PERSONAL
BUSINESS
English
Kenya English
Botswana English
Namibia English
Rwanda English
Zambia English
Eswatini English
Contact Us
PERSONAL
BUSINESS
Contact Us
| |
English
Kenya English
Botswana English
Namibia English
Rwanda English
Zambia English
Eswatini English

Kenya Privacy Centre

Business Contact Privacy Notice

Introduction


This privacy notice provides a high-level overview of how we use and share personal data across TransUnion. You can find more detailed information at the TransUnion Privacy Centre or in other privacy information you may have received.

In Brief


We use personal data to:

  • Manage our relationship with our business contacts and keep in touch with them
  • Promote our products and services to our customers and potential customers

This notice covers the following topics:

  1. Who we are and how to contact us
  2. How we use personal data
  3. The kinds of personal data we use and where we get personal data
  4. How long we keep personal data
  5. Our legal basis for handling personal data
  6. Who we share personal data with
  7. Where we store and send personal data
  8. Your rights concerning your personal data
  9. Where to lodge a complaint

 

1.   Who we are and how to contact us


Information for Good®

We are in an era of rapid digital transformation where consumers demand more access to seamless, personalised products and services online. But the currency of personal data that fuels this platform economic boom poses threats to individuals and endangers corporate security.

Now more than ever — and likely more so in the future — consumers and corporates need new levels of trust and transparency.

As a global information and insights company, TransUnion seeks to make trust possible. We do this by curating an accurate and comprehensive picture of each consumer, so they are safely and reliably represented in the marketplace. This enables businesses and consumers to transact with confidence and achieve great things. We call this Information for Good.

We have our registered offices at 2nd Floor Delta Corner Annex, Ring Road, Westlands, Kenya.  Although we are part of a larger group, this notice covers only the activities of Credit Reference Bureau Africa Limited T/A TransUnion within the Republic of Kenya.
 

Contact details

Contact us about personal data issues, including the contents of this notice via:

2.   How we use personal data
 

Relationship management

We use personal data to maintain and develop our relationships with clients, suppliers and their representatives.

Example: relationship management

  • Informing you about product changes or planned maintenance activity
  • Contacting you with billing enquiries
  • Inviting you to events and webinars
  • Corresponding with you about your enquiries
  • Conducting surveys to collect qualitative and quantitative feedback
  • Canvassing you about products or product features you want us to develop


Marketing

We use personal data to market our products and services to current and potential clients and their representatives. This includes providing industry insights, commentary and research on data and software, notification of events and webinars, and updates on products and services.

Example: Marketing

  • Monitoring your interactions to understand the products and services that interest you so we can tailor our marketing
  • Contacting you by email, telephone, SMS or post to tell you about products and services we think will interest you


Providing services

Sometimes we use personal data to provide information, services, alerts and other facilities requested. For example, we might use your contact details to grant access to one of our webinars.

As a registered user of one of our products, we may use your personal data within that product — please refer to the privacy notice available within the product for more details.


Monitoring and improving our websites

We use information such as how different people navigate our websites, how long they spend on particular pages and what content they download. This helps us improve the user experience by tailoring our website to match individual interests and preferences.

Security and systems administration

We also use this information for security and system administration to generate non-personalised data (such as statistics on the uptake of services and patterns of browsing). In addition, we may share this anonymous data with business contacts, selected third parties, sponsors and advertisers.

 

Legal and regulatory purposes


We may also need to use your personal data for legal and regulatory purposes.
 

3.   The kinds of personal data we use and where we get personal data


We obtain and use information from various sources summarised in the following table:

Type of information

Description

Source

Name and contact details

Basic personal data about you and your workplace

Usually provided by the individual via telephone, email, our websites or in person at an event

 

Organisation-related details

Your organisation, department and role

Login credentials

Username and password recorded when you sign up to any of our web-based services

Provided by the user or AI-generated or by us (if we reset a password)

Contact history

Our engagements, such as information exchanged, meetings, events or webinars attended, emails opened, links clicked and contacts within TransUnion

We produce these records

Device information

The type of device used to access our websites, its operating system, cookies, browser and IP address

We produce this information

Website usage

Use of our websites, such as pages visited and content downloaded


We need your personal data to provide our products correctly. You do not have to provide us with personal data for technical support requests, but this may impede the help we can provide.
 

