Date adopted: 14th September 2022
This document provides an overview about how we use and share personal data that we receive and use in connection with the account information services we provide to consumers and the TransUnion Open Banking service that we provide to our business clients.
We will use and share your personal data in connection with the account information service we provide to you and the TransUnion Open Banking service that we provide to our business clients. This includes:
Providing our business client with information about your Account (including account details, transactions and regular payments) as well as our analysis of this information.
Storing copies of your personal data for reporting and audit purposes.
Using your personal data while improving, developing or testing our products and systems.
Using your personal data for legal and regulatory purposes.
If requested by our business client, providing them with fraud prevention services which may leave a non-score impacting footprint on your credit file.
You have the right to object to our use of your personal data. Please see section 9 to find out more.
This privacy notice covers the following topics:
1. Who we are and how you can contact us
2. What we use personal data for
3. What kinds of personal data we use, and where we get it from
4. Our legal grounds for handling personal data
5. Who we share the personal data with
6. Where the personal data stored and sent
7. How long is the personal data is kept for
8. Whether the personal data is used to make automated decisions about you or to profile you
9. Your rights in relation to the personal data that we hold about you
10. Who can you complain to if you are unhappy about the use of your personal data
11. The cookies used on the website
You have the right to object to our use of your personal data. Please see section 9 to find out more.
This privacy notice should be read together with the Terms of Service for the Service we are providing to you. A copy of the Terms of Service is available [here]. It contains the meanings of certain words we use here, such as “Account”, “Service”, “Referring Company” and “Bank”.
We are TransUnion International UK Limited, which is a company registered in England and Wales with company number 03961870. Our trading address and registered office is at One Park Lane, Leeds, West Yorkshire LS3 1EP.
TransUnion International UK Limited forms part of a larger group of companies known as the TransUnion Information Group, however this privacy notice only applies to the use of personal data obtained by TransUnion International UK Limited in connection with the delivery of this Service unless we say otherwise.
We are a controller of the personal data covered by this privacy notice. This means that we are responsible for ensuring that your personal data is used fairly and lawfully.
You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:
Post: Consumer Services Team, TransUnion, Consumer Services Team, PO BOX 491, Leeds, LS3 1WZ
Email: consumer@transunion.co.uk
Telephone: 0330 024 7574
This section explains the purposes for which we use personal data about you. More details about the types of personal data that we might use for these purposes can be found in section 3 below.
We use your personal data to provide you with the Service, as described in the Terms of Service, a copy of which is available [here]. In order to provide you with this Service, we will need to obtain your personal data and share your personal data with the Referring Company.
As part of providing you with the Service, we also store copies of your personal data for reporting and audit purposes.
We use your personal data to provide the TransUnion Open Banking service (as described in section 4 below) to the Referring Company that you are dealing with. In particular, we electronically provide the organisation with information about your Account (including account details, transactions and regular payments) as well as our analysis of this information. This is to save you from having to provide paper copies of your Account information to the Referring Company.
Each Referring Company will have its own intended use for the Account information we provide to them. We will explain the intended use on the website when we ask you for permission to access this data. We recommend contacting the Referring Company that you are dealing with if you require further information about how they will use the personal data we provide to them in the delivery of the TransUnion Open Banking service.
As part of the TransUnion Open Banking service we provide to the Referring Company, we also store copies of your personal data for reporting and audit purposes.
In order to detect or prevent fraud (for example, to confirm you have only provided information about an Account that belongs to you), we may use your personal data to identify suspicious or fraudulent behaviours, if we are requested to do so by the Referring Company.
We may retain and re-use this data but solely for the purposes of identity verification and the prevention of fraud, money laundering or other financial crime.
We may sometimes use your personal data while improving, developing or testing our products and systems. This includes making sure that our data categorisation is accurate and that our security measures are working properly. Where possible, we will anonymise or pseudonymise (partially anonymise) the data before doing this.
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data.
The information you give us may be combined with other information about you that is obtained from other sources, and the combined data may be used in accordance with this privacy notice. For example:
We obtain and use information from various different sources in the delivery of this Service. These are summarised in the following table.
Type of information | Description | Source |
---|---|---|
Identifiers | This includes your name, date of birth and current and previous addresses. | We obtain this information from the Referring Company. |
A unique identifier and declared salary | A unique identifier will be assigned to you by the Referring Company. Information you have provided to the Referring Company about your current salary may also be provided to us. | We obtain this information from the Referring Company. |
Information about your Account, including account details, transactions and regular payments. | This includes the following information:
| This information is obtained from your Bank. |
Your requests and enquiries | This is information you provide to us when you are visiting our website (such as clicking on buttons to confirm your consent) or as part of another request or enquiry (for instance, to obtain technical support). | We obtain this information directly from you. |
This section explains the legal basis on which we process your personal data when delivering this Service to you and the TransUnion Open Banking Service to the Referring Company.
