your identity), which we are required to do by law before we perform the TransUnion Open Banking service.

  • Combining data

The information you give us may be combined with other information about you that is obtained from other sources, and the combined data may be used in accordance with this privacy notice. For example:

  • the information you give us may be compared with data available elsewhere to validate the information you have provided (for example in the context of anti-fraud measures).
  • the information you give us may be combined with other information that we collect about you to assist with the detection and prevention of fraud or financial crime.

 

3. WHAT KINDS OF PERSONAL DATA DO WE USE, AND WHERE DO WE GET IT FROM?

 

We obtain and use information from various different sources in the delivery of this Service. These are summarised in the following table.

Type of information

Description

Source

Identifiers

This includes your name, date of birth and current and previous addresses.

We obtain this information from the Referring Company.

A unique identifier and declared salary

A unique identifier will be assigned to you by the Referring Company.  Information you have provided to the Referring Company about your current salary may also be provided to us.

We obtain this information from the Referring Company.

Information about your Account, including account details, transactions and regular payments.

This includes the following information:

  • your account name, number, sort code and balance; and
  • details of your incoming and outgoing transactions.

This information is obtained from Your Bank.

Your requests and enquiries

This is information you provide to us when you are visiting our website (such as clicking on buttons to confirm your consent) or as part of another request or enquiry (for instance, to obtain technical support).

We obtain this information directly from you.

 

4. WHAT ARE OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA?

 

This section explains the legal basis on which we process your personal data when delivering this Service to you and the TransUnion Open Banking Service to the Referring Company.

Please note that, while we require your explicit consent to provide this Service under financial regulations, we do not require your explicit consent to process your personal data in connection with the provision of this Service under data protection laws. This is because our legal basis for processing your personal data is based on the following legal grounds (rather than your consent).

  • Performance of our contract with you

Where you give your explicit consent to use this Service, you enter into a contract with us for the provision of this Service, which is governed by the Terms of Service. A copy of the Terms of Service is available [here].

In order to provide you with this Service that you have consented to in accordance with the Terms of Service, we will need to obtain your personal data and share your personal data with the Referring Company.

  • Legitimate Interests

The UK's data protection laws allow us to use your personal data where necessary for legitimate purposes provided that this isn't outweighed by the impact it has on you. The law calls this the "legitimate interests" basis for processing personal data.

The legitimate interests we are pursuing are:

Interest Explanation
Delivery of the TransUnion Open Banking Service (which includes requesting Information about your nominated Account(s) from Your Bank, passing this Information to the Referring Company and undertaking analysis of your Information to help the Referring Company make its assessment about you)

As noted above, where you consent to this Service, we are bound by the terms of our contract with you to collect your personal data and share this with the Referring Company.

We also have a commercial interest in offering the TransUnion Open Banking Service to our clients that have a need for it for the growth of our business, and the use of personal data is essential to the delivery of this service and therefore to fulfil this commercial interest.

Improving, developing and testing our products and services We have an interest in improving, developing and testing our products in order to help ensure that our services are processing data accurately and that we remain competitive. This includes ensuring that our products can provide accurate results for our clients, and including more data in our processes helps improve the accuracy of results.
Helping prevent and detect crime and fraud; anti-money laundering; and identity verification We provide identity, anti-fraud and anti-money laundering services to help clients meet legal and regulatory obligations, and to the benefit of individuals to support identity verification and support of the detection and prevention of fraud and money-laundering.
Providing support services We are required to provide ancillary and support services to clients, which includes reporting on the services we have provided for audit purposes and assisting you with any technical queries you may have about the Service.
Performance Monitoring We have an interest in monitoring the performance of our services, to help identify any technical errors or areas of improvement.

 

Our use of personal data is subject to an extensive framework of safeguards that help make sure that your rights are protected. These include the information you are given in this notice about how your personal data will be used and how you can exercise your rights to obtain your personal data, have it corrected or restricted, object to it being processed, and complain if you are dissatisfied. These safeguards help sustain a fair and appropriate balance so that our activities do not compromise your interests, fundamental rights and freedoms.

