Marketing Services Privacy Notice

Version: 1.2
Date adopted: 12th April 2019

This document provides information about how we use and share personal data relating to consumers for our clients’ marketing purposes. It covers the following topics:

  1. Who we are and how you can contact us
  2. What we use personal data for
  3. What kinds of personal data we use, and where we get it from
  4. What our legal grounds for handling personal data are
  5. Who we share the personal data with
  6. Where the personal data is stored and sent
  7. How long the personal data is kept for
  8. Whether the personal data is used to make decisions about you or to profile you
  9. Your rights in relation to the personal data we hold about you
  10. Who you can complain to if you are unhappy about the use of your personal data

You have the right to object to our use of your personal data. Please see section 9 to find out more.

1. WHO WE ARE AND HOW YOU CAN CONTACT US

We are Callcredit Marketing Limited, which is registered in England and Wales with company number 02733070. Our trading address and registered office is at One Park Lane, Leeds, West Yorkshire LS3 1EP.

We are part of TransUnion Information Group (TU UK), which has its headquarters at the above address. Some of the members of TU UK are listed in section 5 below.

TU UK forms part of a larger group of companies. However, this privacy notice only covers the activities of TU UK.

We are a controller of the personal data covered by this privacy notice. This means that we are responsible for ensuring that the personal data is used fairly and lawfully.

You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:

Post:                    Consumer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP

Email:                  consumer@transunion.co.uk

Telephone:        0330 024 7574

2. WHAT WE USE PERSONAL DATA FOR

This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.

Marketing

We use and supply personal data for marketing purposes. This means that the data is used to help provide you with information about goods and services which may be of interest to you.

This includes activities such as:

Relationship management

We supply information to our clients for relationship management purposes. Relationship management is the ongoing maintenance of the organisation’s relationship with its customers. This could include activities such as:

Analysis and retail strategy

Information about customers can be used to help organisations find out what sort of people buy their goods and services. This can help them make decisions such as where to open their next retail outlet, or whether they need to change their advertising strategy. By analysing information about individuals, we are able to help provide this sort of insight to our clients.

Where possible, information used for this purpose is aggregated and anonymised so that it cannot be used to identify particular individuals.

Non-commercial analysis

In addition to the analysis of personal data for commercial reasons (see above), some of our clients require personal data for non-commercial analysis and research. For example:

Product or systems development and testing

We may sometimes use personal data while improving, developing or testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise, pseudonymise or aggregate the data before doing this.

Legal and regulatory purposes

We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data.

Combining data

The information we obtain from any particular source may be combined with other information about you that is obtained from other sources, and the combined data may be used in accordance with this privacy notice. For example:

3. WHAT KINDS OF PERSONAL DATA WE USE, AND WHERE WE GET IT FROM

We obtain and use information from various different sources. These are summarised in the following table.

Type of information

Description

Source

Identifiers

We hold information which can be used to identify people, such as their name, date of birth, current address and previous addresses. Where different versions of this information are collected from different sources (for example, because a person’s name is spelled differently in different places), we may create a “best” version of this information for reference purposes, depending on what we think are the most authoritative sources.

We obtain names and addresses from the open version of the electoral register, which we get from local authorities across the UK and the Isle of Man.

 

We also obtain names, addresses, other identifiers and contact details from our data suppliers who gather it directly from consumers (for example, through their websites) or obtain it from other organisations.

Contact details

We hold information that can be used to make contact with people, such as their postal address, telephone numbers and email addresses.

Characteristics, categorisations and scores

We hold a variety of information about the people in our databases and their characteristics, such as their hobbies and interests, affluence, what sort of home and neighbourhood they live in, whether they have children, and so on.

 

We also produce categorisations and inferred data. Some of these are at individual level, such as estimated age band or estimated salary band. Others are about geographic areas, such as profiles of the typical resident of particular postcodes.

 

We also use scores and other variables which are built from aggregated data about credit repayment history, insolvencies and judgments. Typically these are used to help screen individuals who are a high credit risk out of advertising campaigns for our clients’ credit products.

Some of these characteristics are obtained directly from our data suppliers. Others are inferred by us through analysis and profiling techniques, which typically involves combining the data from our suppliers with other information such as census statistics.

Trigger events

We hold information that can be useful in deciding when to send particular kinds of marketing to people. This might include, for example, their home insurance renewal date, or an indication of whether they have put their home on the market.

We obtain this information from our data suppliers.

Suppression data

We hold information that can be used to screen records out of databases so that (for example) they are not used in marketing campaigns. This includes the Telephone Preference Service file, the Mail Preference Service file, and records of people who are believed to have died or moved away.

Property data

We hold information about properties in the UK, such as what type of property it is, whether it freehold or leasehold, whether it is on the market, what its likely value is, and what its council tax band is.

Other derived information

We produce information in order to manage our databases efficiently and ensure that all of the relevant information about a person is gathered together:

 

Address links: when we detect that an individual seems to have moved house, we may create and store a link between the old and the new address.

 

Aliases: when we believe that an individual has changed their name, we may record the old name alongside the new name.

We produce this information ourselves from the other data that we receive.

 

4. WHAT OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA ARE

This section explains the basis on which we process your personal data.

Legitimate interests

The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.

The legitimate interests we are pursuing are:

Interest

Explanation

Direct marketing and relationship management

Our clients have an interest in promoting their products and services to consumers. They also have an interest in keeping in touch with their customers, for example in order to keep them up to date with the products and services they are providing to them.

Improving the accuracy of marketing materials

We help to improve the accuracy and relevance of marketing communications. This reduces the amount of unwanted marketing that people receive and helps to avoid waste.

Business planning

Our clients have an interest in using information about consumers to help them grow. For example, this information helps them to decide where to open their next retail outlet.

Research

Some of the ways in which our clients use personal data are justified by public benefit rather than commercial considerations. For example, data may be used in research projects which will contribute to the advancement of science or the delivery of public services.

Monitoring and securing our systems and data

Some of the ways we use personal data are justified by the need to ensure that our systems are kept secure.

Commercial interests

Like any commercial organisation, we seek to earn revenue through the services that we provide to our customers and clients.


5. WHO WE SHARE THE PERSONAL DATA WITH

Our clients and resale partners

We share personal data with our clients for the purposes described in section 2 above. Our clients will each have their own privacy notices which will provide more information about how they (specifically) use the data we supply.

In some cases our clients may appoint an intermediary to act on their behalf; these intermediaries will often receive the data too.

We may also appoint data resale partners who will distribute it to their clients in a similar manner to the ways we do. These resellers will also have a privacy notice providing more detail about their activities.

Our group companies

We may share your personal data among the members of TU UK. If we do so, then use of the data by those companies will be governed by this privacy notice. A list of relevant TU UK companies is set out below, although the list may be updated from time to time.

Group company

Main trading address

Registered office

Callcredit Information Group Limited

(company no. 4968328)

One Park Lane, Leeds, West Yorkshire LS3 1EP

 

One Park Lane, Leeds, West Yorkshire LS3 1EP

Callcredit Limited

(company no. 3961870)

Callcredit Marketing Limited

(company no. 2733070)

Callcredit Data Solutions Limited

(company no. 5749125)

Callcredit Public Sector Limited

(company no. 4152031)

3rd Floor, Red Lion Buildings, 12 Cock Lane Smithfield, London EC1A 9BU

TransUnion Baltics, UAB

(company no. 302689020)

Zalgirio Arena, Karaliaus, Mindaugo pr. 50, Kaunas LT- 44333, Lithuania

Vilniaus m. sav . Vilniaus m. J. Jasinskio g. 16B, LT-01112, Lithuania

Service providers

We and our clients may provide your information to third parties who help us use it for the purposes described in section 2. For example:

These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.

Business transfers

If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.

Regulators

We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.

Sharing of anonymised data with third parties

We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.

6. WHERE THE PERSONAL DATA IS STORED AND SENT

Within Europe

We are based in the United Kingdom, and will access and use your information from here. However, we also have operations elsewhere in the European Union – currently the Netherlands, Lithuania and Spain – and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.

Elsewhere

We also send information elsewhere in the world. For example:

While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:

If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.

7. HOW LONG THE PERSONAL DATA IS KEPT FOR

We retain personal data only for as long as is necessary for the purposes for which we hold it. In particular:

In some cases we may need to keep information indefinitely. For example, if you object to us using your data for marketing purposes (see section 9) we will need to keep some limited information about you such as your name, address and date of birth so that we can remove or suppress your record from any data that we may receive in the future.

8. WHETHER THE PERSONAL DATA IS USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU

We perform the following automated decision-making and profiling activities using your personal data. When we refer to profiling, we mean using personal data to make predictions about you, or to categorise you into particular groups.

Individual-level profiling

We and our clients use personal data in order to predict or infer new information about you, such as information about your likely preferences and lifestyle. This information is used for the purposes described in section 2 above – typically, marketing or related purposes.

Aggregated profiling

We and our clients also use personal data to predict or infer information about the areas that people live in. This includes information such as the lifestyle, age or wealth of the typical residents of those areas. Again, this information is used for the purposes described in section 2 above.

Decision-making

Personal data is not used by us to make automated decisions that have legal or similarly significant effects on you. Some of our clients could use the data for such decision-making; in these cases you will need to refer to their privacy notice for information about that activity.

9. YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU

You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.

10. WHO YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA

We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us using these details:

Post:                    Customer Relations Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP

Email:                  customer.relations@transunion.co.uk

Telephone:        0330 024 7574

You can also contact our Data Protection Officer at dpo@transunion.co.uk.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.