Privacy Centre
TRANSUNION PRIVACY CENTRE
Version: 1.3
Date adopted: 12th April 2019
From here you can find information about how we use and share personal data across TransUnion Information
Group (TU UK).
TU UK forms part of a larger group of companies. However, this privacy notice only covers the activities
of TU UK.
Because we are a large organisation and use personal data in lots of different ways, we have split up
this information into several different privacy notices to make it easier for you to find what you are
looking for.
To find out about how to exercise your rights in relation to the data that we hold about you, please see our page, “Your Data Rights”
Separate privacy notices apply to users of some of our other websites. Please refer to the privacy notices on those
websites for more details.
If you are a TU UK member of staff you can find information about how we use your personal data on our
intranet pages.
General Privacy Notice
TRANSUNION GENERAL PRIVACY NOTICE
Version: 1.6
Date adopted: 13th April 2021
This privacy notice provides a high-level overview about how we use and share personal data across TransUnion Information Group. More detailed information can be found at the TransUnion Privacy Centre or in other privacy information you may have been given.
given.
In Brief
At TransUnion we provide data and services to our clients for a wide range of purposes. These include:
- Credit referencing services, which involve gathering personal data from credit providers and other organisations, and sharing that data with lenders for credit risk assessment and other purposes. This includes information about credit repayments, court judgments and insolvencies.
- Data marketing services, which involve sharing data from the open register for marketing purposes, as well as performing suppressions and customer insight analysis for our clients.
We also perform evaluations to find out whether data would be of use to us or our clients, and we share data for that purpose
too.
Like any business, TransUnion also processes personal data to support its routine business operations. This includes handling
data relating to business and consumer contacts and members of staff.
You have the right to object and withdraw your consent to our use of your personal data. Please see section 9 to find out more.
This notice covers the following topics:
1. Who are we and how can you contact us?
2. What do we use personal data for?
3. What kinds of personal data do we use, and where do we get it
from?
4. How long is the personal data kept for?
5. What is our legal basis for handling personal data?
6. Who do we share the personal data with?
7. Where is the personal data stored and sent?
8. Is the personal data used to make decisions about you
or to profile you?
9. What are your rights in relation to the personal data
we hold about you?
10. Who can you complain to if you are unhappy
about the use of your personal data?
1. WHO WE ARE AND HOW YOU CAN CONTACT US
About us
We are TransUnion Information Group (TU UK), which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP.
The members of TU UK are listed in section 4 below. TU UK forms part of a larger group of TransUnion companies but this privacy notice only covers the activities of
TU UK.
Different companies in TU UK have different roles and responsibilities for different sets of personal data. Where a member of TU UK acts as a
controller of personal data it is responsible for ensuring that the data is used fairly and lawfully.
Joint controllers
TU UK companies sometimes act jointly with other TU UK companies when making decisions about your personal data. In particular, joint
decisions are made when two or more TU UK companies are sharing personal data with each other.
Our members of staff work across TU UK group companies so, where our group companies make decisions jointly, those members of staff will
ensure that each company involved complies with data protection rules. You can contact our Consumer Services Team if you want to enquire about any of our group
companies or exercise any of your rights in respect of your personal data.
Contact details
You can contact us about issues relating to personal data, including the contents of this notice, by any of the following
methods:
Post: Customer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP
Email: consumer@transunion.co.uk
Telephone: 0330 024 7574
Please refer to our Consumer Contact Privacy Notice for information about how we will handle
your personal data in connection with complaints and enquiries.
2. WHAT DO WE USE PERSONAL DATA FOR?
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we use for
these purposes can be found in section 3 below.
Products and services
Many of our products and services rely on personal data. For example:
Data evaluations
We use and share data for evaluation purposes. This includes assessing its suitability for a particular purpose and, for example,
deciding whether or not it would be useful to us as part of a product or service. Sometimes it may be necessary to share data with a third party in order for
them to be able to match it to data that they hold and return additional data to us.
When we evaluate data, we apply a range of safeguards to protect the interests of consumers. For example, we anonymise or pseudonymise
the data where possible, we ensure it is protected with appropriate security measures, and we limit the quantities of data and the period for which it is used
and retained.
Similarly, we sometimes provide data to our clients in order for them to evaluate it. This can help them understand whether or not our
services would be of use to them. Data is only shared in this way for limited periods of time and is subject to strict restrictions on use.
Operating our business
We use personal data as part of our own internal operations. For example:
- We hold names, job titles and contact details that we get from our business contacts (such as the representatives of our clients
and suppliers), and we use this to manage our relationship with them and for marketing purposes. See our Business
Contact Data Privacy Notice for more details.
- We hold names, contact details and other information that we get from consumers who make contact with us, and we use that
information to deal with their enquiries. See our Consumer Contact Data Privacy Notice for more
details.
- We hold information about our members of staff, and we use that information to manage our relationship with them. The information
includes details such as employment and educational history, background checks and performance appraisals. Members of staff can find more information on the
staff intranet.
- We use CCTV cameras throughout the public areas of our business premises to help ensure the safety of our staff and visitors and
the security of our information and assets.
- We use personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from
consumers or regulators about how we have used personal data.
3. WHAT KINDS OF PERSONAL DATA DO WE USE, AND WHERE DO WE
GET IT FROM?
We use a wide variety of personal data in our business, and we get it from many different sources. Some of the main types of data are
described in section 2 above. For more details about the kinds of data used for each of the purposes described in section 2, please visit the privacy notice referred to above, or go to www.transunion.co.uk/privacy.
Some of our most important types of data are:
Information type |
Description |
Source |
Electoral register data |
We hold information from the electoral register (also known as the ‘Electoral Roll’). There are two versions of this.
One is known as the open register (also known as the ‘Edited Electoral Roll’ or ‘EER’) and can be used for a variety of purposes including
marketing. The other is the full register which we can only use for limited purposes. |
This data is supplied by local authorities across the UK and the Isle of Man. |
Credit account performance data |
We receive personal data about how people are managing to repay their credit commitments.
The data includes the
name of the lending organisation, the date the account was opened, the account number, the amount of debt outstanding (if any), any credit
available (including overdraft limits) and the repayment history on the account, including late and missing payments. |
This data is provided from banks, building societies and other financial services providers such as credit card
companies, home credit suppliers, credit unions and hire purchase companies. It is also provided by utilities companies, mobile phone networks,
retail and mail order companies and insurance companies. |
Bank account turnover data and application salary data |
This data includes the name of the organisation providing current accounts, current account numbers, sort codes, the
number of account holders, the transactions made on the current accounts (credits and in some cases debits), and a figure for all credits on
each current account (less refunds and intra bank transfers).
Application salary data consists of the salary declared by a person when
they are applying for credit. It also includes whether that figure is net or gross, and whether the salary has been verified (e.g. with copies
of salary slips). This data also includes the date that an application was made. |
This data is provided from organisations which offer people current accounts, such as banks and building
societies. |
Judgment data |
We obtain data about court judgments and decrees. This may include, for example, the name of the court, the nature of
the judgment, how much money was owed, and whether the judgment has been satisfied. |
The government makes court judgments and other decrees and administrative orders publicly available through statutory
public registers. These are maintained by Registry Trust Limited, which supplies the data on the registers to us. |
Insolvency data |
We obtain data about insolvency-related events. This includes data about bankruptcies, administration orders,
individual voluntary arrangements, debt relief orders, sequestrations, trust deeds and debt arrangement schemes. This data includes the start
and end dates of the relevant insolvency or arrangement. |
This data is obtained from The Insolvency Service, the Accountant in Bankruptcy, The Stationary Office and Northern
Ireland’s Department for the Economy – Insolvency Service, the London, Belfast and Edinburgh Gazettes and Registry Trust
Limited.
Business insolvency data is obtained from the London, Belfast and Edinburgh Gazettes. |
4. HOW LONG IS THE PERSONAL DATA KEPT FOR?
We keep personal data only for as long as is necessary for the purposes for which it is held. You will need to contact us (see section 1) or refer to the privacy notices at www.transunion.co.uk/privacy for our
specific activities in order to find out exactly how long the data is kept for. The main points we think you might be interested in are:
- Credit reference data (such as your credit history, judgments, bankruptcies, etc) generally stays on your credit file for a period of six years. After that it is not used to make any decisions about you, but it is still used for a further four years for statistical analysis purposes.
- Electoral register data is kept for the period that you reside at the relevant address, and for a further 14 years after you have moved out.
- Search footprints stay on your credit file for two years..
5. WHAT IS OUR LEGAL BASIS FOR HANDLING PERSONAL DATA?
This section explains the legal basis on which we process your personal data.
Legitimate interests
The UK’s data protection law allows the use of personal data where necessary for legitimate purposes provided that this isn’t
outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
Most of our processing activities are based on the legitimate interests condition. This includes almost all of our credit referencing
and data marketing services. For more details about the legitimate interests we are pursuing, please refer to the relevant privacy notices (see links
above).
Consent
We sometimes rely on consent in order to process personal data, but this is relatively rare. Again, please refer to the relevant
privacy notices at www.transunion.co.uk/privacy for more details.
Performance of our contract with you
If you sign up for one of our online services, we agree to provide you with services as set out in the Terms & Conditions on the
relevant website. We need to use some of your personal data in order to be able to provide you with those services. Please refer to the privacy notice on the
relevant website for more details.
We also use this basis for processing some of our staff data.
6. WHO DO WE SHARE THE PERSONAL DATA WITH?
Our group companies
We may share personal data among TU UK companies where appropriate. A list of TU UK companies is set out below, although the list may
be updated from time to time.
Group company
|
Main trading address and registered office
|
TransUnion Information Group Limited (company no. 4968328)
|
One Park Lane, Leeds, West Yorkshire LS3 1EP
|
TransUnion International UK Limited (company no. 3961870)
|
Callcredit Marketing Limited (company no. 2733070)
|
Callcredit Spain, S.L (tax ID number B87839510)
|
Paseo de la Castellana, 259C, 16th floor, 28046 Madrid, Spain |
Confirma Sistemas de Información, S.L. (tax ID number B86303757)
|
Av. de la Industria, 18, 28760 Tres Cantos, Madrid, Spain |
Soluciones Confirma ASNEF-SIGNE, S.L. (tax ID number B86016649)
|
TransUnion Baltics, UAB (company no. 302689020)
|
Karaliaus Mindaugo pr. 50, Kaunas LT- 44334, Lithuania
|
Our clients and resale partners
We share personal data with our clients for the purposes described in section 2 above.
Our clients will each have their own privacy notices which will provide more information about how they (specifically) use the data we supply.
Our clients typically operate in the following sectors:
- financial services (including banks, loans, credit cards, mortgages, pensions, and investments and savings providers)
- insurance
- debt collection agencies
- gaming / gambling
- retail (including online retailers)
- telecoms and utilities
- professional services (such as legal and accountancy firms)
- the public sector
In some cases our clients may appoint an intermediary to act on their behalf; these intermediaries will often receive the data too. We
also appoint data resale partners who will distribute our data to third parties.
Service providers
We and our clients may provide your information to third parties who help us use it for the purposes described in section 2. For example:
- Our databases of personal data may be hosted by third parties on our behalf.
- Some of our products and services rely on us sending personal data to third parties who then analyse or enhance it and return the
results to us.
- We use third party email broadcasting services in order to send emails.
- We use payment service providers in relation to any payments made by individuals.
- We sometimes use market research companies to help us better understand our customers.
- We use cloud-based technologies such as Microsoft Office 365 and Salesforce in the course of our ordinary business operations.
- Our CCTV system is operated by a specialist sub-contractor, Cube Group Limited.
These service providers are generally not allowed to use information for their own purposes or on behalf of other organisations.
Business transfers
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that
acquires the business.
Regulators
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
Sharing of anonymised data with third parties
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating
to you.
7. WHERE IS THE PERSONAL DATA STORED AND SENT?
Within the UK and the EU
We are based in the United Kingdom, and will access and your information from here. However, we also have operations in Lithuania and Spain,
and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.
Elsewhere
We also send information elsewhere in the world. For example:
- When one of our overseas group companies or branch offices based overseas needs to use the information. For example, the wider TransUnion group has headquarters in the United States, and also has operations elsewhere in the world such as South Africa and India.
- Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that database for purposes such as technical support or system development and testing.
While countries within the UK and European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:
- Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a
suitable level of protection.
- Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a
suitable level of protection.
If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us
using the details set out in section 1 above.
8. IS THE PERSONAL DATA USED TO MAKE DECISIONS ABOUT
YOU OR TO PROFILE YOU?
We perform the following automated decision-making and profiling activities using your personal data. When we refer to profiling, we mean
using personal data to make predictions about you, or to categorise you into particular groups.
Individual-level profiling
We and our clients use personal data in order to predict or infer new information about you. In particular:
- TransUnion International UK Limited uses the data that it gathers as a credit reference agency (such as credit and utility repayment history, judgments, insolvencies and the electoral register) to generate scores that can be used to help assess your creditworthiness.
- Our data marketing services involve combining personal data with other information such as census statistics in order to make predictions about people’s lifestyles or preferences. When we do this, we are normally processing clients’ data on their behalf.
Examples: profiling for marketing purposes
A bank wants to send postal marketing to some of its customers who may be interested in their new premium credit card. We hold
information about the typical residents of each postcode and the type of each property, and can add that information to the bank’s customer list. The
bank can then identify which customers are most likely to be interested in the new card, which allows it to target its advertising towards those
customers.
A high street retailer is deciding where to target its advertising. It provides us with its customer list. We add information
about the postcodes and properties where those customers live, and analyse it to find out what kind of people shop at the retailer’s stores. We then
look at where similar kinds of people live. This helps the retailer decide where to target its local advertising.
Aggregated profiling
We and our clients also use personal data to predict or infer information about the areas that people live in. This includes information such as the lifestyle,
age or wealth of the typical residents of those areas. This information is used for the purposes described in section 2 above.
Decision-making
We generally do not use personal data or profiling to make automated decisions that have significant effects for you, but some of our clients may do so. For
example, clients who receive credit scores from us may use those scores to help them decide whether or not to grant you credit.
9. WHAT ARE YOUR RIGHTS IN RELATION TO THE PERSONAL
DATA THAT WE HOLD ABOUT YOU?
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To
enquire about exercising these rights, please email us at consumer@transunion.co.uk, telephone us on 0330 024
7574, or refer to the other contact details in section 1.
- Access: You have a right to find out what personal data we hold about you, and certain other information such as
how we are using it.
- Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us
to correct it.
- Objection to direct marketing: You have the right to object to us using your personal data for direct marketing
purposes. If you do this we will stop using it for those purposes.
- Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using
your personal data (see section 4 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light
of your particular circumstances.
- Withdrawal of consent: When we rely on your consent to use your data (see section 4 above), you have the right to
withdraw that consent at any time.
- Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this
usually won’t apply to all of your data because we might have good reason for needing to keep some of it. For example, if you object to us using your data
for direct marketing purposes we will need to keep a record of that objection so that we do not subsequently begin direct marketing activities in relation
to you if we receive your data again.
- Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
- Portability: In some circumstances you have the right to receive some limited kinds of information in a portable
format.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle
your personal data in connection with complaints and enquiries.
10. WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY
ABOUT THE USE OF YOUR PERSONAL DATA?
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can
investigate your concerns. Please contact us using these details:
Post: Customer Relations Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP
Email: customer.relations@transunion.co.uk
Telephone: 0330 024 7574
You can also contact our Data Protection Officer at dpo@transunion.co.uk
Please refer to our Consumer Contact Privacy Notice for information about how we will handle
your personal data in connection with complaints and enquiries.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the
handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk by
telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
IMPORTANT NOTE: This privacy notice covers processing activities carried on by the UK’s three main credit reference agencies: Equifax, Experian and TransUnion. Some of the activities described in this privacy notice are carried on by one or more of the other credit reference agencies but not by TransUnion. For example, TransUnion does not use credit reference data for screening individuals out of marketing activity, tracing individuals for marketing purposes, generating or verifying contact details for marketing purposes, or generating or verifying insight about individuals for marketing purposes. TransUnion does however supply open register data on a standalone basis for marketing purposes. An updated version of CRAIN will be published in due course. Please refer to TransUnion’s Marketing Services Privacy Notice for more details about TransUnion’s marketing services.
Credit Reference Agency Information Notice (CRAIN)
Version: 1.1 Adopted: 26 March 2020
IN BRIEF
We are credit reference agencies and we play a key role in the UK’s financial ecosystem. This document explains how we obtain, process
and share personal data about consumers and businesses.
This section briefly summarises the key processing activities common to the credit reference agencies. For more detail, please refer to
the rest of this document. In addition, we recommend reviewing each credit reference agency’s own information notices, which explain the specific processing
activities of that credit reference agency. Links to these documents can be found in section 14.
- Credit reference agencies collect information about consumers and businesses from various sources and build databases that hold
all of this data.
- The sources of that information include public records, such as court judgments (CCJs) and electoral register information, and
financial information from lenders, utilities suppliers and telecoms businesses.
- Lenders and other organisations carry out searches against that information with one or more credit reference agencies.
- Organisations can carry out searches for several reasons. These include assessing creditworthiness and ability to afford financial
products, checking the accuracy of other information, preventing and detecting crime (such as fraud or money laundering), checking identity, tracing
individuals (for example to recover debts that they owe), calculating how much their insurance premiums should be, and assessing their suitability for a job
or a tenancy.
- When an organisation carries out a search of someone’s information, we will record details of that search. This is known as a
search footprint.
- Credit reference agencies also use consumer data for marketing-related purposes, such as helping organisations to better direct
their marketing, including by screening individuals out of advertising for credit products so that those products are not offered to people who would not be
eligible for them. They may also use the data to build insight to predict information or characteristics about the population, to help organisations
identify who they want to market their products and services to.
- Credit reference agencies also use the data in their databases for other activities. These include analytics and profiling, such
as helping lenders build scorecards to use in assessing credit applications.
- Because not every lender supplies data to every credit reference agency, your credit reference information held at each credit
reference agency might be different.
- Credit reference agencies carry out several types of data processing to help achieve the aims described above. These include
loading data, matching and linking data together as well as testing, developing and building our products and services.
- Consumers have certain rights that they can seek to exercise in relation to the personal data held by credit reference agencies.
For example, they have rights to obtain a copy of the data, to ask the credit reference agency to correct it if it is inaccurate, and to object to the
processing of the data.
Please note:
- This document describes how the credit reference agencies use and distribute the personal data described in section 4. This data is referred to as “credit reference data”.
- The credit reference agencies are independent businesses. Not all of the products and services described in this document are
provided by all three of the credit reference agencies, or in the same way, and not all of the data is used by each of them.
- This document does not cover all personal data that the credit reference agencies use and distribute; for example, this document
does not cover processing of personal data in relation to credit reference agency services you sign up to directly, such as services which allow you to view
your own credit report and score. Section 2 and section 14 below provide links
to where information can be found about each credit reference agency’s other products and services (including marketing services) and how they use and share
other kinds of personal data.
- Consumers can obtain a copy of the information that each credit reference agency holds about them. Section 9 explains how this can be done.
CONTENTS
This document answers these questions:
- 1. Who are the credit reference agencies and how can they be contacted?
- 2. What do credit reference agencies use credit reference data for?
- 3. What are the credit reference agencies’ legal grounds for handling credit reference data?
- 4. What kinds of personal data do credit reference agencies use, and where do they get it from?
- 5. Who do credit reference agencies share credit reference data with?
- 6. Where is credit reference data stored and sent?
- 7. For how long is credit reference data retained?
- 8. Do the credit reference agencies make decisions about consumers or profile them?
- 9. How can a consumer see what data the credit reference agencies hold
about them? Do consumers have a ‘data portability’ right in connection with their credit reference data?
- 10. What can a consumer do if their credit reference data is wrong?
- 11. Can a consumer object to the use of their credit reference data and have it
deleted?
- 12. Can a consumer restrict what the credit reference agencies do with their
credit reference data?
- 13. Who can a consumer complain to if they are unhappy about the use of
their credit reference data?
- 14. Where can consumers find out more?
1. WHO ARE THE CREDIT REFERENCE AGENCIES AND HOW CAN THEY BE CONTACTED?
There are three main credit reference agencies in the UK.
Each is regulated by the Financial Conduct Authority (“FCA”) and authorised to conduct business as a credit reference agency. The full names
and contact details for each are set out below.
Credit reference agency |
Contact details |
Equifax Limited |
Post: Equifax Limited, Customer Service Centre PO Box 10036, Leicester, LE3 4FS
Web Address: https://www.equifax.co.uk/Contact-us/Contact_Us_Personal_Solutions.html
Email: UKDPO@equifax.com
Phone: 0333 321 4043 or 0800 014 2955
|
Experian Limited |
Post: Experian, PO BOX 9000, Nottingham, NG80 7WP
Web Address: https://www.experian.co.uk/consumer/contact-us/index.html
Phone: 0344 481 0800 or 0800 013 8888
|
TransUnion International UK Limited |
Post: TransUnion, One Park Lane, Leeds, West Yorkshire, LS3 1EP
Web Address: https://www.transunion.co.uk/consumer/consumer-enquiries
Email: consumer@transunion.co.uk
Phone: 0330 024 7574
|
In this information notice, these three companies are referred to as Equifax, Experian and TransUnion respectively. Together they are
referred to as credit reference agencies.
Controllers
Each credit reference agency is a controller of the credit reference data that it holds. This means that it has certain
responsibilities under data protection law to make sure that the data is used fairly and lawfully.
Where a credit reference agency operates as part of a group of companies, it may share joint responsibility with the other members of
that group when sharing data with them. You can contact the relevant credit reference agency using the details above if you want to enquire about any of those
group companies or exercise any of your rights in respect of your personal data.
2. WHAT DO CREDIT REFERENCE AGENCIES
USE CREDIT REFERENCE DATA FOR?
Credit reference agencies use credit reference data in products and services that they offer to their clients. The purposes for which
those products and services are used are described below, but please note that different clients may use the products and services in different ways. Consumers
should check the privacy policies of the organisations that they deal with for details about how they use any products and services provided by the credit
reference agencies.
(a) Credit reporting and affordability checks
Each credit reference agency uses credit reference data to provide credit reporting services and affordability checks to its clients.
Credit reporting
Organisations use credit reporting services to see how people and businesses are managing payments in respect of their credit
arrangements and how they have done so in the past. For example, if a person applies for a bank loan to buy a car, the bank may use credit reporting services to
check whether that person has defaulted on any previous credit agreements. It will then use this information, together with information from other sources, to
assess the risk of offering the loan.
Affordability checks
Organisations use affordability checks to help understand whether people or businesses applying for credit are likely to be able to afford
the repayments. The information provided as part of the affordability checks may affect a person’s or business’s ability to obtain credit.
These activities help promote responsible lending, prevent people and businesses from getting into more debt than they can afford, and reduce
the amount of unrecoverable debt and insolvencies.
(b) Checks to validate and verify data, and help prevent and detect fraud, money laundering and other criminal activity
The credit reference agencies use credit reference data to provide validation and verification services and other services to help prevent
fraud, money laundering and other criminal activity.
Some examples of how credit reference agency clients use these services are as follows:
- When a person applies to an organisation for a product or service, the organisation might ask that person to answer questions about
themselves, and then check the answers against the data held by the credit reference agencies to see if they match. For example, they may ask “What is your
current address?” If the address provided does not exist on the credit reference agencies’ records (for example, because it is a fictitious address) or does not
match the data held by the credit reference agencies (for example, there is no record of the person at the address provided), then this may be an indicator of a
mistake or fraud.
- Where some products and services are only available to people of a certain age, organisations may check whether the person they are
dealing with is eligible by looking at data held by the credit reference agencies. For example, if a person is signing up to join a gambling website which is
only for people who are at least 18 years old, the organisation may check to see if the age provided by the person matches that held by the credit reference
agencies.
- Government and quasi-government bodies may use credit reference agency services to check whether people are entitled to certain benefits
and to help recover unpaid taxes, overpaid benefits and similar debts. For example, if a person is claiming single person discount for council tax, a local
authority may check with the credit reference agencies to see if any other adults are living at the same address.
- The police may use data held by credit reference agencies to help in their investigations into criminal activity.
An indication of invalid or unverified information, fraud, money laundering or other criminal activity may affect the outcome of an
application for (amongst other things) a product or service, a tenancy agreement or employment. If clients using the services identify potentially fraudulent
activity they may also pass the applicant’s details to a fraud prevention agency such as Cifas and/or to the police.
