Marketing Services Privacy Notice

Version: 1.3
Date adopted: 6th September 2019

This privacy notice provides information about how we use and share personal data relating to consumers for our clients’ marketing purposes.

In Brief

At TransUnion we provide data and services to our clients for marketing purposes. This includes: Providing contact details for postal direct marketing. Providing postcode and property data to help our clients target their marketing. Removing consumers from marketing who have moved away or registered with a suppression service, and removing details of deceased individuals. Removing consumers from marketing where they may not be eligible for the products being advertised. Performing analysis to help our clients understand their customers and make marketing decisions.

This privacy notice covers the following topics:

1. Who are we and how can you contact us?
2. What do we use personal data for?
3. What kinds of personal data do we use, and where do we get it from?
4. How long is the personal data kept for?
5. What is our legal basis for handling personal data?
6. Who do we share the personal data with?
7. Where is the personal data stored and sent?
8. Is the personal data used to make decisions about you or to profile you?
9. What are your rights in relation to the personal data we hold about you?
10. Who can you complain to if you are unhappy about the use of your personal data?
    
    

1. WHO ARE WE AND HOW CAN YOU CONTACT US?

About us

We are Callcredit Marketing Limited, which is a company registered in England and Wales with company number 02733070. Our trading address and registered office is at One Park Lane, Leeds, West Yorkshire LS3 1EP.

We are part of TransUnion Information Group (TU UK), which has its headquarters at the above address. Some of the members of TU UK are listed in section 5 below. TU UK forms part of a larger group of companies but this privacy notice only covers the activities of TU UK.

We are a controller of the personal data covered by this privacy notice. This means that we are responsible for ensuring that the personal data is used fairly and lawfully.

Joint controllers

We sometimes act jointly with one or more of the other TU UK companies when making decisions about your personal data. In particular, we make joint decisions when we and another TU UK company are sharing personal data with each other.

Our members of staff work across TU UK group companies so, where our group companies make decisions jointly, those members of staff will ensure that each company involved complies with data protection rules. You can contact our Consumer Services Team if you want to enquire about any of our group companies or exercise any of your rights in respect of your personal data.

Contact details

You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:

Post: Consumer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP

Email: consumer@transunion.co.uk

Telephone: 0330 024 7574

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

2. WHAT DO WE USE PERSONAL DATA FOR?

This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we use for these purposes can be found in section 3 below.

Direct marketing

We use and supply personal data for direct marketing purposes. This means that the data is used to help provide you with information about goods and services which may be of interest to you.

This includes activities such as:

• Sending marketing messages: We provide names and addresses to clients in order to allow those clients to send marketing messages to you by post. In some cases the marketing will be sent addressed to you by name, while in other cases it will just be addressed to “the occupier”.
• Targeting: Our clients use personal data that we provide to help target their marketing materials at particular groups of their existing customers or potential new customers. This means that you are more likely to receive more relevant advertising about goods and services that are of interest to you. It also helps businesses to decide which products and services to offer to which kinds of people.

Example: targeting

A company which installs conservatories could use the data we provide to send postal marketing to people who live in houses rather than flats.

In some cases our clients will need your consent in order to perform these marketing activities. That issue will be explained to you in the privacy notice given to you by our client.

In detail: combining data for targeting

Our clients often combine the data that we provide with data that they already hold about you. If our clients hold other contact details, such as your postal addresses, email addresses or telephone numbers, they might contact you through those methods for marketing purposes after having decided to do so based on data received from us. For online advertising, our clients may combine aggregated information about you, your property or the area you live in with information about your devices (or cookies placed on your devices) to improve the relevance of advertising material on websites you visit.

• Marketing analysis: We and our clients use personal data to help understand our clients’ customers. This is useful because, for example, it allows our clients to target advertising towards other, similar, people who are likely to be interested in their products and services. The analysis can also do things like helping shape the content of marketing campaigns and deciding where to focus those marketing campaigns. The results of any marketing campaigns can also be analysed for similar purposes.

Screening

We and our clients can use personal data to help screen you out of certain marketing campaigns. This helps to avoid unnecessary or upsetting marketing activity and means that you are less likely to receive marketing which is not suitable or relevant to you.

Examples: screening

You can be removed from a marketing campaign where: your credit history suggests that you are not likely to be accepted for or able to afford the products being advertised the data we hold suggests that you have moved out of your address you have registered with the Mailing Preference Service (MPS) We also remove details of deceased individuals to help avoid causing distress to their family.

Our screening activity makes use of data collected from different sources, which we combine to produce a “best view” of your information. For example, we may obtain your title from one source, your first initial and surname from another source and your middle name from another source – these can be combined to provide a fuller set of information about you.

Statistical analysis: commercial analysis

Information about customers can be used to help organisations find out what sort of people buy their goods and services. This can help them make decisions such as whether they need to change their advertising strategy. By analysing information about individuals, we can help provide this sort of insight to our clients.

Where possible, information which is used for this purpose is aggregated and anonymised so that it cannot be used to identify particular individuals. Information about properties or postcodes is also used for this purpose.

Statistical analysis: non-commercial analysis

In addition to the analysis of personal data for commercial reasons (see above), some of our clients require personal data for non-commercial analysis and research.

Examples: non-commercial analysis

Clients in the public sector may need to use aggregated or property data in order to decide where best to focus their services. For example, if particular areas are suffering from high levels of social deprivation, a local authority or NHS trust might use data to identify those areas in order to provide additional social or public health support to the residents. Universities or other academic institutions may use personal data to support research studies.

Again, where possible, information which is used for this purpose is aggregated and anonymised so that it cannot be used to identify particular individuals. Information about properties or postcodes is also used for this purpose.

Product or systems development and testing

We sometimes use personal data while improving, developing, monitoring, maintaining and testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise, pseudonymise or aggregate the data before doing this.

Consumer queries; legal and regulatory purposes

If you contact us we will normally need to use your personal data to help us deal with your enquiry. We may also sometimes need to use your personal data for legal and regulatory purposes.

Examples: legal and regulatory purposes

If you object to us processing your personal data for direct marketing purposes we will add your name to our suppression list in order to remove you from future direct marketing activities. If you make a complaint about us to our regulators, they will normally ask us to investigate your case. This will involve accessing your personal data in the course of that investigation. Similarly, if you start court proceedings against us, we will normally need to review how we have used your personal data in order to defend ourselves against your claim.

3. WHAT KINDS OF PERSONAL DATA DO WE USE AND WHERE DO WE GET IT FROM?

We obtain and use information from various different sources. These are summarised in the following table.

Type of information	Description	Source
Contact details	We hold names and postal addresses that can be used for contacting people.   We do not hold or share email addresses or telephone numbers for the purposes described in this privacy notice.	We obtain postal addresses from the open version of the electoral register, which we get from local authorities across the UK and the Isle of Man.
Property data	We hold information about properties in the UK, such as what type of property it is, whether it is freehold or leasehold, whether it is on the market, what its likely value is, and what its council tax band is.	We obtain this information from our data supplier Information Works Limited.
Trigger events	We hold property level information that can be useful in deciding when to send particular kinds of marketing to people living at a property. This might include, for example, their likely home insurance renewal date, or an indication of whether they have put their home on the market.	We obtain this information from our data supplier When Fresh Limited.
Industry screening data	We hold information that can be used to screen records out of databases so that they are not used in marketing campaigns. This includes the Mail Preference Service file and records of people who are believed to have died or moved away.	We obtain this data from data suppliers such as The Mailing Preference Service Limited, which is a subsidiary of the Data and Marketing Association Limited (the DMA). Deceased data is obtained from REaD Group Limited, Wilmington Millennium, and The Ark (CM) Limited. Information about people who have moved is obtained from Royal Mail’s National Change of Address service and is also generated by our group company TransUnion International UK Limited.
Credit screening data	Scores are generated to help determine whether or not a person is likely to qualify for a credit product and, if not, to exclude them from marketing about that product.   The score is created from data held by our group company TransUnion International UK Limited, which collects various kinds of financial data in its capacity as a credit reference agency. This includes credit and utility repayments, and any judgments and insolvencies.   This information is not used to identify individuals who are more likely to qualify for or to be interested in the relevant products; it is only used to remove individuals where the marketing would not be appropriate for them.	We obtain the scores and address links from our group company TransUnion International UK Limited. Please refer to the Credit Reference Agency Information Notice for more details about where the data that is used to calculate those scores comes from.
Address Links	When our group company TransUnion International UK Limited detects that an individual seems to have moved house, it creates and stores a link between the old and the new address. We use these links to help identify addresses at which people no longer live, so that they can be removed from our clients’ postal marketing campaigns.
Other characteristics, categorisations and scores	We produce categorisations and inferred data about geographic areas, such as profiles of the typical resident of particular postcodes.	These characteristics are inferred by us through analysis and profiling techniques, which typically involves combining the data from our various suppliers (referred to above) with other information such as census statistics. Please see section 7 for more details.
Client input data	Our clients often provide us with information about their existing or potential customers for us to analyse or add more information onto. We do not use this data for our own purposes.	This data is provided to us by our clients for specific jobs.

