Let us know you agree to cookies

We use cookies to protect, monitor, maintain, and improve the website. Please let us know if you agree to these cookies.

For detailed information about the cookies we use, see our Privacy Notice.
 

Privacy Notice

Version: 1.11 Date adopted: February 2024

This Privacy Notice explains how we use personal data in connection with your use of the website at www.transunionstatreport.co.uk (referred to below as the website), and what cookies are used on the website.

In Brief

TransUnion is a credit reference agency that provides credit data and data services to clients such as retailers, banks, insurers and other companies.

We also provide this web service so that you can view the credit data that TransUnion holds about you.

In order to provide this service:

  • We perform a number of identity verification and fraud checks on you using the personal data that you have provided and/or we have otherwise collected from you through your use of the website, to ensure that we are providing credit data to the correct person
  • We need to access information from your credit report that we hold in our capacity as a credit reference agency.

We do not use any of the information that you provide to us on the website for marketing purposes.

You have the right to object to our use of your personal data. Please see section 9 to find out more.

This privacy notice covers the following topics:

  1. Who are we and how you can contact us?
  2. What do we use personal data for?
  3. What kinds of personal data do we use, and where do we get it from?
  4. What is our legal basis for handling personal data?
  5. Who do we share the personal data with?
  6. Where is the personal data stored and sent?
  7. How long is the personal data kept for?
  8. Is the personal data used to make decisions about you or to profile you?
  9. What are your rights in relation to the personal data we hold about you?
  10. Who can you complain to if you are unhappy about the use of your personal data?
  11. What cookies are used on the website?

1. Who are we and how you can contact us?

About Us

We are TransUnion International UK Limited, which is a company registered in England and Wales with company number 3961870. Our trading address and registered office is at One Park Lane, Leeds, West Yorkshire LS3 1EP.

We are part of TransUnion Information Group (TU UK), which has its headquarters at the above address. Some of the members of TU UK are listed in section 5 below. TU UK forms part of a larger group of companies but this privacy notice only covers the activities of TU UK.

We are a controller of the personal data covered by this privacy notice. This means that we are responsible for ensuring that the personal data is used fairly and lawfully.

We are also a controller of the credit data (and the other information relevant to your financial standing) that you can access through the website. Please refer to https://www.transunion.co.uk/crain to find out more information about how we collect and use credit data in our capacity as a credit reference agency.

Contact details

If you want to contact us about any issues regarding your personal data, or the contents of this notice, please refer to our Contact Us page about how to get in touch.

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

2. What do we use personal data for?

This section explains the purposes for which we use personal data about you.

More detail about the types of personal data that we might use for these purposes can be found in section 3 below.

Verifying your identity

We use your personal data to verify your identity so that we know we are providing your credit history to the correct person. This includes combining and comparing the information that you give us with data that is available elsewhere. We may also use third parties to carry out these checks on our behalf (see information about our Service Providers under section 5 below).

Example: Verifying your identity

We check the information that you provide to us when you sign up to the website against other databases such as your credit file.

Please refer to our Bureau Privacy Notice for more information about how we use personal data in connection with this service.

Providing our website, your statutory credit report and related services to you

We use your personal data to provide you with a copy of your statutory credit report and to manage any disputes that you raise regarding the accuracy of any entry on your statutory credit report (we refer to this as a ‘Dispute’),

Example: Providing our website, your statutory credit report and related services to you

When you raise a Dispute, we use your personal data to investigate the accuracy of the disputed data, providing you with updates about the status of the Dispute via the website and notifying you of the outcome of the Dispute.

Please refer to our Consumer Contact Privacy Notice for more information about how we use your personal data in connection with a Dispute.

Prevention and detection of fraud and other crime

We use your personal data in order to detect or prevent fraud (for example, to guard against third parties from accessing your statutory credit report or other information or to confirm you have only entered information about yourself). This includes combining and comparing the information that you give us (or that we collect about you and/or your devices) with data that is available elsewhere. We may use third parties to carry out these checks on our behalf (see information about our Service Providers under section 5 below).

Example: Prevention and detection of fraud and other crime

We collect information about the device you are using in order to identify it, and then look up that device in our service provider’s device fraud database. We do this to help us identify fraud associated with that device and other suspicious behaviours.

We (and our Service Providers, as explained further in section 5 below) may retain and re-use this data (including as part of a combined database) but solely for the purposes of identity verification and the prevention of fraud, money laundering or other financial crime.

