General Privacy Policy

TRANSUNION GENERAL PRIVACY NOTICE

Version: 1.2
Date adopted: 12th April 2019

This document provides a high-level overview about how we use and share personal data across TransUnion Information Group (TU UK). More detailed information can be found at the TransUnion Privacy Centre or in other privacy information you may have been given. This notice covers the following topics:

1. Who we are and how you can contact us

2. What we use personal data for

3. What our legal grounds for handling personal data are

4. Who we share the personal data with

5. Where the personal data is stored and sent

6. How long the personal data is kept for

7. Whether the personal data is used to make automated decisions or to profile people

8. Your rights in relation to the personal data we hold about you

9. Who you can complain to if you are unhappy about the use of your personal data

You have the right to object and withdraw your consent to our use of your personal data. Please see section 8 to find out more.


1. WHO WE ARE AND HOW YOU CAN CONTACT US

We are TU UK, which is a group of companies with headquarters at One Park Lane, Leeds, West Yorkshire LS3 1EP. The members of TU UK are listed in section 4 below.

TU UK forms part of a larger group of companies. However, this General Policy only covers the activities of TU UK.

Different companies in TU UK have different roles and responsibilities for different sets of personal data. Where a member of the TU UK acts as a controller of personal data it is responsible for ensuring that the data is used fairly and lawfully.

You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:

Post: Customer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP

Email: consumer@transunion.co.uk

Telephone: 0330 024 7574

2. WHAT KINDS OF PERSONAL DATA WE USE, WHAT WE USE IT FOR, AND WHERE WE GET IT FROM

This section explains how and why we use personal data, and where we get it from.

Products and services

Many of our products and services rely on personal data. For example:

Data evaluations

We use and share data for evaluation purposes. This includes assessing its suitability for a particular purpose and, for example, deciding whether or not it would be useful to us as part of a product or service. Sometimes it may be necessary to share data with a third party in order for them to be able to match it to data that they hold and return additional data to us.

When we evaluate data, we apply a range of safeguards to protect the interests of consumers. For example, we anonymise or pseudonymise the data where possible, we ensure it is protected with appropriate security measures, and we limit the quantities of data and the period for which it is used and retained.

Operating our business

We use personal data as part of our own internal operations. For example:

3. WHAT OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA ARE

This section explains the legal basis on which we process personal data.

Legitimate interests

The UK’s data protection law allows the use of personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on the relevant individuals. The law calls this the “legitimate interests” condition for processing personal data.

Most of our processing activities are based on the legitimate interests condition. This includes almost all of our credit referencing and data marketing services. For more details about the legitimate interests we are pursuing, please refer to the relevant privacy notices (see links above).

Consent

We sometimes rely on consent from the relevant individuals in order to process their personal data, but this is relatively rare. It is used as the basis for sending marketing materials to consumers by email, telephone, SMS or similar methods, for example.

Performance of our contract with the relevant individual

When a person signs up to one of our websites, we agree to provide them with products and services as set out in the Terms & Conditions for the relevant website. We need to use some of their personal data in order to be able to provide them with those products and services.

We also use this basis for processing some of our staff data.

4. WHO WE SHARE THE PERSONAL DATA WITH

Our group companies

We may share personal data among the members of TU UK companies where appropriate. A list of TU UK companies is set out below, although the list may be updated from time to time.

Group company

Main trading address

Registered office

TransUnion Information Group Limited

(company no. 4968328)

One Park Lane, Leeds, West Yorkshire LS3 1EP

TransUnion International UK Limited

(company no. 3961870)

Callcredit Marketing Limited

(company no. 2733070)

Callcredit Data Solutions Limited

(company no. 5749125)

Callcredit Lead Generation Limited

(company no. 5373447)

DecisionMetrics Limited

(company no. 5202547)

Recipero Limited

(company no. 3794898)

Callcredit Public Sector Limited

(company no. 4152031)

3rd Floor, Red Lion Buildings, 12 Cock Lane Smithfield, London EC1A 9BU

Callcredit Spain, S.L.

(tax ID number B87839510)

Paseo de la Castellana, 259C, 16th floor, 28046 Madrid, Spain

Confirma Sistemas de Información, S.L.

(tax ID number B86303757)

Av. de la Industria, 18, 28760 Tres Cantos, Madrid, Spain

Soluciones Confirma ASNEF-SIGNE, S.L.

(tax ID number B86016649)

Aspireview, Inc

(company no. 5953359)

The Corporation Trust Center, 1209 Orange Street, Wilmington, Delaware 19801, USA

Recipero, Inc

(company no. 5542430)

720 S. Colorado Boulevard, Penthouse North, Denver, Colorado 80246, USA

TransUnion Baltics, UAB

(company no. 302689020)

4th Floor, Zalgirio Arena, Karaliaus, Mindaugo pr. 50, Kaunas LT- 44333, Lithuania

Vilniaus m. sav . Vilniaus m. J. Jasinskio g. 16B, LT-01112, Lithuania

Service providers

We may provide personal data to third parties who help us use it for the purposes described in section 2. For example:

These service providers are generally not allowed to use information for their own purposes or on behalf of other organisations.

Business transfers

If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.

Regulators

We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.

5. WHERE THE PERSONAL DATA IS STORED AND SENT

Within Europe

We are based in the United Kingdom, and will access and use personal data from here. However, we also have operations elsewhere in the European Union – currently the Netherlands, Lithuania and Spain – and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.

Elsewhere

We also send information elsewhere in the world. For example:

While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:

6. HOW LONG THE PERSONAL DATA IS KEPT FOR

We keep personal data only for as long as is necessary for the purposes for which it is held. You will need to contact us (see section 1) or refer to the privacy notices for our specific activities in order to find out exactly how long the data is kept for.

7. WHETHER THE PERSONAL DATA IS USED TO MAKE AUTOMATED DECISIONS OR TO PROFILE PEOPLE

We perform various profiling activities using personal data. When we refer to profiling, we mean using personal data to make predictions about people, or to categorise them into particular groups.

For example:

We generally do not use personal data or profiling to make automated decisions that have significant effects for individuals, but some of our clients may do so. For example, clients who receive credit scores from us may use those scores to help them decide whether or not to grant credit to a particular person.

8. YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU

You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.

9. WHO YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA

We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us using these details:

Post: Customer Relations Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP

Email: customer.relations@transunion.co.uk

Telephone: 0330 024 7574

You can also contact our Data Protection Officer at dpo@callcreditgroup.com

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.