 

4. HOW LONG IS THE PERSONAL DATA KEPT FOR?

Type of information	Retention period
Contact details	Contact data obtained from the open version of the electoral register is retained while you remain on the open register plus an additional two months.
Property data	We obtain an updated version of the property data every six months and remove any previous versions of it after two years.
Trigger events	Data relating to whether a home has recently been put on the market is retained for two years.
Industry screening data	Personal data used for suppression purposes (such as name, address history, date of birth and whether you are registered with the MPS) is retained indefinitely. This is because these suppressions may need to be applied at any point in the future.
Credit screening data	We retain the credit marketing scores that we obtain from TransUnion International UK Limited for 12 months from when they are created.   TransUnion International UK Limited typically retains credit and utility repayment, judgments and insolvencies data on your credit file for six years. Please refer to the Credit Reference Agency Information Notice for more details.
Address Links	We retain these links indefinitely because they may need to be applied at any point in the future.
Other characteristics, categorisations and scores	We retain this data for as long as we still believe it to be accurate. It relates to areas rather than to people.
Client input data	We retain copies of client input data for up to six years.

In some cases we may need to keep information indefinitely. For example, if you object to us using your data for marketing purposes (see section 9) we will need to keep some limited information about you such as your name, address and date of birth so that we can remove or suppress your record from any data that we may receive in the future.

5. WHAT IS OUR LEGAL BASIS FOR HANDLING PERSONAL DATA?

This section explains the legal basis on which we process your personal data.

Legitimate interests

The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.

The legitimate interests we are pursuing are:

Interest	Explanation
Direct marketing	Our clients have an interest in promoting their products and services to consumers, including their existing customers.
Improving the accuracy of marketing materials	We help to improve the accuracy and relevance of marketing communications. This reduces the amount of unwanted marketing that people receive and helps to avoid waste.
Business planning	Our clients have an interest in using information about consumers to help them grow. For example, they may wish to understand what type of products to develop, where to advertise, or the style of advertisement to use.
Research	Some of the ways in which our clients use personal data are justified by public benefit rather than commercial considerations. For example, data may be used in research projects which will contribute to the advancement of science or the delivery of public services.
Monitoring and securing our systems and data	Some of the ways we use personal data are justified by the need to ensure that our systems are kept secure.
Complying with legal and regulatory requirements	We have an interest in complying with legal and regulatory requirements to which we are subject, thereby avoiding sanctions and reputational damage.
Commercial interests	Like any commercial organisation, we seek to earn revenue through the services that we provide to our customers and clients.

6. WHO DO WE SHARE THE PERSONAL DATA WITH?

Our clients and resale partners

We share personal data with our clients for the purposes described in section 2 above. Our clients will each have their own privacy notices which will provide more information about how they (specifically) use the data we supply.

Our clients typically operate in the following sectors:

• financial services (including banks, loans, credit cards, mortgages, pensions, and investments and savings providers)
• insurance
• gaming / gambling
• retail (including online retailers)
• telecoms and utilities
• marketing agencies acting for other organisations

In some cases our clients may appoint an intermediary to act on their behalf; these intermediaries will often receive the data too.

We also appoint data resale partners who will distribute our address screening data and personal contact data to their clients in a similar manner to the ways we do. Our current resale partner is The REaD Group Limited. Please see their privacy notice for more detail about their activities.

We do not provide data for use in relation to road traffic accident or personal injury claims, medical or clinical negligence claims, PPI compensation claims, pornography or political campaigning.

Our group companies

We may share your personal data among the members of TU UK. If we do so, then use of the data by those companies will be governed by this privacy notice. A list of relevant TU UK companies is set out below, although the list may be updated from time to time.