Please refer to our Bureau Privacy Notice for more information about how we use personal data in connection with this purpose.

Administering, monitoring and improving our websites

If you access the website via a third-party link, you may be directed to a specific page of the website. This activity helps us to better understand where the users of our website have come from in order to help customise and improve the user experience of our website.

We also use information such as how different people use our websites, how long they spend on particular pages and whether they download any of our content in order to help customise and improve the user experience of our websites. This can include recording the clicks and mouse movements of our users, but any personal information is screened out of these recordings to help protect your privacy.

These activities help us understand who has visited which pages to determine the most popular areas of the website. This information is also used for security and system administration.

We also use this information to generate aggregate non-personalised information for use by us and third parties that link to our website (such as anonymous statistics relating to where our users have come from , the take up or use of services, or to patterns of browsing).

Product or systems development and testing

We may sometimes use personal data while improving, developing or testing our products and systems. Where possible, we will anonymise or pseudonymise the data before doing this.

Example: Product or systems development and testing

We may use your personal data in order to make sure that our security measures are working properly.

Legal and regulatory purposes

We may use your personal data for legal and regulatory purposes.

Example: Legal and Regulatory Purposes

If you make a complaint about us to our regulators, they will normally ask us to investigate your case. This will involve accessing your personal data in the course of that investigation.

Similarly, if you start court proceedings against us, we will normally need to review how we have used your personal data in order to defend ourselves against your claim.

3. What kinds of personal data do we use, and where do we get it from?

We obtain and use information from various different sources. These are summarised in the following table.

Type of informationDescriptionSource
Name and contact details This is basic personal data about you, and how to get in touch with you. This information is usually provided directly by you, typically through our website. Some of it is also matched with data on your credit file.

We only need to capture this if you apply for your statutory credit report rather than just browse the website.
Other identifying information This is other information that we need to help identify who you are, such as your date of birth and address history.
Your statutory credit report This is information about your credit history, such as your loans, mortgages and other credit arrangements, your repayments, and your financial associates. It also includes information such as court judgments, bankruptcies and IVAs that may have been made against you, as well as your current and previous names and addresses. We also keep a record of who has previously made searches of your credit file, and any disputes and queries that have been raised by you. Your statutory credit file also contains fraud prevention indicators.

More details about this information can be found at https://www.transunion.co.uk/crain.
We gather this information, in our role as a credit reference agency, from a range of different sources, including lenders. Information about court judgments and insolvency-related events comes (indirectly) from the courts via our supplier Registry Trust Limited. Address information is obtained from the electoral register (sometimes referred to as the electoral roll), which is supplied to us by local authorities. Fraud prevention indicators are provided by Cifas.
Information about disputes Information about any disputes that you have raised about entries on your statutory credit file. This information is usually provided directly by you, typically through this website.
Contact History This is information about our contact with you. It also includes whether emails we have sent to you have been delivered. We produce this information ourselves.
Device information This is technical information about the device you are using to access our websites, such as the type of device, its operating system, browser, IP address, screen resolution and what cookies are on it. We produce these records ourselves (or by service providers acting on our behalf) by monitoring your use of our websites.
Website Usage This is information about third party links that you used to arrive on the website, your use of our website, what pages you have visited and what content you have accessed. It includes information about how you used the website and browsed away from it (including dates and times), the pages you viewed or searched for, page response times, download errors, length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs). Cookies and similar technologies may be used to help us do this – see section 11 below.
Third party data The information that we obtain from third parties and associate with you or your devices. We may obtain this data from various different data suppliers. This includes service providers as mentioned in section 5 below.

You are free to choose whether or not you give us your personal data. However, we may not be able to provide you with access to your statutory credit report if you do not give us the information we need in order to do so.

4. What is our legal basis for handling personal data?

This section explains the basis on which we process your personal data in connection with the website. Our basis for acting as a credit reference agency is explained separately at https://www.transunion.co.uk/crain.

Necessity for compliance with a legal obligation

We use your personal data in order to comply with legal obligations that we are under.

Examples: necessity for compliance with a legal obligation

By submitting your details in this website you are treated as making a request for a copy of your credit report, and we have a legal obligation to provide it to you under Article 15 of the UK General Data Protection Regulation.

When you raise a Dispute, we have a legal obligation to investigate that dispute and provide you with a response under Section 159 of the Consumer Credit Act 1974.