(c) Customer management
Credit reference agencies use credit reference data to provide products and services for organisations to use for customer management
purposes. Customer management is the ongoing maintenance of an organisation’s relationship with its customers. This could include activities designed to support:
- data accuracy: for example, to correct or update data held on the organisation’s records, such as correcting spelling
mistakes or adding missing fields;
- ongoing relationship and account management activities: for example, to help organisations make decisions relating to
credit limit adjustments, transaction authorisations, card reissue, inbound lending requests, and to identify and manage the accounts of customers including
those at risk, in early stress, in arrears, or going through a debt collection process.
(d) Tracing and debt recovery
Credit reference agencies use credit reference data to provide products and services that allow organisations to trace people. This is
typically needed where a person has moved address or changed their telephone number and has not provided their new contact details. The credit reference agencies
help organisations locate customers they have lost contact with by providing them with updated addresses and other contact details.
The products and services are used to support organisations’ debt recovery and debtor tracing activity. For example, if a person owes money
to an organisation and moves to a new house without telling the organisation where they have moved to, the organisation may use these services to help find that
person to recover the money that is owed to them.
These products and services are also used to find people in order to let them know about assets that they may have forgotten about or
not be aware of, such as old dormant savings accounts or pension funds, or to find people to let them know about assets of a deceased person which they have an
interest in, such as administrators or beneficiaries of a deceased person’s estate.
Please also see section 2(h) below which describes how some of the credit reference agencies provide tracing
services for marketing purposes.
(e) Tenant vetting
Credit reference agencies use credit reference data to provide products and services that allow landlords to verify some of the information
provided by their prospective tenants, as well as confirming that they are who they say they are and that they are likely to be willing and able to pay their rent
on time. Landlords can use this information to help decide whether to agree to the tenancy, or how much of a deposit they should ask for.
(f) Staff and job candidate vetting
Credit reference agencies use credit reference data to provide products and services that allow organisations to verify some of the
information provided by their staff and job candidates and confirm that they are who they say they are. They also enable employers to assess whether the staff
member or candidate has a history of managing their own financial commitments well, or whether they are financially compromised. This can be used to help them
decide whether the person would be or will continue to be a suitable member of staff.
(g) Insurance risk assessments and pricing
Credit reference agencies use credit reference data to provide products and services for organisations to use to assess insurance risk. For
example, an insurer may find that a person’s financial standing and history can be used to help predict how likely that person is to make a claim on an insurance
policy, or how large that claim might be. This can help the insurer to decide (i) whether to provide insurance to a person, and (ii) how much the insurance premium
should be, and (iii) whether to allow payment for insurance on a credit instalment basis.
(h) Marketing and marketing-related services
Overview
Each credit reference agency offers its clients marketing services. Some of these marketing services use credit reference data and some
do not. For details about the marketing services offered and the personal data used by the credit reference agencies, please see the following links:
Experian: https://www.experian.co.uk/privacy/consumer-information-portal
Equifax: https://www.equifax.co.uk/ein.html
TransUnion: https://www.transunion.co.uk/legal/privacy-centre?#pc-marketing-services
As well as other rights, consumers have the right to object to the processing of their credit reference data for direct marketing
purposes, including any profiling that is related to direct marketing. Section 11 sets out more details on how
this right can be exercised.
If a credit reference agency provides marketing services, then they may use an individual’s title, name (including aliases), address,
date of birth, gender and address links information (see section 4 for more detail), as well as limited information
relating to their financial standing.
Screening out
Credit reference agencies use credit reference data to provide screening services to their clients. This means that they identify
people who clients may wish to screen out of marketing lists. Screening is used to help ensure that individuals do not receive irrelevant or inappropriate
marketing information.
For example, a client may want to screen out from its marketing list someone who is deceased, or who is under 18, or does not reside at
the address they hold, or who may not be interested in a product or service or is unlikely to be accepted for it.
Other marketing-related activities
In addition, credit reference agencies may use credit reference data to offer some or all of the following marketing services:
- They may supply the open version of the electoral register (where people have not opted out from their electoral register data
being used for marketing and other purposes) to organisations for marketing purposes. This can include identifying new potential customers, verifying that
names, addresses and dates of birth collected from other sources are accurate and complete, and informing customers of any errors.
- They may identify when someone has moved away from an address so that marketing is not sent to them at that old address.
- They may help build insight using profiling techniques which will be used by organisations to help them identify people that they
want to communicate with about particular products and services. This insight might predict, for example, age, marital status, household composition, length
of residency at an address and gender. It can help give organisations insight into the likely characteristics of the UK population at an individual,
household and postcode level. Credit reference data also helps credit reference agencies to validate the insight being created.
- In certain circumstances, insight might also be used to help clients predict the financial profile of a person so that they can
personalise their interactions with them and make communications more relevant and suitable. For example, they could use the insight to select products or
offers that they believe would be relevant to that person.
- Models and insight created by the credit reference agencies can be matched to clients’ own contact lists so that they can make
better informed decisions about how they interact with individuals.
- They may confirm whether individuals are resident at the address that the credit reference agencies or their clients hold for
them. This can be done by checking the credit reference data to see if there are any open credit accounts at an address and whether the accounts have recent
activity, such as where a recent payment has been made. If they do, then it is likely that they have the correct address details. This will help ensure that
an individual does not receive marketing for someone else and the credit reference agencies’ clients do not send marketing to the wrong address.
- They may trace individuals to a new address so that their marketing preferences (both opt-ins and opt-outs) collected at a
previous address can continue to apply at their new address and so that marketing is not sent to them at their old address.
- The credit reference agencies may also use credit reference data to help keep their own marketing suppression lists (or those of
their group companies) accurate and up to date. For example, if you have previously asked to be excluded from marketing activity and your credit reference
data indicates that you have since moved or changed your name, that information can be used to make sure that you continue to be excluded from marketing
activity at your new address or under your new name.
(i) Profiling, statistical analysis and anonymisation
Credit reference agencies use, and allow their clients to use, credit reference data to carry out profiling of consumers through
statistical analysis. This includes the creation, validation and use of scorecards, models, and attributes in connection with the assessment of risks relating
to credit, fraud, affordability and debt collection. It is also used in verifying identities, to monitor and predict market trends and to enable clients to
refine lending and fraud strategies, and loss forecasting.
These practices profile consumers to help determine the likelihood that a consumer with certain characteristics will act in a way that
will produce certain outcomes; for example, to repay credit, to be able to afford credit, to claim on an insurance policy, to commit fraud, to respond to
certain collection strategies or to become insolvent.
The credit reference agencies may also convert personal data into statistical or aggregated form so that individuals are not identified
or identifiable (thereby creating anonymized data). Anonymized data is not personal data and the credit reference agencies may use such data to conduct research
and analysis, including to produce statistical research and reports or for any other purposes.
(j) Data management activities
Credit reference agencies use credit reference data to carry out certain processing activities to support their own business
operations. This includes supporting the effectiveness, efficiency and security of their databases, products and services, both in the context of their credit
reference activities and more widely. For example:
- Data loading: credit reference data is checked for integrity, validity, consistency, quality and age to help make
sure it is accurate. These checks pick up issues such as irregular dates of birth, names, addresses, account start and default dates, and gaps in status
history.
- Data matching: credit reference data is matched to the credit reference agencies’ existing databases to help make
sure it is assigned to the right person, even when there are discrepancies like spelling mistakes or previous names or different versions of a person’s
name. Credit reference agencies use credit reference data to create and confirm identities, which they use to underpin the services that they
provide.
- Data linking: when credit reference agencies compile data into their databases, they create links between
different pieces of data. For example, people who appear financially associated with each other may be linked together and a person can be linked with their
previous and current addresses. Also, where someone has an alias, such as a maiden name and married name, these names will be linked.
- System maintenance and testing: credit reference data may be used when carrying out system maintenance, repair
and testing, and security activity.
Each credit reference agency has its own processes and standards for data management activity.
(k) New development and testing
The credit reference agencies use credit reference data to help develop new products, services and technologies and to test them.
Typically, credit reference agencies will anonymise credit reference data before it is used for these purposes.
(l) Compliance with laws
The credit reference agencies use and disclose credit reference data where required by law. For example, this can happen in response to
a court order or a request from a regulator, or in order to comply with a request from a person (or by a third party acting on their behalf), to exercise their
legal rights in respect of the credit reference data, such as by requesting a copy of it.
3. WHAT ARE THE CREDIT REFERENCE AGENCIES’ LEGAL GROUNDS FOR HANDLING CREDIT REFERENCE DATA?
Data protection law requires the credit reference agencies to always have what is referred to as a “lawful basis” (i.e. a reason or
justification) for processing personal data. There are a number of lawful bases available, but the majority of credit reference agencies’ activity is on the
basis that:
- the processing is necessary to pursue the legitimate interests of the credit reference agencies and
third parties (such as their clients), and those interests do not unduly prejudice the rights and freedoms of individuals; or
- the processing is necessary to comply with a legal obligation binding on the credit reference
agencies.
For information about any other lawful basis relied on by each credit reference agency, please review their individual information
notices (see section 14).
Legitimate interests
The credit reference agencies use credit reference data to pursue their legitimate interests, those of their clients and those of
individuals. The following table explains these legitimate interests. The credit reference agencies have carried out assessments and have concluded that these
interests are not overridden by the interests or fundamental rights and freedoms of individuals.
Interest |
Explanation |
Promoting responsible lending and helping to prevent over-indebtedness |
Responsible lending means that lenders only sell products that are affordable and suitable for the borrowers’
circumstances. This is in the interests of borrowers so that they do not become burdened with debt that they cannot afford to repay, and the
stress associated with that. It is also in the interests of lenders in that it reduces bad debt and collections activity.
Credit
reference agencies facilitate responsible lending by providing services that allow lenders to access information about a person (and anyone with
whom they have a financial association, such as a joint account), including how they are managing current debt, have managed debt in the past
and whether they have sufficient income to repay the debt. |
Helping prevent and detect fraud, money laundering and validate and verify identity |
Credit reference agencies provide identity, anti-fraud and anti-money laundering services to help clients meet legal
and regulatory obligations. These services benefit individuals by facilitating prompt access to services through identity verification, and
helping to protect them against fraud, and other criminal activity.
Prevention and detection of fraud, money laundering and other
criminal activity is in the legitimate interest of the credit reference agencies and their clients. It is also to the benefit of wider society
and therefore in the public interest. |
Customer and data management activities for the benefit of consumers and businesses. |
Credit reference agencies provide services which help businesses maintain the quality of the data they hold and to
make informed decisions about how they engage with their customers.
It is in the legitimate interests of the credit reference agencies to
offer these services to their clients but it is also in the legitimate interests of both the consumer and businesses by helping ensure that data
held is accurate, comprehensive and up-to-date and that informed and responsible decisions can be made particularly in the context of lending
decisions. |
Supporting tracing and debt recovery |
Credit reference agencies provide services that support tracing and collections where the client has a legitimate
interest in conducting activity to find its customers and to recover debt, or to reunite, or confirm that an asset relates to the right
person. |
Enabling landlords to check the suitability of their prospective tenants |
Credit reference agencies enable landlords to verify some of the information provided by their prospective tenants, as
well as confirming that they are who they say they are and that they are likely to be willing and able to pay their rent on time. This helps the
landlord to decide whether to agree to the tenancy, or how much of a deposit they should ask for; and it reduces the risk that the tenancy
relationship will subsequently break down. It also helps tenants to avoid getting into legal difficulties where they have agreed to pay rent
that they cannot afford. |
Enabling employers to check the suitability of their current and prospective staff |
Credit reference agencies enable employers to verify some of the information provided by their staff and job
candidates and confirm that they are who they say they are. They also enable employers to assess whether the staff member or candidate has a
history of managing their own financial commitments well, or whether they are financially compromised. This can help reduce the risk of fraud
and can help the employer to decide whether the person is or would be a suitable member of its staff. All of which is in the legitimate interest
of those employers. |
Enabling insurers to calculate and price risk more accurately |
Credit reference agencies enable insurers to consider certain kinds of credit reference data when they are assessing
risk. This data can help the insurer decide whether to provide cover to a person, and how much the insurance premium should be. This enables
them to better forecast their future liability and to price their insurance products more accurately and competitively. For consumers, it means
that insurance policies are priced more fairly, with the lowest-risk individuals paying less for their insurance. |
Supporting compliance with legal and regulatory requirements |
Credit reference agencies’ services may be used by their clients to help them comply with their own regulatory
obligations, for example, complying with anti-money laundering obligations and regulations set by the FCA which require lenders to assess the
creditworthiness of individuals who apply for loans. This is in the legitimate interest of clients.
Further, these regulatory obligations
are in place in the interests of wider society, so facilitating compliance with them indirectly benefits society as a whole, which is in the
public interest. |
Promoting responsible, efficient and informed marketing activities for the benefit of consumers and businesses.
|
Credit reference agencies provide services to support organisations in ensuring that their marketing strategies are
responsible, informed and efficient. This helps them to reduce waste (driving costs down and increasing competition) and avoid sending
communications to individuals who are less likely to be interested in receiving them or who should not receive them.
More information is
available from each credit reference agency about the legitimate interests relied on for their marketing services activities by
visiting:
Experian: https://www.experian.co.uk/privacy/consumer-information-portal
Equifax: https://www.equifax.co.uk/ein.html
TransUnion: https://www.transunion.co.uk/legal/privacy-centre?#pc-marketing-services |
Commercial interests |
It is in each of the credit reference agencies’ legitimate interests to provide the services described above to its
clients to generate sales revenues. |
The credit reference agencies’ use of credit reference data is subject to an extensive framework of safeguards that balance the legitimate
interests set out above with the fundamental rights and freedoms of the people whose data the credit reference agencies use and share. The framework includes
information given to people about how their personal data will be used and how they can exercise their rights to obtain their personal data, have it corrected,
erased or restricted, object to it being processed, and complain if they are dissatisfied. It also includes extensive due diligence checks on clients, robust
contractual arrangements and internal data management processes that the credit reference agencies have in place. These safeguards help sustain a fair and
appropriate balance and to protect the rights and freedoms of individuals.
Legal obligations
In some circumstances the credit reference agencies are required by law to use or share personal data in particular ways. This happens,
for example, when a court, law enforcement agency or regulator makes a legally binding request or order for disclosure of personal data. It also happens when
individual consumers exercise their rights, for example by requesting a copy of their own personal data from a credit reference agency.
4. WHAT KINDS OF PERSONAL DATA DO CREDIT REFERENCE AGENCIES USE, AND WHERE DO THEY GET IT FROM?
Each credit reference agency obtains and uses personal data from different sources, so they often hold information that is different to some
degree from that held by the others. However, most of the personal data they hold falls into the categories outlined below from the sources described.
Information type |
Description |
Source |
Identifiers |
Credit reference agencies hold personal data that can be used to identify people, such as name, date of birth, and
current and previous addresses.
They may also hold business data including name, address and details of shareholders and
directors. |
This data is part of some of the other data sources mentioned below in this table.
Data about UK postal addresses is obtained from commercial sources such as Royal Mail.
|
Electoral register data |
Credit reference agencies hold information from the electoral register (also known as the ‘Electoral Roll’). There are
two versions of this. One is known as the open register (also known as the ‘Edited Electoral Roll’ or ‘EER’) and can be used for a variety of
purposes including marketing. The other is the full register which the credit reference agencies can only use for limited purposes.
|
This data is supplied by local authorities across the UK and the Isle of Man.
|
Credit account performance data |
Credit reference agencies receive personal data about how people are managing to repay their credit
commitments.
The data includes the name of the lending organisation, the date the account was opened, the account number, the
amount of debt outstanding (if any), any credit available (including overdraft limits) and the repayment history on the account, including
late and missing payments.
|
This data is provided from banks, building societies and other financial services providers such as credit card
companies, home credit suppliers, credit unions and hire purchase companies. It is also provided by utilities companies, mobile phone networks,
retail and mail order companies and insurance companies. |
Rental related data |
Some credit reference agencies receive personal data about whether people are managing to pay their rent on time.
The data includes tenancy reference, start date, end date, rental amount, arrangement amount and outstanding
balance.
|
This data is provided by social housing providers and private landlords.
|
Bank account turnover data and application salary data |
This data includes the name of the organisation providing current accounts, current account numbers, sort codes,
the number of account holders, the transactions made on the current accounts (credits and in some cases debits), and a figure for credits on
each current account.
Application salary data consists of the salary declared by a person when they are applying for credit. It also
includes whether that figure is net or gross, and whether the salary has been verified (e.g. with copies of salary slips). This data also
includes the date that an application was made.
|
This data is provided from organisations which offer people current accounts, such as banks and building
societies. |
Judgment data |
Credit reference agencies obtain data about court judgments and decrees. This may include, for example, the name of
the court, the nature of the judgment, how much money was owed, and whether the judgment has been satisfied. |
The government makes court judgments and other decrees and administrative orders publicly available through statutory
public registers. These are maintained by Registry Trust Limited, which supplies the data on the registers to the credit reference
agencies. |
Insolvency data |
Credit reference agencies obtain data about insolvency-related events. This includes data about bankruptcies,
administration orders, individual voluntary arrangements, debt relief orders, sequestrations, trust deeds and debt arrangement schemes. This
data includes the start and end dates of the relevant insolvency or arrangement. |
This data is obtained from The Insolvency Service, the Accountant in Bankruptcy, The Stationary Office and Northern
Ireland’s Department for the Economy – Insolvency Service, the London, Belfast and Edinburgh Gazettes and Registry Trust Limited.
Business insolvency data is obtained from the London, Belfast and Edinburgh Gazettes.
|
Fraud prevention indicators |
This data consists of information which indicates that an individual has demonstrated behaviour that appears to be
consistent with that of known fraudulent conduct. It also consists of information where an individual has been a victim of identity fraud, or
feels that his or her personal data is vulnerable due to a breach.
|
This data is obtained from Cifas, a not for profit fraud prevention membership organisation. |
Search footprints |
When an organisation uses a credit reference agency to make enquiries about a person, the credit reference agency
keeps a record of that enquiry. This is known as a ‘search footprint’. This includes the name of the organisation, the date, and the purpose for
which the enquiry was made, for example, employee vetting. |
Credit reference agencies generate search footprints automatically when enquiries are made about a person.
|
Scores |
Credit reference agencies and their clients use credit reference data to produce scores including in relation to
credit, affordability, fraud, identity, collections and insolvency.
|
The credit reference agencies use algorithms known as ‘scorecards’ to produce scores by running credit reference data
through scorecards.
Similarly, other organisations create their own scores from data obtained from the credit reference agencies as well
as other sources. |
Other third-party data |
This data includes phone numbers and email addresses, data concerning politically exposed persons (PEPs) and people on
sanctions lists as well as mortality data. |
Credit reference agencies receive this data from reputable commercial sources under contracts agreed from time to
time. |
Other data credit reference agencies create (not already referred to in this table) |
The credit reference agencies derive certain data from the credit reference data. For
example:
Summarised and aggregated data: credit reference agencies can summarise credit reference data, for example by
providing a count of the total number of accounts or judgments a person has, or the total amount of debt. They can also aggregate data about
different consumers together, for example to provide an overview of the financial status of particular postcodes and other geographical
areas.
Address links: when a credit reference agency detects that a person has moved to a new house, it may create and
store a link between the old and new address.
Aliases: when a credit reference agency believes that a person has
changed their name, it may record the old name alongside the new one.
Financial associations and linked people: when a
credit reference agency believes that two or more people are financially linked with each other (for example, because they have a joint
account), it may record that fact.
Flags and triggers: the credit reference agencies may create flags and triggers that
they use in their systems to highlight that certain credit reference data exists or to summarise that data. For example, if the credit reference
agencies hold fraud data from the fraud organisation known as Cifas, they may create a flag indicating this fact. This flag would highlight to
clients that the data is available and give them the opportunity to ask for more details. |
The credit reference agencies generate this data from the data sources available to them. |
Data provided by individuals themselves |
People sometimes provide data about themselves directly to credit reference agencies. For example, individuals have
the right to ask credit reference agencies to add a short statement that will be displayed when an organisation sees credit reference data about
them. This statement is known as a ‘notice of correction’ and can be used to allow the person to explain the reason for an entry. The right to
do this is explained in section 10 below).
If a person exercises any of their other
legal rights, the credit reference agencies will retain data relating to these activities, for example, records will be kept of all actions and
correspondence relating to managing complaints. |
This data is provided directly by individuals themselves. |
5. WHO DO CREDIT REFERENCE AGENCIES SHARE CREDIT REFERENCE DATA WITH?
This section describes the types of organisation credit reference agencies share data with. Before sharing data with any third party
each credit reference agency will, where appropriate, complete its own due diligence checks to ensure that the organisation is a real business and has
applicable regulatory authorisations in place.
Clients
Credit reference agencies supply their products and services to clients in various sectors, such as banks, building societies, other
credit providers, utility companies, mobile phone companies, insurance companies, credit report providers, retailers, gaming organisations, tenant and employee
vetting firms, professional services organisations (such as firms of solicitors and accountants), estate agents, landlords, marketing companies, charities and
public bodies such as the police, central and local government and regulators.
Certain organisations that share financial data with the credit reference agencies are members of closed user groups which entitle them
to receive similar kinds of financial data contributed by other organisations in the group. These organisations are typically banks, building societies, and
other lenders, as well as other credit providers like utilities companies and mobile phone networks.
Resellers, distributors and agents
Credit reference agencies sometimes use other organisations to help provide their products and services to clients. To do this, they
may provide credit reference data to them so that they can provide the services.
Service providers
The credit reference agencies may use other external organisations and other members of their own groups of companies to perform tasks
on their behalf (for example, IT service providers, call centre providers and security service providers). To do this, they may provide or make available credit
reference data to them so that they can perform the tasks.
Fraud prevention agencies
Each credit reference agency is a member of Cifas, a not-for-profit fraud prevention service. Where a credit reference agency believes
that you may have been a victim of fraud, it may share that information with Cifas so that other Cifas members can access it. This enables them to perform
additional checks when (for example) a credit application is made in your name. Please refer to the Cifas privacy notice at https://www.cifas.org.uk/fpn for more details.
Regulators
Regulators can sometimes require credit reference agencies to supply them with personal data. This can be for a range of purposes such
investigating complaints or assessing how well a particular industry sector is working.
Individuals
People are entitled to obtain copies of the personal data the credit reference agencies hold about them. Details on how to do this are
set out in section 9 below.
6. WHERE IS CREDIT REFERENCE DATA STORED AND SENT?
The three credit reference agencies are all based in the UK and keep their main databases there. They may also have operations and
service providers elsewhere inside and outside the UK and the European Economic Area, and credit reference data may be accessed from those locations too.
Regardless of where the credit reference data is processed, the credit reference agencies ensure that it is always, protected by applicable UK and European data
protection standards.
While the UK and countries in the European Economic Area all ensure a high standard of data protection law, some parts of the world may
not provide the same level of legal protection when it comes to personal data. As a result, when a credit reference agency sends credit reference data overseas
it makes sure suitable safeguards are in place in accordance with applicable UK and European data protection requirements, to protect the data. For example,
these safeguards might include:
- Sending the data to a country that has been approved by the European authorities as having a suitably high standard of data
protection law. Examples include the Isle of Man, Switzerland and Canada.
- Putting in place a contract with the receiving organisation containing terms approved by the European authorities as providing a
suitable level of protection.
- Sending the data to an organisation which is a member of a scheme that has been approved by the European authorities as providing
a suitable level of protection. One example is the Privacy Shield scheme agreed between the European and US authorities.
More information about the safeguards used by each credit reference agency can be obtained by contacting them at the contact details in
Section 1 above.
7. FOR HOW LONG IS CREDIT REFERENCE DATA RETAINED?
Each credit reference agency may retain credit reference data for different periods of time. Information about each credit reference
agency’s retention periods can be found at the following locations:
These periods are subject to regular review and may change from time to time.
8. DO THE CREDIT REFERENCE AGENCIES MAKE DECISIONS ABOUT CONSUMERS OR PROFILE THEM?
Decisions about consumers
Credit reference agencies generally do not make decisions about consumers or tell organisations what decisions to make about consumers
– this is for each organisation to decide. For example, credit reference agencies do not tell lenders whether to offer credit to consumers; they just provide
services that help those lenders make decisions about consumers. An organisation’s own data, knowledge, processes and practices will also play a significant
role in those decisions.
