This document provides information about how we use and share personal data about users of the website at www.transunionstatreport.co.uk. It covers the following topics:
- Who we are and how you can contact us
- What we use personal data for
- What kinds of personal data we use, and where we get it from
- What our legal grounds for handling personal data are
- Who we share the personal data with
- Where the personal data is stored and sent
- How long the personal data is kept for
- Whether the personal data is used to make decisions about you or to profile you
- Your rights in relation to the personal data we hold about you
- Who you can complain to if you are unhappy about the use of your personal data
- What cookies, if any, are used on the website
- Other websites
1. Who we are and how you can contact us
"We", "us", "our" and “TransUnion” refers to TransUnion International UK Limited, a company registered in England and Wales with company number 3961870. Our trading address and registered office is One Park Lane, Leeds, West Yorkshire LS3 1EP. TransUnion operates this website and is a controller of the personal data covered by this privacy notice. This means that it is responsible for ensuring that the personal data is used fairly and lawfully.
You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:
You can contact us by sending an email to firstname.lastname@example.org
2. What we use personal data for
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.
Verifying your identity
The information you provide on signing up to receive a copy of your statutory credit report will help us to verify your identity so that we know we are providing your credit history to the correct person. We do this by checking the information you give us against databases such as the electoral roll and your credit file.
Prevention and detection of fraud or other crime
In order to prevent or detect fraud (for example, to ensure that no-one has fraudulently accessed your account or to confirm you have only entered information about yourself), we may use personal data from other sources to corroborate your details. We may use third parties to undertake these checks on our behalf.
Improving our service
We really appreciate your feedback on the service you have received in applying for your statutory credit report, so your statutory credit report may be delivered with a hyperlink to the TrustPilot website. Should you wish to leave a review about your experience by using this link, it won’t involve us giving them any of the personal details you provide us when signing up to receive your statutory credit report, or anything about your statutory credit report itself, they would just know that you have landed from this website. It’s entirely up to you whether you want to click on the link to leave a review, but if you do, please refer to the TrustPilot website privacy and cookies policies for details of how they will use this information. We look at the reviews left on TrustPilot to help us understand how we can improve the way we deliver our services. Should you place a review, we don’t seek to link this back to you personally, and it won’t result in us contacting you about it.
Product or systems development and testing
We may sometimes use personal data while improving, developing or testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise or pseudonymise the data before doing this.
Legal and regulatory purposes
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data or dealt with your request to access your statutory credit report through this website.
The information you give us may be compared with data available elsewhere to verify your identity or validate the information you have provided (for example in the context of anti-fraud measures).
3. What kinds of personal data we use, and where we get it from
We obtain and use information from various different sources. These are summarised in the following table.
|Type of information||Description||Source|
|Name, address and other identifying information||Information that we need to help identify who you are, such as your date of birth and address history.||This information is usually provided directly by you, typically through this website. Some of it is also matched with data on your credit file. We only need to capture this if you apply for your statutory credit report rather than just browse the website.|
|Your statutory credit report||
This is information about your credit history, such as your loans, mortgages and other credit arrangements, your repayments, and your financial associates. It also includes information such as court judgments, bankruptcies and IVAs that may have been made against you, as well as your current and previous names and addresses. We also keep a record of who has previously made searches of your credit file, and any disputes and queries that have been raised by you. Your statutory credit report also contains fraud prevention indicators.
More details about this information can be found at www.transunion.co.uk/crain.
|This information is gathered by us in our role as a credit reference agency. We get the information from a range of different sources including lenders. Information on court judgments and insolvency related events comes (indirectly) from the courts. Address information is obtained from the electoral register, which is supplied to us by local authorities. Fraud prevention indicators are provided by CIFAS.|
|Contact History||Information about any contact we may have with you.||We produce these records ourselves.|
|Third party data||Information that we obtain about you from third parties and associate with you.||We may obtain this data from various different data suppliers.|
You are free to choose whether or not you give us your personal data, however without it we cannot process your request to access your statutory credit report.
4. What our legal grounds for handling personal data are
This section explains the basis on which we process your personal data in connection with the website.
Necessary for compliance with a legal obligation we are subject to
We are legally obliged to verify your identity when complying with your request to exercise your right of access to your perform credit file.
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
The legitimate interests we are pursuing are:
|Monitoring and securing our systems and data||Some of the ways we use personal data are justified by the need to ensure that our systems and the data we make available through the website are kept secure and only made available to the correct people.|
5. Who we share the personal data with
We may provide your information to third parties who help us use it for the purposes described in section 2 above. For example:
- Our database of personal data may be hosted by third parties on our behalf.
- If we email you back in response to any email query you send us about using this website, our emails are routed through a third party email broadcasting service.
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.
Fraud prevention agencies
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights in relation to this information, can be found by visiting the website of Cifas, a fraud prevention service, at www.cifas.org.uk/fpn.
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
Sharing of anonymised data with third parties
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.
6. Where the personal data is stored and sent
We are based in the United Kingdom, and will access and use your information from here. However, we also have operations elsewhere in the European Union – currently the Netherlands, Lithuania and Spain – and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.
We may also send information elsewhere in the world. For example where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that database for purposes such as technical support or system development and testing.
While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:
- Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
- Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection. One example is the “Privacy Shield” scheme that has been agreed between the European and US authorities.
If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.
7. How long the personal data is kept for
We keep the data for a suitable period of time after providing you with your statutory credit report in case we need to respond to any enquiries from you or from any regulators about how we have complied with your statutory credit report request.
8. Whether the personal data is used to make automated decisions about you or to profile you
As explained in section 2 above, we will use the information you provide on sign up to help us to verify your identity so that we know that we are providing your credit history to the correct person. We do this by checking the information you give us against databases such as the electoral roll and your credit report. This is an automated process, and it can result in your being declined online access to your statutory credit report through this website if we can’t verify your identity. If you want a human to manually review the decision, please contact us at email@example.com or alternatively you can exercise your access right to your statutory credit report by making a postal application.
9. Your rights in respect of the personal data that we hold about you
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1 above.
- Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it.
- Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
- Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your personal data (see section 4 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
- Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it.
- Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
- Portability: You have the right to receive some limited kinds of information in a portable format.
10. Who you can complain to if you are unhappy about the use of your personal data
We try to ensure that we deliver the best levels of service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us by sending an email to firstname.lastname@example.org.
You can also contact our Data Protection Officer at email@example.com.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
11. What cookies are used on the website
12. Other websites