Eswatini Privacy Centre

Introduction
 

This privacy notice provides a high-level overview of how we use and share personal information across TransUnion. You can find more detailed information at the TransUnion Privacy Centre or in other privacy information you may have received.

In Brief
 

TransUnion strives to protect privacy as we collect, use, process, disclose, transfer and retain personal information.

If your personal information is used unlawfully or infringes on your privacy, you have the right to object.

This notice covers the following topics:

1. Who we are and how to contact us
2. How we use personal data
3. The kinds of personal data we use and where we get personal data
4. How long we keep personal data
5. Our legal basis for handling personal data
6. Who we share personal data with
7. Where we store and send personal data
8. Your rights concerning your personal data
9. Where to lodge a complaint
   

1.  Who we are and how to contact us
 

Information for Good^®
 

We are in an era of rapid digital transformation where consumers demand more access to seamless, personalised products and services online. But the currency of personal information that fuels this platform economic boom poses threats to individuals and endangers corporate security.

Now more than ever — and likely more so in the future — consumers and corporates need new levels of trust and transparency.

As a global information and insights company, TransUnion seeks to make trust possible. We do this by curating an accurate and comprehensive picture of each consumer, so they are safely and reliably represented in the marketplace. This enables businesses and consumers to transact with confidence and achieve great things. We call this Information for Good.

Although we are part of a larger group, this notice covers only the activities of TransUnion companies within the Kingdom of Eswatini.

Contact details

Contact us about personal information issues, including the contents of this notice via:

• Post: PO Box 2642, Manzini, Eswatini, M200
• Telephone:   +268 2505 7844
• Email: DPOEswatini@transunion.com
   

2.  How we use personal information
 

TransUnion limits the use and disclosure of personal information to the terms of the following legislation:

• Consumer Credit Act;
• Data Protection Act, 2022 relating to the protection of personal information and privacy; and
• any other applicable laws.

Products and services

Many of our products and services rely on personal information. For example:

Credit reporting: TransUnion compiles consumer credit information in credit reports from applications to (for example) credit providers or services providers for credit or services.

Credit services:  We may provide your information to organisations you deal with directly, such as credit risk assessors.

Example: credit risk assessment

If you apply for credit from one of our clients, they send us your data so we can find you in our databases and reply with information about your credit history. They use that information to assess your creditworthiness.

Fraud detection services: We may provide personal information to organisations other than those you deal with directly.

Example: fraud alerts

If we receive numerous identity verification checks against an individual in a short space of time, this could indicate someone is attempting identity theft or another form of fraud. In this case, we provide real-time fraud alerts to clients subscribed to that service.

If you have provided your details to an organisation to confirm your identity, we may retain those details and link them to other details we hold about you. Then, if a fraudster tries to use your details to apply for credit with a different organisation, we can raise a potential fraud alert.

Development and testing

We sometimes use personal information to improve, develop, monitor, maintain and test our products, systems and security measures. Where possible, we create pseudonyms or make the data anonymous beforehand.

If you consent, TransUnion will at times access, use, process and analyse your personal information, your consumer credit information, and marketing data to provide personalised offers from TransUnion and our trusted partners.

Digital marketing: To provide relevant products and services to consumers, we may enable business partners to use our data and technology to create, deploy and measure targeted digital advertising programs.

Advertising: We may use domestic or overseas third-party advertising companies to serve ads on TransUnion Site or on other sites which we use for advertising. We may also use third-party analytical tools to personalise advertisements and enhance the visitor experience.

Market research: Participation in market research activities is optional. When you opt-in, we use your information to improve the experience of our products

Business products: We may use personal information to promote and market relevant products, services and special offers from us and our affiliates.

Customer service: We may use personal information to identify customers, process transactions and provide quality service.

Recruitment: We use personal information when we receive an employment application.

Business operations

We may use personal information for our internal operations, such as:

Names, contact details, biometric and other information from consumers who visit our offices and contact us to deal with their enquiries. See our Customer Service Privacy Notice for more.

Employee information (including employment and educational history, background checks, biometric and performance appraisals) to manage our relationship.

CCTV cameras in public areas of our business premises for the safety of staff and visitors, and the security of our information and assets.

Legal and regulatory purposes, such as responding to complaints or enquiries about how we have used personal information.

In addition, we may aggregate anonymised data to provide performance analytics to business partners.

For more details on the kinds of data used for each purpose described, visit the TransUnion Privacy Centre

For more on our use of cookies, see our Cookie Policy.

3.  The kinds of personal information we use and where we get personal information
 

Information in your credit report includes:

• Identifying information, such as first name, surname, ID number, physical and postal address, contact numbers, marital status, spouse details, and current employer and occupation
• An account history or payment profile is a record of all your accounts with credit or service providers and a history of how you pay these accounts
• Enquiries include a list of credit or service providers allowed by you or permitted in terms of the Consumer Credit Act to receive your credit report
• Public records include publicly available information as permitted by law, such as judgments, administration orders, sequestrations and rehabilitation
• Default data is a record of any failure to pay money owed
• Other includes any information permitted under the Consumer Credit Act.

