Marketing Services Privacy Notice

Version: 1.2
Date adopted: 12th April 2019

This document provides information about how we use and share personal data relating to consumers for our clients’ marketing purposes. It covers the following topics:

1. Who we are and how you can contact us
2. What we use personal data for
3. What kinds of personal data we use, and where we get it from
4. What our legal grounds for handling personal data are
5. Who we share the personal data with
6. Where the personal data is stored and sent
7. How long the personal data is kept for
8. Whether the personal data is used to make decisions about you or to profile you
9. Your rights in relation to the personal data we hold about you
10. Who you can complain to if you are unhappy about the use of your personal data

You have the right to object to our use of your personal data. Please see section 9 to find out more.

1. WHO WE ARE AND HOW YOU CAN CONTACT US

We are Callcredit Marketing Limited, which is registered in England and Wales with company number 02733070. Our trading address and registered office is at One Park Lane, Leeds, West Yorkshire LS3 1EP.

We are part of TransUnion Information Group (TU UK), which has its headquarters at the above address. Some of the members of TU UK are listed in section 5 below.

TU UK forms part of a larger group of companies. However, this privacy notice only covers the activities of TU UK.

We are a controller of the personal data covered by this privacy notice. This means that we are responsible for ensuring that the personal data is used fairly and lawfully.

You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:

Post: Consumer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP

Email: consumer@transunion.co.uk

Telephone: 0330 024 7574

2. WHAT WE USE PERSONAL DATA FOR

This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.

Marketing

We use and supply personal data for marketing purposes. This means that the data is used to help provide you with information about goods and services which may be of interest to you.

This includes activities such as:

• Sending marketing messages: We may provide personal data to clients in order to allow those clients to send marketing messages to you. Sometimes, we might send out the marketing materials on behalf of our clients. Messages might be sent by post, by adverts on websites, or through online services such as social media, depending on what type of data is held.

If our clients hold other contact details about you, such as email addresses or telephone numbers, they might contact you through those methods for marketing purposes. In some cases our clients will need your consent in order to do this. These issues will be explained to you in the privacy notice given to you by our client.

• Targeting: We and our clients use the personal data to help target marketing materials at particular types of individuals. This means that you are more likely to receive relevant advertising about goods and services that are of interest to you.

• Screening: Similarly, we and our clients use personal data to help screen people out of certain marketing campaigns. For example, where the data suggest that a person has moved out of their address, they can be removed from the campaign. And where a person’s financial history suggests that they are not likely to be accepted for or be able to afford a particular product, our client can use that information to decide not to send them information about that product. This helps to avoid you receiving marketing which is not relevant to you, and it saves organisations the costs of inappropriate marketing and unsuccessful applications.

• Marketing analysis: We and our clients use personal data to help understand our clients’ customers. This is useful because, for example, it allows us to target advertising towards other, similar, people who are likely to be interested in our clients’ products and services. The analysis can also do things like helping shape the content of marketing campaigns and deciding where to focus those marketing campaigns. The results of any marketing campaigns can also be analysed for similar purposes.

Relationship management

We supply information to our clients for relationship management purposes. Relationship management is the ongoing maintenance of the organisation’s relationship with its customers. This could include activities such as:

• Contacting you with important information about your account or about products and services that you have bought (for example, as part of a product recall).

• Identifying and managing customers who are at risk of being unable to pay what they owe.

• Deciding which products and services to offer to which kinds of customers.

Analysis and retail strategy

Information about customers can be used to help organisations find out what sort of people buy their goods and services. This can help them make decisions such as where to open their next retail outlet, or whether they need to change their advertising strategy. By analysing information about individuals, we are able to help provide this sort of insight to our clients.

Where possible, information used for this purpose is aggregated and anonymised so that it cannot be used to identify particular individuals.

Non-commercial analysis

In addition to the analysis of personal data for commercial reasons (see above), some of our clients require personal data for non-commercial analysis and research. For example:

• Clients in the public sector may need to use personal data in order to decide where best to focus their services. If particular areas are suffering from high levels of social deprivation, for example, a local authority or NHS trust might use data to enable it to identify those areas in order to provide additional social or public health support to the residents of that area.

• Universities or other academic institutions may use personal data to support research studies.

Product or systems development and testing

We may sometimes use personal data while improving, developing or testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise, pseudonymise or aggregate the data before doing this.

Legal and regulatory purposes

We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data.

Combining data

The information we obtain from any particular source may be combined with other information about you that is obtained from other sources, and the combined data may be used in accordance with this privacy notice. For example:

• Where we receive partial information about you from different sources, we may combine that information to produce a “best view” of your information. For example, we may obtain your title from one source, your first initial and surname from another source and your middle name from another source – these can be combined to provide a fuller set of information about you.