4.   How long we keep personal data


Simply put, we keep personal data for as long as necessary. More technically, we retain it to fulfil the purpose(s) of its provision, to comply with applicable laws, and for as long as your consent to such purpose(s) remains valid after termination of our relationship.

The Banking (Credit Reference Bureau) Regulations 2020 requires we use credit information only for the provided maximum periods prescribed for credit scoring or credit assessment.

We keep specific data indefinitely to verify the integrity of the information we may need to process in the future. We store this information securely and don't use it for any other purpose.

 

5.   Our legal basis for handling personal data


Legitimate interests

The Data Protection Act, 2019 allows personal data usage where necessary for legitimate purposes without undue adverse impact. We base most of our processing activities on the 'legitimate interests' condition. For more details, refer to the relevant privacy notices in the links above.

Interest

Explanation

Strategic customer engagement

 

 

 

Develop and leverage our understanding of customers and suppliers and how they use our products and services

 

Strategically targeted marketing

Promote new and existing products and services to suitable current and potential clients

Develop new and improve existing products and services

Help us remain competitive, differentiated and attractive to clients by providing world-class, future-fit solutions

Monitor and secure our systems and data

Fulfil our promise by keeping our systems and data secure


Sometimes we process personal data on the following grounds:
 

Grounds

Examples

Consent

We will ask if you agree to us using your data in specified ways, such as when you tick a box showing you wish to receive marketing emails or telephone calls from us

Contractual

 

We may need to use your details to perform a contracted product or service

Legal

Regulators, government bodies and courts can order us to provide information and we may have to comply

 

6.   Who we share personal data with


Clients


Our clients have privacy notices that provide more information about how they use the data we supply. These clients typically operate in the following sectors:

  • Banks, Microfinance institutions etc.
  • Traders
  • Insurance
  • Retail
  • Telecommunications
  • Collections
  • Employment agencies
  • Financial services
  • Public sector
  • Startup

If our clients appoint an intermediary to act on their behalf, they too will receive the data.

Service providers
 

Information may be disclosed to third parties by us and our clients to the extent necessary for the achievement of the purposes outlined above for example:

  • Cloud-based services, such as Salesforce, help host, manage and analyse our databases.
  • Cloud-based technologies, such as Microsoft Office 365, support our ordinary business operations.
  • Printing companies to produce and send direct mail or other correspondence.
  • Payment service providers to help with payments made by individuals.
  • Market research companies to help us better understand our customers.
  • Services Providers that assist us with providing our services to you.
  • A specialist sub-contractor operates our CCTV system.
  • Regulators like the Office of the Data Protection Commissioner or the Central Bank of Kenya.

These service providers can't use your information for their purposes or on behalf of other organisations unless you agree otherwise.

 

7.   Where we store and send personal data


We sometimes make use of Service Providers that are situated outside of Kenya, e.g. South Africa, UK and US.  We access and use your information from our base in Kenya and will not transfer personal data to a country lacking laws that provide an adequate level of information protection, unless we have an agreement with the recipient requiring measures that offer a similar level of protection as the Data Protection Act, 2019 in Kenya and with the required permission from the relevant supervisory authority.

 

8.   Your rights concerning personal data


We outline your rights regarding the personal data we hold about you below.

Access: You can access all information that we hold about you by contacting us through DPO_KE@transunion.com

Correction/Destruction/Deletion: If the information we hold about you is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully, you have a right to ask us to correct it or delete it.

Objection to processing: You may object (on reasonable grounds) to processing your personal data unless legislation provides for such processing.

Objection to direct marketing: You may object to us using your personal data for direct marketing, and if you do, we will stop.

 

9.   Where to lodge a complaint


We strive to deliver the highest levels of customer service. However, if you’re ever unhappy with us, please contact us so we can investigate.

  • Location:  2nd floor, Delta Corner Annex, Ring Road Westlands, Kenya
  • Postal Address:  P O Box 46406 – 00100 Nairobi
  • Telephone:  +254 (020) 7603717
  • Email: DPO_KE@transunion.com

 

You may complain to the Office of the Data Protection Commissioner (ODPC):

  • Physical Address: 12th and 13th Floor, Britam Tower, Upper Hill
  • Postal Address: P.O. Box 30920-00100 Nairobi, Kenya
  • Email: info@odpc.go.ke.
  •  Site: www.odpc.go.ke