Information not included in your credit report:

• Race, creed, colour, ancestry, ethnicity, religion, sexual orientation or political affiliations
• Medical history or status
• Major purchases paid in full with cash or cheques
   

Sources for information

We may collect your personal information, or obtain information originating from the following sources:

• Financial Institutions: banks, micro finance institutions
• Insurance Companies
• Telecommunication companies
• Public Service utilities
• Any trader or any other company providing deferred payment services
• Other organisations as may be approved by the Financial Services Regulatory Authority.

The information we need

To verify information, credit providers need to include:

• Your full name and surname
• Your Eswatini identity number (where applicable) or your passport number and date of birth. Without this information, they cannot lawfully grant credit.

Any further information requested by credit providers must be necessary and relevant to your application. No law forces you to give information, but a credit provider cannot consider your credit application if you do not provide the information required.

We get personal information directly from our business partners, suppliers, clients, site visitors, and product and services customers signing up for any of our products or services.

When visitors use any products or functions in a TransUnion Site, we collect general internet data (including internet protocol ("IP") address, metadata, location data, date and time of the visit) and behavioural data, such as searches transactions and purchases.
 

4.  How long we keep personal information
 

Simply put, we keep personal information for as long as necessary. More technically, we retain it to fulfil the purpose(s) of its provision, to comply with applicable laws, and for as long as your consent to such purpose(s) remains valid after termination of our relationship.

The Consumer Credit Act require we use credit information only for the provided maximum periods prescribed for credit scoring or credit assessment.

We keep specific data indefinitely to verify the integrity of the information we may need to process in the future. We store this information securely and do not use it for any other purpose.
 

5.  Our legal basis for handling personal information
 

Legitimate interests

The Law relating to the protection of personal information and privacy allows personal information usage where necessary for legitimate purposes without undue adverse impact. We base most of our processing activities on the 'legitimate interests' condition. For more details, refer to the relevant privacy notices in the links above.

Consent

In most instances, consumer consent to use personal information comes to TransUnion via our clients and data suppliers.

You need to agree on who can use your personal information and how. To do this, persons who have your information must notify you they have your data and how they plan to use it.

We strive to ensure our clients and data suppliers honour their contractual obligation to get all legally required consents before accessing personal information in our credit reports.

Contracts

If you sign up for one of our online services, we need to use personal information to provide the services as set out in the Terms & Conditions. We also use this basis for processing some of our staff data. Refer to the privacy notice on the relevant website for details.

Compliance

We only access, use and disclose personal information without consent in exceptional circumstances where necessary to:

• Comply with the law or a legal process served on us
• Comply with requests for information from police or government authorities
• Protect and defend our rights or property (including the enforcement of agreements)
• Protect the public interest
• Act in urgent circumstances to protect the personal safety of our employees or members of the public

We apply the above in terms of the Consumer Credit Act, The Law relating to the protection of personal information and privacy and other relevant national legislation.

6.  Who we share personal information with

Clients

Our clients have privacy notices that provide more information about how they use the data we supply. These clients typically operate in the following sectors:

• Banks, Microfinance institutions etc.
• Traders
• Insurance
• Retail
• Telecommunications
• Collections
• Employment agencies
• Financial services
• Public sector
• Startup

If our clients appoint an intermediary to act on their behalf, they too will receive the data.

Service providers

Information may be provided by us or our clients to third parties that support the objectives described above for example:

• Cloud-based services, such as Salesforce, help host, manage and analyse our databases.
• Cloud-based technologies, such as Microsoft Office 365, support our ordinary business operations.
• Printing companies to produce and send direct mail or other correspondence.
• Payment service providers to help with payments made by individuals.
• Market research companies to help us better understand our customers.
• A specialist sub-contractor operates our CCTV system.
• Services Providers that assist us with providing our services to you.
• Regulators like the Eswatini Data Protection Authority or Financial Services Regulatory Authority.

These service providers cannot use your information for their purposes or on behalf of other organisations unless you agree otherwise.
 

7.  Where we store and send personal information
 

We sometimes make use of Service Providers that are situated outside of Eswatini, e.g. South Africa, Kenya, UK and US.  We access and use your information from our base in Eswatini  and will not transfer personal information to a country lacking laws that provide an adequate level of information protection, unless we have an agreement with the recipient requiring measures that offer a similar level of protection as The Law relating to the protection of personal information and privacy in Eswatini and with the required permission from the relevant supervisory authority.
 

8.  Your rights concerning personal information
 

We outline your rights regarding the personal information we hold about you below.

Access: You can access all information that we hold about you by contacting us through DPOEswatini@transunion.com

Correction/Destruction/Deletion: If the information we hold about you is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully, you have a right to ask us to correct it or delete it.

Objection to processing: You may object (on reasonable grounds) to processing your personal information unless legislation provides for such processing.

Objection to direct marketing: You may object to us using your personal information for direct marketing, and if you do, we will stop.
 

9.  Where to lodge a complaint
 

We strive to deliver the highest levels of customer service. However, if you are ever unhappy with us, please contact us so we can investigate.

• Location: Kiosk no 4,Plot 339,Ground Floor,Swazi Post, Nkoseluhlaza St, Manzini
• Postal Address: PO Box 2642, Manzini, Eswatini, M200
• Telephone: +268 2505 7844
• Email: DPOEswatini@transunion.com

You may complain to the Eswatini Data Protection Authority (EDPA)

• Email: dataprotection@esccom.org.sz
• Telephone number: +268 2406 7000
• Site: Eswatini Data Protection Authority (edpa.org.sz)