• Our clients may combine the data that we supply to them with data that they already hold about you so that they can get a more complete picture of you for the purposes described above.

• The information you give us may be compared with data available elsewhere to verify your identity or validate the information you have provided (for example in the context of anti-fraud measures).

• Anonymised information about you may be combined with information about your devices (or cookies placed on your devices) to improve the quality and relevance of advertising material on websites you visit.

3. WHAT KINDS OF PERSONAL DATA WE USE, AND WHERE WE GET IT FROM

We obtain and use information from various different sources. These are summarised in the following table.

Type of information	Description	Source
Identifiers	We hold information which can be used to identify people, such as their name, date of birth, current address and previous addresses. Where different versions of this information are collected from different sources (for example, because a person’s name is spelled differently in different places), we may create a “best” version of this information for reference purposes, depending on what we think are the most authoritative sources.	We obtain names and addresses from the open version of the electoral register, which we get from local authorities across the UK and the Isle of Man.   We also obtain names, addresses, other identifiers and contact details from our data suppliers who gather it directly from consumers (for example, through their websites) or obtain it from other organisations.
Contact details	We hold information that can be used to make contact with people, such as their postal address, telephone numbers and email addresses.
Characteristics, categorisations and scores	We hold a variety of information about the people in our databases and their characteristics, such as their hobbies and interests, affluence, what sort of home and neighbourhood they live in, whether they have children, and so on.   We also produce categorisations and inferred data. Some of these are at individual level, such as estimated age band or estimated salary band. Others are about geographic areas, such as profiles of the typical resident of particular postcodes.   We also use scores and other variables which are built from aggregated data about credit repayment history, insolvencies and judgments. Typically these are used to help screen individuals who are a high credit risk out of advertising campaigns for our clients’ credit products.	Some of these characteristics are obtained directly from our data suppliers. Others are inferred by us through analysis and profiling techniques, which typically involves combining the data from our suppliers with other information such as census statistics.
Trigger events	We hold information that can be useful in deciding when to send particular kinds of marketing to people. This might include, for example, their home insurance renewal date, or an indication of whether they have put their home on the market.	We obtain this information from our data suppliers.
Suppression data	We hold information that can be used to screen records out of databases so that (for example) they are not used in marketing campaigns. This includes the Telephone Preference Service file, the Mail Preference Service file, and records of people who are believed to have died or moved away.
Property data	We hold information about properties in the UK, such as what type of property it is, whether it freehold or leasehold, whether it is on the market, what its likely value is, and what its council tax band is.
Other derived information	We produce information in order to manage our databases efficiently and ensure that all of the relevant information about a person is gathered together:   Address links: when we detect that an individual seems to have moved house, we may create and store a link between the old and the new address.   Aliases: when we believe that an individual has changed their name, we may record the old name alongside the new name.	We produce this information ourselves from the other data that we receive.

 

4. WHAT OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA ARE

This section explains the basis on which we process your personal data.

Legitimate interests

The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.

The legitimate interests we are pursuing are:

Interest	Explanation
Direct marketing and relationship management	Our clients have an interest in promoting their products and services to consumers. They also have an interest in keeping in touch with their customers, for example in order to keep them up to date with the products and services they are providing to them.
Improving the accuracy of marketing materials	We help to improve the accuracy and relevance of marketing communications. This reduces the amount of unwanted marketing that people receive and helps to avoid waste.
Business planning	Our clients have an interest in using information about consumers to help them grow. For example, this information helps them to decide where to open their next retail outlet.
Research	Some of the ways in which our clients use personal data are justified by public benefit rather than commercial considerations. For example, data may be used in research projects which will contribute to the advancement of science or the delivery of public services.
Monitoring and securing our systems and data	Some of the ways we use personal data are justified by the need to ensure that our systems are kept secure.
Commercial interests	Like any commercial organisation, we seek to earn revenue through the services that we provide to our customers and clients.

5. WHO WE SHARE THE PERSONAL DATA WITH

Our clients and resale partners

We share personal data with our clients for the purposes described in section 2 above. Our clients will each have their own privacy notices which will provide more information about how they (specifically) use the data we supply.

In some cases our clients may appoint an intermediary to act on their behalf; these intermediaries will often receive the data too.

We may also appoint data resale partners who will distribute it to their clients in a similar manner to the ways we do. These resellers will also have a privacy notice providing more detail about their activities.