  • Necessity for compliance with a legal obligation

The UK's data protection laws allow us to use your personal data where necessary in order to comply with the legal and regulatory obligations that apply to us. For example, in order to provide the Service, we have to comply with our obligations as a registered account information service provider under the Payment Services Regulations 2017. This means that we use your personal data as required under these regulations.

We are required by law to perform anti-money laundering checks (including verifying your identity) on you before we perform the TransUnion Open Banking service. We will use your personal data in order to perform this check and this check will leave a footprint on your TransUnion credit file. This footprint will not impact your credit score and will only be visible to you, us and any organisation you choose to share your TransUnion credit report with.

 

5. WHO DO WE SHARE THE PERSONAL DATA WITH?

 

  • The Referring Company / Our client

The purpose of this Service is to enable the electronic sharing of your Account information between Your Bank and the Referring Company you are dealing with to obtain a service or financial product. This organisation will be our client, as they will have appointed us to provide this Service for you and their other customers.

In the delivery of this Service, we facilitate the sharing of information between Your Bank and the Referring Company.

We may also share information about how you have used our website with the Referring Company. You provide this information to us when you visit our website (such as clicking on buttons to confirm your consent). This helps the Referring Client to monitoring the performance of our Services and to help identify any technical errors or areas of improvement.

  • Our group companies

We may share your personal data with other companies in the TransUnion Information Group for the purposes of improving, developing and testing our existing product and services and new product development. A list of the relevant TransUnion Information Group companies is set out below:

Group company

Main trading address and registered office

TransUnion Information Group Limited
(company no. 4968328)

One Park Lane, Leeds, West Yorkshire LS3 1EP

TransUnion Baltics, UAB
(company no. 302689020)

Karaliaus Mindaugo pr. 50, Kaunas LT- 44334, Lithuania

  • Service Providers

We may provide your information to third parties who help us use it for the purposes described in section 2. For example:

  • our products may be hosted by third party cloud platform providers on our behalf;
  • we may use third parties to support, maintain and test our products and services and to help us to answer consumer queries.

These service providers may also be our group companies, some of which are listed above.

These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations.

  • Business transfers

If we sell our business to a third party, or go through a corporate re-organisation, we will transfer personal data to the company that acquires the business.

If an acquirer intends to use your personal data in a way which is not set out in this notice, they will contact your shortly after the acquisition to inform you about how they are going to use your data.

  • Regulators and Fraud Prevention Agencies

We may be compelled to share personal data with our regulators, including the Information Commissioner's Office and the Financial Conduct Authority. Where we suspect fraudulent activity, we may also pass personal data to the police and fraud prevention agencies.

 

6. WHERE IS THE PERSONAL DATA STORED AND SENT?

 

Within Europe

 

We are based in the United Kingdom and will access and use personal data from here. One of our group companies is based in Lithuania, and so personal data may be accessed from there too. In these locations, the use of the information is protected by European data protection standards.

The Referring Company that you are dealing with, and that will be receiving your personal data, may have operations outside of Europe – please check its own privacy notice for further details.

 

Outside Europe

 

We may also send information elsewhere in the world. For example:

  • When one of our overseas group companies or branch offices based overseas needs to use the information.
  • Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that database for purposes such as technical support or system development and testing.

While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:

  • Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
  • Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection.

You can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.

 

7. HOW LONG IS THE PERSONAL DATA IS KEPT FOR

 

We keep your personal data only for as long as necessary for the purposes for which it is used, as set out in section 2 above.

We will keep a record of your personal data used in connection with this Service and the TransUnion Open Banking Service for a period of two years.

Where we use your personal data in connection with the improvement, development and testing of our products and services, we may keep your information for a period of two years. If we have anonymised your data in connection with this purpose, we may keep and use anonymous data indefinitely.

Where we use your personal data to comply with our legal and regulatory requirements, we will typically retain a copy of your personal data for a further period of six years after we used it for that purpose.

Where we use your personal data to comply with our legal and regulatory requirements, we will typically retain a copy of your personal data for a further period of five years after we used it for that purpose.

Search footprints are kept for a total of six years however they will only be visible on your credit file for two years. A further four years of data are used for profiling and statistical analysis.