Please note that, while we require your explicit consent to provide this Service under financial regulations, we do not require your explicit consent to process your personal data in connection with the provision of this Service under data protection laws. This is because our legal basis for processing your personal data is based on the following legal grounds (rather than your consent).
Where you give your explicit consent to use this Service, you enter into a contract with us for the provision of this Service, which is governed by the Terms of Service. A copy of the Terms of Service is available [here].
In order to provide you with this Service that you have consented to in accordance with the Terms of Service, we will need to obtain your personal data and share your personal data with the Referring Company.
We may ask to access your information on a one-off basis or periodically over a 90 day period, depending upon the Referring Company’s request to us. You can opt to disconnect access to you Account(s) at any time. At the end of the 90 day period, we or the Referring Company may ask you to refresh this access for a further 90 days at a time. If you choose to refresh this access you may be asked to confirm this choice to your Bank(s) and this may involve you being redirected to your Bank's online banking login page where you may be prompted to enter your login details. We will not see, record or store any of the login details you enter. You will be responsible for ensuring that you provide the correct log in details to your Bank. If you repeatedly provide your Bank with incorrect login details, this may result in your access to your Account(s) being blocked and may mean we can no longer provide the Service as a result.
The UK's data protection laws allow us to use your personal data where necessary for legitimate purposes provided that this isn't outweighed by the impact it has on you. The law calls this the "legitimate interests" basis for processing personal data.
The legitimate interests we are pursuing are:
Interest | Explanation |
---|---|
Delivery of the TransUnion Open Banking Service (which includes requesting Information about your nominated Account(s) from Your Bank, passing this Information to the Referring Company and undertaking analysis of your Information to help the Referring Company make its assessment about you) | As noted above, where you consent to this Service, we are bound by the terms of our contract with you to collect your personal data and share this with the Referring Company. We also have a commercial interest in offering the TransUnion Open Banking Service to our clients that have a need for it for the growth of our business, and the use of personal data is essential to the delivery of this service and therefore to fulfil this commercial interest. |
Improving, developing and testing our products and services | We have an interest in improving, developing and testing our products in order to help ensure that our services are processing data accurately and that we remain competitive. This includes ensuring that our products can provide accurate results for our clients, and including more data in our processes helps improve the accuracy of results. |
Helping prevent and detect crime and fraud; anti-money laundering; and identity verification | We provide identity, anti-fraud and anti-money laundering services to help clients meet legal and regulatory obligations, and to the benefit of individuals to support identity verification and support of the detection and prevention of fraud and money-laundering. |
Complying with and supporting compliance with legal and regulatory requirements | We have to comply with various legal and regulatory requirements, and our services also help other organisations comply with their own legal and regulatory obligations. For example, many kinds of financial services are regulated by the Financial Conduct Authority or the Prudential Regulation Authority, who impose obligations to check that financial products are suitable for the people they are being sold to. We provide data to help with those checks. |
Providing support services | We are required to provide ancillary and support services to clients, which includes reporting on the services we have provided for audit purposes and assisting you with any technical queries you may have about the Service. |
Performance Monitoring | We have an interest in monitoring the perfomance of our services, to help identify any technical errors or areas of improvement. |
Our use of personal data is subject to an extensive framework of safeguards that help make sure that your rights are protected. These include the information you are given in this notice about how your personal data will be used and how you can exercise your rights to obtain your personal data, have it corrected or restricted, object to it being processed, and complain if you are dissatisfied. These safeguards help sustain a fair and appropriate balance so that our activities do not compromise your interests, fundamental rights and freedoms.
The UK's data protection laws allow us to use your personal data where necessary in order to comply with the legal and regulatory obligations that apply to us. For example, in order to provide the Service, we have to comply with our obligations as a registered account information service provider under the Payment Services Regulations 2017. This means that we use your personal data as required under these regulations.
The purpose of this Service is to enable the electronic sharing of your Account information between Your Bank and the Referring Company you are dealing with to obtain a service or financial product. This organisation will be our client, as they will have appointed us to provide this Service for you and their other customers.
In the delivery of this Service, we facilitate the sharing of information between Your Bank and the Referring Company.
We may also share information about how you have used our website with the Referring Company. You provide this information to us when you visit our website (such as clicking on buttons to confirm your consent). This helps the Referring Client to monitoring the performance of our Services and to help identify any technical errors or areas of improvement.