Our group companies

We may share your personal data among the members of TU UK. If we do so, then use of the data by those companies will be governed by this privacy notice. A list of relevant TU UK companies is set out below, although the list may be updated from time to time.

Group company	Main trading address	Registered office
TransUnion Information Group Limited (company no. 4968328)	One Park Lane, Leeds, West Yorkshire LS3 1EP	One Park Lane, Leeds, West Yorkshire LS3 1EP
TransUnion International UK Limited (company no. 3961870)
Callcredit Marketing Limited (company no. 2733070)
Callcredit Data Solutions Limited (company no. 5749125)
Callcredit Public Sector Limited (company no. 4152031)	3rd Floor, Red Lion Buildings, 12 Cock Lane Smithfield, London EC1A 9BU
TransUnion Baltics, UAB (company no. 302689020)	Zalgirio Arena, Karaliaus, Mindaugo pr. 50, Kaunas LT- 44333, Lithuania		Vilniaus m. sav . Vilniaus m. J. Jasinskio g. 16B, LT-01112, Lithuania

Service providers

We and our clients may provide your information to third parties who help us use it for the purposes described in section 2. For example:

• Our database of personal data may be hosted by third parties on our behalf.

• We or our clients may use a third party email broadcasting service in order to send marketing emails (if you have agreed to receive them) on behalf of our clients.

• We and our clients might use market research companies to help us better understand our customers.

These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.

Business transfers

If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.

Regulators

We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.

Sharing of anonymised data with third parties

We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.

6. WHERE THE PERSONAL DATA IS STORED AND SENT

Within Europe

We are based in the United Kingdom, and will access and use your information from here. However, we also have operations elsewhere in the European Union – currently the Netherlands, Lithuania and Spain – and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.

Elsewhere

We also send information elsewhere in the world. For example:

• When one of our overseas Group companies or branch offices based overseas needs to use the information in accordance with this notice. Currently, these overseas offices are in Dubai and the United States.

• Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that database for purposes such as technical support or system development and testing.

While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:

• Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.

• Sending the information to an organisation which is a member of a scheme that has been approved by the authorities as providing a suitable level of protection. One example is the “Privacy Shield” scheme that has been agreed between the European and US authorities.

If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.

7. HOW LONG THE PERSONAL DATA IS KEPT FOR

We retain personal data only for as long as is necessary for the purposes for which we hold it. In particular:

• Information about individuals is typically held for a period of up to three years, or until it is superseded by updated information about the relevant individuals. Some information is retained longer than this depending on how likely it is to remain accurate.

• Information about properties or geographic areas is typically held for a period of up to ten years, or until it is superseded by updated information.

In some cases we may need to keep information indefinitely. For example, if you object to us using your data for marketing purposes (see section 9) we will need to keep some limited information about you such as your name, address and date of birth so that we can remove or suppress your record from any data that we may receive in the future.

8. WHETHER THE PERSONAL DATA IS USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU

We perform the following automated decision-making and profiling activities using your personal data. When we refer to profiling, we mean using personal data to make predictions about you, or to categorise you into particular groups.

Individual-level profiling

We and our clients use personal data in order to predict or infer new information about you, such as information about your likely preferences and lifestyle. This information is used for the purposes described in section 2 above – typically, marketing or related purposes.

Aggregated profiling

We and our clients also use personal data to predict or infer information about the areas that people live in. This includes information such as the lifestyle, age or wealth of the typical residents of those areas. Again, this information is used for the purposes described in section 2 above.

Decision-making

Personal data is not used by us to make automated decisions that have legal or similarly significant effects on you. Some of our clients could use the data for such decision-making; in these cases you will need to refer to their privacy notice for information about that activity.

9. YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU

You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.

• Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it.

• Objection to direct marketing: You have the right to object to us using your personal data for direct marketing purposes, including any profiling or similar activities which are performed as a precursor to direct marketing. If you do this we will stop using it for those purposes.

• Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.

• Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your personal data (see section 4 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.

• Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it. For example, if you object to us using your data for direct marketing purposes we will need to keep a record of that objection so that we do not subsequently begin direct marketing activities in relation to you if we receive your data again.

• Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.

• Portability: In some circumstances you have the right to receive some limited kinds of information in a portable format. However, this does not apply to the data to which this privacy notice applies.

• Withdrawal of consent: We do not rely on your consent in order to perform the activities described in this privacy notice, so this right does not apply.

10. WHO YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA

We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us using these details:

Post:Customer Relations Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP

Email:                  customer.relations@transunion.co.uk

Telephone:        0330 024 7574

You can also contact our Data Protection Officer at dpo@transunion.co.uk.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.