Credit reference agencies may provide similar services to their respective clients, but these services may lead to different decisions
because (i) each credit reference agency may hold different information from the others, (ii) each client may place differing importance on some information
compared to others, and (iii) each client may take into account information available to it from other sources. These are some of the reasons why a person may
receive a “yes” from one lender but a “no” from another.
Scores and ratings
When requested, credit reference agencies use the data they obtain to produce credit, risk, fraud, identity, affordability, screening,
collection and insolvency scores and ratings; these are explained in section 4 above.
9. HOW CAN A CONSUMER SEE WHAT DATA THE CREDIT REFERENCE AGENCIES HOLD ABOUT
THEM? DO CONSUMERS HAVE A ‘DATA PORTABILITY’ RIGHT IN CONNECTION WITH THEIR CREDIT REFERENCE DATA?
Data access right
Consumers have the right to find out what personal data the credit reference agencies hold about them. Each credit reference agency
provides more information about access rights on their websites.
Credit reference agency |
How to access your data |
Equifax: |
To get your credit report: https://www.equifax.co.uk/Products/credit/statutory-report.html
To get other information about how to access your personal data: https://www.equifax.co.uk/ein.html
To make a request by post: Equifax Limited, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS.
|
Experian: |
To get your credit report: https://www.experian.co.uk/consumer/statutory-report.html
To get other information about how to access your personal data: https://www.experian.co.uk/consumer/contact-us/index.html
To make a request by post: Customer Support Centre, Experian Ltd, PO BOX 8000, Nottingham, NG80 7WF
|
TransUnion: |
To get your credit report: https://www.transunionstatreport.co.uk/
To get other information about how to access your personal data: https://www.transunion.co.uk/legal/privacy-centre?#your-data-rights
To make a request by post: TransUnion, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ
|
Data portability right
Data protection legislation also contains a right to data portability. Where it applies, the right to data portability gives consumers
a right to receive their personal data in a standard format. However, this right only applies when personal data is processed on certain grounds, such as
consent. This right does not apply to credit reference data because it is processed on the grounds of “legitimate interests”. To find out more about legitimate
interests please go to section 3 above.
10. WHAT CAN A CONSUMER DO IF THEIR CREDIT REFERENCE DATA IS WRONG?
When the credit reference agencies receive personal data, they perform lots of checks on it to try and detect any defects or mistakes.
Ultimately, though, the credit reference agencies rely on the suppliers to provide accurate data.
If a consumer thinks that any personal data a credit reference agency holds about them is wrong or incomplete, the consumer has the
right to challenge it. The credit reference agency will need to take reasonable steps to check the data, such as asking the organisation that supplied it to
check and confirm its accuracy.
If the data turns out to be wrong, the credit reference agency will update its records accordingly. If the credit reference agency
still believes that the data is correct after completing their checks, they will continue to hold and use it. Where the data is part of the consumer’s credit
report, they can ask the credit reference agency to add a supplementary statement of up to 200 words explaining their views about the information. This
statement will be supplied to organisations who subsequently access the information that the consumer has disputed.
To do this, consumers should contact the relevant credit reference agency using the contact details in section
1 above.
11. CAN A CONSUMER OBJECT TO THE USE OF THEIR CREDIT REFERENCE DATA AND HAVE IT DELETED?
This section helps consumers understand how to exercise their data protection rights to object to credit reference data being used by
the credit reference agencies and how to ask for it to be deleted. To understand these rights and how they apply to the processing of credit reference data, it
is important to know that the credit reference agencies hold and process personal information in credit reference data under the “legitimate interests” basis
for processing (see section 3 above for more information about this), and do not rely on consent.
Consumers have the right to object to the processing of credit reference data by a credit reference agency. This can be done by
contacting the relevant credit reference agency using the contact details in section 1 above.
Although consumers have complete freedom to contact a credit reference agency with objections at any time, under data protection law, a
consumer’s right to object does not automatically lead to a requirement for processing to stop, or for personal data to be deleted.
Because of the importance of the credit referencing industry to the UK’s financial system, and the important purposes for which the
credit reference data is needed (such as supporting responsible lending, and preventing over-indebtedness, fraud and money laundering) it will be rare that the
credit reference agencies do not have compelling, overriding grounds to carry on using the personal data following an objection. In many cases, it will not be
appropriate for the credit reference agencies to restrict or to stop processing or delete credit reference data, for example, where the result would be to hide
a poor credit history that could enable a person or organisation to get credit they otherwise would not be eligible for.
However, as an exception from the general rule described above, all consumers have an absolute right to object to their personal data
being used for direct marketing purposes. If you object to a credit reference agency using your personal data for those purposes, you can get them to stop by
contacting them using the details in section 1.
12. CAN A CONSUMER RESTRICT WHAT THE CREDIT REFERENCE AGENCIES DO WITH THEIR
CREDIT REFERENCE DATA?
In some circumstances, consumers can ask credit reference agencies to restrict how they use their credit reference data. Contact
details for each credit reference agency are in section 1 above.
This is not an absolute right and processing will only be restricted if certain conditions are met (for example, if the processing is
unlawful or the personal data is no longer required by the credit reference agencies for the purposes for which it was obtained).
Even where a restriction condition is met, a consumer’s personal data may still be processed (and shared) by the credit reference
agencies where certain grounds exist. These are:
- with the consumer’s consent
- for the establishment, exercise, or defence of legal claims
- for the protection of the rights of another natural or legal person
- for reasons of important public interest
The credit reference agencies will consider and respond to requests they receive, and will assess whether any of the restriction
conditions apply and, if they do, whether there are any grounds that permit the continued processing of the personal data.
Given the importance of complete and accurate credit reference data, for purposes including for example for responsible lending and
preventing over-indebtedness, fraud and money laundering, it will usually be appropriate for the credit reference agencies to continue processing credit
reference data on the basis of protecting the rights of another natural or legal person or for reasons of important public interest.
13. WHO CAN A CONSUMER COMPLAIN TO IF THEY ARE UNHAPPY ABOUT THE USE OF THEIR
CREDIT REFERENCE DATA?
The credit reference agency
Each credit reference agency tries to ensure that it delivers the best outcomes for its clients and for consumers. If a consumer wants
to make a complaint to a credit reference agency they can do so by contacting it at the following addresses.
Credit reference agency |
Contact details |
Equifax Limited |
Post: Equifax Limited, PO Box 10036, Leicester LE3 4FS
Email: complaints@equifax.com
Phone: 0333 321 4043 or 0800 014 2955
|
Experian Limited |
Post: Experian, PO BOX 8000, Nottingham, NG80 7WF
Email: complaints@uk.experian.com
Phone: 0344 481 0800 or 0800 013 8888
|
TransUnion |
Post: TransUnion, One Park Lane, Leeds, West Yorkshire LS3 1EP
Email: customer.relations@transunion.co.uk
Phone: 0330 024 7574
|
Each credit reference agency also has a data protection officer who can be contacted about matters relating to the protection of
personal data at the relevant credit reference agency. The contact details for each credit reference agency’s data protection officer are:
The Information Commissioner’s Office
If a consumer is not satisfied with how a credit reference agency has investigated a complaint, the consumer can refer their concerns
to the Information Commissioner’s Office which is the body that regulates the handling of personal data in the UK. The contact details are:
- Phone: 0303 123 1113
- Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF
- Website: www.ico.org.uk
The Financial Ombudsman Service
Where the complaint relates to an activity which is regulated by the Financial Conduct Authority (such as credit reporting and
affordability checks), consumers also have the right to refer the matter to the Financial Ombudsman Service (Ombudsman) for free. The Ombudsman is an
independent public body that aims to resolve disputes between consumers and businesses like credit reference agencies. The contact details are:
14. WHERE CAN CONSUMERS FIND OUT MORE?
The Information Commissioner’s Office also publishes advice and information for consumers in its Credit Explained leaflet, available at
https://ico.org.uk/media/for-thepublic/documents/1282/credit-explained-dp-guidance.pdf.
TransUnion Bureau Privacy Notice
Version: 1.6
Date adopted: 30th September 2020
This privacy notice explains how we use and share personal data in connection with our credit risk and affordability assessments, anti-fraud
and anti-money laundering checks, verification, debt tracing services and some of our related services. It also describes your data protection rights, including a
right to object to some of the processing which TransUnion carries out. More information about your rights, and how to exercise them, is set out in section 9 below.
In brief
- At TransUnion, we provide data and data-related services to clients such as banks, credit providers, insurance companies, gaming companies and others
for the purposes set out above (and in more detail at section 2 below).
- Some of our services involve processing data that is highly confidential such as your bank account, credit card or salary details. More information
about the data we use can be found in section 3.
- In providing our services to clients, we may use third party service providers to assist us (a summary of the key providers can be found in the table at
section 6).
- Some of these services involve checking your device information (from your mobile telephone, tablet or laptop for example), which we use to confirm your
identity and/or to protect you from becoming a victim of fraud.
- We may need to send your details to other countries as part of our services, occasionally outside of the European Union – details are provided at section 7.
You have the right to object to our use of your personal data.
Please see section 9 to
find out more.
1. Who are we and how can you contact us?
2. What do we use personal data for?
3. What kinds of personal data do we use, and where do we get it
from?
4. How long is the personal data kept for?
5. What is our legal basis for handling personal data?
6. Who do we share the personal data with?
7. Where is the personal data stored and sent?
8. Is the personal data used to make decisions about you
or to profile you?
9. What are your rights?
10. Who can you complain to if you are unhappy
about the use of your personal data?
1. WHO ARE WE AND HOW CAN YOU CONTACT US?
About us
We are TransUnion International UK Limited, which is a company registered in England and Wales with company number 03961870. Our trading
address and registered office is at One Park Lane, Leeds, West Yorkshire LS3 1EP.
We are part of TransUnion Information Group (TU UK), which has its headquarters at the above address. Some of the members of
TU UK are listed in section 6 below. TU UK forms part of a larger group of companies but this privacy notice
only covers the activities of TU UK.
We are a controller of the personal data covered by this privacy notice. This means that we are responsible for ensuring that the personal
data is used fairly and lawfully.
Joint controllers
We sometimes act jointly with one or more of the other TU UK companies when making decisions about your personal data. In particular, we make
joint decisions when we and another TU UK company are sharing personal data with each other.
Our members of staff work across TU UK group companies so, where our group companies make decisions jointly, those members of staff will
ensure that each company involved complies with data protection rules. You can contact our Consumer Services Team if you want to enquire about any of our group
companies or exercise any of your rights in respect of your personal data.
Contact details
You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:
Post: Customer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP
Email: consumer@transunion.co.uk
Telephone: 0330 024 7574
Please refer to our Consumer Contact
Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.
2. WHAT DO WE USE PERSONAL DATA FOR?
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use
for these purposes can be found in section 3 below.
Providing services to the organisation you are dealing with
We use your personal data to provide services to the organisation you are dealing with. These services might include, for example, credit
risk assessment, affordability assessment, anti-fraud and anti-money laundering checks, verification services, and tracing for debt collection purposes.
Examples: credit risk assessment, identity verification, anti-fraud, debt tracing
If you have applied for credit from one of our clients, they will send your data to us so that we can find you in our databases and return information about
your credit history. They will use that information in order to assess your creditworthiness and decide whether you will be able to repay them.
If you need to prove your identity to an organisation, they may check the details you provide against the information on our databases in order to help
confirm that you are who you say you are.
When you have dealings with an organisation, for example a bank, they may submit your telephone number, email address, internet protocol (IP) address, bank
account and card numbers to us so we can alert them to the possibility of a stolen identity or where there have been past fraud indicators associated with
those details.
If you owe money to one of our clients and have moved without telling them, they may use our services in order to find your new address and other contact
details so that they can contact you to arrange repayment.
We may also process your personal data after services have been provided to our clients if, for example, we need to investigate any issues
around the data that has been sent to us, stored by us or if we need to restore our systems in the event of a data loss incident.
More information about how we (and other credit reference agencies) use personal data in these kinds of service can be found in the Credit Reference Agency Information Notice.
Providing services to our other clients
We use personal data to provide services to organisations other than the one you are directly dealing with.
If we receive a large number of identity verification checks against a particular person in a short space of time, this may be an indicator that someone is
attempting to commit identity theft or another form of fraud. When this happens, we use that indicator to provide real time fraud alerts to clients who have
subscribed to that service.
If you have provided your details to an organisation in order to confirm your identity, we may retain those details and link them to other details we hold
about you so that if a fraudster attempts to use some of your details to apply for credit with a different organisation, we can raise a potential fraud
alert with that organisation.
More information about how we (and other credit reference agencies) use personal data in these kinds of service can be found in the Credit Reference Agency Information Notice.
Product or systems development and testing
We sometimes use personal data while improving, developing, monitoring, maintaining and testing our products and systems. This includes
making sure that our security measures are working properly. Where possible, we will anonymise, pseudonymise or aggregate the data before doing this.
Consumer queries; legal and regulatory purposes
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from
you or a regulator about how we have used your personal data.
Examples: legal and regulatory purposes
If you object to us processing your personal data, we will need to use your personal data to assess your request.
If you make a complaint about us to our regulators, they will normally ask us to investigate your case. This will involve accessing your personal data in
the course of that investigation.
Similarly, if you start court proceedings against us, we will normally need to review how we have used your personal data in order to defend ourselves
against your claim.
3. WHAT KINDS OF PERSONAL DATA DO WE USE, AND WHERE DO WE
GET IT FROM?
When a client uses our services, they will typically send us information such as:
- Identifiers (including your name, date of birth, and current and previous addresses). This helps us to match your information to the other information we hold
in our databases.
- Other information specific to you, for example your telephone number, email address, internet protocol (IP) address, bank account or credit card number.
- Information collected from you with your consent, such as your device details or location details.
- The purpose for which they are requesting information about you.
- Other relevant details such as the nature of your credit application.
When we receive that information, we match it against the other information that we hold in order to find and return additional
information about you. Depending on the service we are providing, this can include information such as your credit history, credit score, any court judgments or
insolvency-related events, fraud indicators, and additional contact details or address history. It can also include similar kinds of information about people who
are financially associated with you.
More information about the kinds of personal data we hold, and where we get it from, can be found in the Credit Reference Agency Information Notice.
4. HOW LONG IS THE PERSONAL DATA KEPT FOR?
When we receive personal data from a client in order to provide services to them, we will keep a copy of that data for a period of time in
order to investigate any data supply or data load issues, restore our systems in the event of a data loss incident, and in order to investigate and respond to any
complaints, claims and enquiries that we may receive from consumers, clients or regulators.
We may keep data that has been provided to us for identify verification purposes for a longer period of time in order to help stop fraudsters
– see examples under “Fraud Alerts” in section 2 above.
Information about how long we keep data in our capacity as a credit reference agency is available in the Credit Reference Agency Information
Notice.
5. WHAT IS OUR LEGAL BASIS FOR HANDLING PERSONAL DATA?
This section explains the basis on which we process your personal data.
Legitimate interests
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this is not
outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
The legitimate interests we are typically pursuing when providing services to our clients are:
Interest
|
Explanation
|
Promoting responsible lending and helping to prevent over-indebtedness.
|
Responsible lending means that lenders only sell products that are affordable and
suitable for the borrowers’ circumstances. We help ensure this by sharing personal
data about potential borrowers, their financial associates where applicable, and
their financial history. A comprehensive range of measures exists in the UK to
underpin the balance so that the legitimate interests are not outweighed by the
interests, fundamental rights and freedoms of individuals. Further explanation about
this balance is set out below.
|
Helping prevent and detect crime and fraud; anti-money laundering; and identity
verification
|
We provide identity, anti-fraud and anti-money laundering services to help clients
meet legal and regulatory obligations, and to the benefit of individuals to support
identity verification and support of the detection and prevention of fraud and
money-laundering.
|
Supporting tracing and collections
|
We provide services that support tracing and collections where there is a legitimate interest in the client conducting
activity to find its customer and to recover the
debt, or to reunite, or confirm an asset is connected with, the right person.
|
Complying with and supporting compliance with legal and regulatory requirements
|
We have to comply with various legal and regulatory requirements, and our services also help other organisations comply
with their own legal and regulatory obligations. For example, many kinds of financial services are regulated by the Financial Conduct Authority
or the Prudential Regulation Authority, who impose obligations to check that financial products are suitable for the people they are being sold
to. We provide data to help with those checks.
|
Our use of personal data is subject to an extensive framework of safeguards that help make sure that your rights are protected. These include
the information you are given about how your personal data will be used and how you can exercise your rights to obtain your personal data, have it corrected or
restricted, object to it being processed, and complain if you are dissatisfied. These safeguards help sustain a fair and appropriate balance so that our activities
do not compromise your interests, fundamental rights and freedoms.
Necessity for compliance with a legal obligation
We sometimes need to use your personal data in order to comply with a legal obligation that we are under. For example, if you submit a
request to us for a copy of your personal data, either directly or through a third party that you have authorised to act on your behalf, we will normally be legally
required to provide that personal data. See section 9 below for details of what requests you can make and how to make them.
6. WHO DO WE SHARE THE PERSONAL DATA WITH?
Our clients and resale partners
We share personal data with our clients for the purposes described in section 2 above. Our
clients will each have their own privacy notices which will provide more information about how they (specifically) use the data we supply.
Our clients typically operate in the following sectors:
- financial services (including banks, loans, credit cards, mortgages, pensions, and investments and savings providers)
- insurance
- gaming / gambling
- retail (including car sales / leasing and online retailers)
- telecoms and utilities
- marketing agencies acting for other organisations
In some cases our clients may appoint an intermediary to act on their behalf; these intermediaries will often receive the data too. We
also appoint data resale partners who will distribute data to their clients in a similar manner to the ways we do.
Our group companies
We may share your personal data among the members of TU UK. If we do so, then use of the data by those companies will be governed by this
privacy notice. A list of relevant TU UK companies is set out below, although the list may be updated from time to time.
Group company |
Main trading address and registered office |
TransUnion Information Group Limited (company no. 4968328) |
One Park Lane, Leeds, West Yorkshire LS3 1EP |
TransUnion International UK Limited (company no. 3961870) |
Callcredit Marketing Limited (company no. 2733070) |
TransUnion Baltics UAB (company no. 302689020) |
Karaliaus Mindaugo pr. 50, Kaunas LT- 44334, Lithuania |
Service providers
We may provide your information to third parties who help us use it for the purposes described in section 2. For example, our databases of personal data may be hosted by third parties on our behalf. More detail is
provided below in respect of our key service providers.
Category of service provider
|
Role performed for TransUnion
|
Where processing takes place
|
Customer Identity and Engagement
|
Validates telephone numbers to assist with the detection and prevention of fraud or financial crime.
|
Data is processed in the United States and the Netherlands and may also be processed in Serbia and Lithuania.
|
Authentication and anti-fraud
|
Uses automated data-capturing software to collect device-identifying technical data from users of our clients’
websites. This is in order to identify suspicious and/or high risk devices to assist with the detection and prevention of fraud or financial
crime.
|
Data is processed in the United States.
|
Digital Identity and Fraud prevention
|
Validates email and Internet Protocol (IP) addresses to assist with the detection and prevention of fraud or financial
crime.
|
Data is processed within the European Union and may also be processed in the United States.
|
Customer identity verification
|
Uses photographic identity documentation alongside a ‘live’ photographic image to check for fraud indicators
|
Data is processed within the European Union.
|
Mobile and digital identity authentication
|
Uses a mobile phone number to check for fraud indicators and cross checks personal data (name, address, date of birth)
against data held by Mobile Network Operators (MNOs) to verify consumers’ identities and for the detection and prevention of fraud.
|
Data is processed within the European Union (United Kingdom, Germany, Jersey and Republic of Ireland).
|
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you
agree otherwise.
You and your financial associates
You are entitled to obtain copies of the personal data that we hold about you. You can find out how to do this in section 9 below.
Similarly, your financial associates are also entitled to obtain copies of the personal data that we hold about them.
Other credit reference agency data sharing activities
For a broader description of how we share data in our capacity as a credit reference agency, please refer to the Credit Reference Agency Information Notice.
Business transfers
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that
acquires the business.
Regulators and law enforcement
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if required by
law, or if required for the legal protection of our legitimate interests in compliance with applicable laws. For example, we may sometimes need to pass personal
data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
Sharing of anonymised data with third parties
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating
to you.
7. WHERE IS THE PERSONAL DATA STORED AND SENT?
Within Europe
We are based in the United Kingdom, and will access and use your information from here. However, we also have operations elsewhere in Europe
– currently Lithuania and Spain – and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by
European data protection standards.
We may also send personal data to some of our service providers who have operations within the European Union.
Elsewhere
We also send information elsewhere in the world. For example:
- When one of our overseas group companies or branch offices based overseas needs to use the information in accordance with this notice.
- Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that database for purposes
such as technical support or system development and testing.
- Where our service providers have operations outside the European Union (see the table at section 6 above).
While the UK and countries within the European Union all ensure a high standard of data protection law, some parts of the world may not
provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable
safeguards are in place to protect the information. For example, these safeguards might include:
- Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
- Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection.
If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using
the details set out in section 1 above.
8. IS THE PERSONAL DATA USED TO MAKE AUTOMATED
DECISIONS ABOUT YOU OR TO PROFILE YOU?
Decisions
In almost all cases, we do not use your personal data to make automated decisions about you or to profile you.
We provide data and analytics that help our clients make decisions about lending and other matters, but our clients’ own data, knowledge,
processes and practices will also generally play a significant role in their decisions – and those decisions will always be for them to make.
For example, when we sell our services to credit or loan providers, we do not decide whether or not you should be granted credit or a loan –
this is for the lender to decide.
However, where our resale partners ask us for a copy of your credit information, we need to verify your identity in order to ensure that your
credit information is not given out to fraudsters. This is an automated process and it could result in you being declined access to the services provided by that
resale partner, if we cannot verify your identity.
Scores and ratings
We use the data we hold to produce credit, risk, fraud, identity, affordability, screening, collection and insolvency scores and credit
ratings.
If you apply to a bank for a loan, the bank will need to assess your creditworthiness. It will use the information you provide on your form, together with
other information it already holds about you (such as how you have managed your previous accounts with that bank), and information obtained from third
parties such as credit reference agencies.
We may use the credit reference data we hold to generate a credit score which provides an indication of your creditworthiness. The bank may use the credit
score as part of its decision-making. Factors that may affect your credit score include:
- How long you have lived at your address.
- The number and type of credit agreements you have, and how you use those credit products.
- Whether you have been late making payments.
- Whether you have had any court judgments made against you.
- Whether you have been bankrupt or have had an IVA or other form of debt-related arrangement.
- The number of credit-related searches that organisations have made against your credit file, for example when you apply for a loan or credit card, or
when a debt collection agency requests information about you.
9. WHAT ARE YOUR RIGHTS?
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire
about exercising these rights, please email us at consumer@transunion.co.uk, telephone us on 0330 024 7574, or
refer to the other contact details in section 1.
If you are looking for information about your rights in relation to the personal data we hold in our capacity as a credit reference agency,
please refer to the Credit Reference Agency Information Notice.
- Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it. (If you
want to see your credit report online, please visit https://www.transunion.co.uk/consumer-solutions/your-credit-report.)
- Withdrawal of consent: When we rely on your consent to use your data (see section
5 above), you have the right to withdraw that consent at any time. However, we do not rely on consent for the activities described in this privacy
notice.
- Objection to direct marketing: You have the right to object to us using your personal data for direct marketing purposes, including any
profiling or similar activities which are performed as a precursor to direct marketing. The activities described in this privacy notice do not include the use
of personal data for direct marketing purposes but you have the right to object to us doing so in the future.
- Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
- Objection to legitimate interests: If you disagree with us relying on the legitimate interests legal basis for using your personal data (see section 5 above), you can object to us doing so. We will then reassess the extent to which we
can continue to use the data in light of your particular circumstances.
- Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of
your data because we might have good reason for needing to keep some of it.
- Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
- Portability: In some circumstances you have the right to receive some limited kinds of information in a portable format. However, this
typically does not apply to the data to which this privacy notice applies.
Please refer to our Consumer Contact Privacy
Notice for information about how we will handle your personal data in connection with complaints and enquiries.
10. WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY
ABOUT THE USE OF YOUR PERSONAL DATA?
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can
investigate your concerns. Please contact us using these details:
Post: Customer Relations Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP
Email: customer.relations@transunion.co.uk
Telephone: 0330 024 7574
You can also contact our Data Protection Officer at dpo@transunion.co.uk.