 

8. IS THE PERSONAL DATA USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU?

 

We do not use the personal data obtained from the delivery of this Service to make automated decisions about you.

Our role is to obtain this information from Your Bank and deliver it to the Referring Company (our client). The information that we share with our client in the delivery of this Service may then be used by our client to conduct an assessment or to make a decision about you. However, our clients will likely hold other information about you which will inform their decision.

We would recommend contacting the Referring Company that you are dealing with if you require further information about how they will use the personal data we provide to them in the delivery of the TransUnion Open Banking service.

 

9. WHAT ARE YOUR RIGHTS IN RELATION TO THE PERSONAL DATA THAT WE HOLD ABOUT YOU?

 

You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.

  • Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it. We may need to ask you to provide additional information to help us to confirm that the personal data we hold is yours.
  • Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
  • Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your personal data (see section 4 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
  • Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it. For example, if you ask us to erase personal data which we are required to keep under the legal and regulatory obligations that apply to us, we will not be able to action your request.
  • Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
  • Portability: In some circumstances you have the right to request that we send to you or a third party a copy the personal data you have provided to us in a portable format. However, in the delivery of this Service we are predominantly using personal data provided to us from other sources and not from you directly, which means the right will rarely apply.
  • Withdrawal of consent: While we rely on your consent to access this Service, we do not rely on your consent to process your personal data in the delivery of this Service, therefore your right to withdraw consent does not apply.

 

10. WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA?

 

We try to ensure that we deliver the best levels of customer service, but if you are not happy about how we use your personal data you should contact us so that we can investigate your concerns. Please contact us using the details in section 1.

You can also contact our Data Protection Officer at: [email protected]

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the UK. You can do this online through the ICO’s website at www.ico.org.uk/concerns, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

 

11. WHAT COOKIES ARE USED ON THE WEBSITE?

 

We use cookies and similar technologies to distinguish you from other users of the website. This helps us to provide you with a good experience when you browse the website and also allows us to personalise and improve the website.

A cookie is a small file of letters and numbers that we put on your device. We use the following kinds of cookie:

  • Strictly necessary cookies. These are cookies that are required for the operation of the website.
  • Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around the website when they are using it. This helps us to improve the way our website works.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below.

Name Purpose
_ga, _gat, _gid These are Google Analytics cookies used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information such as the number of visitors to the site, where visitors have come to the site from and the pages they have visited and how they interacted with the website.
tuob:cookie:accept This cookie is used to record whether the current user has given consent to accept cookies on their browser.
tuob:cookie:analytics This cookie is used to record whether the current user has given permission to collect data for analytical/performance cookies. If no consent is given, analytical/performance cookies will not collect information.
.AuthCookie.ConsumerApi Stores encrypted information to identify the current user whilst navigating through the site. This cookie is removed when the user leaves the site.
.AntiForgery.ConsumerApi This cookie is used to prevent Cross-Site Request Forgery.
_cfduid, __cf_bm Third party cookies used for security and fraud prevention purposes (namely the detection of malicious visitors and bots).
Query.ConsumerApi Stores encrypted query parameter information that is passed to the website by clients.
s_ecid, s_cc, s_sq, s_vi, s_fid, AMCV_###@AdobeOrg These are Adobe Analytics cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information such as the number of visitors to the site, where visitors have come to the site from and the pages they have visited and how they interacted with the website.

 

You can block cookies using your browser settings that allow you to refuse all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access parts of our website or use some of its features. For more information about this, and about cookies in general, you may wish to visit www.aboutcookies.org.

If you’re a consumer with questions or issues related to your personal credit report, drivers history report, disputes, fraud, identity theft, credit report freeze or credit monitoring services, please visit our Customer Support Center for assistance.

Contact Us

TransUnion would like to send you original insight, commentary and research on data, software and analytics, early notifications of exclusive events and information about our products and services. If you would like to receive that information, please let us know using the following options:

For Sales enquiries please call (+44) 0113 868 2600

Alternatively, for all other enquiries please call us on (+44) 0113 388 4300

Please read our privacy notice , which explains who we are, how we collect and use your personal information and how you can exercise your privacy rights.

We're sorry, your request failed. Please try again in a little while.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.