Last revised: 22 September 2022
Version 1.0
© 2022 TransUnion LLC
All Rights Reserved
No part of this publication may be reproduced or distributed in any form or by any means, electronic or otherwise, now known or hereafter developed, including, but not limited to, the Internet, without the express written permission of TransUnion. This document is protected by U.S. and International copyright laws. This document and the subject matter contained herein is TransUnion proprietary and confidential information, and may not be shared or used for any purposes other than the purpose for which it was provided by TransUnion, without the express written permission of TransUnion. By using this document, you are agreeing that you will not attempt, directly or indirectly, to reverse engineer, decompile, or disassemble any TransUnion services or service information, any confidential or proprietary criteria developed or used by TransUnion relating to services you receive from TransUnion, or any of the TransUnion confidential and proprietary information contained herein. The entire right, title and interest in and to this document and TransUnion services, and all copyrights, patents, trade secrets, trademarks, trade names, and all other intellectual property rights associated with any and all ideas, concepts, techniques, inventions, processes, or works of authorship including, but not limited to, all materials in written or other tangible form developed or created by TransUnion, shall at all times vest exclusively in TransUnion. You acknowledge that any misuse, misappropriation or threatened misappropriation of TransUnion’s intellectual property rights, or any breach or threatened breach of the foregoing restrictions, may cause immediate and irreparable injury to TransUnion, and in such event, TransUnion shall be entitled to seek injunctive relief. Nothing stated herein will be construed to limit any other remedies available to TransUnion including, but not limited to suspension and/or termination of the services provided to you.
Requests for permission to reproduce or distribute any part of, or all of, this publication should be mailed to:
Law Department
TransUnion
Delta Corner Annex, 2nd Floor, Ring Road,
Westlands, Nairobi.
The “tu” logo, TransUnion, and other trademarks, service marks, and logos (the “Trademarks”) used in this publication are registered or unregistered Trademarks of TransUnion LLC or their respective owners. Trademarks may not be used for any purpose whatsoever without the express written permission of the Trademark owner.
Table of contents
This privacy notice provides information about how we use and share the personal information of people using our business products and technical support facilities.
We’re in an era of rapid digital transformation where consumers demand more access to seamless, personalized products and services online. However, the existence of personal data that fuels this platform economic boom poses a threat to individuals endangering their information security.
Now more than ever — and likely more so in the future — consumers and corporates need new levels of trust and transparency.
As a global information and insights company, TransUnion seeks to make trust possible in modern commerce. We do this by curating robust and actionable picture of each consumer so they’re reliably represented in the marketplace. This enables businesses and consumers to transact with confidence and achieve great things. We call this Information for Good®.
We are a company with registered offices at Delta Corner Annex, 2nd Floor, Ring Road Westlands, Nairobi. Notice covers only the activities of TransUnion within the Republic of Kenya.
TransUnion companies sometimes cooperate with other TransUnion companies when sharing and making decisions about your personal information. When this happens, all employees across the group ensure each company involved complies with data protection rules.
Contact our Consumer Services Team to enquire about any of our companies or exercise your rights regarding your personal information.
Contact details
Contact us about personal information issues, including the contents of this notice via:
We use personal information to operate our products and administer the accounts of people who use them.
Example
We hold username and password details to control access to products.
We monitor access to our products to ensure only authorised people access our products and data. If we detect suspicious activity, we may suspend an account and investigate.
Sometimes we share data with clients (or their affiliates, business partners or group companies) about how their employees use our products. For example, how often and why a staff member uses a product. Clients may ask for this information in deciding whether to continue buying the product, or staff management in checking whether products are being used properly.
If the information shows employee misconduct, an employer might use that information as part of a disciplinary process.
Example
A bank suspects an employee is performing unauthorised credit report searches and asks us for details of the searches conducted by that person. The bank uses this information to support its internal investigation into that employee’s actions.