Please refer to our Consumer Contact Privacy
Notice for information about how we will handle your personal data in connection with complaints and enquiries.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling
of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by
telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
Marketing Services Privacy Notice
Version: 1.5
Last updated: 16 October 2020
This privacy notice provides information about how we use and share personal data relating to consumers for our clients’ marketing purposes.
It also describes your data protection rights, including a right to object to some of the processing which TransUnion carries out. More information about your
rights, and how to exercise them, is set out in section 9 below.
In Brief
At TransUnion we provide data and data services to clients such as retailers, banks, insurers and other companies. Our
marketing-related services include:
- Providing names and addresses from the open register to our clients for postal direct marketing. This information may be used by
our clients to send you postal marketing.
- Removing individuals from our clients’ marketing lists where those individuals have registered as having moved away or have
registered with a suppression service such as the Mailing Preference Service.
- Removing details of deceased individuals from our clients’ marketing lists.
- Providing our clients with forwarding addresses for the individuals on their marketing lists, where those individuals have
signed up to the Royal Mail redirection service. This may, for example, allow our clients to contact you at your new address.
You have the right to object to our use of your personal data. Please see section
9 to find out more.
This privacy notice covers the following topics:
- 1. Who are we and how can you contact us?
- 2. What do we use personal data for?
- 3. What kinds of personal data do we use, and where do we get it from?
- 4. How long is the personal data kept for?
- 5. What is our legal basis for handling personal data?
- 6. Who do we share the personal data with?
- 7. Where is the personal data stored and sent?
- 8. Is the personal data used to make decisions about you or to profile you?
- 9. What are your rights?
- 10. Who can you complain to if you are unhappy about the use of your personal
data?
1. WHO ARE WE AND HOW CAN YOU CONTACT US?
About us
We are Callcredit Marketing Limited, which is a company registered in England and Wales with company number 02733070. Our trading address and
registered office is at One Park Lane, Leeds, West Yorkshire LS3 1EP.
We are part of TransUnion Information Group (TU UK), which has its headquarters at the above address. Some of the members of
TU UK are listed in section 5 below. TU UK forms part of a larger group of companies but this privacy notice only covers the activities of
TU UK.
Except where we state otherwise, we are a controller of the personal data covered by this privacy notice. This means that we are responsible
for ensuring that the personal data is used fairly and lawfully.
Joint controllers
We sometimes act jointly with one or more of the other TU UK companies when making decisions about your personal data. In particular, we make
joint decisions when we and another TU UK company are sharing personal data with each other. Section 3 explains when this applies in more
detail.
Our members of staff work across TU UK group companies so, where our group companies make decisions jointly, those members of staff will
ensure that each company involved complies with data protection rules. Please contact our Consumer Services Team if you want to understand more about the allocation
of data protection obligations between our group companies or if you want to exercise your data protection rights.
Contact details
You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:
Post: Consumer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP
Email: consumer@transunion.co.uk
Telephone: 0330 024 7574
Please refer to our Consumer Contact Privacy Notice for
information about how we will handle your personal data in connection with complaints and enquiries.
2. WHAT DO WE USE PERSONAL DATA FOR?
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we use for
these purposes can be found in section 3 below.
Direct marketing
The open register (sometimes referred to as the edited electoral roll) is a version of the electoral register containing names and addresses
of individuals who have not opted out of having their information used for marketing and other purposes.
We provide names and addresses from the open register to our clients in order for them to send marketing messages by post.
Example
An estate agent may wish to send postal marketing to local residents to inform them of their services. The estate agent can purchase
names and addresses from TransUnion for the local area from the open register, and then send a mailing to those individuals.
More information about the open register (and how to opt out of it) is available on the UK Government website.
Suppressions and forwarding addresses
We and our clients can use personal data to help remove you from certain marketing campaigns. This helps to avoid unnecessary marketing
activity and means that you are less likely to receive marketing which you do not wish to receive or which is not intended for you. For example, you can be removed
from a marketing campaign where:
- have signed up to the Royal Mail redirection service
- you have registered with the Mailing Preference Service (MPS)
We also remove details of deceased individuals to help avoid causing distress to their family.
Example: suppressions
A bank wishes to send its customers some postal marketing about its new credit card. It provides a list of its customers to
TransUnion. We check this list and remove any customer who has registered with Royal Mail as having changed address, or where we believe that the customer
has died.
If you have subscribed to the Royal Mail redirection service, then we and our clients can also use this personal data to update marketing
mailing lists with your new address.
Example: forwarding addresses
A bank wishes to send its customers some postal marketing about its new credit card. It provides a list of its customers to
TransUnion. We check this list and, where a customer has signed up to the Royal Mail redirection service, we update that person’s address in the list so
that the customer will still receive the postal marketing from the bank at their new address.
Product or systems development and testing
We sometimes use personal data while improving, developing, monitoring, maintaining and testing our products and systems. This includes
making sure that our security measures are working properly. Where possible, we will anonymise, pseudonymise or aggregate the data before doing this.
Consumer queries; legal and regulatory purposes
If you contact us we will normally need to use your personal data to help us deal with your enquiry. We may also sometimes need to use your
personal data for legal and regulatory purposes.
Examples: legal and regulatory purposes
If you object to us processing your personal data for direct marketing purposes we will add your name to our suppression list in
order to remove you from future direct marketing activities.
If you make a complaint about us to our regulators, they will normally ask us to investigate your case. This will involve accessing
your personal data in the course of that investigation.
Similarly, if you start court proceedings against us, we will normally need to review how we have used your personal data in order to
defend ourselves against your claim.
Acting as processors on our clients’ behalf
Some clients provide us with their own data about individuals (which will have been collected under the client’s separate privacy notices),
and ask us to enhance it with further information. When this happens, we can provide the client with information about the properties or areas in which the relevant
individuals live.
In doing this, we are acting as the client’s data processor; this means that the client remains responsible for ensuring that the personal
data is used fairly and lawfully. You will need to refer to the privacy notices of the individual client for more detailed information about what data the client
collects, what they use it for, and how to exercise your rights.
3. WHAT KINDS OF PERSONAL DATA DO WE USE AND WHERE DO WE GET IT FROM?
We obtain and use information from various different sources. These are summarised in the following table.
Type of information
|
Description
|
Source
|
Contact details
|
We hold names, postal addresses and, in some cases, dates of birth. This information can be used for contacting people.
We do not hold or share email addresses or telephone numbers for the purposes described in this privacy notice.
Callcredit Marketing Limited and TransUnion International UK Limited act as joint controllers of this data.
|
We obtain postal addresses from the open version of the electoral register (the “open register”), which we
get from local authorities across the UK and the Isle of Man.
|
Industry suppressions data
|
We hold information that can be used to remove records from databases so that they are not used in marketing campaigns. This includes the
Mailing Preference Service file and records of people who are believed to have died or who have
registered with the Royal Mail redirection service as having changed address.
Callcredit Marketing Limited acts as sole controller of this data.
|
We obtain this data from data suppliers such as
The Mailing Preference Service Limited, which is a subsidiary of the Data and Marketing Association
Limited (the
DMA). Deceased data is obtained from
REaD Group Limited and
Wilmington Millennium. Information about people who have moved is obtained from
Royal Mail’s National Change of Address
service.
|
Client input data
|
Our clients often provide us with information about their existing or potential customers for us to analyse or add more
information on to. We do not use this data for our own purposes.
The client acts as controller of this data, and Callcredit Marketing Limited acts as the client’s processor.
|
This data is provided to us by our clients for specific jobs.
|
4. HOW LONG IS THE PERSONAL DATA KEPT FOR?
Type of information
|
Retention period
|
Contact details
|
Contact data obtained from the open version of the electoral register is retained while you remain on the open register
plus an additional two months.
For details of how long TransUnion International UK Limited keeps electoral register data in its capacity as a credit
reference agency, please refer to the
Credit Reference Agency Information Notice.
|
Industry suppression data
|
Personal data used for suppression purposes (such as name, address history, date of birth and whether you are registered
with the MPS) is retained indefinitely. This is because these suppressions may need to be applied at any point in the future.
|
Client input data
|
We retain copies of client input data for up to 15 months.
|
In some cases we may need to keep information indefinitely. For example, if you object to us using your data for marketing purposes (see section 9) we will need to keep some limited information about you such as your name, address and date of birth so that we can remove or
suppress your record from any data that we may receive in the future.
5. WHAT IS OUR LEGAL BASIS FOR HANDLING PERSONAL DATA?
This section explains the legal basis on which we process your personal data.
Legitimate interests
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed
by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
The legitimate interests we are pursuing are:
Interest
|
Explanation
|
Direct marketing
|
Our clients have an interest in promoting their products and services to consumers, including their existing customers.
|
Improving the accuracy of marketing materials
|
We help to improve the accuracy of marketing communications sent by our clients by removing out of date contact details
and providing up to date contact details where they are available. This may mean that marketing sent by our clients reaches the intended
recipients more often. It also helps reduce waste.
Of course, some consumers may not want to receive this type of marketing, in which case they can exercise their right to
object (as detailed in
section 9 below).
|
Monitoring and securing our systems and data
|
Some of the ways we use personal data are justified by the need to ensure that our systems are kept secure. For example,
our security teams may need to monitor databases in order to check whether they have been accessed by third parties.
|
Complying with legal and regulatory requirements
|
We have an interest in complying with legal and regulatory requirements to which we are subject, thereby avoiding
sanctions and reputational damage.
|
Commercial interests
|
Like other commercial organisations, we seek to earn revenue through the services that we provide to our customers and
clients.
|
6. WHO DO WE SHARE THE PERSONAL DATA WITH?
Our clients and resale partners
We share personal data with our clients for the purposes described in section 2 above. Our clients will each have
their own privacy notices which will provide more information about how they (specifically) use the data we supply.
Our clients typically operate in the following sectors:
- financial services (including banks, loans, credit cards, mortgages, pensions, and investments and savings providers)
- insurance
- gaming / gambling
- retail (including online retailers)
- telecoms and utilities
- marketing agencies acting for other organisations
In some cases our clients may appoint an intermediary to act on their behalf; these intermediaries will often receive the data too.
We also appoint data resale partners who will distribute open register data to their clients in a similar manner to the ways we do. Our
current resale partner is The REaD Group Limited. Please see their privacy
notice for more detail about their activities.
We do not provide data for use in relation to road traffic accident or personal injury claims, medical or clinical negligence claims, PPI
compensation claims, pornography or political campaigning.
Our group companies
We may share your personal data among the members of TU UK. If we do so, then use of the data by those companies will be governed by this
privacy notice. A list of relevant TU UK companies is set out below, although the list may be updated from time to time.
Group company
|
Role
|
Main trading address and registered office
|
TransUnion Information Group Limited (company no. 4968328)
|
Group holding company
|
One Park Lane, Leeds, West Yorkshire LS3 1EP
|
TransUnion International UK Limited (company no. 3961870)
|
Collects open register data from local authorities and supplies it to Callcredit Marketing Limited for onward supply to
clients for direct marketing purposes.
|
Callcredit Marketing Limited (company no. 2733070)
|
Trading company which provides clients with the services described in section 2 above.
|
TransUnion Baltics, UAB (company no. 302689020)
|
Provides some back-office data processing functions on behalf of the other members of TU UK. This company does not use
the data identified in section 3 above for its own purposes but rather to support the other members of TU UK.
|
Karaliaus Mindaugo pr. 50, Kaunas LT- 44334, Lithuania
|
Service providers
We and our clients may provide your information to third parties who help us use it for the purposes described in section 2. For example, we might decide to use a third party data hosting company, or a data processing company to perform some of the
data processing on our behalf.
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you
agree otherwise.
Business transfers
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that
acquires the business.
Regulators and law enforcement
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if required by
law, or if required for the legal protection of our legitimate interests in compliance with applicable laws. For example, we may sometimes need to pass personal
data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
Sharing of anonymised data with third parties
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating
to you.
7. WHERE IS THE PERSONAL DATA STORED AND SENT?
Within the UK and the EU
We are based in the United Kingdom and will access and use your information from here. However, we also have operations in Lithuania, and
personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.
Elsewhere
We also send information elsewhere in the world. For example:
- When one of our overseas group companies or branch offices based overseas needs to use the information in accordance with this notice.
- Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that
database for purposes such as technical support or system development and testing.
While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same
level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place
to protect the information. For example, these safeguards might include:
- Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable
level of protection.
- Sending the information to an organisation which is a member of a scheme that has been approved by the authorities as providing a
suitable level of protection.
If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the
details set out in section 1 above.
8. IS THE PERSONAL DATA USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE
YOU?
We do not use any personal data to make automated decisions or to profile you when we are acting as a controller.
We do perform profiling when acting as a client’s processor. For example, we may take a client’s marketing list and add information about
your property or neighbourhood, which the client may use to help predict your likely preferences and lifestyle in order to aid their marketing decisions. This may
result in you receiving more relevant marketing from our clients who already hold your contact details. If you do not want to receive this marketing, you should
contact the sender of the marketing in order to object.
9. WHAT ARE YOUR RIGHTS?
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire
about exercising these rights, please email us at consumer@transunion.co.uk, telephone us on 0330 024 7574, or refer
to the other contact details in section 1.
- Access: You have a right to find out what personal data we hold about you, and certain other information such as how we
are using it.
- Objection to direct marketing: You have the right to object to us using your personal data for direct marketing
purposes, including any profiling or similar activities which are performed as a precursor to direct marketing. If you do this we will stop using it for those
purposes.
In addition:
- Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to
correct it.
- Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your
personal data (see section 5 above), you can object to us doing so. We will then reassess the extent to which we can continue to use
the data in light of your particular circumstances.
- Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually
won’t apply to all of your data because we might have good reason for needing to keep some of it. For example, if you object to us using your data for direct
marketing purposes we will need to keep a record of that objection so that we do not subsequently begin direct marketing activities in relation to you if we
receive your data again.
- Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
- Portability: In some circumstances you have the right to receive some limited kinds of information in a portable
format. However, this does not apply to the data to which this privacy notice applies.
- Withdrawal of consent: We do not rely on your consent in order to perform the activities described in this privacy
notice, so this right does not apply.
Please note that these rights apply only where we are acting as a controller of your personal data. When we are processing your data on
behalf of a particular client, you will normally need to contact the client in order to exercise your rights.
Please refer to our Consumer Contact Privacy
Notice for information about how we will handle your personal data in connection with complaints and enquiries.
10. WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL
DATA?
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can
investigate your concerns. Please contact us using these details:
Post: Customer Relations Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP
Email: customer.relations@transunion.co.uk
Telephone: 0330 024 7574
You can also contact our Data Protection Officer at dpo@transunion.co.uk.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle
your personal data in connection with complaints and enquiries.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that
regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane,
Wilmslow, SK9 5AF.
Business Product & Technical Support Privacy Notice
Version: 1.4
Date adopted: 10th February 2021
This privacy notice provides information about how we use and share personal data relating to users of our business products and our
technical support facilities. It also describes your data protection rights, including a right to object to some of the processing which TransUnion carries out.
More information about your rights, and how to exercise them, is set out in section 9 below.
In Brief
We use personal data to administer your access to our products and monitor the use of our products.
In some circumstances we may provide the organisation you work for with information about your use of our products.
You have the right to object to our use of your personal data.
Please see section 9 to find out more.
This privacy notice covers the following topics:
1. Who are we and how can you contact us?
2. What do we use personal data for?
3. What kinds of personal data do we use, and where do we get it from?
4. How long is the personal data kept for?
5. What is our legal basis for handling personal data?
6. Who do we share the personal data with?
7. Where is the personal data stored and sent?
8. Is the personal data used to make decisions about you or to profile you?
9. What are your rights?
10. Who can you complain to if you are unhappy about the use of your personal data?
11. What cookies are used on our websites that offer business product and technical support facilities?
1. WHO ARE WE AND HOW CAN YOU CONTACT US?
About Us
We are TransUnion Information Group (TU UK), which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP.
The members of TU UK are listed in section 6 below.
TU UK forms part of a larger group of companies. However, this privacy notice only covers the activities of TU UK.
One or more TU UK companies act as the controller of your personal data for the purposes of this privacy notice, depending on which of them
operates the relevant product. The controllers are responsible for ensuring that the personal data is used fairly and lawfully.
Joint controllers
TU UK companies sometimes act jointly with one or more of the other TU UK companies when making decisions about your personal data. In
particular, this happens when TU UK companies are sharing personal data with each other.
Our members of staff work across TU UK group companies so, where our group companies make decisions jointly, those members of staff will
ensure that each company involved complies with data protection rules. Please contact our Consumer Services Team if you want to understand more about the allocation
of data protection obligations between our group companies or if you want to exercise your data protection rights.
Contact details
If you wish to contact us about matters relating to one of our products, please contact the relevant service desk or your client relationship
manager.
If you wish to contact us about matters relating to our use of your personal data, or the contents of this notice, you can do so by any of
the following methods:
Post: Consumer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP
Email: consumer@transunion.co.uk
Telephone: 0330 024 7574
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your
personal data in connection with complaints and enquiries.
2. WHAT DO WE USE PERSONAL DATA FOR?
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use
for these purposes can be found in section 3 below.
Operating our products and administering accounts
We use personal data to operate our products and administer the accounts of people who use them.
Example
We hold username and password details in order to control access to the products.
Security and breach reporting
We monitor access to our products in order to help ensure that those products and the data they make available are only accessed by people
who are authorised to have access to them. If we detect suspicious activity we may suspend an account and investigate.
Feedback to clients
Sometimes we share data with clients (or their affiliates, business partners or group companies) about how their members of staff are using
our products – for example, how often their staff member is using a product or what they are using it for. Clients might typically ask for this information for
routine product management purposes (such as to decide whether they need to continue buying the product), or for staff management purposes (for example, to check
whether their staff are only using the products properly and in the course of their employment).
In some cases, such as where the information shows misconduct on the part of a client’s member of staff, the information we provide might be
used against the relevant staff member as part of a disciplinary process.
Example
A bank suspects that one of its staff members is performing unauthorised credit report searches on individuals. The bank asks
us for details of what searches have been done by that person. The bank uses this information to support its internal investigations into that staff
member’s actions.
Monitoring and improving our products
We use information such as how different people use our products, how long they spend on particular tasks and what sort of information they
obtain in order to help customise and improve the products.
This information is also used for security and system administration and to generate aggregate non-personalised information for use by us or
our clients.
Product or systems development and testing
We may sometimes use personal data while improving, developing or testing our products and systems. This includes making sure that our
security measures are working properly. Where possible, we will anonymise or pseudonymise the data before doing this.
Providing technical support and responding to queries
If you contact us with a query about a product or service that we are providing, we will use your personal data in order to provide you with
the assistance you ask for. This will include contacting you about your request.
We may sometimes need to contact you about support queries that have been raised by our other users.
Queries; legal and regulatory purposes
If you contact us we will normally need to use your personal data to help us deal with your enquiry. We may also sometimes need to use your
personal data for legal and regulatory purposes.
Examples: legal and regulatory purposes
If you object to us processing your personal data we will need to use your personal data to assess your request.
If you make a complaint about us to our regulators, they will normally ask us to investigate your case. This will involve
accessing your personal data in the course of that investigation.
Similarly, if you start court proceedings against us, we will normally need to review how we have used your personal data in
order to defend ourselves against your claim.
3. WHAT KINDS OF PERSONAL DATA DO WE USE, AND WHERE DO WE GET IT FROM?
We obtain and use information from various different sources. These are summarised in the following table.
Type of information
|
Description
|
Source
|
Basic information about you and how to contact you
|
This is information such as your name, email address and job title.
|
We obtain this information from you or your employer when we set up your account or when we are subsequently told that
the information has changed.
|
Login credentials
|
This is your username, password and other information used to control access to the product.
|
Product usage
|
This is information about how and when you use the product. It includes information about the dates and times on which
you accessed the product, the IP address you accessed it from, and how you used the product when you were logged in.
|
We obtain this information by monitoring your use of the product.
|
Your requests and enquiries
|
This is information you provide us with as part of a technical support query or other request or enquiry.
|
We obtain this information directly from you.
|
It is mandatory for you to provide us with your personal data in order for us to be able to provide our products correctly. It is not
mandatory for you to provide us with your personal data in relation to technical support requests, but we may not be able to help you if you do not provide that
information.
4. HOW LONG IS THE PERSONAL DATA KEPT FOR?
We will keep your personal data for as long as you are a registered user of any of our products and may keep it for an additional period of
time from when your account is closed. We keep the data for that additional period of time in order to investigate any data supply or data load issues, restore our
systems in the event of a data loss incident, and in order to investigate and respond to any complaints, claims and enquiries that we may receive from you, your
employer (or its affiliates) or our regulators.
5. WHAT IS OUR LEGAL BASIS FOR HANDLING PERSONAL DATA?
This section explains the legal basis on which we process your personal data.
Legitimate interests
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed
by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
The legitimate interests we are pursuing are:
Interest
|
Explanation
|
Making our products and services available to clients
|
We need to make our products and services available to clients in order for our business to function.
|
Developing and improving our products
|
We have an interest in improving our products in order to help ensure that we remain competitive.
|
Monitoring and securing our systems and data
|
Some of the ways we use personal data are justified by the need to ensure that our systems and the data we make available
through the website are kept secure and only made available to the correct people.
|
Maintaining our relationships with our clients
|
We have an interest in developing and maintaining good relationships with our clients.
|
Commercial interests
|
Like other commercial organisations, we seek to earn revenue through the products and services that we provide to our
customers and clients. We achieve this through some of the other activities described above, such as improving our products and maintaining good
client relationships.
|
6. WHO DO WE SHARE THE PERSONAL DATA WITH?
Our group companies
We may share your personal data among the members of TU UK where necessary for the purposes specified in section 2. If we do so, then use of the data by those companies will be governed by this privacy notice. A list of TU UK
companies is set out below, although the list may be updated from time to time.
Group company
|
Main trading address and registered office
|
TransUnion Information Group Limited (company no. 4968328)
|
One Park Lane, Leeds, West Yorkshire LS3 1EP
|
TransUnion International UK Limited (company no. 3961870)
|
Callcredit Marketing Limited (company no. 2733070)
|
Callcredit Spain, S.L (tax ID number B87839510)
|
Paseo de la Castellana, 259C, 16th floor, 28046 Madrid, Spain |
Confirma Sistemas de Información, S.L. (tax ID number B86303757)
|
Av. de la Industria, 18, 28760 Tres Cantos, Madrid, Spain |
Soluciones Confirma ASNEF-SIGNE, S.L. (tax ID number B86016649)
|
TransUnion Baltics, UAB (company no. 302689020)
|
Karaliaus Mindaugo pr. 50, Kaunas LT- 44334, Lithuania
|
Clients
As mentioned in section 2, we may supply information about your use of the product to your employer (or to
its affiliates, business partners or group companies) if they ask us to do so.
Service providers
We may provide your information to third parties who help us use it for the purposes described in section 2. For example:
- Our products may be hosted by third parties on our behalf.
- We may use a third party email broadcasting service in order to send you service emails about your account.
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you
agree otherwise.
Third parties who help us deal with enquiries
Sometimes we may need to supply information to third parties (such as our service providers or other companies in the TransUnion group) in
order to deal with a support request or other enquiry.
Business transfers
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that
acquires the business.
Regulators and law enforcement
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if required by
law, or if required for the legal protection of our legitimate interests in compliance with applicable laws. For example, we may sometimes need to pass personal
data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
Sharing of anonymised data with third parties
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating
to you.
7. WHERE IS THE PERSONAL DATA STORED AND SENT?
Within the UK and EU
We are based in the United Kingdom and will access and use your information from here. However, we also have operations in Lithuania and Spain, and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.
Elsewhere
We also send information elsewhere in the world. For example:
- When one of our overseas group companies or branch offices based overseas needs to use the information in accordance with this
notice.
- Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to
access that database for purposes such as technical support or system development and testing.
While the United Kingdom and countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:
- Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a
suitable level of protection.
- Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a
suitable level of protection.
If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the
details set out in section 1 above.
8. IS THE PERSONAL DATA USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU?
We do not use automated decision-making or profiling to make any decisions that will significantly affect you.
9. WHAT ARE YOUR RIGHTS?
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire
about exercising these rights, please use the contact details set out in section 1.
- Access: You have a right to find out what personal data we hold about you, and certain other information such as how
we are using it.
- Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to
correct it.
- Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your
personal data (see section 5 above), you can object to us doing so. We will then reassess the extent to which we can continue
to use the data in light of your particular circumstances.
- Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually
won’t apply to all of your data because we might have good reason for needing to keep some of it.
- Withdrawal of consent: We do not rely on consent to use your personal data (see section
5 above) so your right to withdrawal of consent does not apply.
- Objection to direct marketing: We do not use your personal data for direct marketing purposes but you have the right
to object to us doing so in the future.
- Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
- Portability: We do not rely on consent to use your personal data (see section 5
above) so your right to data portability does not apply.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your
personal data in connection with complaints and enquiries.
10. WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA?
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can
investigate your concerns. Please contact us using these details:
Post: Customer Relations Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP
Email:
customer.relations@transunion.co.uk
Telephone: 0330 024 7574
You can also contact our Data Protection Officer at dpo@transunion.co.uk.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your
personal data in connection with complaints and enquiries.
You also have the right to lodge a complaint with the Information Commissioner’s Office
(ICO), which is the body that regulates the handling of personal data in the United
Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to
them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
11. WHAT COOKIES ARE USED ON OUR WEBSITES THAT OFFER BUSINESS PRODUCT AND TECHNICAL SUPPORT FACILITIES?
We use cookies and similar technologies on our websites that offer business product and technical support facilities (referred to below as the business product website(s)) to distinguish you from other users of the business product website. This helps us to provide you with a good user experience and also allows us to personalise and improve the business product website (including its security).
A cookie is a small file of letters and numbers that we put on your device. We use the following kinds of cookie:
- Strictly necessary cookies. These are cookies that are required for the operation of the business product website. They include, for example, cookies that enable you to log into secure areas of the business product website.
- Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around the business product website when they are using it. This helps us to improve the way our business product website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our business product website. This enables us to personalise our content for you, greet you by name and remember your preferences.
You can find more information about the individual cookies we use and the purposes for which we use them on each of the relevant business product website (to the extent applicable). In addition, each of our business product websites use the following strictly necessary cookie:
Name
|
Purpose
|
_cfduid, _cf_bm |
Third party cookie used for security and fraud prevention purposes (namely the detection of malicious visitors). |
You can block cookies using your browser settings that allow you to refuse all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access parts of our business product websites or use some of its features. For more information about this, and about cookies in general, you may wish to visit www.aboutcookies.org.
Business Contacts Privacy Notice
Version: 1.7
Date adopted: 16th July 2020
This document provides information about how we use and share personal data relating to our business contacts.
In Brief
We use personal data to:
- manage our relationship with our business contacts and to keep in touch with them
- promote our products and services to our customers and potential customers
We use tracking, monitoring and profiling techniques as part of our marketing decisions to help us decide who to contact, about
what, and when.
You have the right to object and withdraw your consent to our use of your personal data. Please see section 9 to find out more.
1.Who are we and how can you contact us?
2.What do we use personal data for?
3.What kinds of personal data do we use, and where do we get it from?
4.How long is the personal data kept for?
5.What is our legal basis for handling personal data?
6.Who do we share the personal data with?
7.Where is the personal data stored and sent?
8.Is the personal data used to make decisions about you or to profile you?
9.What are your rights in relation to the personal data we hold about you?
10.Who can you complain to if you are unhappy about the use of your personal data?
1. WHO ARE WE AND HOW CAN YOU CONTACT US?
About us
We are TransUnion Information Group (TU UK), which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP.
The relevant members of TU UK are listed in section 6 below.
TU UK forms part of a larger group of TransUnion companies. However, this privacy notice only covers the activities of TU UK.
Joint controllers
Our group companies each control personal data about our business contacts and their representatives. This means that they are each
responsible for ensuring that the personal data is used fairly and lawfully. The group companies often act jointly with one or more of the other group companies
when making decisions about your personal data. In particular, they make joint decisions when sharing personal data with each other.
Our members of staff work across TU UK group companies so, where our group companies make decisions jointly, those members of staff will
ensure that each company involved complies with data protection rules. You can contact our Consumer Services Team if you want to enquire about any of our group
companies or exercise any of your rights in respect of your personal data.
Contact details
You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:
Post: Consumer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP
Email: consumer@transunion.co.uk
Telephone: 0330 024 7574
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your
personal data in connection with complaints and enquiries.
2. WHAT DO WE USE PERSONAL DATA FOR?
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use
for these purposes can be found in section 3 below.
Relationship management
We use personal data for relationship management purposes. Relationship management is the ongoing maintenance of our relationship with our
clients, suppliers and their representatives.
Examples: relationship management
Our relationship management activities may include:
- letting you know about product changes or planned maintenance activity
- contacting you with billing enquiries
- inviting you to events and webinars
- dealing with your enquiries
- conducting surveys to collect feedback on your perceptions of us
- asking you about what sorts of products or product features you want us to develop
Some of our relationship management activity involves profiling – please see section 8 for more details
about this.
Marketing
We use personal data for marketing purposes, typically in relation to current or potential clients and their representatives. This includes
providing you with original insight, commentary and research on data and software, early notifications of exclusive events, webinars and updates on our products and
services. These communications may relate to any current member of TU UK (see section 6 for examples) and any future members of
TU UK.
Examples: marketing
Our marketing activities may include:
- contacting you by email, telephone or by post to let you know about our products and services
- monitoring your interactions with us to help us understand which kinds of products and services you may be interested in
so that we can tailor our marketing appropriately
Some of our marketing activity involves profiling – please see section 8 for more details about this.
We will not make contact with you for marketing purposes through any particular channel (such as email, telephone or post) if you have told
us that you don’t want to hear from us in that way. Please note that if you ask us not to contact you for marketing purposes, you might still hear from us for other
reasons – for example, as part of our ordinary relationship management activity.
Providing services
Sometimes we might need to use your personal data to provide you with information, services, alerts and facilities that you have asked for.
For example, if you sign up to one of our webinars we might use your contact details to let you know how to access it.
If you are a registered user of one of our products, your personal data may be used within that product – please refer to the privacy notice
available within the product or our Business Product & Technical Support Privacy Notice for more details.
Monitoring and improving our websites
We use information such as how different people navigate around our websites, how long they spend on particular pages and whether they
download any of our content in order to help customise and improve the user experience of our websites. It also allows us to tailor the website to match your
interests and preferences better and helps us understand who has visited which pages to determine the most popular areas of the website.
This information is also used for security and system administration and to generate aggregate non-personalised information for use by us,
our business contacts, selected third parties, sponsors or advertisers (such as anonymous statistics related to the take up or use of services, or to patterns of
browsing).
Legal and regulatory purposes
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from
you or a regulator about how we have used your personal data.
Examples: legal and regulatory purposes
If you object to us processing your personal data for direct marketing purposes we will add your name to our suppression list in
order to remove you from future direct marketing activities.
If you make a complaint about us to our regulators, they will normally ask us to investigate your case. This will involve accessing
your personal data in the course of that investigation.
Similarly, if you start court proceedings against us, we will normally need to review how we have used your personal data in order to
defend ourselves against your claim.
3. WHAT KINDS OF PERSONAL DATA DO WE USE, AND WHERE DO WE GET IT FROM?
We obtain and use information from various different sources. These are summarised in the following table.
Type of information
|
Description
|
Source
|
Name and contact details
|
This is basic personal data about you at your place of work, and how to get in touch with you.
|
This information is usually provided directly by the relevant individuals; it could for example be given over the
telephone, in an email, through our websites, or in person at an event.
|
Organisation-related details
|
This is information about your organisation and your role within it, such as your job title and who your colleagues are.
|
Login credentials
|
This is information such as your username and password, which are recorded if you sign up to any of our web-based
services.
|
This information is provided by you or may sometimes be generated by us (for example, if we reset a password for you).
|
Contact history
|
This is information about our dealings with you, such as what information we have sent you, who in TU UK knows you, and
what meetings, events or webinars you have attended. It also includes your behaviour in response to our interactions with you, such as whether
you have opened our emails, clicked on a link or watched a video.
|
We produce these records ourselves.
|
Device information
|
This is information about the device you are using to access our websites, such as the type of device, its operating
system, browser, its IP address, and what cookies are on it.
|
We produce this information ourselves by monitoring your use of our websites.
|
Website usage
|
This is information about your use of our websites, such as what pages you have visited and what content you have
downloaded.
|
Flags and categories
|
In order to manage our contacts we may categorise you into different groups according to particular criteria. For
example, we may classify you as a live opportunity if we think you may be interested in one of our products, or as a lapsed contact if we have
not heard from you for a long time. We use this information to help us decide things like whether, when and how to contact you.
|
We produce these records ourselves.
|
You are free to choose whether or not you give us your personal data. However, if you are signing up to one of our products or services we
might not be able to provide you with that product or service if you do not give us the information we need in order to do so.
4. HOW LONG IS THE PERSONAL DATA KEPT FOR?
We will not keep your personal data for longer than we need it.
If you are a representative of one of our clients or potential clients, this means that we will normally keep your personal data while you or
your employer have an ongoing relationship with us or if you have interacted with us (including our websites or communications) within the past two years. You can
request us to delete it earlier as explained in section 9.
5. WHAT IS OUR LEGAL BASIS FOR HANDLING PERSONAL DATA?
This section explains the basis on which we process your personal data.
Legitimate interests
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed
by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data. We rely on this condition for most of our
processing activities.
The legitimate interests we are pursuing are:
Interest
|
Explanation
|
Maintaining and using our business relationships; understanding and keeping in touch with our customers and suppliers
|
We have an interest in maintaining and making use of our relationship with you. For example, if you work for one of our
clients we may need to contact you in connection with one of the products that your employer has purchased from us. Or if you work for one of
our suppliers we may need to contact you about a product that your employer supplies to us.
We also have an interest in understanding what kinds of people use our products and services and how they use them.
|
Marketing
|
We have an interest in promoting our products and services to our clients and potential clients.
|
Helping people learn about products and services that might be of use to them
|
Our clients and potential clients have an interest in learning about products and services that they might find useful.
|
Monitoring and securing our systems and data
|
Some of the ways we use personal data are justified by the need to ensure that our systems and the data we make available
through the website are kept secure and only made available to the correct people.
|
Commercial interests
|
Like any commercial organisation, we seek to earn revenue through the services that we provide to our customers and
clients.
|
Other legal bases
In some circumstances, we may have other bases to process personal data. These are set out in the following table, along with examples of the
circumstances in which they might apply.
Grounds
|
Examples
|
Consent
|
We may in some circumstances rely on your consent. In those circumstances you will specifically be asked whether you
agree to us using your data in specified ways, for example when you fill in a web form on our website and tick a box indicating that you wish to
receive marketing emails or telephone calls from us. You can withdraw the consent and ask us to delete your information at any time – please see
section 9.
|
Necessary for performance of a contract or to take steps for entering into a contract.
|
If you sign up to one of our products or services, it will often be necessary for us to use your details in order to
provide that product or service.
|
Necessary in order to comply with a legal obligation.
|
Regulators, government bodies and courts have powers to order us to provide information and, like any other organisation,
we sometimes have to comply with their requests.
|
6. WHO DO WE SHARE THE PERSONAL DATA WITH?
Our group companies
We may share your personal data among the members of TU UK. If we do so, then use of the data by those companies will be governed by this
privacy notice. A list of relevant TU UK companies is set out below, although the list may be updated from time to time.
Group company
|
Main trading address and registered office
|
TransUnion Information Group Limited
(company no. 4968328)
|
One Park Lane, Leeds, West Yorkshire LS3 1EP
|
TransUnion International UK Limited (company no. 3961870)
|
Callcredit Marketing Limited (company no. 2733070)
|
Callcredit Spain, S.L (tax ID number B87839510)
|
Paseo de la Castellana, 259C, 16th floor, 28046 Madrid, Spain |
Confirma Sistemas de Información, S.L. (tax ID number B86303757)
|
Av. de la Industria, 18, 28760 Tres Cantos, Madrid, Spain |
Soluciones Confirma ASNEF-SIGNE, S.L. (tax ID number B86016649)
|
TransUnion Baltics, UAB (company no. 302689020)
|
Karaliaus Mindaugo pr. 50, Kaunas LT- 44334, Lithuania
|
Trans Union LLC
|
555 W Adams St, Chicago, IL 60661, United States
|
Service providers
We may provide your information to third parties who help us use it for the purposes described in section
2. For example:
- Our database of personal data may be hosted by third parties on our behalf. For example, we use cloud-based services such as Salesforce and Eloqua to help us host, manage, analyse and use our databases of personal data.
- We use printing companies to produce and send personalised direct mail or other correspondence.
- We use market research companies to help us better understand our customers.
- Some of our products and services rely on us sending personal data to third parties who then analyse or enhance it and return the
results to us.
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you
agree otherwise.
Online advertising platforms
We may use third party advertising platform providers such as Google to serve advertisements to you. These third parties may use information
about your visits to our and other websites in order to provide you with advertising about products and services that may be of interest to you.
Sometimes we may provide information associated with you to third parties who operate other websites (such as social media platforms) so that
we can show you relevant advertisements while you are using those websites. This information will be protected so that you can only be identified if the third party
already knows you – the information we provide only tells them that you are a business contact of ours.
You can configure your advertising preferences on social media such as Facebook, Twitter, Instagram or Pinterest by accessing your settings
or preference options on the relevant platform. If you no longer want to receive personalised advertising on any website you visit, you can usually opt out directly
through the privacy policy of the particular website you are accessing. Please note that this will not block ads that are displayed on the websites you visit; it
will simply stop you receiving advertising that has been tailored to your interests. This opt-out relies on a cookie, so if you wipe all your cookies then that
website will no longer know that you have opted out. The same applies if you use a different internet browser or use a new computer to access the internet. You can
also opt out of such advertising by visiting the IAB opt-out platform at www.youronlinechoices.com,
but please note that this and other platforms only allow you to opt out of interest-based advertising delivered by registered members.
Business transfers
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that
acquires the business.
Regulators
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
Sharing of anonymised data with third parties
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating
to you.
7. WHERE IS THE PERSONAL DATA STORED AND SENT?
Within Europe
We are based in the United Kingdom, and will access and use your information from here. However, we also have operations elsewhere in Europe
– currently Lithuania and Spain – and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by
European data protection standards.
Elsewhere
We also send information elsewhere in the world. For example:
- When one of our overseas group companies based overseas needs to use the information in accordance with this notice. Further details
about those group companies can be found in the table in section 6.
- Where we use cloud-based technology or a data centre or backup facility overseas. For example, our marketing database is currently
hosted by a service provider in the United States.
- People in other countries, including South Africa and India, may also need to access that database for purposes such as technical
support or system development and testing.
While the UK and countries within the European Union all ensure a high standard of data protection law, some parts of the world may not
provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable
safeguards are in place to protect the information. For example, these safeguards might include:
- Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable
level of protection.
- Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a
suitable level of protection.
If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the
details set out in section 1 above.
8. IS THE PERSONAL DATA USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU?
We perform the following automated decision-making and profiling activities using your personal data. When we refer to profiling, we mean
using personal data to make predictions about you, or to categorise you into particular groups.
Individual-level profiling
We use certain profiling techniques in order to help us to understand our clients and potential clients. This in turn helps us to understand
which people might be interested in which of our products and services.
Examples: profiling
We categorise our business contacts according to the type of organisation and job they work in and target our advertising
accordingly. For example, we might decide that managers who work in the risk team of a bank would be interested in hearing about our credit risk assessment
products, and we may contact them about those products accordingly.
We use information about a person’s past history of dealings with us in order to predict whether and when they might wish to purchase
a particular product from us. We use this to help decide when to contact them and what products to tell them about.
Decision-making
The activities covered by this privacy notice do not include any automated decision-making by us that has legal or similarly significant
effects on you. For example, we do not use it to set the prices that we charge for our products and services.
9. WHAT ARE YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU?
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire
about exercising these rights, please email us at consumer@transunion.co.uk, telephone us on 0330 024 7574, or refer
to the other contact details in section 1.
- Access: You have a right to find out what personal data we hold about you, and certain other information such as how we
are using it.
- Withdrawal of consent: When we rely on your consent to use your data (see section 5
above), you have the right to withdraw that consent at any time. You can do this by contacting us, or (in the case of emails that are sent on the basis of
consent) by clicking the “unsubscribe” link.
- Objection to direct marketing: You have the right to object to us using your personal data for direct marketing
purposes. If you do this we will stop using it for those purposes.
- Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to
correct it.
- Objection to legitimate interests: If you disagree with us relying on the legitimate interests legal basis for using
your personal data (see section 5 above), you can object to us doing so. We will then reassess the extent to which we can
continue to use the data in light of your particular circumstances.
- Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually
won’t apply to all of your data because we might have good reason for needing to keep some of it.
- Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
- Portability: You have the right to receive some limited kinds of information in a portable format.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your
personal data in connection with complaints and enquiries.
10. WHO YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can
investigate your concerns. Please contact us using these details:
Post: Customer Relations Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP
Email: customer.relations@transunion.co.uk
Telephone:0330 024 7574
You can also contact our Data Protection Officer at dpo@transunion.co.uk.
You also have the right to lodge a complaint with the Information Commissioner’s Office
(ICO), which is the body that regulates the handling of personal data in the United
Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to
them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
Consumer Contact Privacy Notice
Version: 1.6
Date adopted: 8th April 2021
This privacy notice provides information about how we use and share personal data relating to consumers who contact us with an enquiry,
request or complaint.
In Brief
When you contact us with a request, complaint or enquiry, we will use your personal data in order to help us to respond to
you.
Sometimes this will mean sharing personal data with third parties. For example, if you dispute the accuracy of information on
your credit report, we may need to contact the organisation who provided us with that information to check whether it is correct.
You have the right to object to our use of your personal data.
Please see section 9 to find out more.
- 1. Who are we and how can you contact us?
- 2. What do we use personal data for?
- 3. What kinds of personal data do we use, and where do we get it from?
- 4. How long is the personal data kept for?
- 5. What is our legal basis for handling personal data?
- 6. Who do we share the personal data with?
- 7. Where is the personal data stored and sent?
- 8. Is the personal data used to make decisions about you or to profile you?
- 9. What are your rights?
- 10. Who can you complain to if you are unhappy about the use of your personal data?
1. WHO ARE WE AND HOW CAN YOU CONTACT US?
About us
We are TransUnion Information Group (TU UK), which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP.
The relevant members of TU UK are listed in section 6 below.
TU UK forms part of a larger group of TransUnion companies. However, this privacy notice only covers the activities of TU UK.
Joint controllers
Our group companies each control personal data about consumers who contact us. This means that they are each responsible for ensuring that
the personal data is used fairly and lawfully. The group companies often act jointly with one or more of the other group companies when making decisions about your
personal data. In particular, they make joint decisions when sharing personal data with each other.
Our members of staff work across TU UK group companies so, where our group companies make decisions jointly, those members of staff will
ensure that each company involved complies with data protection rules. You can contact our Consumer Services Team if you want to enquire about any of our group
companies or exercise any of your rights in respect of your personal data.
Contact details
You can contact us about issues relating to personal data, including the contents of this notice, by any of the following
methods:
Post: Consumer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP
Email: consumer@transunion.co.uk
Telephone: 0330 024 7574
2. WHAT DO WE USE PERSONAL DATA FOR?
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use
for these purposes can be found in section 3 below.
Dealing with your enquiry, request or complaint
We will use your personal data to deal with the matter you have contacted us about (which we refer to below as an “enquiry”). For example,
this might include investigating the matter internally or with external organisations, and contacting you to ask for more information or to let you know the outcome
of your enquiry.
The kinds of enquiry that we typically deal with include:
- requests for access to personal data, or to challenge the accuracy of personal data that we hold, or to request the erasure of
personal data
- support requests relating to our consumer products such as CreditView
- requests for recognition of a change in gender
- complaints
- general enquiries
Identity verification
When you contact us we will often need to establish that you are who you say you are. This is necessary in order to ensure that we don’t
provide your personal information to people who shouldn’t have access to it.
Example: identity verification
If someone contacts us and asks us for a copy of your credit report, we will check that it’s you (or someone authorised by you)
who is asking for it. We may do this by, for example, asking for evidence of identity such as copies of your driving licence or a bank statement.
It’s important that we do this because the information in your credit report is valuable and could be used to impersonate you
if it were to fall into the wrong hands.
Asking you for feedback
We may ask you to provide us with feedback or to leave a review about the service you have received from us. Your feedback helps us to
improve our services.
Products and services
Some types of enquiry that you might raise will result in changes to the personal data that we use in our products and services.
Examples: products and services
If you dispute the accuracy of an entry on your credit file, we will add a “notice of dispute” while the matter is being
investigated. This will be shared with other organisations who access the information on your credit report so that they know the data is being
challenged.
If we find that the entry does need to be updated, we will update it and remove the notice of dispute. The updated entry will
then continue to be used in our products and services.
If you wish to add a note to your credit file explaining something about it (for example, why you missed a payment), this would
also be shared with other organisations who access the credit file.
Improving systems and processes; internal reporting
We use information gathered in the course of handling complaints and requests to help us find out what went wrong, fix any problems we find,
and to improve the way that we deal with similar complaints and requests in the future.
We use aggregated statistics about the enquiries, requests and complaints we receive in order to help manage our services and identify
potential problems.
Example: improving processes
If we find that we are getting a large amount of queries about the accuracy of credit data that has been provided by a
particular bank, we can use that information to investigate whether there is something wrong with the way that the bank is providing us with
data.
Legal and regulatory purposes
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries
from you or a regulator about how we have handled your enquiry or used your personal data.
3. WHAT KINDS OF PERSONAL DATA DO WE USE, AND WHERE DO WE GET IT FROM?
We obtain and use information from various different sources. These are summarised in the following table.
Type of information
|
Description
|
Source
|
Basic information about you and how to contact you
|
This is information such as your name, address, previous addresses, date of birth, email address and telephone number.
These are used to deal with your request and communicate with you about it.
|
You provide us with this information when you make your request or when we subsequently ask you for it.
|
Your request
|
This is what you are asking us about or asking us to do.
|
Proof of identity or authority, and other supporting documentation
|
Proof of identity is information or documentation that we may ask you to give us in order to prove that you are who you
say you are. If you are making a request on behalf of someone else we may also ask you to prove that you have their authority to do so, such as
a power of attorney or letter of authority.
In some cases we may require additional supporting documentation from you. For example, if you are registering a change
of gender we will need a copy of the Gender Recognition Certificate.
|
Information gathered in dealing with your request
|
Dealing with your request will usually involve investigating the circumstances that you have asked about. This is the
information that we obtain from doing so. The type of information gathered will depend on what you have asked us to do.
|
We gather this ourselves from our other internal records and from external organisations such as clients and suppliers.
|
Our response and other correspondence
|
This is our response to your enquiry and other correspondence relating to your request.
|
We produce this ourselves.
|
Information about your use of our websites
|
If you access or submit information to us through our website, we may record information about your visit, such as your
IP address, operating system and browser type. This information may be linked with cookies; information about these can be found in the cookie
notice on the relevant website.
|
We gather this ourselves through the website.
|
You are free to choose whether or not you give us your personal data. However, if you do not give us the information or documentation that we
need, we may not be able to comply with your request or respond to your enquiry properly.
4. HOW LONG IS THE PERSONAL DATA KEPT FOR?
We will keep your personal data for as long as we are handling your request and for an additional period of time from when we have completed
it. That additional period is determined according to the purposes for which the personal data may be needed, such as:
- demonstrating that we have appropriate processes in place to deal with enquiries, requests and complaints, and that we are doing
so fairly and in accordance with our regulatory requirements;
- responding to any requests from you or a regulator about how we have dealt with your request, and to show that we have dealt with
your request properly;
- defending any potential legal claims or regulatory action that might arise as a result of the request.
5. WHAT IS OUR LEGAL BASIS FOR HANDLING PERSONAL DATA?
This section explains the basis on which we process your personal data when dealing with your enquiries.
Compliance with a legal obligation
The UK’s data protection law allows us to use your personal data where necessary in order to comply with legal obligations that apply to us.
This means that if you make a request that we are legally required to deal with or respond to, we will use your personal data on this basis in order to comply with
that requirement.
Legitimate interests
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed
by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
The legitimate interests we are pursuing are:
Interest
|
Explanation
|
Security
|
We have an interest in keeping your personal data secure. This means that when (for example) we receive a request from
you for a copy of your credit report, we need to verify your identity in order to make sure that it really is you who is making the
request.
|
Reputation and service improvement
|
We have an interest in dealing with enquiries quickly and efficiently and improving our services so that we earn a
better reputation for our business.
|
6. WHO DO WE SHARE THE PERSONAL DATA WITH?
Our group companies
We may share your personal data among the members of TU UK to the extent necessary to deal with your request. This will depend on which companies your request relates to, and which companies hold the relevant information. If we do this, then use of the data by those companies will be governed by this privacy notice. A list of TU UK companies is set out below, although the list may be updated from time to time.
Group company
|
Main trading address and registered office
|
TransUnion Information Group Limited (company no. 4968328)
|
One Park Lane, Leeds, West Yorkshire LS3 1EP
|
TransUnion International UK Limited (company no. 3961870)
|
Callcredit Marketing Limited (company no. 2733070)
|
Callcredit Spain, S.L (tax ID number B87839510)
|
Paseo de la Castellana, 259C, 16th floor, 28046 Madrid, Spain |
Confirma Sistemas de Información, S.L. (tax ID number B86303757)
|
Av. de la Industria, 18, 28760 Tres Cantos, Madrid, Spain |
Soluciones Confirma ASNEF-SIGNE, S.L. (tax ID number B86016649)
|
TransUnion Baltics, UAB (company no. 302689020)
|
Karaliaus Mindaugo pr. 50, Kaunas LT- 44334, Lithuania
|
Service providers
We may provide your information to third parties who help us use it for the purposes described in section 2. For
example:
- we may use third party service providers to receive requests and enquiries from individuals and to handle them on our behalf in accordance with our policies and procedures;
- we may use third parties to hold personal data on our behalf.
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you
agree otherwise.
Data suppliers and other third parties
If your request relates to data which has been supplied to us by third parties, we will often need to provide your personal data to those
third parties so that your request can be properly handled. For example, if you dispute the accuracy of an entry on your credit file we will often contact the
organisation which provided us with that information in order to check whether it is correct.
We may occasionally also need to check the information you provide with other third parties. For example, if you are asking us to erase
your credit file because you are concerned about your personal safety, we may check what you are saying with the police or the UK Protected Persons
Services.
Other credit reference agencies
For some kinds of request, such as those relating to gender recognition or victims of fraud, we have agreed a common procedure with the UK’s
two other consumer credit reference agencies, Equifax Limited and Experian Limited. If you give us permission to do so, we will share your information with them in
order to help ensure that your request is dealt with at all three credit reference agencies without the need for you to deal with each one separately.
Business transfers
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that
acquires the business.
Regulators
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
Sharing of anonymised data with third parties
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating
to you.
7. WHERE IS THE PERSONAL DATA STORED AND SENT?
Within Europe
We are based in the United Kingdom, and will access and use your information from here. However, we also have operations elsewhere in Europe
– currently Lithuania and Spain – and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by
European data protection standards.
Elsewhere
We also send information elsewhere in the world. For example:
- When one of our overseas group companies based overseas needs to use the information in accordance with this notice. Further details
about those group companies can be found in the table in section 6.
- Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that
database for purposes such as technical support or system development and testing.
While the UK and countries within the European Union all ensure a high standard of data protection law, some parts of the world may not
provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable
safeguards are in place to protect the information. For example, these safeguards might include:
- Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable
level of protection.
- Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a
suitable level of protection.
If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the
details set out in section 1 above.
8. IS THE PERSONAL DATA USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU?
We do not use automated decision-making or profiling in relation to your personal data where this would have a legal or similarly
significant impact on you.
9.
WHAT ARE YOUR RIGHTS?
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire
about exercising these rights, please use the contact details set out in section 1.
- Access: You have a right to find out what personal data we hold about you, and certain other information such as how we
are using it.
- Withdrawal of consent: We do not rely on consent to use your personal data (see section 5
above) so your right to withdraw consent does not apply.
- Objection to direct marketing: We do not use the personal data that this notice applies to for direct marketing
purposes, but you nonetheless have a right to object to us using your data for those purposes if you wish.
- Rectification: : If the information that we hold about you is inaccurate or out of date, you have a right to ask us to
correct it.
- Objection to legitimate interests: If you disagree with us relying on the legitimate interests legal basis for using
your personal data (see section 5 above), you can object to us doing so. We will then reassess the extent to which we can continue
to use the data in light of your particular circumstances.
- Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually
won’t apply to all of your data because we might have good reason for needing to keep some of it.
- Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
10. WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA?
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can
investigate your concerns. Please contact us using these details:
Post: Customer Relations Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP
Email: customer.relations@transunion.co.uk
You can also contact our Data Protection Officer at dpo@transunion.co.uk.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that
regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane,
Wilmslow, SK9 5AF.
Job Applicant Privacy Notice
Version: 1.2
Date adopted: 12th April 2019
This privacy notice provides information about how we use and share the personal data that we obtain
during the job application process. It covers the following topics:
- Who we are and how you can contact us
- What we use personal data for
- What kinds of personal data we use, and where we get it from
- What our legal grounds for handling personal data are
- Who we share the personal data with
- Where the personal data is stored and sent
- How long the personal data is kept for
- Whether the personal data is used to make decisions about you or to
profile you
- Your rights in relation to the personal data we hold about you
- Who you can complain to if you are unhappy about the use of your personal
data
1. WHO WE ARE AND HOW YOU CAN CONTACT US
We are TransUnion Information Group (UK UK), which is a group of companies with headquarters at One Park
Lane, Leeds, West Yorkshire LS3 1EP. The relevant members of TU UK to which this privacy notice applies
are listed in section 5 below.
TU UK forms part of a larger group of companies. However, this privacy notice only covers the activities
of TU UK.
The particular TU UK company in the list to whom you are applying, is the controller of the personal data
we hold about you for this process. This means that it is responsible for ensuring the personal data is
used fairly and lawfully, and it is the legal person against whom you can exercise the rights referred
to in section 9 below. Certain TU UK companies will also handle your information in the role stated in
section 5.
If as a result of your application you become employed, your personal information will be processed in
accordance with the TU UK Staff Privacy Notice.
You can contact us about issues relating to your personal data, including the contents of this notice, by
emailing us at recruitment@transunion.co.uk
2. WHAT WE USE PERSONAL DATA FOR
This section explains the purposes for which we use personal data about you. More detail about the types
of personal data that we might use for these purposes can be found in section 3 below.
Managing the recruitment process
- To communicate with you, (and on a strict need to know basis) relevant TransUnion Information Group
personnel involved in the recruitment process, and relevant third parties, for the reasons set out
in this privacy notice
- To record and demonstrate how we have conducted the application and recruitment process and arrived
at our decision regarding your application.
Employment Screening Checks
Due to the nature of its business, TU UK holds highly confidential data within its systems and records
and is subject to stringent legal and regulatory responsibilities. To protect TU UK and its parent
company’s interests, and those of its clients, partners, and other stakeholders including consumers and
third parties, TU UK’s policy is to undertake identity verification checks and employment screening.
These checks are mandatory to your application and will generally need to be completed before
commencement of any employment. Completion of these checks will require you to present certain
documentation or provide additional details, and may require signed authorisation or acknowledgement
from you – further details will be provided with any offer of employment. We are mindful of your privacy
so we will only undertake these checks according to the appropriate stage of the application. These
checks are set out below:
If we decide to make you an offer of employment:
Your credit file, fraud prevention, and identity verification
This involves us having sight of your financial situation and history in your credit file held by a
credit reference agency (including shared credit, any court judgments or orders, bankruptcy, individual
voluntary arrangements or similar events), and by way of a check of your details against the Internal
Fraud Database held by Cifas, a fraud prevention organisation. This search leaves a ‘footprint’ on your
credit file that is visible only to you should you obtain a copy of your credit file from Callcredit
Limited.
Checks undertaken if you formally accept any offer of employment we may make:
- That you have the right to work in the UK – to comply with our legal obligations concerning migrant
workers, we require you to provide certain documentary evidence. You will be provided with a list of
acceptable documents to determine eligibility. Where eligibility is unclear from the documentation
you provide, we will contact the UK Visa and Immigration service to check validity without further
reference back to you.
- Whether you have any criminal convictions that affect your suitability for the role. A check is made
with the Disclosure and Barring Service (if you live in or the job is in England and Wales), or
Disclosure Scotland (if you live in or the job is in Scotland). We may engage a third party for this
purpose. A higher level of check may be needed for certain roles, for example where the role being
applied for involves a requirement for the person to be of Financial Conduct Authority (‘FCA’)
Approved Person status. Details of the level of search will be provided as part of the
documentation/ process that you will be asked to provide and complete to enable the search to be
carried out.
- Your employment and educational references - for a period up to the preceding 10 years
- Your qualifications and relevant trade or professional memberships – where the information you
provide is incomplete, we may seek confirmation directly from the issuing/ governing body without
further reference back to you.
- Whether there are any entries against you in the following public registers:
- FCA register of Authorised Persons (restrictions or suspensions)
- Office of Foreign Assets Control (US imposed trade sanctions)
- HM Treasury Financial Sanctions (asset freeze targets)
- Companies House (disqualified directors)
- Fraud Prevention Agency checks – we will conduct a further check of your details against the
Internal Fraud Database held by Cifas.
Where the application is for a senior management or executive role, we review publicity and profile
information available about you through internet search engines, for relevancy to the standards of
integrity and conduct required of that role.
Should you become employed by TU UK, certain repeat screening checks will be undertaken at appropriate
intervals, details of which are provided when employment commences.
Making reasonable disability adjustments (as applicable)
To ensure appropriate arrangements are in place throughout the recruitment process and, if your
application is successful, to prepare for you commencing employment.
Monitoring to ensure our recruitment practices meet equal opportunities obligations
We are legally required to ensure that job applicants are given the same set of opportunities regardless
of, amongst other things, their race or ethnic origin. We therefore require that you provide certain
information in the job application form to help us monitor our practices for compliance with this
requirement. If any offer of employment is taken up, we continue to keep this information throughout the
employment relationship to help us to maintain fair treatment for employees irrespective of their
race/ethnicity. It is only done to review our practices in relation to treatment across racial or ethnic
groups, rather than to track your treatment to make decisions about you at individual level. If you have
any concerns around this or require us to cease using your personal information for this purpose, please
email us at recruitment@transunion.co.uk.
Legal and regulatory purposes
To respond to and defend any legal claims that may arise out the recruitment process. Also we may provide
information to law enforcement agencies where they request this, or of our own choice where we consider
there is a compelling reason to do so to protect our workers, visitors, customers or their consumers, or
our general business interests.
3. WHAT KINDS OF PERSONAL DATA WE USE, AND WHERE WE GET IT FROM
We obtain and use information from various different sources. These are summarised in the following
table.
Type of information
|
Description
|
Source
|
Name and contact details
|
This is basic personal data about you, and how to get in touch with you. It includes
your current home address, email addresses and telephone numbers.
|
This information is typically obtained directly from you (and/or the recruitment
involved where applicable) in the application form, from the checks described above,
from interviews, or as otherwise notified to you within the application process.
|
Date of birth
|
To ensure we attribute our records and any employee checks to the correct person, and
where needed for any minimum qualifying age applicable to the position in question.
|
Driver information
|
We require proof of driving and vehicle insurance eligibility where driving is
relevant to the role or involves a company vehicle.
|
Criminal convictions
|
Please see the explanation above re criminal records checks.
|
Right to work in the UK
|
You will be asked to provide relevant documentation for us to check eligibility both
at application stage, and if you commence employment with us, to repeat those checks
at intervals throughout the employment relationship.
|
Other application details
|
Previous work history including work references, qualifications and where applicable,
professional memberships, your reasons for applying and suitability for the position
and other details you provide in the application form and during interview(s).
|
Disability (where applicable)
|
For any facilities or practical arrangements to assist you in the recruitment process
(and should any offer of employment be accepted, to prepare the workplace for your
arrival).
|
Equal opportunities monitoring
|
Please see the explanation in section 2 above.
|
Attending our premises for interview(s)
|
Your details will recorded in the visitor’s book on reception. A CCTV system is in
operation at our building for the safety and security of our staff, visitors and
property. Please refer to the signs located on and in our premises. Access to images
by TU UK personnel and third parties is on a strict need to know basis. Images are
overwritten after 90 days.
|
The above information is mandatory to the application and recruitment process. We consider this
appropriate having regard to the nature of our business and our legal and regulatory responsibilities as
referred to above. We recognise that the employment screening checks referred to above may be more
extensive than you are used to. If you wish to discuss these checks in further detail or raise a
specific concern, please call your Human Resources contact at your earliest convenience, or email us at
recruitment@transunion.co.uk
4. WHAT OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA ARE
This section explains the basis on which we process your personal data.
To take steps at your request prior to entering into or in order to enter into any contract of
employment that may arise regarding your job application
To comply with our legal and regulatory obligations both generally as a business and in relation
to your application for employment for example regarding equal opportunities and disability
adjustments
Legitimate interests
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes
provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate
interests” condition for processing personal data.
The legitimate interests we are pursuing are:
- administering and managing the recruitment process
- assessing and confirming an applicant’s suitability for employment
- deciding to whom to offer a job
- keeping records of this process to explain or justify our position in doing so.
Special categories of personal data (SCPD)
Categories of SCPD
|
SCPD legal grounds
|
Information revealing racial or ethnic origin, data concerning health (i.e.
disability) and criminal convictions
|
Processing is necessary for the TU UK company who you are applying to, to carry out
its obligations and exercise specific rights in relation to employment
Processing is necessary to monitor equal opportunities
Processing is necessary to respond to and defend against legal claims
|
With your consent
If you have signed up through the careers pages of the www.transunion.co.uk website to
receive job alerts. You can unsubscribe from receipt of these alerts at any time.
5. WHO WE SHARE THE PERSONAL DATA WITH
Our group companies
We may share your personal data among the relevant members of TU UK. If we do so, then use of the data by
those companies will be governed by this privacy notice. A list of relevant TU UK companies is set out
below although the list may change from time to time.
Group company
|
Main trading address
|
Registered office
|
TransUnion Information Group Limited company no. 4968328)
|
Holding company
|
One Park Lane, Leeds, West Yorkshire LS3 1EP
|
TransUnion International UK Limited company no. 3961870)
|
Supplier of your credit history
|
Callcredit Spain, S.L. Tax ID number B87839510)
|
Paseo de la Castellana, 259C, 16th floor, 28046 Madrid, Spain
|
TransUnion Baltics, UAB company no. 302689020)
|
Provider of some back office functions
|
4th Floor, Zalgirio Arena, Karaliaus, Mindaugo pr. 50, Kaunas LT- 44333, Lithuania
|
Vilniaus m. sav . Vilniaus m. J. Jasinskio g. 16B, LT-01112, Lithuania
|
Service providers
We may provide your information to third parties who help us use it for the purposes described in section
2. For example:
- Our database of personal data may be hosted by third parties on our behalf.
- We use a third party email broadcasting service in order to send you emails (or if we contact you by
SMS message)
These service providers will not be allowed to use your information for their own purposes or on behalf
of other organisations, unless you agree otherwise.
Business transfers
If we sell our business to a third party, or go through a corporate reorganisation, this will involve the
transfer of our corresponding human resources records (including recruitment records), to the new
undertaking for them to use in the same way as set out in this privacy notice.
6. WHERE THE PERSONAL DATA IS STORED AND SENT
Within Europe
We are primarily based in the United Kingdom, and will access and use your information from here.
However, we also have operations elsewhere in the European Union – currently Lithuania and Spain and
personal data may be accessed from there too. In these cases, the use of the information in those
locations is protected by European data protection standards.
Elsewhere
We also send information elsewhere in the world. For example:
- Sometimes another group company or branch office based overseas may need to use the data in
accordance with this privacy notice.
- We may use cloud-based technology or a data centre or backup facility overseas, and people in other
countries may also need to access data for purposes such as technical support or system development
and testing.
While countries within the European Union all ensure a high standard of data protection law, some parts
of the world may not provide the same level of legal protection in relation to personal data. As a
result, when we do send personal data overseas, we will make sure that suitable safeguards are in place
to protect the information. For example, these safeguards might include:
- Putting in place a contract with the recipient containing terms which have been approved by the
relevant authorities as providing a suitable level of protection.
- Sending the information to an organisation which is a member of a scheme or which has been approved
by the authorities as providing a suitable level of protection. One example is the “Privacy Shield”
scheme that has been agreed between the European and US authorities.
If your information has been sent overseas like this, you can obtain further information about the
safeguards used by emailing us at human.resources@transunion.co.uk.
7. HOW LONG THE PERSONAL DATA IS KEPT FOR
To enable us to deal with any queries or issues that may arise from the job application process, we will,
unless otherwise stated in this privacy notice, retain your personal details in our records for a period
of 6 months from the date that we formally notify you of our decision. Back-up copies of emails may be
retained for longer subject to appropriate safeguards. If your application is successful, to ensure
business continuity we will transfer these records to your employee file upon commencement of
employment.
8. WHETHER THE PERSONAL DATA IS USED TO MAKE AUTOMATED DECISIONS ABOUT
YOU OR TO PROFILE YOU
We perform the following activities using your personal data. When we refer to:
- Profiling - we mean using personal data to make predictions about you, or to categorise you into
particular groups
- Automated decisions – we mean decisions made entirely by automated means which have a legal or other
significant impact upon you.
We undertake the following profiling activities to help inform our recruitment decisions:
Identity verification
As explained in section 2 above, we will use the information you provide with your application to help us
to verify your identity. We do this by checking the information you give us against databases such as
the electoral roll and your credit file. If we cannot verify your identity we will ask for details of
your previous address(es) and additional documentary address verification.
Searching your credit file
Please refer to section 2 above.
Personality profiles and aptitude testing
To provide an independent measure of your aptitude and personality, you may be asked to undertake an
assessment exercise as part of the job application process. We do this using specialist third party
testing solutions.
The above activities do not involve automated decisions in that we do not rely on any one, or any
combination of these, as the sole basis for making a recruitment decision about you. They form only part
of an overall assessment made by our recruitment team. Recruitment decisions will also take account any
representations you may make if you are unhappy about the outcome of these profiling activities on your
application, or any clarifying information we may ask you for in response to the outcomes.
9. YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU
You have several different rights in relation to the personal data that we hold about you. These are
briefly described below. To enquire about exercising these rights, please use the contact details set
out in section 1.
- Access: You have a right to find out what personal data we hold about you, and
certain other information such as how we are using it.
- Withdrawal of consent: We only send you job alerts if you have indicated that you
want to receive them. You can unsubscribe from these at any time via the careers pages of www.transunion.co.uk
- Rectification: If the information that we hold about you is inaccurate or out of
date, you have a right to ask us to correct it.
- Objection to legitimate interests: If you disagree with us relying on the
legitimate interests grounds for using your personal data (see section 4 above), you can object to
us doing so. We will then reassess the extent to which we can continue to use the data in light of
your particular circumstances.
- Erasure: In certain circumstances you can ask us to delete your personal data from
our systems. However, this usually won’t apply to all of your data because we might have good reason
for needing to keep some of it.
- Restriction: In some circumstances you can ask us to restrict the ways in which we
use your personal data.
- Portability: You have the right to receive some limited kinds of information in a
portable format.
10. WHO YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL
DATA
If you are not happy with the way we use or handle your personal data you should make contact so that we
can investigate your concerns. Please contact us by sending an email to recruitment@transunion.co.uk
You should also use this email address if you want to exercise any of your personal data rights referred
to in section 9 above in relation to the job application activities referred to in this privacy notice.
You can also contact our Data Protection Officer at dpo@transunion.co.uk
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is
the body that regulates the handling of personal data in the United Kingdom. You can do this online
through the ICO’s website at www.ico.org.uk, by telephone on 0303
123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane,
Wilmslow, SK9 5AF.
Open Banking Privacy Notice
TRANSUNION OPEN BANKING SERVICE PRIVACY NOTICE
Version: 2.2
Date adopted: 28th September 2020
This document provides an overview about how we use and share personal data that we receive and use in connection with the account
information services we provide to consumers and the TransUnion Open Banking service that we provide to our business clients.
In Brief
We will use and share your personal data in connection with the account information service we provide to you and the
TransUnion Open Banking service that we provide to our business clients. This includes:
- Providing our business client with the information it requires to conduct an affordability assessment of your finances
prior to offering you a service or a financial product.
- Storing copies of your personal data for reporting and audit purposes.
- Using your personal data while improving, developing or testing our products and systems.
- Using your personal data for legal and regulatory purposes. This includes performing an anti-money laundering check on you
(including verifying your identity), which we are required to do by law. This check will leave a footprint on your credit file.
- If requested by our business client, providing them with fraud prevention services which may leave a footprint on your
credit file.
You have the right to object to our use of your personal data.
Please see section 9 to find out more.
This privacy notice covers the following topics:
1. Who we are and how you can contact us?
2. What we use personal data for?
3. What kinds of personal data we use, and
where we get it from?
4. What are our legal grounds for handling personal
data?
5. Who do we share the personal data with?
6. Where is the personal data stored and sent?
7. How long is the personal data kept for?
8. Is the personal data used to make automated decisions about you or to profile you?
9. What are your rights in relation to the personal data that we hold about you?
10. Who can you complain to if you are unhappy about the use of your personal data?
11. What cookies are used on the website?
This privacy notice should be read together with the Terms of Service for the Service we are providing to you. A copy of the Terms of Service
is available [here]. It contains the meanings of certain words we use here, such as “Account”, “Service”, “Referring Company” and
“Your Bank”.
1 WHO WE ARE AND HOW YOU CAN CONTACT US?
We are TransUnion International UK Limited, which is a company registered in England and Wales with company number 03961870. Our trading
address and registered office is at One Park Lane, Leeds, West Yorkshire LS3 1EP.
TransUnion International UK Limited forms part of a larger group of companies known as the TransUnion Information Group, however this privacy
notice only applies to the use of personal data obtained by TransUnion International UK Limited in connection with the delivery of this Service unless we say
otherwise.
We are a controller of the personal data covered by this privacy notice. This means that we are responsible for ensuring that your personal
data is used fairly and lawfully.
You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:
Post: Consumer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP
Email: consumer@transunion.co.uk
Telephone: 0330 024 7574
2. WHAT DO WE USE PERSONAL DATA FOR?
This section explains the purposes for which we use personal data about you. More details about the types of personal data that we might use
for these purposes can be found in section 3 below.
- Providing you with the Service
We use your personal data to provide you with the Service, as described in the Terms of Service, a copy of which is available [here]. In order to provide you with this Service, we will need to obtain your personal data and share your personal data with the
Referring Company.
As part of providing you with the Service, we also store copies of your personal data for reporting and audit purposes.
- Providing the TransUnion Open Banking service to the organisation that has directed you to us (also called the “Referring Company” in
this notice)
We use your personal data to provide the TransUnion Open Banking service (as described in section 4 below) to the Referring Company that you
are dealing with. In particular, we electronically provide the organisation with the information it requires to conduct an affordability assessment of your finances
prior to offering you a service or a financial product. This is to save you from having to provide paper copies of your Account information to the Referring
Company.
As part of the TransUnion Open Banking service we provide to the Referring Company, we also store copies of your personal data for reporting
and audit purposes.
- Prevention and detection of fraud and other crime
In order to detect or prevent fraud (for example, to confirm you have only provided information about an Account that belong to you), we may
use your personal data to identify suspicious or fraudulent behaviours, if we are requested to do so by the Referring Company.
We may retain and re-use this data but solely for the purposes of identity verification and the prevention of fraud, money laundering or
other financial crime.
- Product/systems improvement, development and testing
We may sometimes use your personal data while improving, developing or testing our products and systems. This includes making sure that our
data categorisation is accurate and that our security measures are working properly. Where possible, we will anonymise or pseudonymise (partially anonymise) the
data before doing this.
- Legal and regulatory purposes
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from
you or a regulator about how we have used your personal data. This includes performing anti-money laundering checks on you (including verifying your identity),
which we are required to do by law before we perform the TransUnion Open Banking service.
The information you give us may be combined with other information about you that is obtained from other sources, and the combined data may
be used in accordance with this privacy notice. For example:
- the information you give us may be compared with data available elsewhere to validate the information you have provided (for example in
the context of anti-fraud measures).
- the information you give us may be combined with other information that we collect about you to assist with the detection and prevention
of fraud or financial crime.
3. WHAT KINDS OF PERSONAL DATA DO WE USE, AND WHERE DO WE GET IT FROM?
We obtain and use information from various different sources in the delivery of this Service. These are summarised in the following table.
Type of information
|
Description
|
Source
|
Identifiers
|
This includes your name, date of birth and current and previous addresses. We obtain this information from the Referring
Company.
|
We obtain this information from the Referring Company.
|
A unique identifier and declared salary
|
A unique identifier will be assigned to you by the Referring Company. Information you have provided to the Referring
Company about your current salary may also be provided to us.
|
We obtain this information from the Referring Company.
|
Information about your Account, including account details, transactions and regular payments.
|
This includes the following information:
- your account name, number, sort code and balance; and
- details of your incoming and outgoing transactions.
|
This information is obtained from Your Bank.
|
Your requests and enquiries
|
This is information you provide to us when you are visiting our website (such as clicking on buttons to confirm your
consent) or as part of another request or enquiry (for instance, to obtain technical support).
|
We obtain this information directly from you.
|
4. WHAT ARE OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA?
This section explains the legal basis on which we process your personal data when delivering this Service to you and the TransUnion Open
Banking Service to the Referring Company.
Please note that, while we require your explicit consent to provide this Service under financial regulations, we do not require your explicit
consent to process your personal data in connection with the provision of this Service under data protection laws. This is because our legal basis for processing
your personal data is based on the following legal grounds (rather than your consent).
- Performance of our contract with you
Where you give your explicit consent to use this Service, you enter into a contract with us for the provision of this Service, which is
governed by the Terms of Service. A copy of the Terms of Service is available [here].
In order to provide you with this Service that you have consented to in accordance with the Terms and Conditions, we will need to obtain your
personal data and share your personal data with the Referring Company.
The UK's data protection laws allow us to use your personal data where necessary for legitimate purposes provided that this isn't outweighed
by the impact it has on you. The law calls this the "legitimate interests" basis for processing personal data.
The legitimate interests we are pursuing are:
Interest
|
Explanation
|
Delivery of the TransUnion Open Banking Service (which includes requesting Information about your nominated Account(s)
from Your Bank, passing this Information to the Referring Company and undertaking analysis of your Information to help the Referring Company
make its assessment about you)
|
As noted above, where you consent to this Service, we are bound by the terms of our contract with you to collect your
personal data and share this with the Referring Company.
We also have a commercial interest in offering the TransUnion Open Banking Service to our clients that have a need for it
for the growth of our business, and the use of personal data is essential to the delivery of this service and therefore to fulfil this
commercial interest.
|
Improving, developing and testing our products and services
|
We have an interest in improving, developing and testing our products in order to help ensure that our services are
processing data accurately and that we remain competitive. This includes ensuring that our products can provide accurate results for our
clients, and including more data in our processes helps improve the accuracy of results.
|
Helping prevent and detect crime and fraud; anti-money laundering; and identity verification
|
We provide identity, anti-fraud and anti-money laundering services to help clients meet legal and regulatory obligations,
and to the benefit of individuals to support identity verification and support of the detection and prevention of fraud and money-laundering.
|
Providing support services
|
We are required to provide ancillary and support services to clients, which includes reporting on the services we have
provided for audit purposes and assisting you with any technical queries you may have about the Service.
|
Performance Monitoring
|
We have an interest in monitoring the performance of our services, to help identify any technical errors or areas of
improvement.
|
Our use of personal data is subject to an extensive framework of safeguards that help make sure that your rights are protected. These include
the information you are given in this notice about how your personal data will be used and how you can exercise your rights to obtain your personal data, have it
corrected or restricted, object to it being processed, and complain if you are dissatisfied. These safeguards help sustain a fair and appropriate balance so that
our activities do not compromise your interests, fundamental rights and freedoms.
- Necessity for compliance with a legal obligation
The UK's data protection laws allow us to use your personal data where necessary in order to comply with the legal and regulatory obligations
that apply to us. For example, in order to provide the Service, we have to comply with our obligations as a registered account information service provider under
the Payment Services Regulations 2017. This means that we use your personal data as required under these regulations.
We are required by law to perform anti-money laundering checks (including verifying your identity) on you before we perform the TransUnion
Open Banking service. We will use your personal data in order to perform this check and this check will leave a footprint on your TransUnion credit file. This
footprint will not impact your credit score and will only be visible to you, us and any organisation you choose to share your TransUnion credit report with.
5. WHO DO WE SHARE THE PERSONAL DATA WITH?
- The Referring Company / Our client
The purpose of this Service is to enable the electronic sharing of your Account information between Your Bank and the Referring Company you
are dealing with to obtain a service or financial product. This organisation will be our client, as they will have appointed us to provide this Service for you and
their other customers.
In the delivery of this Service, we facilitate the sharing of information between Your Bank and the Referring Company.
We may share your personal data with other companies in the TransUnion Information Group for the purposes of improving, developing and
testing our existing product and services and new product development. A list of the relevant TransUnion Information Group companies is set out below:
Group company
|
Main trading address and registered office
|
TransUnion Information Group Limited (company no. 4968328)
|
One Park Lane, Leeds, West Yorkshire LS3 1EP
|
TransUnion Baltics, UAB (company no. 302689020)
|
Karaliaus Mindaugo pr. 50, Kaunas LT- 44334, Lithuania
|
We may provide your information to third parties who help us use it for the purposes described in section 2.
For example:
- our products may be hosted by third party cloud platform providers on our behalf;
- we may use third parties to support, maintain and test our products and services and to help us to answer consumer queries.
These service providers may also be our group companies, some of which are listed above.
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations.
If we sell our business to a third party, or go through a corporate re-organisation, we will transfer personal data to the company that
acquires the business.
If an acquirer intends to use your personal data in a way which is not set out in this notice, they will contact your shortly after the
acquisition to inform you about how they are going to use your data.
- Regulators and Fraud Prevention Agencies
We may be compelled to share personal data with our regulators, including the Information Commissioner's Office and the Financial Conduct
Authority. Where we suspect fraudulent activity, we may also pass personal data to the police and fraud prevention agencies.
6. WHERE IS THE PERSONAL DATA STORED AND SENT?
Within Europe
We are based in the United Kingdom, and will access and use personal data from here. One of our group companies is based in Lithuania, and so
personal data may be accessed from there too. In these locations, the use of the information is protected by European data protection standards.
The Referring Company that you are dealing with, and that will be receiving your personal data, may have operations outside of Europe –
please check its own privacy notice for further details.
Outside Europe
We may also send information elsewhere in the world. For example:
- When one of our overseas group companies or branch offices based overseas needs to use the information.
- Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that
database for purposes such as technical support or system development and testing.
While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same
level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place
to protect the information. For example, these safeguards might include:
- Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable
level of protection.
- Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a
suitable level of protection.
You can obtain further information about the safeguards used by contacting us using the details set out in section
1 above.
7. HOW LONG THE PERSONAL DATA IS KEPT FOR
We keep your personal data only for as long as necessary for the purposes for which it is used, as set out in section 2 above.
We will keep a record of your personal data used in connection with this Service and the TransUnion Open Banking Service for a period of two
years.
Where we use your personal data in connection with the improvement, development and testing of our products and services, we may keep your
information for a period of two years. If we have anonymised your data in connection with this purpose, we may keep and use anonymous data indefinitely.
Where we use your personal data to comply with our legal and regulatory requirements, we will typically retain a copy of your personal data
for a further period of six years after we used it for that purpose.
Search footprints are kept for a total of six years however they will only be visible on your credit file for two years. A further four years
of data are used for profiling and statistical analysis.
8. IS THE PERSONAL DATA USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU?
We do not use the personal data obtained from the delivery of this Service to make automated decisions about you.
Our role is to obtain this information from Your Bank and deliver it to the Referring Company (our client). The information that we share
with our client in the delivery of this Service may then be used by our client to conduct an affordability assessment, which will help them to make a decision about
providing a service or financial product to you. However, our clients will also hold other information about you which will help inform their decision.
We would recommend contacting the Referring Company that you are dealing with if you require further information about how they will use the
personal data we provide to them in the delivery of the TransUnion Open Banking service.
9. WHAT ARE YOUR RIGHTS IN RELATION TO THE PERSONAL DATA THAT WE HOLD ABOUT YOU?
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire
about exercising these rights, please use the contact details set out in section 1.
- Access: You have a right to find out what personal data we hold about you, and certain other information such as how
we are using it. We may need to ask you to provide additional information to help us to confirm that the personal data we hold is yours.
- Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to
correct it.
- Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your
personal data (see section 4 above), you can object to us doing so. We will then reassess the extent to which we can continue to
use the data in light of your particular circumstances.
- Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually
won’t apply to all of your data because we might have good reason for needing to keep some of it. For example, if you ask us to erase personal data which we are
required to keep under the legal and regulatory obligations that apply to us, we will not be able to action your request.
- Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
- Portability: In some circumstances you have the right to request that we send to you or a third party a copy the
personal data you have provided to us in a portable format. However, in the delivery of this Service we are predominantly using personal data provided to us
from other sources and not from you directly, which means the right will rarely apply.
- Withdrawal of consent: While we rely on your consent to access this Service, we do not rely on your consent to process
your personal data in the delivery of this Service, therefore your right to withdraw consent does not apply.
10. WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA?
We try to ensure that we deliver the best levels of customer service, but if you are not happy about how we use your personal data you should
contact us so that we can investigate your concerns. Please contact us using the details in section 1.
You can also contact our Data Protection Officer at: dpo@transunion.co.uk
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling
of personal data in the UK. You can do this online through the ICO’s website at www.ico.org.uk/concerns, by
telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
11. WHAT COOKIES ARE USED ON THE WEBSITE?
We use cookies and similar technologies to distinguish you from other users of the website. This helps us to provide you with a good
experience when you browse the website and also allows us to personalise and improve the website.
A cookie is a small file of letters and numbers that we put on your device. We use the following kinds of cookie:
- Strictly necessary cookies. These are cookies that are required for the operation of the website.
- Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how
visitors move around the website when they are using it. This helps us to improve the way our website works.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below.
Name
|
Purpose
|
ga, _gat, _gid
|
These cookies are used to collect information about how visitors use our site. We use the information to compile
reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site,
where visitors have come to the site from and the pages they have visited and how they interacted with the website (Google Analytics)
|
tuob:cookie:accept
|
This cookie is used to record whether the current user has given consent to accept cookies on their browser.
|
tuob:cookie:analytics
|
This cookie is used to record whether the current user has given permission to collect data for Google Analytics. If
no consent is given, Google Analytics will not collect information.
|
.AuthCookie.ConsumerApi
|
Stores encrypted information to identify the current user whilst navigating through the site. This cookie is removed
when the user leaves the site.
|
.AntiForgery.ConsumerApi
|
This cookie is used to prevent Cross-Site Request Forgery.
|
You can block cookies using your browser settings that allow you to refuse all or some cookies. However, if you use your browser settings to
block all cookies (including essential cookies) you may not be able to access parts of our website or use some of its features. For more information about this, and
about cookies in general, you may wish to visit www.aboutcookies.org.
TransUnion Information Group Cookie Notice
This document provides information about how we use cookies on our website at www.transunion.co.uk.
1. WHO ARE WE?
This website is operated by TransUnion Information Group Limited, which is a company registered in
England and Wales with company number 04968328. Its registered office is at One Park Lane, Leeds, West
Yorkshire LS3 1EP.
2. WHAT ARE COOKIES?
A cookie is a small file of letters and numbers that we put on your device when you browse our website.
3. WHAT DO WE USE COOKIES FOR?
We use cookies and similar technologies to distinguish you from other users of the website. This helps us
to provide you with a good experience when you browse the website and also allows us to personalise and
improve the website.
Our cookies are not used to collect information which (by itself) allows us to identify who you are. But
if you separately tell us who you are, we may link your identity to the cookies we put on your device so
that we can see how you are using the website. We use that information in accordance with the privacy
notice that we give you when you tell us who you are.
4. WHAT COOKIES DO WE USE?
We use the following kinds of cookie:
- Strictly necessary cookies. These are cookies that are required for the operation
of the website. They include, for example, cookies that enable you to log into secure areas of the
website.
- Analytical/performance cookies. These cookies allow us to recognise and count the
number of visitors and to see how visitors move around the website when they are using it. This
helps us to improve the way our website works, for example, by ensuring that users are finding what
they are looking for easily. They also allow us to tell if you have reached our website from one of
our advertising partners so that we can meet our contractual commitments to that partner.
- Functionality cookies. These are used to recognise you when you return to our
website. This enables us to personalise our content for you, greet you by name and remember your
preferences.
- Targeting cookies. These cookies record your visit to our website, the pages you
have visited and the links you have followed. We will use this information to make our website and
the advertising displayed on it more relevant to your interests. We may also share this information
with third parties for this purpose.
You can find more information about the individual cookies we use and the purposes for which we use them
in the table below.
Service |
Cookie Name |
Purpose |
Type |
General purpose
|
JSESSIONID
|
General purpose platform session cookie used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
|
Strictly Necessary
|
General purpose
|
cookiePerformance
cookieTargeting
cookieFunctionality
cookieConsent
|
Used to save your existing cookie preferences.
|
Strictly Necessary
|
Google Analytics
|
_gid
_ga
_gat_UA-
_utma
_utmb
_utmc
_utmv
_utmz
|
These cookies are associated with Google Universal Analytics and are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they have visited. For further information, please visit: https://policies.google.com/technologies/types?hl=en
|
Performance
|
Optimizely
|
optimizelyEndUserId
optimizelyPPID
optimizelyDomainTestCookie
optimizelyRumLB
|
These Optimizely cookies allow us to test different versions of website pages to different users at the same time and to track how users navigate around our website. We use this information to test new features and make the website easier to use. For further information, please visit: https://www.optimizely.com/legal/opt-out/
|
Performance
|
SiteImprove
|
__cfduid
AWSELB
siteimproveses
nmstat
|
These cookies are associated with Siteimprove and are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they have visited. For further information, please visit: https://support.siteimprove.com/hc/en-gb/articles/206345493-Siteimprove-Analytics-cookies
|
Performance
|
AddThis
|
__atuvs
|
This cookie is associated with the AddThis social sharing widget which is commonly embedded in websites to enable visitors to share content with a range of networking and sharing platforms. For further information, please visit: https://www.oracle.com/legal/privacy/addthis-privacy-policy.html
|
Functionality
|
Brightcove
|
_bc_uuid
|
This cookie is associated with Bright Cove. Brightcove is a Video Hosting Service. For further information, please visit: https://player.support.brightcove.com/references/brightcove-player-cookies.html
|
Functionality
|
AddThis
|
uvc
__atrfs
xtc
__atuvc
loc
|
This cookie is associated with the AddThis social sharing widget which is commonly embedded in websites to enable visitors to share content with a range of networking and sharing platforms. For further information, please visit: https://www.oracle.com/legal/privacy/addthis-privacy-policy.html
|
Targeting
|
Eloqua
|
ELQSTATUS
ELOQUA
SAMESITESET
_CG
|
These Eloqua cookies are used in order to track your use of our website in order to help us improve the performance, content and layout of the website, to personalise the content or design of the website, to better understand which parts of our website you are interested in, and for marketing purposes. The Eloqua cookies may be associated with other data we hold about you, such as your name and email address if you fill in one of our web forms, your IP address, domain name, browser type and operating system. For further information, please visit: https://docs.oracle.com/cloud/latest/marketingcs_gs/OMCAA/Help/SecurityOverview/TrackingWebVisits.htm?Highlight=About%20Cookie%20Tracking
|
Targeting
|
YouTube
|
GPS
VISITOR_INFO1_LIVE
YSC
|
YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. For further information, please visit: https://policies.google.com/technologies/types?hl=en
|
Targeting
|
Doubleclick
|
test_cookie
IDE
|
This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange. For further information, please visit: https://policies.google.com/technologies/types?hl=en
|
Targeting
|
5. HOW TO CONTROL COOKIES
Strictly necessary cookies are always on when you visit us. On your first visit to us, we’ll ask you to choose which cookies we can use. You can always change your mind by going to your settings.
You can block cookies using your browser settings that allow you to refuse all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access parts of our website or use some of its features.
For more information about this, and about cookies in general, you may wish to visit https://www.aboutcookies.org.uk/.
Terms of Service
This page sets out the terms of use on which you may make use of our website at www.transunion.co.uk.
Please read these terms carefully before you start to use our website. By using our website, you
indicate that you accept these terms and that you agree to abide by them. If you do not agree to these
terms, please refrain from using our website.
If you sign up to any of our products and services, those products and services will be subject to
separate terms and conditions.
ABOUT US
This website is operated by TransUnion Information Group Limited, which is a company registered in
England and Wales with company number 04968328. Its registered office is at One Park Lane, Leeds, West
Yorkshire LS3 1EP.
ACCESSING OUR WEBSITE
We will not be liable if for any reason our website is unavailable at any time or for any period. From
time to time, we may restrict access to some parts of our website or to our entire site. You are
responsible for ensuring that all persons who access our website through your internet connection are
aware of these terms, and that they comply with them.
OUR WEBSITE CHANGES REGULARLY
We aim to update our website regularly, and may change the content at any time. If the need arises, we
may suspend access to our website, or close it indefinitely. Any of the material on our website may be
out of date at any given time, and we are under no obligation to update such material.
INTELLECTUAL PROPERTY RIGHTS
We are the owner or the licensee of all intellectual property rights in our website, and in the material
published on it. Such works are protected by copyright laws and treaties around the world. All such
rights are reserved. You may print off one copy, and may download extracts, of any page(s) from our
website for your personal reference and you may draw the attention of others within your organisation to
material posted on our website. You must not modify the paper or digital copies of any materials you
have printed off or downloaded in any way, and you must not use any illustrations, photographs, video or
audio sequences or any graphics separately from any accompanying text.
Our status (and that of any identified contributors) as the authors of material on our website must
always be acknowledged.
You must not use any part of the materials on our website for commercial purposes without obtaining a
licence to do so from us or our licensors. If you print off, copy or download any part of our website in
breach of these terms, your right to use our website will cease immediately and you must, at our option,
return or destroy any copies of the materials you have made.
RELIANCE ON INFORMATION
Commentary and other materials posted on our website are not intended to amount to advice on which
reliance should be placed. We disclaim all liability and responsibility arising from any reliance placed
on such materials by any visitor to our website, or by anyone who may be informed of any of its
contents.
OUR LIABILITY
The material displayed on our website is provided without any guarantees, conditions or warranties as to
its accuracy or purpose. To the extent permitted by law, we, together with third parties connected to
us, hereby expressly exclude:
- all conditions, warranties and other terms which might otherwise be implied by statute, common law
or the law of equity; and
- any liability for any loss or damage incurred, whether directly, indirectly or consequentially by
any user in connection with our website or in connection with the use, inability to use, or results
of the use of our website, any websites linked to it and any materials posted on it.
Notwithstanding any other term, we do not limit or exclude liability for:
- death or personal injury arising from our negligence or that of our employees; or
- for our fraudulent misrepresentation or that of our employees.
VIRUSES, HACKING AND OTHER OFFENCES
You must not misuse our website by knowingly introducing viruses, trojans, worms, logic bombs or other
material which is malicious or technologically harmful. You must not attempt to gain unauthorised access
to our website, the server on which our website is stored or any server, computer or database connected
to our website. You must not attack our website via a denial-of-service attack or a distributed
denial-of service attack.
By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We
will report any such breach to the relevant law enforcement authorities and we will co-operate with
those authorities by disclosing your identity to them. In the event of such a breach, your right to use
our website will cease immediately.
We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or
other technologically harmful material that may infect your computer equipment, computer programs, data
or other proprietary material due to your use of our website or to your downloading of any material
posted on it, or on any website linked to it.
LINKING TO OUR WEBSITE
You may link to our home page, provided you do so in a way that is fair and legal and does not damage our
reputation or take advantage of it, but you must not establish a link in such a way as to suggest any
form of association, approval or endorsement on our part where none exists. You must not establish a
link from any website that is not owned by you.
Our website must not be framed on any other site, nor may you create a link to any part of our website
other than the home page. We reserve the right to withdraw linking permission without notice. The
website from which you are linking must NOT:
- contain any material which is defamatory of any person;
- contain any material which is obscene, offensive, hateful or inflammatory;
- promote sexually explicit material;
- promote violence;
- promote discrimination based on race, sex, religion, nationality, disability, sexual orientation or
age;
- infringe any copyright, database right or trademark of any other person.
LINKS FROM OUR WEBSITE
Where our website contains links to other sites and resources provided by third parties, these links are
provided for your information only. We have no control over the contents of those sites or resources,
and accept no responsibility for them or for any loss or damage that may arise from your use of them.
There are links on our website to other websites which we or our group of companies also maintain. Access
to and use of those other websites are governed by separate terms and conditions and you are strongly
recommended to read those terms.
JURISDICTION AND GOVERNING LAW
The English courts will have exclusive jurisdiction over any claim arising from, or related to, a visit
to our website or these terms. These terms of use are governed by English law.
VARIATIONS
We may revise these terms at any time by amending this page. You are expected to check this page from
time to time to take notice of any changes we made, as they are binding on you. Some of the provisions
contained in these terms may also be superseded by provisions or notices published elsewhere on our
website.
YOUR CONCERNS
If you have any concerns about material which appears on our website, please contact:
Customer Services Department
TransUnion Information Group
One Park Lane
Leeds, LS3 1EP
Thank you for visiting our website.
Transunion Open Banking Service Terms and Conditions
1 Meaning of words we use
Account any payment account held in your name with Your Bank in the UK into which you can deposit and withdraw income
and which allows for direct debits, transfers and payment transactions. Please read these terms of service carefully (and paragraph 4 in particular) as there
may be instances where we may not be able to provide Services in relation to a particular Account.
Information has the meaning given to it in paragraph 3.2 of these Terms.
Referring Company means the person or organisation that has directed you to us so that we can provide the
Service.
Service means the services detailed in paragraph 3 of these Terms.
Terms means these terms of service for the Service which includes the on screen information provided to you on the
Website describing how the Referring Company will use the Information and the consent described in paragraph 3.3 below.
you, your means the person who agrees to use the Service.
Your Bank means any bank or building society you hold an Account with. Please see the Website for details of the banks
and building societies that are supported by the Service.
we, us, our means TransUnion International UK Limited (registered in England and Wales with company number 03961870)
of One Park Lane, Leeds, West Yorkshire, LS3 1EP.
Website means the website from which we provide the Service.
2 Our agreement with you for the Service
2.1 These Terms govern the use of the Service and form an agreement between us and you. You can obtain a copy of these Terms
at any time from our Website.
2.2 Only you and we have any rights under these Terms.
3 The Service
3.1 In order to use this Service you must have:
(a) been redirected to our Website by a Referring Company to whom you are applying for a service
or financial product; and
(b) successfully passed
(i) our anti-money laundering checks (including checks to verify your identity), which we are
required to perform by law before providing you with the Service; and
(ii) if requested by the Referring Company, additional fraud prevention checks in relation to
your application for a service or financial product.
3.2 This Service will enable you to authorise us to request information about your nominated Account(s) (such as statements,
details of payment transactions into and out of your Account, account balances etc.) (“Information”), from Your Bank, so that we can send this Information to
the Referring Company. The Referring Company will then use this Information to conduct an affordability assessment of your finances prior to offering you a
service or a financial product. The Referring Company may ask that we only send them a sub-set of the Information, if this is all they need to carry out their
assessment.
3.3 In order to use this Service, you need to consent to us requesting certain Information about your nominated Account(s)
from Your Bank and you must also agree that we can pass the Information we obtain to the Referring Company. We may undertake some analysis of your Information
to help the Referring Company make an assessment about you, such as your affordability and creditworthiness, in connection with your application for a financial
product or service. You will be asked to provide your consent to this as well. Please also refer to our Privacy Notice here
which explains how we will use your Information.
3.4 If you provide your consent, we will submit a request for your Information to Your Bank in accordance with paragraph 4
and, if this request is successful, provide you with a summary of the Information we receive.
3.5 We do not check the Information we receive from Your Bank for accuracy and we have no responsibility to do so. In
addition, we have no responsibility for any products and services provided to you by Your Bank or the Referring Company.
3.6 The Information we retrieve and display through the Service is only as up to date as the Information we obtain from Your
Bank at the point in time you authorise us to request that Information. This means that it may not take account of recent credits to and/or withdrawals from
your Account(s).
4 Steps to access the Service
4.1 After you have provided your consent in accordance with paragraph 3 above, you will then need to select which of Your
Bank(s) you would like us to request Information from.
4.2 You will then be prompted to identify yourself with Your Bank. This may involve you being redirected to Your Bank's
online banking login page where you may be prompted to enter your login details. If this happens, we will not see, record or store any of the login details you
enter. You will be responsible for ensuring you provide the correct log in details to Your Bank. If you repeatedly provide Your Bank with incorrect login
details, this may result in your access to your Account(s) being blocked and may mean we cannot provide the Service as a result.
4.3 Once you have successfully identified yourself with Your Bank, you will be asked to nominate which specific Account(s)
you would like us to request Information from.
4.4 You may not be able to select all of your Accounts for a number of reasons, which may include the following:
(a) you will only be able to select Accounts which you can access online;
(b) you will only be able to select UK-based Accounts; and
(c) you will only be able to select Accounts held with Your Bank(s) that are accessible to us.
Our Website will display the banks and building societies we can connect with.
If Your Bank is listed on our Website but you do not see an Account you would like to select, you should contact Your Bank.
4.5 After you have selected your chosen Account(s), you will be re-directed back to our Website and we will provide the
Service.
5 Our right to request your Information
5.1 We will only request Information where you have consented to us doing so. We will only share Information with you and
the Referring Company. Our right to request Information from your selected Account(s) will expire once we have successfully received the Information from Your
Bank(s). We will keep some or all of your Information to comply with our legal obligations. Details of how we will store and process your Information is set out
in our Privacy Notice here. If you wish to repeat the Service in relation to a different Referring Company or Account you
will need to provide us with permission again.
6 Availability of the Service
6.1 We will not be able to request or receive Information where Your Bank has blocked either your access to that Account or
has denied our request for Information.
6.2 We may not be able to provide this Service if your internet connection, device or network connection fails.
6.3 We may refuse to provide the Service, in accordance with our rights in these Terms.
7 Charges
7.1 We will not directly charge you for providing this Service. However, we may charge the Referring Company a fee in return
for our providing you with this Service and the Referring Company may pass this fee on to you.
8 Security
8.1 If you think someone else has obtained your login details that you use to access your Account(s) or you think that your
Account(s) have been compromised in any way you must contact Your Bank immediately and not us.
8.2 We’ll use reasonable care and skill to ensure that our Website and Service is safe and secure and does not contain
viruses or other damaging properties. If we fail to comply with this and you suffer loss and/or damage to your data, software, device, digital content and/or
other equipment, we’ll be liable to you.
8.3 You must not use the Website or Service on a device or computer which you know or suspect contains or is vulnerable to
viruses or other damaging properties or which does not have up-to-date anti-virus software installed on it.
8.4 If we detect that your device or computer has been compromised in a way that may allow unauthorised or malicious
software to be installed, or that it may carry a virus or any malware threat, we may prevent you accessing Service on that device or computer.
9 Our responsibility to you
9.1 We will not be responsible to you for any failure to provide any Service due to scheduled or required downtime, or for
any reason that is beyond our reasonable control. Examples of this include (but are not limited to):
(a) any technical failure of Your Bank's online platform;
(b) Your Bank denying our request to receive your Information;
(c) failure of any machine, data processing system or transmission link; or
(d) outages or lack of coverage or signal on any phone network.
9.2 The information we obtain about your Account(s) and the transactions on that Account is dependent on the Information we
receive from Your Bank. We are not responsible if Your Bank gives us incomplete or incorrect information.
9.3 The Information we obtain from Your Bank does not represent a comprehensive illustration of your financial situation.
For example, it may not take into account balances held in other accounts or a savings account, credit card, personal loan or mortgage balances.
9.4 If we do not comply with these Terms or we do not use reasonable care and skill in providing the Services to you then we
will be responsible for the loss and damage which is a foreseeable result of this breach. Loss or damage is foreseeable if either it is obvious that it will
happen or if, at the time the contract was made, both we and you knew it might happen. We are not responsible for any loss or damage which is not foreseeable.
9.5 We only supply the Services for domestic and private use. If you use the Services for any commercial, business or
re-sale purpose we will have no liability to you for any loss of profits, loss of or damage to reputation, loss of contracts, loss of opportunity, loss of
business, loss or depletion of goodwill, increased overheads or administration expenses, management time, loss of savings.
9.6 You remain responsible for keeping your online banking log-on details safe in accordance with your agreement with Your
Bank.
9.7 You must not:
(a) use the Service in any unlawful manner, for any unlawful purpose, or in any manner
inconsistent with these Terms;
(b) act fraudulently or maliciously in relation to the Service, for example, by accessing an
account which is not yours or hacking into or inserting malicious code, including viruses, or harmful data, into the Service or any operating system;
(c) infringe our intellectual property rights or those of any third party in relation to your use
of the Service;
(d) transmit any material that is illegal, fraudulent, defamatory, offensive or otherwise
objectionable in relation to your use of the Service;
(e) use the Service in a way that could damage, disable, overburden, impair or compromise our
systems or security, those of our licensors, Your Bank(s) or a Referring Company or interfere with the experience of other users of the Service; or
(f) collect or harvest any information or data from any Service or our systems or attempt to
decipher or interfere with any transmissions to or from the servers running any Service.
10 Termination of the Service
10.1 The Service will be provided immediately after you have completed each of the steps described in paragraph 4 - you must
have provided us with your consent to request Information relating to your Accounts, identified yourself with Your Bank and selected the relevant Account(s).
You will not be able to withdraw your consent after this point. However, you may be able to withdraw from the Service prior to completing all of the steps set
out in paragraph 4.
10.2 We may refuse to provide the Service or stop providing the Service (or part of it) at any time if:
(a) we are legally obliged to do so;
(b) where we suspect that the Service is being used fraudulently;
(c) where we suspect unauthorised access;
(d) you have committed a serious breach of these Terms;
(e) we reasonably consider that by continuing to provide the Services in accordance with these
Terms we may break any law, regulation, code or other duty that applies to us or which we have agreed to follow; or
(f) we reasonably consider that we may be exposed to action from any government, regulator or law
enforcement agency.
11 Queries and Complaints
11.1 Queries in relation to your Information:
(a) in the event that there is an unexpected entry in your Information or you feel that the
Information is not correct you should contact Your Bank;
(b) in the event that you have a query about the Referring Company’s use of your Information you
should contact the Referring Company.
11.2 How to complain: If you have any complaints in relation to the Services then please contact our customer services team
at customer.relations@transunion.co.uk, or by writing to them at the following address:
Customer
Relations Team
TransUnion
One Park Lane
LEEDS LS3 1EP
You can find our customer complaints policy here.
11.3 Complaint Resolution: We have a complaint handling process, which includes alternative dispute resolution (a process
where an independent body considers the facts of a dispute and seeks to resolve it without you having to go to court). If we have sent you our final response
and you are not happy with how we have handled any complaint, you may want to contact the statutory alternative dispute resolution provider for financial
services in the UK – the Financial Ombudsman Service. The Ombudsman will not charge you for making a complaint and if you are not satisfied with the outcome you
can still bring legal proceedings. The contact details for the Financial Ombudsman Service are:
The Financial Ombudsman Service
Exchange Tower
London
E14 9SR
Tel: 0800 023 4 567 or 0300 123 9 123
E-mail: complaint.info@financial-ombudsman.org.uk
Website: www.fos.org.uk
11.4 Online Dispute Resolution Platform: You may also complain using the European Commission’s Online Dispute Resolution
platform. This is an online facility designed to help consumers to resolve complaints they have, where they have bought goods and services online. This platform
can be accessed via the following link: https://webgate.ec.europa.eu/odr. This platform will not
be available to UK consumers after the UK exits from the European Union.
12 General points to note
12.1 If we fail to insist that you perform any of your obligations, or if we do not enforce our rights against you, or if we
delay in doing so, that will not mean that we have waived our rights against you and will not mean that you do not have to comply with those obligations and we
can still insist on the strict application of these Terms later on.
12.2 If any part of the Terms becomes illegal, invalid or unenforceable in any way, this will not affect the validity of the
remaining Terms in any way.
12.3 You may not transfer any of your rights or obligations under these Terms to another person without our prior written
consent. We can transfer all or some of our rights and obligations under these Terms to another organisation, but this will not affect your rights under these
Terms.
13 Language
The language of these Terms is English and all information provided, made available and notified to you will be in English.
14 Governing law and jurisdiction
These Terms and Conditions are governed by the law of England and Wales and you can bring legal proceedings in respect of the products
in the courts of England and Wales. If you live in Scotland you can bring legal proceedings in respect of the products in either the Scottish or the English
courts. If you live in Northern Ireland you can bring legal proceedings in respect of the products in either the Northern Irish or the English courts.
Important Information
TransUnion International UK Limited is registered in England and Wales with company number 03961870. Registered Office: 1 Park Lane,
Leeds, West Yorkshire, LS3 1EP. TransUnion International UK Limited is part of the TransUnion Information Group (formally, Callcredit Information Group) and is
registered with the Financial Conduct Authority under the Payment Services Regulations 2017 under registration number 805757 for the provision of payment
services. TransUnion International UK Limited is also authorised and regulated by the Financial Conduct Authority as a Credit Reference Agency under
registration number 737740. Authorisation can be checked on the Financial Services Register at www.fca.org.uk.
Please note that other taxes or costs may apply to the Services which are not paid via or imposed by us.
We are covered by the Financial Ombudsman Service (FOS). Please note that only consumers meet the FOS eligibility criteria for this
Service.
TUOBST&C Version 2.1
September 2020
Accessibility
TransUnion Information Group is committed to ensuring our website is accessible to as many visitors as
possible, regardless of physical abilities or software. We have taken the following steps to achieve
this goal:
Standards
- This site is built using HTML and CSS 3.
- The site uses structured semantic markup. For example, table markup is used for data tables, lists
are marked up using lists elements, headers are marked up as headers and so on.
- All links can be followed in any browser, even if scripting is turned off in the visitor's browser.
Images
- Content images on the site use descriptive ALT attributes.
- Purely decorative graphics include null ALT attributes.
Visual Design
- All text is sized using relative sizes to allow it to be resized by users of any browser.
- All main content is structured so as to be readable in any browser, regardless of whether it
supports images, stylesheets, scripting or plugins.
Copyright Notice
The copyright in the design and content of this website are owned by TransUnion Information Group
Limited. © TransUnion Information Group Limited 2019. All rights reserved.
Registered Office Details
TransUnion Information Group Limited is a company registered in England and Wales with company number 04968328. Registered
Office: One Park Lane, Leeds, West Yorkshire, LS3 1EP
TransUnion International UK Limited is a company registered in England and Wales with company number 03961870. Registered
Office: One Park Lane, Leeds, West Yorkshire, LS3 1EP
Callcredit Marketing Limited is a company registered in England and Wales with company number 02733070. Registered Office:
One Park Lane, Leeds, West Yorkshire, LS3 1EP
TransUnion Baltics, UAB is a company registered in Lithuania with company number 302689020. Registered Office: Kaunas City
Municipality, Karaliaus Mindaugo Av. 50. 44334 Kaunas, Lithuania
Callcredit Spain, S.L. Registered office: Paseo de la Castellana, 259C, Planta 16N, 28046 Madrid, Spain
Confirma Sistemas de Información S.L. Registered office: Avenida de la Industria, 18, 28760 Madrid, Spain
Soluciones Confirma Asnef-Signe S.L. Registered office: Avenida de la Industria, 18, 28760 Madrid, Spain
Your Data Rights
Here at TransUnion we handle lots of different kinds of data. Where we hold personal data about you, we want to ensure that you can exercise
your rights over that data as easily as possible. We’ve put this page together to help you do that.
WHAT DATA CAN I EXERCISE MY RIGHTS OVER?
You can exercise your rights in relation to any personal data that we hold about you.
The kinds of personal data that you may be interested in exercising your rights over include:
- consumer credit reference data (such as information on your credit file)
- consumer marketing data (such as your name and address on the open register)
- your employment file if you are a past or present TransUnion employee
- data we hold if you are a business contact at one of our clients, potential clients or suppliers
- data relating to the staff of our clients who use our products and services
- your correspondence with us (such as queries or complaints that you have raised)
If you just want to know what kinds of data we hold and how we use and share it, please refer to our Privacy
Centre.
Sometimes we hold personal data on behalf of other organisations but don’t make decisions about how or why that data will be used. In these
cases, you’ll need to contact the relevant organisation directly if you want to exercise your rights over that data.
WHAT RIGHTS DO I HAVE?
You have the following rights over the personal data that we handle.
Access
You have the right to know what data we hold about you, what we use it for, where we got it from, the kinds of organisations that we share it
with and how long we keep it for.
At TransUnion there are two kinds of access request you can make:
- Limited subject access request – provides you with a copy of your credit file.
- Full subject access request – provides you with any other of your personal data that you specify.
If you’re just interested in seeing what’s on your credit file, you can do this online.
Rectification
If you believe that the data we hold about you is incorrect, inaccurate or needs to be brought up date, you can ask us to correct it.
Special rules apply where you ask us to correct something on your credit file. This is because of some separate legislation known as the
Consumer Credit Act 1974. In these cases:
- The first step is to request a copy of your credit file.
- You can then let us know which entries on your file need to be corrected.
- We will mark the data as being under dispute and will investigate whether or not it’s correct. This will usually involve contacting the
organisation that supplied the information to us.
- When we finish our investigation we will let you know the outcome. We have a 28 day deadline for doing this.
- If you’re not happy with the outcome you have a right to add an explanatory notice of up to 200 words onto your credit file.
Erasure (also known as the right to be forgotten)
This is a right to request that we delete some or all of the personal data that we hold about you.
It’s important to appreciate that this is not an absolute right. It only applies in certain situations and is subject to certain caveats. The
circumstances in which it applies are explained on the Information Commissioner’s website, here.
We usually rely on the “legitimate interests” basis for processing your data. This is where it’s necessary for us to use your data in order
to achieve certain aims that we and other organisations are pursuing, provided that those aims aren’t outweighed by the impact on your rights. In these cases, if
you want us to erase your data you’ll normally need to object to us using it (see below) and give us information about how our use of your data is affecting you.
Then we’ll weigh up the importance of the aims we are pursuing against the effect that we’re having on you. If your rights outweigh the need for us to use the data
then we will erase it; otherwise, we’ll be entitled to keep it.
If you’re asking us to erase your credit file, you need to bear in mind that accurate credit reporting is extremely important to the UK
financial services industry and the wider economy. That means that it’s relatively rare that we will find that a person’s rights and interests override those aims.
You should also bear in mind that if you are successful in having your credit history erased, this could well make it harder for you to
obtain credit in the future.
Please note that we are entitled to keep a copy of data for certain specified purposes, such as enforcing or defending legal claims.
Restriction
In some circumstances you can ask us to put restrictions on the ways in which we use and share your personal data.
This only applies in limited circumstances, such as where you’re disputing the accuracy of the data. And it normally only lasts for a limited
amount of time, such as however long it takes for us to verify the accuracy of the data.
When data is restricted we can only use it in ways that you agree we can, or for the purposes of legal claims, in order to protect the rights
of another person or for reasons of important public interest.
If you dispute the accuracy of something on your credit file, we’ll mark it as under dispute but will normally still share it with other
organisations (with the dispute marker attached). It’s important that we do this because otherwise individuals could (for example) hide adverse information such as
loan defaults, CCJs and bankruptcies from their credit files. Continuing to share disputed data is our way of protecting the rights of:
- lenders (who need to be able to make appropriate lending decisions), and
- other consumers (who would have to bear the increased borrowing costs that would otherwise result).
Portability
This is a right to have personal data supplied to you in a machine-readable format so that you can more easily re-use it in other services.
This right only applies to TransUnion in very limited circumstances. Please ask us if you need your data supplied in this way.
Withdrawal of consent / objection
Where we’re relying on your consent in order to use your personal data you have an absolute right to withdraw that consent at any time. This
will mean that we’ll need to stop using your data unless we have some other legitimate basis for continuing to use it.
In most other situations, you can object to us using your personal data; this will mean that we need to assess whether we have compelling
reasons to continue using it despite your objection.
You also have a right to object to us using your data for direct marketing purposes. If you do this we’ll stop using your data for those
purposes as soon as possible.
ARE THERE ANY EXCEPTIONS FROM THESE RIGHTS?
Yes.
Some of the rights are inherently limited in scope. For example, the erasure and restriction rights only apply in specific circumstances and
are subject to some exceptions – please see what we say above about these.
There are also some more general exemptions. For example, if you make a subject access request we’re generally not required to provide you
with information about other people. This means that you’ll often see other people’s names and job titles redacted from the material we send you. We’re also allowed
to withhold information that is protected by legal privilege (such as our internal legal advice), which may happen if we are in a dispute with you.
We are also not required to provide you with information which would reveal our trade secrets, such as details of how our algorithms work.
For example, we will not provide specific details about how we calculate credit scores, although we can provide you with general information about factors that will
often affect your credit score.
HOW DO I EXERCISE THESE RIGHTS?
If you just want to see your credit report, you can do
this online.
For any other requests about your personal data, please contact our Consumer Services Team.
HOW LONG WILL IT TAKE?
Normally we should be able to get back to you with the outcome of your request within one month. If we aren’t able to do that then we’ll
explain why.
Requests to correct information on your credit file have a shorter timescale of 28 days.
TransUnion UK - Modern Slavery & Human Trafficking Statement
This statement is made pursuant to Section 54 of the UK Modern Slavery Act 2015 (“the Act”) and sets out the steps TransUnion Information
Group Limited (“TransUnion UK”) has taken to ensure that slavery, human trafficking and child labour is not taking place in our supply chains or in any part of our
business. This statement is made on behalf of the following group companies:
- Crown Acquisition Topco Limited;
- Crown Acquisition Midco Limited;
- Crown Acquisition Midco 2 Limited;
- Crown Acquisition Bidco Limited;
- Crown Acquisition Consumer Limited;
- TransUnion Information Group Limited;
- Callcredit Lead Generation Limited;
- DecisionMetrics Limited;
- TransUnion International UK Limited;
- Callcredit Marketing Limited;
- Callcredit Data Solutions Limited;
- Smart Analytics Limited;
- Callcredit Public Sector Limited;
- Coactiva Limited.
Our Business
At TransUnion UK, our business is to help our customers make smart and responsible decisions by providing innovative software, data and information to clients and consumers. We assist people to understand their credit status and to protect themselves against fraudulent activity.
TransUnion UK operates out of its Head Office in Leeds, other UK based offices, and around the world with interests in the EU and the USA. The Group directly employs around 950 people across these locations, the vast majority of which are in the UK. The Group is owned by TransUnion, a US listed company .
Our Policies
Throughout our organisation, and in our supply chain, TransUnion UK will not tolerate any form of slavery or people trafficking. TransUnion
UK therefore operates policies which reflect its commitment to acting ethically and with integrity, implementing procedures to ensure slavery, human trafficking and
child labour is not taking place anywhere within our own operations or supply chain.
The following policies reinforce our commitment.
- Our Anti -Trafficking and Slavery policy app lies to TransUnion UK and our supply chain relationships. Fundamentally this policy compels TransUnion UK to ensure modern slavery, human trafficking and child labour does not occur in our own operations; and to ensure our suppliers meet the minimum requirements TransUnion UK believes should be demonstrated by them in accordance with the Act. This policy is supported by an Anti-Trafficking and Slavery Procedure document that directs our people in how to enact and support a number of key principles which underpin TransUnion UK's compliance with the Act.
- Our Supplier Code of Conduct applies to TransUnion UK's supply chain and requires that our suppliers adhere to our principles and that they encourage and work with their own suppliers to recognise these principles.
- Our Pay policy: We pay all employees at least the Livin g Wage Foundation rate.
- Our Equal Opportunities and Dignity at Work policy commits TransUnion UK to creating a work environment where everyone is treated with dignity and respect. We adopt a zero-tolerance approach to any acts of discrimination, harassment, bullying or victimisation. Any conduct of this type is likely to be considered gross misconduct leading to dismissal.
- Our Whistleblowing Policy under which employees and any person who undertakes to do or perform personally (or otherwise) any work or service for TransUnion UK, regardless of the nature of the contractual relationship between them, can report any and all concerns in confidence and without prejudice.
Our Supply Chain Standards
TransUnion UK operates a continuous improvement approach to our policies, procedures and vigilance to ensure that there is no modern slavery
or human trafficking exposure in our supply chain, and it is important that our suppliers represent TransUnion UK with equal integrity towards their own customers,
employees and stakeholders.
Our actions to safeguard against human rights abuses in our supply chain include:
- Contractual Terms and Conditions: Under our Procurement and Supplier Management Policy we undertake appropriate due diligence checks, and through applicable terms and conditions in written contracts we obligate our suppliers to maintain the same standards of business conduct as ourselves.
- Assessment of risk within our supply base: The inherent likelihood of modern slavery and human trafficking occurring in our supply chain is considered remote, with a majority of third-party expenditure falling on IT services and equipment, data acquisition, professional services and facilities management. TransUnion UK therefore takes a risk-based approach to reviewing its supply chain arrangements in accordance with the Act. Risk in relation to the Act is considered in terms of the procured products or services, whether the industry or sector has a high prevalence of modern slavery or other labour rights violations and the visibility and accessibility of the supplier's workforce.
- Reviews of contracted suppliers: We take a risk-based approach to the assessment of our suppliers and engage with them to communicate our expectations and carry out due diligence. For example, a supplier may be expected to:
- Agree to comply with TransUnion UK's Supplier Code of Conduct
- Have a policy on modern slavery that cover's the supplier's operations and also any applicable subcontractors
- Sign a declaration or contract committing to enforce a policy on modern slavery
- Have governance procedures to ensure compliance
- Complete a due diligence questionnaire and provide evidence of supporting documentation and processes
Where any supplier falls short of our expectations remedial actions will be taken. In high risk cases, this could result in the termination
of the relationship.
Internal Training and Capability
We expect all employees to be treated fairly, with respect and dignity. All employees are recruited legally and must meet the minimum legal requirements for working in the UK, as well as relevant background checks. Our code of conduct, which applies to all workers (which includes employees, contractors and agency workers) makes clear the actions and behaviour expected when representing the organisation. TransUnion UK strives to maintain the highest standards of employee conduct and ethical behaviour when operating abroad and managing its supply chain. Inappropriate conduct may be considered gross misconduct and could lead to dismissal.
Employees within the Group Procurement team are trained annually in ethical procurement and supply to ensure they possess the skills and knowledge necessary to understand the risks of corruption, fraud, bribery and human rights issues when selecting and managing suppliers, and how to spot the signs and eradicate concerns from the supply chain.
We also run mandatory annual refresh training on the theme of risk and compliance, which includes specific reference to the obligations of each employee under the Act.
In addition, we host all our policies on our intranet for broad availability and accessibility across the entire TransUnion UK business, both inside and outside the UK. All Associates are expected to be familiar with these policies so that they understand their obligations.
From time to time we may also distribute relevant messages to our Associates to reinforce our approach.
The Year in Summary
TransUnion UK’s Operations:
We have continued to apply all relevant background checks and fulfil our legal obligations when recruiting new Associates and are comfortable that there have been no discrepancies that would indicate consequence in terms of the Act.
TransUnion UK’s Supply Chain:
Through our risk-based approach of assessing new and incumbent suppliers, TransUnion UK continues to experience a remote likelihood of
exploitation in our supply chain. TransUnion UK is therefore able to state that within our last financial year there were no requirements to terminate business with
any suppliers on the grounds of contravention of the Act.
In 2018, we completed a programme of work to enhance our Ethical Code for suppliers and have implemented a new Supplier Code of Conduct which
is published on the TransUnion UK website and is publicly accessible.
This statement constitutes the TransUnion UK modern slavery and human trafficking statement for the latest financial year ending 31 December
annually.
The Board of Directors of TransUnion International UK Limited, on behalf of all the companies in the TransUnion UK group, approved this policy on 3 February 2020 and delegated signature of this policy to the Chief Risk Officer & General Counsel (Board member).
Download TransUnion's Modern Slavery & Human Trafficking Statement 2020
Download TransUnion's Modern Slavery & Human Trafficking Statement 2019
Download TransUnion's Modern Slavery & Human Trafficking Statement 2018
Download TransUnion's Modern Slavery & Human Trafficking Statement 2017