We may share your personal data with other companies in the TransUnion Information Group for the purposes of improving, developing and testing our existing product and services and new product development. A list of the relevant TransUnion Information Group companies is set out below:
Group company | Main trading address and registered office |
---|---|
TransUnion Information Group Limited | One Park Lane, Leeds, West Yorkshire LS3 1EP |
TransUnion Baltics, UAB | Karaliaus Mindaugo pr. 50, Kaunas LT- 44334, Lithuania |
We may provide your information to third parties who help us use it for the purposes described in section 2. For example:
These service providers may also be our group companies, some of which are listed above.
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations.
If we sell our business to a third party, or go through a corporate re-organisation, we will transfer personal data to the company that acquires the business.
If an acquirer intends to use your personal data in a way which is not set out in this notice, they will contact you shortly after the acquisition to inform you about how they are going to use your data.
We may be compelled to share personal data with our regulators, including the Information Commissioner's Office and the Financial Conduct Authority. Where we suspect fraudulent activity, we may also pass personal data to the police and fraud prevention agencies.
We are based in the United Kingdom and will access and use personal data from here. One of our group companies is based in Lithuania, and so personal data may be accessed from there too. In these locations, the use of the information is protected by European data protection standards.
The Referring Company that you are dealing with, and that will be receiving your personal data, may have operations outside of Europe – please check its own privacy notice for further details.
We may also send information elsewhere in the world. For example:
While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:
You can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.
We keep your personal data only for as long as necessary for the purposes for which it is used, as set out in section 2 above.
We will keep a record of your personal data used in connection with this Service and the TransUnion Open Banking Service for a period of two years.
Where we use your personal data in connection with the improvement, development and testing of our products and services, we may keep your information for a period of two years. If we have anonymised your data in connection with this purpose, we may keep and use anonymous data indefinitely.
Where we use your personal data to comply with our legal and regulatory requirements, we will typically retain a copy of your personal data for a further period of five years after we used it for that purpose.
Search footprints are kept for a total of six years however they will only be visible on your credit file for two years. A further four years of data are used for profiling and statistical analysis.
We do not use the personal data obtained from the delivery of this Service to make automated decisions about you.
Our role is to obtain this information from Your Bank and deliver it to the Referring Company (our client). The information that we share with our client in the delivery of this Service may then be used by our client to conduct an assessment or to make a decision about you. However, our clients will likely hold other information about you which will inform their decision.
We would recommend contacting the Referring Company that you are dealing with if you require further information about how they will use the personal data we provide to them in the delivery of the TransUnion Open Banking service.
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.
We try to ensure that we deliver the best levels of customer service, but if you are not happy about how we use your personal data you should contact us so that we can investigate your concerns. Please contact us using the details in section 1.
You can also contact our Data Protection Officer at: dpo@transunion.co.uk
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the UK. You can do this online through the ICO’s website at www.ico.org.uk/concerns, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
We use cookies and similar technologies to distinguish you from other users of the website. This helps us to provide you with a good experience when you browse the website and also allows us to personalise and improve the website.
A cookie is a small file of letters and numbers that we put on your device. Similar technology refers to any other technology that stores or accesses information from your device. We use the following kinds of cookie and similar technologies (referred to below as 'cookies'):
You can find more information about the individual cookies we use and the purposes for which we use them in the table below.
Name | Purpose |
---|---|
_ga, _gat, _gid | These are Google Analytics cookies used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information such as the number of visitors to the site, where visitors have come to the site from and the pages they have visited and how they interacted with the website. |
tuob:cookie:accept | This cookie is used to record whether the current user has given consent to accept cookies on their browser. |
tuob:cookie:analytics | This cookie is used to record whether the current user has given permission to collect data for analytical/performance cookies. If no consent is given, analytical/performance cookies will not collect information. |
.AuthCookie.ConsumerApi | Stores encrypted information to identify the current user whilst navigating through the site. This cookie is removed when the user leaves the site. |
.AntiForgery.ConsumerApi | This cookie is used to prevent Cross-Site Request Forgery. |
_cfduid, __cf_bm | Third party cookies used for security and fraud prevention purposes (namely the detection of malicious visitors and bots). |
Query.ConsumerApi | Stores encrypted query parameter information that is passed to the website by clients. |
s_ecid, s_cc, s_sq, s_vi, s_fid, AMCV_###@AdobeOrg | These are Adobe Analytics cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information such as the number of visitors to the site, where visitors have come to the site from and the pages they have visited and how they interacted with the website. |
You can block cookies using your browser settings that allow you to refuse all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access parts of our website or use some of its features. For more information about this, and about cookies in general, you may wish to visit www.aboutcookies.org.