General Privacy Notice | Kenya

TransUnion Kenya

Last revised: 22 September 2022 

Version 1.1 

© 2022 TransUnion LLC
All Rights Reserved

No part of this publication may be reproduced or distributed in any form or by any means, electronic or otherwise, now known or hereafter developed, including, but not limited to, the Internet, without the express written permission of TransUnion. This document is protected by U.S. and International copyright laws. This document and the subject matter contained herein is TransUnion proprietary and confidential information, and may not be shared or used for any purposes other than the purpose for which it was provided by TransUnion, without the express written permission of TransUnion. By using this document, you are agreeing that you will not attempt, directly or indirectly, to reverse engineer, decompile, or disassemble any TransUnion services or service information, any confidential or proprietary criteria developed or used by TransUnion relating to services you receive from TransUnion, or any of the TransUnion confidential and proprietary information contained herein. The entire right, title and interest in and to this document and TransUnion services, and all copyrights, patents, trade secrets, trademarks, trade names, and all other intellectual property rights associated with any and all ideas, concepts, techniques, inventions, processes, or works of authorship including, but not limited to, all materials in written or other tangible form developed or created by TransUnion, shall at all times vest exclusively in TransUnion. You acknowledge that any misuse, misappropriation or threatened misappropriation of TransUnion’s intellectual property rights, or any breach or threatened breach of the foregoing restrictions, may cause immediate and irreparable injury to TransUnion, and in such event, TransUnion shall be entitled to seek injunctive relief. Nothing stated herein will be construed to limit any other remedies available to TransUnion including, but not limited to suspension and/or termination of the services provided to you.

Requests for permission to reproduce or distribute any part of, or all of, this publication should be mailed to:

Law Department
TransUnion
Delta Corner Annex, 2nd Floor, Ring Road,
Westlands, Nairobi.

The “tu” logo, TransUnion, and other trademarks, service marks, and logos (the “Trademarks”) used in this publication are registered or unregistered Trademarks of TransUnion LLC or their respective owners. Trademarks may not be used for any purpose whatsoever without the express written permission of the Trademark owner.

transunionafrica.com

Table of contents

Introduction

  1. Who we are and how to contact us
  2. How we use personal information
  3. Where we get personal information
  4. How long we keep personal information
  5. Our legal basis for handling personal information
  6. Who we share personal information with
  7. Where we store and send personal information
  8. Your rights concerning personal information
  9. Where to lodge a complaint

Introduction

This privacy notice provides a high-level overview of how we use and share personal information across TransUnion.

1. Who we are and how to contact us

Information for Good®

We’re in an era of rapid digital transformation where consumers demand more access to seamless, personalized products and services online. However, the existence of personal data that fuels this platform economic boom poses a threat to individuals, endangering their information security.

Now more than ever — and likely more so in the future — consumers and corporates need new levels of trust and transparency.

As a global information and insights company, TransUnion seeks to make this trust possible. We do this by curating a robust and actionable picture of each consumer so they’re reliably represented in the marketplace. This enables businesses and consumers to transact with confidence and achieve great things. We call this Information for Good.

We are a company with registered offices at Delta Corner Annex, 2nd Floor, Ring Road Westlands, Nairobi. This notice covers only the activities of TransUnion within the Republic of Kenya.

2. How we use personal information

TransUnion limits the use and disclosure of personal information to the terms of the Banking Act (CAP 488) of the Laws of Kenya; Credit Reference Bureau Regulations (2020) as amended from time to time (CRB Regulations); the Data Protection Act No. 24 of 2019; or any other applicable laws.

Unless, where applicable, we have your consent or the law permits us, we will not sell, rent or lease your personal information to others. We will not use or share your personal information in ways unrelated to the circumstances described below.

Unless permitted by the laws or with your consent, we do not use any personal information concerning religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health, sex life or biometric data.

Products and services

Many of our products and services rely on personal information. For example:

  • Credit reporting:TransUnion, pursuant to the provisions of the Banking Act (CAP 488) Credit Reference Bureau Regulation 2020, compiles consumer credit information in credit reports from applications to (for example) credit providers or services providers for credit or services.
  • Direct marketing:When you visit a TransUnion Site, we may invite you to sign up for information, promotional offers and marketing.

You can sign up for our news during the online ordering process by ticking the opt-in box: "I want to receive news and information on products to help me manage my debt better."

If you consent, TransUnion will access, use, process and analyse your personal information, Internet activity and marketing data to provide personalised offers from TransUnion and our trusted partners.

  • Digital marketing:To provide relevant products and services to consumers, we enable business partners to use our data and technology to create, deploy and measure targeted digital advertising programs.
  • Advertising:We may use domestic or overseas third-party advertising companies to serve ads on TransUnion Site or on other sites which we use for advertising. We may also use third-party analytical tools to personalise advertisements and enhance the visitor experience.
  • Market research:Participation in market research activities is optional. When you opt-in, we use your information to improve the experience of our products and services. Third parties assisting with market research can keep non-personal, aggregated data for our research purposes.
  • Business products:We may use personal information to promote and market relevant products, services and special offers from us and our affiliates.
  • Customer service:We may use personal information to identify customers, process transactions and provide quality service.
  • Recruitment:We use personal information when we receive an employment application.