Legitimate interests

The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.

The legitimate interests we are pursuing include:

InterestExplanation
Monitoring and securing our systems and data Some of the ways we use personal data are justified by the need to ensure that our systems and the data we make available through the website are kept secure and only made available to the correct people.
Improvements and Testing As a responsible credit reference agency, we use your personal information to seek to improve the website and improve the consumer experience, product and system development and testing.

5. Who do we share the personal data with?

Our group companies

We may share your personal data among the members of TU UK and other non-UK based companies within the wider TransUnion group. If we do so, then use of the data by those companies will be governed by this Privacy Notice.

A list of relevant TU UK companies is set out below, although the list may be updated from time to time.

Group company Main trading address and registered office
TransUnion Information Group Limited
(company no. 4968328)
One Park Lane, Leeds, West Yorkshire LS3 1EP
TransUnion International UK Limited
(company no. 3961870)
One Park Lane, Leeds, West Yorkshire LS3 1EP

A list of relevant non-UK based companies within the wider TransUnion group is set out below, although the list may be updated from time to time.

Group company Main trading address and registered office
TransUnion Baltics, UAB
(company no. 302689020)
Karaliaus Mindaugo pr. 50, Kaunas LT- 44334, Lithuania
TransUnion Global Technology Center LLP
(company no. 3961870)
9th Floor, Block 2,DLF IT/ITES Special Economic Zone Shivaji Gardens, Moonlight Stop, Manapakkam Saidapet Tamil Nadu 600089
TransUnion Global Capability Centre Africa (Pty) Ltd
(company no. 3961870)
G floor, 9 & 10 floor,11 Alice Lane, Sandton, 2196, Gauteng, Johannesburg, South Africa 2197
TransUnion Global Capability Center Costa Rica Limitada
(company no. 3961870)
San Jose-Escazu San Rafael, Trejos Montealegre, De Escazu Village, Three Hundred Meters to the West, Banco General Building, Sixth Floor
Trans Union LLC
(company no. 3961870)
555 West Adams Street Chicago, IL 60661 United States

Service providers

We share your personal data with service providers that assist us to provide the services to you. In particular:

  • We use several different third parties to help to verify your information and check whether it is associated with any fraudulent behaviour. This includes information such as your telephone number, email address, IP (internet protocol) address and information about your device. For example, we use services provided by Iovation, Inc (a Delaware corporation) which uses automated data capturing software to collect device-identifying technical data from users of our website. This is in order to identify suspicious and/or high-risk devices to assist with the detection and prevention of fraud or financial crime. See https://www.iovation.com/privacy for information about iovation’s subsequent use of data collected for this purpose. We also pass your email address to a third party supplier to verify that the email address is valid and, by sending an email to that email address, that it belongs to you.

We may also provide your information to other third parties who help us use it for the purposes described in section 2.

Examples: Third parties

  • Our databases containing personal data may be processed by third parties on our behalf.
  • We use a third party email broadcasting service in order to send you emails.

Save where we have expressly stated otherwise in this document, these service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.

Business transfers

If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.

Fraud Prevention Agencies

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights in relation to this information, can be found by visiting the website of Cifas, a fraud prevention service, at www.cifas.org.uk/fpn.

Where we suspect fraudulent activity, we may also pass personal data to the police.

Regulators

We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.

Sharing of aggregated anonymised data with third parties

We share with third parties aggregated anonymised information for reporting and monitoring purposes (for example to monitor website volumes), but only where the information cannot realistically be identified as relating to you.

6. Where is the personal data stored and sent?


Within the UK and EU

We are based in the United Kingdom and will access and use your information from here. However, we also have operations in Lithuania – and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards.

Elsewhere

We also send information elsewhere in the world.

Example: Reasons for sending personal data overseas

We make use of service providers (see section 5 above) located outside of Europe and we may need to send them your information in order to allow them to perform their services.

We make use of TransUnion group service companies (referred to as Global Capability Centres, or GCCs), located in India, South Africa, Costa Rica and the United States.

When one of our other overseas group companies or branch offices (or our service providers) based overseas needs to use the information in accordance with this notice.

Where we (or our service providers) use cloud-based technology or a data centre or backup facility overseas, people in other countries may also need to access data for purposes such as disaster recovery, technical support or system development and testing.

While the UK and countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information when required.

