This privacy notice provides a high-level overview of how we use and share personal data across TransUnion. You can find more detailed information at the TransUnion Privacy Centre or in other privacy information you may have received.
When you contact us with a request, complaint, or enquiry, we will use your personal data to help us to respond to you.
Sometimes this will mean sharing personal data with third parties. For example, if you dispute the accuracy of information on your credit report, we may need to contact the organisation who provided us with that information to check whether it is correct.
This notice covers the following topics:
Information for Good®
We are in an era of rapid digital transformation where consumers demand more access to seamless, personalised products and services online. But the currency of personal data that fuels this platform economic boom poses threats to individuals and endangers corporate security.
Now more than ever — and likely more so in the future — consumers and corporates need new levels of trust and transparency.
As a global information and insights company, TransUnion seeks to make trust possible. We do this by curating an accurate and comprehensive picture of each consumer, so they are safely and reliably represented in the marketplace. This enables businesses and consumers to transact with confidence and achieve great things. We call this Information for Good.
We have our registered offices 2nd Floor Delta Corner Annex Ring Road Westlands Kenya. Although we are part of a larger group, this notice covers only the activities of Credit Reference Bureau Africa T/A TransUnion within the Republic of Kenya.
Contact details
Contact us about personal data issues, including the contents of this notice via:
We use your personal data to deal with any issue or complaint you have raised (which we refer to as an “enquiry”). This might include contacting you for more information or tell you the outcome of your enquiry. Typical enquiries include:
Identity verification
When you contact us, we may need to verify your identity to ensure we do not provide personal data to unauthorised parties.
Example: identity verification
If someone contacts us and asks us for a copy of your credit report, we will check that it is you (or someone authorised by you) asking for it. We may ask for evidence of identity such as a copy of your identity card or a bank statement.
Itis important to do this because the information in your credit report is valuable and could be used to impersonate you if it were to fall into the wrong hands.
Feedback
We may ask you to provide us with feedback or to leave a review about the service you received. Your feedback helps us to improve our services.
Products and services
We use aggregated statistics about enquiries, requests and complaints to help manage our services and identify potential problems. Some enquiries lead to changes to the personal data we use in our products and services.
Constant improvement
We use information from complaints and requests to help understand what went wrong, fix any problems, and improve how we deal with similar issues.
Legal and regulatory purposes
We may use personal data for legal and regulatory purposes. This might include responding to complaints or enquiries from you or a regulator about how we have handled your enquiry or used your personal data.
We obtain and use information from various sources summarised in the following table:
Type of Information | Description | Source |
Basic contact information. | Name, email address and job title | You provide this information when you make an enquiry or when we subsequently request it. |
Your enquiry. | Any enquiry you make | |
Proof of identity or authority and other supporting documentation. | To prove your identity. If you enquire on someone else’s behalf, we may ask for proof of authority, such as a power of attorney. Sometimes we may require additional supporting documentation. | |
Information gathered in dealing with your enquiry. | Dealing with an enquiry involves investigating the circumstances. This type of information depends on the enquiry. | Internal records and external organisations, such as clients and suppliers. |
Our response and other correspondence. | Our response to and other correspondence relating to your enquiry. | We produce this ourselves. |
Website usage. | If you access or submit information through our website, we record information such as IP address, operating system and browser type. | We gather this through the website. |
You are free to choose whether you give us your personal data. However, if you do not provide the information we need, this may limit our ability to help.
We keep your personal data during the enquiry and for an additional period after completion. That period depends on purposes, such as:
Legitimate interests
The Data Protection Act 2019 allows personal data usage where necessary for legitimate purposes without undue adverse impact. We base most of our processing activities on the 'legitimate interests' condition. For more details, please visit our Privacy Centre.
Interest | Explanation |
Security | To keep your personal data secure |
Reputation and service improvement | Manage enquiries quickly and efficiently to build our business reputation |
Clients
Our clients have privacy notices that provide more information about how they use the data we supply. These clients typically operate in the following sectors:
If our clients appoint an intermediary to act on their behalf, they too will receive the data.
Service providers
We may provide information to third parties who help us use it for purposes described above for example:
Data suppliers and other third parties
If your enquiry is about data supplied to us by third parties, we might provide them with your personal data to help manage your enquiry. For example, if you dispute the accuracy of an entry on your credit file, we may contact the provider of that information to check whether its validity.
These service providers cannot use your information for their purposes or on behalf of other organisations unless you agree otherwise.
We sometimes make use of Service Providers that are situated outside of Kenya, e.g., South Africa, UK, and US. We access and use your information from our base in Kenya and will not transfer personal data to a country lacking laws that provide an adequate level of information protection, unless we have an agreement with the recipient requiring measures that offer a similar level of protection as in the Data Protection Act 2019 in Kenya and with the required permission from the relevant supervisory authority.
We outline your rights regarding the personal data we hold about you below.
Access: You can access all information that we hold about you by contacting us through DPO_KE@transunion.com
Correction/Destruction/Deletion: If the information we hold about you is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully, you have a right to ask us to correct it or delete it.
Objection to processing: You may object (on reasonable grounds) to processing your personal data unless legislation provides for such processing.
Objection to direct marketing: You may object to us using your personal data for direct marketing, and if you do, we will stop.
We strive to deliver the highest levels of customer service. However, if you are ever unhappy with us, please contact us so we can investigate.
You may complain to the Office of the Data Protection Commissioner (ODPC):