Business operations

For internal operations, we may use personal information, such as:

Names, contact details and other information from consumers who contact us to deal with their enquiries. See our Customer Service Privacy Notice for more.

Employee information (including employment and educational history, background checks and performance appraisals) to manage our relationships.

CCTV cameras in public areas of our business premises for the safety of staff and visitors, and the security of our information and assets.

Legal and regulatory purposes, such as responding to complaints or enquiries about how we have used personal information.

In addition, we may aggregate anonymised data to provide advertising performance analytics to business partners.

For more details on the kinds of data used for each purpose described, visit the TransUnion Privacy Center

For more on our use of cookies, see our Cookie Policy.

3. Where we get personal information

We get personal information directly from our business partners, suppliers, clients, site visitors, and products and services customers sign up for.

When visitors use any products or functions in a TransUnion Site, we collect general internet data (including internet protocol ("IP") address, metadata, location data, date and time of the visit) and behavioral data, such as searches transactions and purchases.

We also receive anonymous information from websites where we display advertisements to enhance or modify our campaigns.

We collect user information anonymously without linking data to personal information other than authenticating and protecting private data.

4. How long we keep personal information

Simply put, we keep personal information for as long as necessary. More technically, we retain it to fulfil the purpose(s) of its provision, to comply with applicable laws, and for as long as your consent to such purpose(s) remains valid after termination of our relationship.

5. Our legal basis for handling personal information

Legitimate interests

The Data Protection Act No. 24 of 2019 allows personal information usage where necessary for legitimate purposes without undue adverse impact. We base most of our processing activities on the 'legitimate interests' condition. For more details, refer to the relevant privacy notices in the links above.

Consent

We sometimes rely on consent to process personal information, but this is relatively rare. Refer to the relevant privacy notices at www.transunionafrica.com/legal/kenya for more details.

Contracts

If you sign up for one of our online services, we need to use personal information to provide the services as set out in the Terms & Conditions. We also use this basis for processing some of our staff data. Refer to the privacy notice on the relevant website for details.

Compliance

We only access, use and disclose personal information without consent in exceptional circumstances where necessary to:

  • Comply with the law or a legal process served on us
  • Comply with requests for information from police or government authorities
  • Protect and defend our rights or property (including the enforcement of agreements)
  • Protect the public interest
  • Act in urgent circumstances to protect the personal safety of our employees or members of the public
  • Act on implied consent

We apply the above in terms of the CRB Regulations, Data Protection Act No. 24 of 2019, and other relevant national legislation.

6. Who we share personal information with

Clients and resale partners

Our clients have privacy notices that provide more information about how they use the data we supply. These clients typically operate in the following sectors:

  • Auto dealers
  • Commercial
  • Employment agencies
  • Insurance
  • Retail
  • Telecommunications
  • Collections
  • Financial services
  • Public sector
  • Startup

If our clients appoint an intermediary to act on their behalf, they too will receive the data. We also appoint data resale partners who distribute our data to third parties.

Service providers

Our clients and we might provide information to third parties that help us achieve the purposes described in section 2. For example:

  • Cloud-based services, such as Salesforce, help host, manage and analyse our databases
  • Cloud-based technologies, such as Microsoft Office 365, support our ordinary business operations
  • Printing companies to produce and send direct mail or other correspondence
  • Payment service providers to help with payments made by individuals
  • Market research companies to help us better understand our customers
  • A specialist sub-contractor operates our CCTV system
  • Regulators like the Information Commissioner's Office or the Financial Conduct Authority

These service providers cannot use your information for their purposes or on behalf of other organisations unless you agree otherwise.

7. Where we store and send personal information

We access and use your information from our base in Kenya. We will not transfer personal information to a country lacking laws that provide an adequate level of information protection — unless we have an agreement with the recipient requiring measures that offer a similar level of protection as the Data Protection Act No. 24 of 2019 in Kenya.

8. Your rights concerning personal information

We outline your rights regarding the personal information we hold about you below.

Access: You can access all information we hold about you by contacting us through info@transunion.com and DPO_KE@transunion.com.

Correction/Destruction/Deletion: If the information we hold about you is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained lawfully, you have a right to ask us to correct it or delete it unless the law provides an alternate resolution method.

Objection to processing: You may object (on reasonable grounds) to processing your personal information unless legislation provides for such processing.

Objection to direct marketing: You may object to us using your personal information for direct marketing, and if you do, we will stop.

To find out about exercising these rights, please contact us on TransUnion Contact Centre: +254 742 258478, +254 768 617074, +254 768 253748, +254 768 262495 or +254 706 565285

9. Where to lodge a complaint

We strive to deliver the highest levels of customer service. However, if you’re ever unhappy, please contact us so we can investigate.

  • Post: PO Box 46406- 00100, Nairobi
  • Telephone: +254 742 258478, +254 768 617074, +254 768 253748, +254 768 262495 or +254 706 565285

You can also contact our Data Protection Officer at DPO_KE@transunion.com
You may complain to the Information Regulator:

Site: https://www.odpc.go.ke/file-a-complaint/