Example: Safeguards for overseas transfers

Safeguards for overseas transfer might include:

  • Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
  • Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection. One example is the Data Privacy Framework that has been agreed between the UK, European and US authorities.

If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.

7. How long is the personal data kept for?

We keep your personal data for the following periods:

Type of InformationPeriod that we keep itJustification
The data that you provide on the website in order to access your statutory credit report or information about disputes you have previously raised. 18 months In case we need to respond to any enquiries from you or from any regulators about how we have complied with your request
Data regarding any dispute that you raise on the website We will keep your personal data for as long as we are handling your request and for an additional period of time from when we have completed it. That additional period is determined according to the purposes for which the personal data may be needed. Please refer to our Consumer Contact Privacy Notice for further information. In case we need to respond to any enquires from you or from any regulators about how we handled your dispute.
Information that we collect or create about you and/or your devices for the purposes of the prevention of fraud, money laundering or other financial crime For as long as this information is considered relevant for it to be retained for these purposes. Please refer to our Bureau Privacy Notice for more information. For the purposes of identity verification and the prevention of fraud, money laundering or other financial crime

Where (as explained in this privacy notice) we pass your personal data to third parties, these third parties will retain your data in accordance with their own privacy policies.

8. Is the personal data used to make decisions about you or to profile you?

We perform the following automated decision-making and profiling activities using your personal data. When we refer to profiling, we mean using personal data to make predictions about you, or to categorise you into particular groups.

Fraud risk

As explained in section 2 above, we will use the information you provide in order to access your statutory credit report, together with information that we automatically collect about you and/or your devices, to perform fraud risk assessment checks. These are automated checks and may result in you being declined access to your statutory credit report (if a high risk of fraud or other suspicious activity is detected). If you want a human to manually review the check result, please refer to our Contact Us page about how to get in touch.

Identity verification

As explained in section 2 above, we will use the information you provide on registration to help us to verify your identity so that we know we are providing credit information to the correct person. This is an automated check and it may result in you being declined access to your statutory credit report if we cannot verify your identity. If you want a human to manually review the check result, please refer to our Contact Us page about how to get in touch.

9. What are your rights in relation to the personal data we hold about you?

You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.

  • Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it.
  • Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it. If the inaccurate or out of date data relates to your statutory credit report, you can also raise a dispute online on the website.
  • Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your personal data (see section 4 above), you have the right to object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
  • Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it.
  • Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
  • Portability: You have the right to receive some limited kinds of information in a portable format. Please note that this does not apply to the information on your credit report.

Some special rules apply when you make a request about information on your credit report; please refer to https://www.transunion.co.uk/crain to find out more.

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

10. Who can you complain to if you are unhappy about the use of your personal data?

If you want to raise a complaint in relation to the use of your personal data, please refer to our Contact Us page about how to get in touch.

You can find our Complaints process at https://www.transunion.co.uk/consumer-solutions/contact-us/complaints-procedure.

You can also contact our Data Protection Officer at [email protected].

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

11. What cookies are used on the website?

We use cookies and similar technologies to distinguish you from other users of the website. This helps us to provide you with a good experience when you browse the website and also allows us to personalise and improve the website.

A cookie is a small file of letters and numbers that we put on your device. Similar technology refers to any other technology that stores or accesses information from your device. We use the following kinds of cookie and similar technologies (referred to below as ‘cookies’):

  • Strictly necessary cookies. These are cookies that are required for the operation of the website. They include, for example, cookies that enable you to log into secure areas of the website.
  • Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around the website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below.

NamePurpose
_ga, _gat, _gid These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they have visited.
C1, C2, __RequestVerificationToken* These cookies are essential for the operation of our website and are used to verify a visitor’s identity in order to prevent fraud.
fp_token_ Third party cookie used for security and fraud prevention purposes
io_token_ Third party cookie used for security and fraud prevention purposes
.ASPXAUTH Stores encrypted userid to identify you whilst navigating through the site, to prevent repeated requests to login. This cookie disappears when you leave the site
CookieSettings_PerformanceEnabled This cookie is used to record whether the current user has given permission for performance related cookies to be used.
_cf_bm cf_clearance, cf* (namely any other cookie that starts with _cf or cf) Third party cookies used for security and fraud prevention purposes (namely the detection of malicious visitors).

You can block cookies using your browser settings that allow you to refuse all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access parts of our website or use some of its features. For more information about this, and about cookies in general, you may wish to visit www.aboutcookies.org.