Group company	Main trading address and registered office
TransUnion Information Group Limited (company no. 4968328)	One Park Lane, Leeds, West Yorkshire LS3 1EP
TransUnion International UK Limited (company no. 3961870)
Callcredit Marketing Limited (company no. 2733070)
TransUnion Baltics, UAB (company no. 302689020)	Karaliaus Mindaugo pr. 50, Kaunas LT- 44334, Lithuania

Service providers

We and our clients may provide your information to third parties who help us use it for the purposes described in section 2.

These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.

Business transfers

If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.

Regulators

We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.

Sharing of anonymised data with third parties

We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.

7. WHERE IS THE PERSONAL DATA STORED AND SENT?

Within Europe

We are based in the United Kingdom and will access and use your information from here. However, we also have operations elsewhere in the European Union – currently Lithuania and Spain – and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.

Elsewhere

We also send information elsewhere in the world. For example:

• When one of our overseas group companies or branch offices based overseas needs to use the information in accordance with this notice. Currently, these overseas offices are in the United States.
• Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that database for purposes such as technical support or system development and testing.

While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:

• Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
• Sending the information to an organisation which is a member of a scheme that has been approved by the authorities as providing a suitable level of protection. One example is the “Privacy Shield” scheme that has been agreed between the European and US authorities.

If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.

8. IS THE PERSONAL DATA USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU?

We perform the following automated decision-making and profiling activities using your personal data. When we refer to profiling, we mean using personal data to make predictions about you, or to categorise you into particular groups.

Individual-level profiling

We and our clients use personal data in order to predict or infer new information about you, in particular:

• Our group company TransUnion International UK Limited uses the data that it gathers as a credit reference agency (such as credit and utility repayment history, judgments, insolvencies and the open version of the electoral register) to generate a score that can be used to assess whether you are likely to qualify for a particular credit product. This score is then used by us to help remove you from advertising campaigns for products that are inappropriate for you.

• Postcode and property data may be used to help predict your likely preferences and lifestyle to aid marketing decisions. This may result in you receiving more relevant marketing from our clients who already hold your contact details.

Examples: profiling

A bank wants to send postal marketing to some of its customers who may be interested in their new premium credit card. We hold information about the typical residents of each postcode and the type of each property, and can add that information to the bank’s customer list. The bank can then identify which customers are most likely to be interested in the new card, which allows it to target its advertising towards those customers. A high street retailer is deciding where to target its advertising. It provides us with its customer list. We add information about the postcodes and properties where those customers live, and analyse it to find out what kind of people shop at the retailer’s stores. We then look at where similar kinds of people live. This helps the retailer decide where to target its local advertising.

Aggregated profiling

We and our clients also use personal data to predict or infer information about the areas that people live in. This includes information such as the lifestyle, age or wealth of the typical residents of those areas. Again, this information is used for the purposes described in section 2 above<.

Decision-making

The activities covered by this privacy notice do not include any automated decision-making by us that has legal or similarly significant effects on you. Some of our clients could use the data for such decision-making; in these cases you will need to refer to their privacy notice for information about that activity.

9. WHAT ARE YOUR RIGHTS IN RELATION TO THE PERSONAL DATA THAT WE HOLD ABOUT YOU?

You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please email us at consumer@transunion.co.uk, telephone us on 0330 024 7574, or refer to the other contact details in section 1.

• Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it.
• Objection to direct marketing: You have the right to object to us using your personal data for direct marketing purposes, including any profiling or similar activities which are performed as a precursor to direct marketing. If you do this we will stop using it for those purposes.

In addition:

• Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
• Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your personal data (see section 4 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
• Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it. For example, if you object to us using your data for direct marketing purposes we will need to keep a record of that objection so that we do not subsequently begin direct marketing activities in relation to you if we receive your data again.
• Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
• Portability: In some circumstances you have the right to receive some limited kinds of information in a portable format. However, this does not apply to the data to which this privacy notice applies.
• Withdrawal of consent: We do not rely on your consent in order to perform the activities described in this privacy notice, so this right does not apply.

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

10. WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA?

We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us using these details:

Post: Customer Relations Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP

Email: customer.relations@transunion.co.uk

Telephone: 0330 024 7574

You can also contact our Data Protection Officer at dpo@transunion.co.uk.

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.