Information, such as how different people use our products, how long they spend on particular tasks and what sort of information they look for, helps us customise and improve our products. We also use this information for security and system administration and to generate non-personalised information for client use.
Product or systems development and testing
We may use personal information while developing or testing our products, systems and security measures. Where possible, we create pseudonyms or otherwise anonymise such data.
If you contact us with a question about one of our product or services, we use your personal information to provide the answer. This includes contacting you about your request and sometimes about queries raised by other users.
Queries: legal and regulatory purposes
We may also need to use your personal information for legal and regulatory purposes.
Example: Legal and regulatory purposes
If you make a complaint about us to our regulators, they’ll normally ask us to investigate your case. This will involve accessing your personal information. Similarly, if you start court proceedings against us, we’ll normally need to review how we have used your personal information to defend ourselves against your claim.
We obtain and use information from various sources summarised in the following table.
Type of information | Description | Source |
Basic information about you and how to contact you: | Name, email address and job title. | You or your employer when we set up your account or are told the information has changed. |
Login credentials: | Username, password and other information controlling product access. | |
Product usage: | How and when you access and use the product, including dates and times, IP address, and how you use the product while logged in. | Monitoring your product usage. |
Your requests and enquiries: | Information you provide as part of a technical support query, request or enquiry. | Directly from you. |
We need your personal information to provide our products correctly. You do not have to provide us with personal information for technical support requests, but this may impede the help we can provide.
Simply put, we keep personal information for as long as necessary. More technically, we retain it to fulfil the purpose(s) of its provision, comply with applicable laws, and for as long as your consent to such purpose(s) remains valid after termination of our relationship.
The Data Protection Act, 2019 allows personal information usage where necessary for legitimate purposes without undue adverse impact. We base most of our processing activities on the legitimate interests listed below.
Interest | Explanation |
Market our products and services | To allow our business to reach the maximum number of clients. |
Develop and improve our products and services | To help us remain competitive, differentiated and attractive to clients. |
Monitor and secure our systems and data | To fulfil our promise by keeping our systems and data safe and secure. |
Maintain our client relationships | To build trust with our clients and business partners by outperforming and over-delivering. |
Entrench our commercial interests | To earn sustainable revenue through the efficient and effective provision of competitive products and services. |
As mentioned in Section 2, if asked, we may supply usage information about a TransUnion product to an employer, its affiliates, business partners or group companies.
We may provide information to third parties who help us use it for purposes described in Section 2.
We may use a third-party email broadcasting service to send you service emails. However, unless you agree otherwise, these service providers cannot use your information for their purposes or on behalf of other organisations.
Sometimes we may need to supply information to third parties (such as our service providers or other companies in the TransUnion group) to help deal with a support request or further enquiry.
We share personal information with government authorities and law enforcement officials if required by law or for legal protection of our legitimate interests in compliance with applicable laws.
We access and use your information from our base in Kenya. We will not transfer personal information to a country lacking laws that provide an adequate level of information protection — unless we have an agreement with the recipient requiring measures that offer a similar level of protection as the Data Protection Act No. 24 of 2019.
Access: You have the right to find out if and what personal information we hold about you. Refer your Data access rights queries to info@transunion.com or DPO_KE@transunion.com
Correction/Destruction/Deletion: If the information we hold about you is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained lawfully, you have a right to ask us to correct it or delete it or have us explore the available dispute resolution mechanism to enable correction or deletion of the same pursuant to Reg. 37 of the Credit Reference Bureau Regulation, 2020.
Objection to processing: You may object (on reasonable grounds) to processing your personal information unless legislation provides for such processing.
Objection to direct marketing: You may object to us using your personal information for direct marketing, and if you do, we will stop.
We try to deliver the highest levels of customer service. However, if you’re ever unhappy, please contact us so we can investigate.
You can also contact our Data Protection Offficer at DPO_KE@transunion.com
You may complain to the Information Regulator: