May, 2024

Version 2.0

TransUnion Confidential—For Internal Use Only

 

Introduction

 

This privacy notice provides a high-level overview of how we use and share personal information across TransUnion. You can find more detailed information at the TransUnion Privacy Center or in other privacy information you may have received.

In this Privacy Notice, any reference to TransUnion includes any of the entities listed below:

  1. TransUnion Africa Holdings (Pty) Ltd, 2012/035271/07
  2. TransUnion Africa (Pty) Ltd, 1992/007124/07
  3. TransUnion Analytic and Decision Services (Pty) Ltd, 1992/000475/07
  4. TransUnion Auto Information Solutions (Pty) Ltd, 2000/018558/07
  5. TransUnion Credit Bureau (Pty) Ltd, 2004/007773/07

In Brief

 

TransUnion strives to protect privacy as we collect, use, process, disclose, transfer and retain personal information.

If your personal information is used unlawfully or infringes on your privacy, you have the right to object.

This notice covers the following topics:

  1. Who we are and how to contact us
  2. How we use personal information
  3. Where we get personal information
  4. How long we keep personal information
  5. Our legal basis for handling personal information
  6. Who we share personal information with
  7. Where we store and send personal information
  8. Your rights concerning your personal information
  9. Where to lodge a complaint

Who we are and how to contact us

 

Information for Good®

We're in an era of rapid digital transformation where consumers demand more access to seamless, personalised products and services online. But the currency of personal information that fuels this platform economic boom poses threats to individuals and endangers corporate security.

Now more than ever — and likely more so in the future — consumers and corporates need new levels of trust and transparency.

As a global information and insights company, TransUnion seeks to make trust possible. We do this by curating an accurate and comprehensive picture of each consumer so they're safely and reliably represented in the marketplace. This enables businesses and consumers to transact with confidence and achieve great things. We call this Information for Good.

We're a group of companies with registered offices at TransUnion, 10th Floor, 11 Alice Lane, Sandton, Johannesburg, 2196.  Although we're part of a larger group, this notice covers only the activities of TransUnion companies within the Republic of South Africa.

 

Contact details

 

Contact us about personal information issues, including the contents of this notice via:

 

Post: PO Box 4522 Johannesburg 2000

Telephone:   Contact Centre: 0861 482 482

Email: TUAPrivacy@transunion.com

Please refer to our Consumer Contact Privacy Notice for information on how we handle your personal information with complaints and enquiries.

 

How we use personal information

TransUnion limits the use and disclosure of personal information to the terms of the National Credit Act 34 of 2005 (NCA), Protection of Personal Information Act 4 of 2013 (PoPIA) or any other applicable laws.

Unless we have your consent or the law permits us, we will not sell, rent or lease your personal information to others. We will not use or share your personal information in ways unrelated to the circumstances described below.

Unless permitted by the laws or with your consent, we do not use any personal information concerning religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health, sex life or biometric data.

Products and services

Many of our products and services rely on personal information. For example:

Credit reporting: TransUnion compiles consumer credit information in credit reports from applications to (for example) credit providers or services providers for credit or services.

Direct marketing: When you visit a TransUnion Site, we may invite you to sign up for information, promotional offers and marketing.

You can sign up for our news during the online ordering process by ticking the opt-in box, "I want to receive news and information on products to help me manage my debt better."

If you consent, TransUnion will access, use, process and analyse your personal information, your consumer credit information, Internet activity and marketing data to provide personalised offers from TransUnion and our trusted partners.

Digital marketing: To provide relevant products and services to consumers, we enable business partners to use our data and technology to create, deploy and measure targeted digital advertising programs.

Advertising: We may use domestic or overseas third-party advertising companies to serve ads on TransUnion Site or on other sites which we use for advertising. We may also use third-party analytical tools to personalise advertisements and enhance the visitor experience.

Market research: Participation in market research activities is optional. When you opt-in, we use your information to improve the experience of our products and services. Third parties assisting with market research can keep non-personal aggregated data for our research purposes.

Business products: We may use personal information to promote and market relevant products, services and special offers from us and our affiliates.

Customer service: We may use personal information to identify customers, process transactions and provide quality service.

Recruitment: We use personal information when we receive an employment application.

Business operations

We may use personal information for our internal operations, such as:

Names, contact details and other information from consumers who contact us to deal with their enquiries. See our Customer Service Privacy Notice for more.

Employee information (including employment and educational history, background checks and performance appraisals) to manage our relationship.

CCTV cameras in public areas of our business premises for the safety of staff and visitors, and the security of our information and assets.

Biometric information to manage access to our business premises, in order to ensure the safety of staff and visitors, and the security of our information and assets.

Legal and regulatory purposes, such as responding to complaints or enquiries about how we have used personal information.

In addition, we may aggregate anonymised data to provide advertising performance analytics to business partners.

For more details on the kinds of data used for each purpose described, visit the TransUnion Privacy Center to view our other privacy notices.

For more on our use of cookies, see our Cookie Policy.

 

Where we get personal information

 

We get personal information directly from our business partners, suppliers, clients, site visitors, and product and services customers signing up for any of our products or services.

For more details on where we get personal information, visit the TransUnion Privacy Center to view our other privacy notices.
 

How long we keep personal information

 

Simply put, we keep personal information for as long as necessary. More technically, we retain it to fulfil the purpose(s) of its provision, to comply with applicable laws, and for as long as your consent to such purpose(s) remains valid after termination of our relationship.

 

Our legal basis for handling personal information

 

Legitimate interests
The Protection of Personal Information Act (POPIA) allows personal information usage where necessary for legitimate purposes without undue adverse impact. We base most of our processing activities on the 'legitimate interests' condition. For more details, refer to the relevant privacy notices in the links above.

Consent
We sometimes rely on consent to process personal information, but this is relatively rare. Refer to the relevant privacy notices at www.transunion.co.za/privacy for more details.

Contracts
If you sign up for one of our online services, we need to use personal information to provide the services as set out in the Terms & Conditions. We also use this basis for processing some of our staff data. Refer to the privacy notice on the relevant website for details.

Compliance

We only access, use and disclose personal information without consent in exceptional circumstances where necessary to:

  • Comply with the law or a legal process served on us
  • Comply with requests for information from police or government authorities
  • Protect and defend our rights or property (including the enforcement of agreements)
  • Protect the public interest
  • Act in urgent circumstances to protect the personal safety of our employees or members of the public
  • Act on implied consent

We apply the above in terms of the NCA, PoPIA and other relevant national legislation.

 

Who we share personal information with

 

Our clients and resale partners

We share personal information with our clients for the purposes described above. Our clients have privacy notices providing details on how they use the data we supply.

These clients typically operate in the following sectors:

  • Financial services (including banks, loans, credit cards, mortgages, pensions, and investments and savings providers)
  • Insurance
  • Retail (including car sales/leasing and online retailers)
  • Telecommunications
  • Marketing agencies acting for other organisations
  • Auto dealers
  • Commercial
  • Collections

If our clients appoint an intermediary to act on their behalf, they too will receive the data.

Our group of companies

As stated, we share personal information among TransUnion RSA companies where appropriate. We have set out a list of current such companies below.

Group Company

Physical Address

TransUnion Africa Holdings (Pty) Ltd

TransUnion
10th Floor,
11 Alice Lane
Sandton
Johannesburg
2196

TransUnion Credit Bureau (Pty) Ltd

TransUnion Africa (Pty) Ltd

TransUnion Analytic and Decision Services (Pty) Ltd

TransUnion Auto Information Solutions (Pty) Ltd

 

Service providers

Our clients and we might provide information to third parties that help us achieve the purposes described above. For example:

  • Cloud-based services, such as Salesforce, help host, manage and analyse our databases.
  • Cloud-based technologies, such as Microsoft Office 365, support our ordinary business operations.
  • Printing companies to produce and send direct mail or other correspondence.
  • Payment service providers to help with payments made by individuals.
  • Market research companies to help us better understand our customers.
  • A specialist sub-contractor operates our CCTV system.

·       Services Providers that assists us with providing our services to you.

These service providers can't use your information for their purposes or on behalf of other organisations unless you agree otherwise.

 

Where we store and send personal information

 

We sometimes make use of Service Providers that are situated outside of South Africa, e.g. India, UK and US.  We will not transfer personal information to a country lacking laws that provide an adequate level of information protection — unless we have an agreement with the recipient requiring measures that offer a similar level of protection as POPIA in South Africa.

How the personal information is used

 

We provide data and analytics that help our clients make decisions about lending and other matters, but their data, knowledge, processes and practices play a significant role in those decisions.

For example, when we sell our services to credit or loan providers, we do not decide whether they should grant you credit or a loan — this is for the lender to decide.

 

Your rights concerning personal information

 

We outline your rights regarding the personal information we hold about you below.

Access: You can access all information that we hold about you by contacting us through TUAPrivacy@transunion.com

Correction/Destruction/Deletion: If the information we hold about you is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained lawfully, you have a right to ask us to correct it or delete it.

Objection to processing: You may object (on reasonable grounds) to processing your personal information unless legislation provides for such processing.

Objection to direct marketing: You may object to us using your personal information for direct marketing, and if you do, we will stop.

 

Where to lodge a complaint

 

We strive to deliver the highest levels of customer service. However, if you’re ever unhappy with us, please contact us so we can investigate.

Location: 10th Floor, 11 Alice Lane, Sandton, 2196

Postal Address: PO Box 4522, Johannesburg, 2000

Telephone: +250 7889 33094

You can also contact our Information Officer or Deputy Information Officer at TUAPrivacy@transunion.com


You may complain to the Information Regulator:

Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017

Email: POPIAComplaints@inforegulator.org.za.

Site: www.inforegulator.org.za  

April, 2024

Version 2.1

TransUnion Confidential—For Internal Use Only

 

Introduction

This privacy notice explains how we use and share personal information in our credit bureau business.

TransUnion Credit Bureau (Pty) Limited ("TransUnion") is a registered credit bureau. We strive to ensure your privacy is protected. This Privacy Policy outlines how we collect, use, process, disclose, transfer and retain your personal information.

We comply with the National Credit Act, 2005 (No.34 of 2005) ("NCA"), the Protection of Personal Information Act, 2013 (No. 4 of 2013) ("PoPIA"), and the principles outlined in Sections 50 and 51 of the Electronic Communications and Transactions Act, 2002 (No.25 of 2002) governing your right to keep your personal information private.

In this Privacy Policy, "Consumer Credit Information" means consumer credit information defined in Section 70 of the NCA.

You can find more detailed information at the TransUnion Privacy Center or in other privacy information you may have received.

In Brief

TransUnion strives to protect privacy as we collect, use, process, disclose, transfer and retain personal information.

If your personal information is used unlawfully or infringes on your privacy, you have the right to object.

This notice covers the following topics:

  1. Who we are and how to contact us
  2. How we use personal information
  3. Where we get personal information
  4. How long we keep personal information
  5. Our legal basis for handling personal information
  6. Who we share personal information with
  7. Where we store and send personal information
  8. Your rights concerning your personal information
  9. Where to lodge a complaint

 

Information for Good®

We're in an era of rapid digital transformation where consumers demand more access to seamless, personalised products and services online. But the currency of personal information that fuels this platform economic boom poses threats to individuals and endangers corporate security.

Now more than ever — and likely more so in the future — consumers and corporates need new levels of trust and transparency.

As a global information and insights company, TransUnion seeks to make trust possible. We do this by curating an accurate and comprehensive picture of each consumer so they're safely and reliably represented in the marketplace. This enables businesses and consumers to transact with confidence and achieve great things. We call this Information for Good.

We're a group of companies with registered offices at TransUnion, 10th Floor, 11 Alice Lane, Sandton, Johannesburg, 2196.  Although we're part of a larger group, this notice covers only the activities of TransUnion companies within the Republic of South Africa.

 

Contact details

Contact us about personal information issues, including the contents of this notice via:

Please refer to our Consumer Contact Privacy Notice for information on how we handle your personal information with complaints and enquiries.

 

How we use personal information

TransUnion limits the use and disclosure of personal information to the terms of the National Credit Act 34 of 2005 (NCA), Protection of Personal Information Act 4 of 2013 (PoPIA) or any other applicable laws.

Many of our products and services rely on personal information. For example:

Credit reporting: TransUnion compiles consumer credit information in credit reports from applications to (for example) credit providers or services providers for credit or services.

Credit services:  We may provide your information to organisations you deal with directly, such as credit risk assessors.

Example: credit risk assessment

If you apply for credit from one of our clients, they send us your data so we can find you in our databases and reply with information about your credit history. They use that information to assess your creditworthiness.

Fraud detection services: We may provide personal information to organisations other than those you deal with directly.

Example: fraud alerts

If we receive numerous identity verification checks against an individual in a short space of time, this could indicate someone is attempting identity theft or another form of fraud. In this case, we provide real-time fraud alerts to clients subscribed to that service.

If you have provided your details to an organisation to confirm your identity, we may retain those details and link them to other details we hold about you. Then, if a fraudster tries to use your details to apply for credit with a different organisation, we can raise a potential fraud alert.

Development and testing:  We sometimes use personal information to improve, develop, monitor, maintain and test our products, systems and security measures. Where possible, we create pseudonyms or make the data anonymous beforehand.

Legal and regulatory: We may use your personal information when responding to complaints or enquiries from you or a regulator about how we’ve used your personal information.

Information in your credit report includes:

Information in your credit report includes:

  • Identifying information, such as first name, surname, ID number, physical and postal address, contact numbers, marital status, spouse details, and current employer and occupation
  • An account history or payment profile is a 24-month record of all your accounts with credit or service providers and a history of how you pay these accounts
  • Enquiries include a list of credit or service providers allowed by you or permitted in terms of the NCA to receive your credit report
  • Public records include publicly available information as permitted by law, such as judgments, administration orders, sequestrations and rehabilitation
  • Default data is a record of any failure to pay money owed
  • Other includes any information permitted under the NCA

Information not included in your credit report:

  • Race, creed, colour, ancestry, ethnicity, religion, sexual orientation or political affiliations
  • Medical history or status
  • Major purchases paid in full with cash or cheques

Sources for information
We may collect your personal information, or obtain information originating from the following sources:

  • An organ of state, a court or judicial officer
  • Any person who supplies goods, services or utilities to consumers
  • A person providing long-term and short-term insurance
  • Entities involved in fraud investigation
  • Educational institutions
  • Debt collectors to whom a credit provider ceded or sold book debt
  • Other registered credit bureaus

The information we need
To verify information, credit providers need to include:

·       Your initials or full name and surname

·       Your South African identity number (if you have on) or your passport number and date of birth. Without this information, they can't lawfully grant credit.

Any further information requested by credit providers must be necessary and relevant to your application. No law forces you to give information, but a credit provider can't consider your credit application if you don't provide the information required.

How long we keep personal information

Simply put, we keep personal information for as long as necessary. More technically, we retain it to fulfil the purpose(s) of its provision, to comply with applicable laws, and for as long as your consent to such purpose(s) remains valid after termination of our relationship.

The Regulations to the NCA require we use various categories of information only for the maximum periods prescribed for credit scoring or credit assessment.

We keep specific data indefinitely to verify the integrity of the information we may need to process in the future. We store this information securely and don't use it for any other purpose.

 

Our legal basis for handling personal information

Required by the NCA
The Protection of Personal Information Act (POPIA) allows personal information usage where necessary for legitimate purposes without undue adverse impact. We base most of our processing of activities on the requirements placed on us by the NCA.  For more details, refer to the relevant privacy notices in the links above.

Interest

Explanation

Promoting responsible lending and helping prevent over-indebtedness.

Helping lenders only sell products that are affordable and suitable to the borrowers' circumstances.

Verifying identity, detecting and preventing crime and fraud

Assisting clients to meet business imperatives, and legal, compliance and regulatory requirements and obligations

Credit bureau functioning

Supporting the NCA by promoting transparency and fairness in the access to credit, responsible borrowing, and protecting consumers against reckless credit granting.

Consent
In most instances, consumer consent to use personal information comes to TransUnion via our clients and data suppliers.

You need to agree on who can use your personal information and how. To do this, persons who have your information must notify you they have your data and how they plan to use it.

We strive to ensure our clients and data suppliers honour their contractual obligation to get all legally required consents before accessing personal information in our credit reports.

Contracts
If you sign up for one of our online services, we need to use personal information to provide the services as set out in the Terms & Conditions. We also use this basis for processing some of our staff data. Refer to the privacy notice on the relevant website for details.

Compliance
We only access, use and disclose personal information without consent in exceptional circumstances where necessary to:

  • Comply with the law or a legal process served on us
  • Comply with requests for information from police or government authorities
  • Protect and defend our rights or property (including the enforcement of agreements)
  • Protect the public interest
  • Act in urgent circumstances to protect the personal safety of our employees or members of the public

Who we share personal information with

Our clients and reseller bureaus

We share personal information with our clients for the purposes described above. Our clients have privacy notices providing details on how they use the data we supply.

These clients typically operate in the following sectors:

  • Financial services (including banks, loans, credit cards, mortgages, pensions, and investments and savings providers)
  • Insurance
  • Retail (including car sales/leasing and online retailers)
  • Telecommunications
  • Marketing agencies acting for other organisations
  • Auto dealers
  • Commercial
  • Collections

If our clients appoint an intermediary to act on their behalf, they too will receive the data.

Our group of companies

As stated, we share personal information among TransUnion RSA companies where appropriate. We have set out a list of current such companies below.

Group Company

Physical Address

TransUnion Africa Holdings (Pty) Ltd

TransUnion
10th Floor,
11 Alice Lane
Sandton
Johannesburg
2196

TransUnion Credit Bureau (Pty) Ltd

TransUnion Africa (Pty) Ltd

TransUnion Analytic and Decision Services (Pty) Ltd

TransUnion Auto Information Solutions (Pty) Ltd

 

Service providers

Our clients and we might provide information to third parties that help us achieve the purposes described above. For example:

  • Cloud-based services, such as Salesforce, help host, manage and analyse our databases.
  • Cloud-based technologies, such as Microsoft Office 365, support our ordinary business operations.
  • Printing companies to produce and send direct mail or other correspondence.
  • Payment service providers to help with payments made by individuals.
  • Market research companies to help us better understand our customers.
  • A specialist sub-contractor operates our CCTV system.
  • Services Providers that assists us with providing our services to you.

These service providers can't use your information for their purposes or on behalf of other organisations unless you agree otherwise.

Where we store and send personal information

We sometimes make use of Service Providers that are situated outside of South Africa, e.g. India, UK and US.  We will not transfer personal information to a country lacking laws that provide an adequate level of information protection — unless we have an agreement with the recipient requiring measures that offer a similar level of protection as POPIA in South Africa.

How the personal information is used

We provide data and analytics that help our clients make decisions about lending and other matters, but their data, knowledge, processes and practices play a significant role in those decisions.

For example, when we sell our services to credit or loan providers, we do not decide whether they should grant you credit or a loan — this is for the lender to decide.

Your rights concerning personal information

We outline your rights regarding the personal information we hold about you below.

Access: You can access all information that we hold about you by contacting us through TUAPrivacy@transunion.com

Correction/Destruction/Deletion: If the information we hold about you is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained lawfully, you have a right to ask us to correct it or delete it.

Objection to processing: You may object (on reasonable grounds) to processing your personal information unless legislation provides for such processing.

Objection to direct marketing: You may object to us using your personal information for direct marketing, and if you do, we will stop.

Where to lodge a complaint

We strive to deliver the highest levels of customer service. However, if you’re ever unhappy with us, please contact us so we can investigate.

Location: 10th Floor, 11 Alice Lane, Sandton, 2196

Postal Address: PO Box 4522, Johannesburg, 2000

Telephone: +250 7889 33094

You can also contact our Information Officer or Deputy Information Officer at TUAPrivacy@transunion.com


You may complain to the Information Regulator:

Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017

Email: POPIAComplaints@inforegulator.org.za.

Site: www.inforegulator.org.za

    May, 2024

    Version 3.0

    TransUnion Confidential—For Internal Use Only

    Introduction


    This privacy notice provides information about how we use and share the personal information of people using our business products and technical support facilities. You can find more detailed information at the TransUnion Privacy Center or in other privacy information you may have received.


    In Brief


    We use personal information to:

    • administer your access to and monitor your use of our products.
    • provide information about your use of our products to the organisation you work for.

     

    This notice covers the following topics:

    1. Who we are and how to contact us
    2. How we use personal information
    3. Where we get personal information
    4. How long we keep personal information
    5. Our legal basis for handling personal information
    6. Who we share personal information with
    7. Where we store and send personal information
    8. Your rights concerning your personal information
    9. Where to lodge a complaint

     

    Who we are and how to contact us

     

    Information for Good®

     

    We're in an era of rapid digital transformation where consumers demand more access to seamless, personalised products and services online. But the currency of personal information that fuels this platform economic boom poses threats to individuals and endangers corporate security.

    Now more than ever — and likely more so in the future — consumers and corporates need new levels of trust and transparency.

    As a global information and insights company, TransUnion seeks to make trust possible. We do this by curating an accurate and comprehensive picture of each consumer so they're safely and reliably represented in the marketplace. This enables businesses and consumers to transact with confidence and achieve great things. We call this Information for Good.

    We're a group of companies with registered offices at TransUnion, 10th Floor, 11 Alice Lane, Sandton, Johannesburg, 2196.  Although we're part of a larger group, this notice covers only the activities of TransUnion companies within the Republic of South Africa.

     

    Contact details

     

    Contact us about personal information issues, including the contents of this notice via:

    Please refer to our Consumer Contact Privacy Notice for information on how we handle your personal information with complaints and enquiries.

    How we use personal information

     

    Operating our products and administering accounts


    We use personal information to operate our products and administer the accounts of people who use them.

    Example

    We hold username and password details to control access to products.

    Security and breach reporting

    We monitor access to our products to ensure only authorised people access our products and data. If we detect suspicious activity, we may suspend an account and investigate.

    Feedback to clients

    Sometimes we share data with clients (or their affiliates, business partners or group companies) about how their employees use our products. For example, how often and why a staff member uses a product. Clients may ask for this information in deciding whether to continue buying the product or staff management in checking whether products are being used properly.

    If the information shows employee misconduct, an employer might use that information as part of a disciplinary process.

    Example

    A bank suspects an employee is performing unauthorised credit report searches and asks us for details of the searches conducted by that person. The bank uses this information to support its internal investigation into that employee’s actions.

    Monitoring and improving our products

    Information, such as how different people use our products, how long they spend on particular tasks and what sort of information they look for, helps us customise and improve our products. We also use this information for security and system administration and to generate non-personalised information for client use.

    Product or systems development and testing

    We may use personal information while developing or testing our products, systems and security measures. Where possible, we create pseudonyms or otherwise anonymise such data.

    Providing technical support and responding to queries

    If you contact us with a question about one of our product or services, we use your personal information to provide the answer. This includes contacting you about your request and sometimes about queries raised by other users.

    Queries: legal and regulatory purposes

    We may also need to use your personal information for legal and regulatory purposes.

    Example: legal and regulatory purposes

    If you make a complaint about us to our regulators, they’ll normally ask us to investigate your case. This will involve accessing your personal information. Similarly, if you start court proceedings against us, we’ll normally need to review how we have used your personal information to defend ourselves against your claim.

    The kinds of personal information we use and where we get personal information

     

    We obtain and use information from various sources summarised in the following table:

    Type of information

    Description

    Source

    Basic information about you and how to contact you

    Name, email address and job title

    You or your employer when we set up your account or are told the information has changed

     

     

    Login credentials

    Username, password and other information controlling product access

    Product usage

    How and when you access and use the product, including dates and times, IP address, and how you use the product while logged in

    Monitoring your product usage

    Your requests and enquiries

    Information you provide as part of a technical support query, request or enquiry

    Directly from you

     

    We need your personal information to provide our products correctly. You don’t have to provide us with personal information for technical support requests, but this may impede the help we can provide.

    How long we keep personal information

    Simply put, we keep personal information for as long as necessary. More technically, we retain it to fulfil the purpose(s) of its provision, to comply with applicable laws, and for as long as your consent to such purpose(s) remains valid after termination of our relationship.

     

    Our legal basis for handling personal information

     

    Legitimate interests
    The Protection of Personal Information Act (POPIA) allows personal information usage where necessary for legitimate purposes without undue adverse impact. We base most of our processing activities on the legitimate interests listed below.

    Interest

    Explanation

    Market our products and services

    To allow our business to reach the maximum number of clients

    Develop and improve our products and services

    To help us remain competitive, differentiated and attractive to clients

    Monitor and secure our systems and data

    To fulfil our promise by keeping our systems and our data safe and secure

    Maintain our client relationships

    To build trust with our clients and business partners by outperforming and over-delivering

    Entrench our commercial interests

    To earn sustainable revenue through the efficient and effective provision of competitive products and services

     

    Who we share personal information with

     

    Our group of companies

    As stated, we share personal information among TransUnion RSA companies where appropriate. We have set out a list of current such companies below.

    Group Company

    Physical Address

    TransUnion Africa Holdings (Pty) Ltd

    TransUnion
    10th Floor,
    11 Alice Lane
    Sandton
    Johannesburg
    2196

    TransUnion Credit Bureau (Pty) Ltd

    TransUnion Africa (Pty) Ltd

    TransUnion Analytic and Decision Services (Pty) Ltd

    TransUnion Auto Information Solutions (Pty) Ltd

     

    Clients

    As mentioned above, if asked, we may supply usage information about a TransUnion product to an employer, its affiliates, business partners or group companies.

    Service providers

    We may provide information to third parties who help us use it for purposes described above.

    Third-party usage

    We may use a third-party email broadcasting service to send you service emails. However, unless you agree otherwise, these service providers can’t use your information for their purposes or on behalf of other organisations.

    Sometimes we may need to supply information to third parties (such as our service providers or other companies in the TransUnion group) to help deal with a support request or further enquiry.

    Regulators and law enforcement

    We share personal information with government authorities and law enforcement officials if required by law or for legal protection of our legitimate interests in compliance with applicable laws.

    Your rights concerning personal information


    We outline your rights regarding the personal information we hold about you below.

    Access: You can access all information that we hold about you by contacting us through TUAPrivacy@transunion.com

    Correction/Destruction/Deletion: If the information we hold about you is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained lawfully, you have a right to ask us to correct it or delete it.

    Objection to processing: You may object (on reasonable grounds) to processing your personal information unless legislation provides for such processing.

    Objection to direct marketing: You may object to us using your personal information for direct marketing, and if you do, we will stop.

    Where to lodge a complaint


    We strive to deliver the highest levels of customer service. However, if you’re ever unhappy with us, please contact us so we can investigate.

    Location: 10th Floor, 11 Alice Lane, Sandton, 2196

    Postal Address: PO Box 4522, Johannesburg, 2000

    Telephone: +250 7889 33094

    You can also contact our Information Officer or Deputy Information Officer at TUAPrivacy@transunion.com


    You may complain to the Information Regulator:

    Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

    Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017

    Email: POPIAComplaints@inforegulator.org.za.

    Site: www.inforegulator.org.za  

    Version: 2.0
    Date adopted: 18 June 2021

    This privacy notice provides information about how we use and share consumers' personal information for our clients' marketing purposes.

    This notice covers the following topics:

    1. Who we are and how to contact us
    2. How we use personal information
    3. Where we get personal information
    4. How long we keep personal information
    5. Our legal basis for handling personal information
    6. Who we share personal information with
    7. Where we store and send personal information
    8. Your rights concerning your personal information
    9. Where to lodge a complaint

    1. Who we are and how to contact us

    Information for Good®

    We're in an era of rapid digital transformation where consumers demand more access to seamless, personalised products and services online. But the currency of personal data that fuels this platform economic boom poses threats to individuals and endangers corporate security.

    Now more than ever — and likely more so in the future — consumers and corporates need new levels of trust and transparency.

    As a global information and insights company, TransUnion seeks to make trust possible. We do this by curating an accurate and comprehensive picture of each consumer so they're safely and reliably represented in the marketplace. This enables businesses and consumers to transact with confidence and achieve great things. We call this Information for Good.

    We're a group of companies with registered offices at TransUnion, 10th Floor, 11 Alice Lane, Sandton, Johannesburg 2196. Although we're part of a larger group, this notice covers only the activities of TransUnion companies within the Republic of South Africa.

    Jointly responsible parties

    TransUnion companies sometimes cooperate with other TransUnion companies when sharing and making decisions about your personal information. When this happens, all employees across the group ensure each company involved complies with data protection rules.

    Contact our Consumer Services Team to enquire about any of our companies or exercise your rights regarding your personal information.

    Contact details

    Contact us about personal information issues, including the contents of this notice via:

    • Post:TransUnion PO Box 4522 Johannesburg 2000
    • Telephone:TransUnion Contact Centre: 0861 482 482

    2. How we use personal information

    You can find more detail about the personal information we might use for these purposes in Section 3 below.

    Direct marketing

    If you give your consent or law permits it, we may use your personal information for direct marketing purposes. We may access, use, process and analyse personal information provided by you, your consumer credit information, Internet information and marketing data to provide personalised offers from TransUnion and our trusted partners.

    Opting out

    Suppose you no longer want to receive such communications. In that case, you can opt-out by responding to the newsletter and asking to be unsubscribed, or calling our customer service department and asking to be taken off the list. Alternatively, you can go to transunion.co.za, log in as a subscriber, click on your "profile" link, go to "My Settings", and de-select the Emails and Special offers opt-in box.

    Digital marketing

    Our digital marketing services enable our business partners to communicate with consumers about relevant products and services. These businesses use our data and technology to devise, create, deploy and measure targeted advertising programs. We also aggregate and depersonalise data for analytical purposes to provide statistical reporting and performance measurements.

    Market research

    If you choose to take part in market research, we may use your information to improve our products and services. If we engage third parties to assist, they can use non-personal aggregated data, but they use all personal information for our research purposes only.

    Consumer engagement

    With your consent, we may use your personal information to present additional products, services, and special offers from our affiliates and marketing partners. We may also share basic information — name and email address — with third parties to fulfil your request.

    Our third-party email processor may use action tags (also known as single-pixel gif or web beacons) to collect anonymous information on your use of the TransUnion Site in connection with the email registration program.

    If you do not register your ID Number, we will not collect any personal information while you visit TransUnion Site.

    Client data enhancement

    Some TransUnion clients provide data collected under their separate privacy notices and ask us to enhance it. Here, our client is responsible for ensuring the personal information is used fairly and lawfully. You can refer to their privacy notices for details on the data they collect, what they use it for, and how to exercise your rights.

    Development and testing

    We sometimes use personal information while improving, developing, monitoring, maintaining and testing our products, systems and security measures. Where possible, we create pseudonyms, anonymity or aggregate the data beforehand.

    Consumer queries

    We will sometimes use your personal information to help deal with your enquiry and for legal and regulatory purposes.

    Legal compliance with laws and regulations

    We only access, use and disclose personal information without consent in exceptional circumstances where necessary to:

    • Comply with the law or a legal process served on us
    • Comply with requests for information from police or government authorities
    • Protect and defend our rights or property (including the enforcement of agreements)
    • Protect the public interest
    • Act in urgent circumstances to protect the personal safety of our employees or members of the public
    • Act on implied consent

    We apply the above in terms of the NCA, PoPIA and other relevant national legislation.

    3. Where we get personal information

    We get personal information directly from our business partners, suppliers, clients, site visitors, and customers signing up for any of our products or services.

    There are various types and categories of personal information we gather for marketing, including:

    Marketing — consumer, household, business, non-personal aggregated information, and advertising program performance data.

    Demographic — age, gender, income, occupation, education and marital status.

    Life events — a recent move or home purchase.

    Public records — census data, geographic data, property data from local tax assessor and recorded deed information.

    Firmographic — type of business, years in business, size of business, and job titles.

    4. How long we keep personal information

    We keep personal information for as long as we handle your request and for an additional period after completion — as determined by:

    1. Demonstrating appropriate processes are in place to deal with enquiries, requests and complaints, and that we’re doing so fairly and under our regulatory requirements
    2. Responding to requests from you or a regulator to explain how we dealt with a request and to show we dealt with it properly
    3. Defending potential legal claims or regulatory action resulting from the request

    5. Our legal basis for handling personal information

    This section explains the basis on which we process your personal marketing information.

    Legitimate interests

    The Protection of Personal Information Act allows the use of personal information where necessary for legitimate purposes, provided this isn't outweighed by the impact it has on you. We base most of our processing activities on the legitimate interests condition.

    The legitimate interests we’re pursuing are:

    Interest

    Explanation

    Commercial interests

    Earning revenue through the products and services we provide to our customers and clients.

    Improving the accuracy of marketing materials

    Removing out-of-date contact details and providing up-to-date contact details where possible.

    For more details, refer to the relevant privacy notices in the links above.

    6. Who we share personal information with

    Our group of companies

    As stated, we share personal information among TransUnion companies as appropriate. We've set out a list of current such companies below.

    Group Company

    Physical Address

    TransUnion Africa Holdings (Pty) Ltd

    TransUnion
    10th Floor,
    11 Alice Lane
    Sandton
    Johannesburg
    2196

    TransUnion Credit Bureau (Pty) Ltd

    TransUnion Africa (Pty) Ltd

    TransUnion Analytic and Decision Services (Pty) Ltd

    TransUnion Auto Information Solutions (Pty) Ltd

    Clients and resale partners

    Our clients have privacy notices that provide more information about how they use the data we supply. These clients typically operate in the following sectors:

    • Auto dealers
    • Commercial
    • Insurance
    • Retail
    • Telecommunications
    • Collections
    • Financial services
    • Public sector
    • Startup

    If our clients appoint an intermediary to act on their behalf, they too will receive the data. We also appoint data resale partners to distribute our data to third parties.

    Service providers

    Our clients and we may provide your information to third parties who help us achieve the purposes described in section 2. For example:

    • Third parties may host our databases of personal information
    • Printing companies produce and send direct mail or other correspondence.
    • Market research companies help us better understand our customers.
    • Cloud-based technologies, such as Microsoft Office 365, support our ordinary business operations.

    These service providers can't use your information for their purposes or on behalf of other organisations unless you agree otherwise.

    7. Where we store and send personal information

    We access and use your information from our base in South Africa. We will not transfer personal information to a country lacking laws that provide an adequate level of information protection — unless we have an agreement with the recipient requiring measures that offer a similar level of protection as POPIA in South Africa.

    8. Your rights concerning personal information

    We outline your rights regarding the personal information we hold about you below.

    Access: Refer to the PAIA Manual on how to access what personal information we hold about you.

    Correction/Destruction/Deletion: If the information we hold about you is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained lawfully, you have the right to ask us to correct or delete it.

    Objection to processing: You may object (on reasonable grounds) to processing your personal information unless legislation provides for such processing.

    Objection to direct marketing: You may object to us using your personal information for direct marketing, and if you do, we will stop.

    To find out about exercising these rights, please contact us on TransUnion Contact Centre: 0861 482 482.

    9. Where to lodge a complaint

    We strive to deliver the highest levels of customer service. However, if you're ever unhappy with us, please contact us so we can investigate.

    • Post: PO Box 4522, Johannesburg, 2000
    • Telephone: 0861 482 482

    You can also contact our Information Officer or Deputy Information Officer at TUAPrivacy@transunion.com

    You may complain to the Information Regulator:

    May, 2024

    Version 3.0

    TransUnion Confidential—For Internal Use Only

     

    Introduction

    This document provides information about how we use and share personal information relating to our business contacts. You can find more detailed information at the TransUnion Privacy Center or in other privacy information you may have received.

    In Brief

    We use personal information to:

    • Manage our relationship with our business contacts and keep in touch with them
    • Promote our products and services to our customers and potential customers

     

    This notice covers the following topics:

    1. Who we are and how to contact us
    2. How we use personal information
    3. Where we get personal information
    4. How long we keep personal information
    5. Our legal basis for handling personal information
    6. Who we share personal information with
    7. Where we store and send personal information
    8. Your rights concerning your personal information
    9. Where to lodge a complaint

     

    Who we are and how to contact us

    Information for Good®

    We're in an era of rapid digital transformation where consumers demand more access to seamless, personalised products and services online. But the currency of personal information that fuels this platform economic boom poses threats to individuals and endangers corporate security.

    Now more than ever — and likely more so in the future — consumers and corporates need new levels of trust and transparency.

    As a global information and insights company, TransUnion seeks to make trust possible. We do this by curating an accurate and comprehensive picture of each consumer so they're safely and reliably represented in the marketplace. This enables businesses and consumers to transact with confidence and achieve great things. We call this Information for Good.

    We're a group of companies with registered offices at TransUnion, 10th Floor, 11 Alice Lane, Sandton, Johannesburg, 2196.  Although we're part of a larger group, this notice covers only the activities of TransUnion companies within the Republic of South Africa.

     

    Contact details

    Contact us about personal information issues, including the contents of this notice via:

    How we use personal information

    Relationship management

    We use personal information to maintain and develop our relationships with clients, suppliers and their representatives.

    Example: relationship management

    • Informing you about product changes or planned maintenance activity
    • Contacting you with billing enquiries
    • Inviting you to events and webinars
    • Corresponding with you about your enquiries
    • Conducting surveys to collect qualitative and quantitative feedback
    • Canvassing you about products or product features you want us to develop

    Marketing

    We use tracking, monitoring and profiling techniques as part of our marketing decisions to help us decide who to contact, about what, and when.

    We use personal information to market our products and services to current and potential clients and their representatives. This includes providing industry insights, commentary and research on data and software, notification of events and webinars, and updates on products and services.

    Example: Marketing

    • Monitoring your interactions to understand the products and services that interest you so we can tailor our marketing
    • Contacting you by email, telephone or post to tell you about products and services we think will interest you

    Providing services

    Sometimes we use personal information to provide information, services, alerts and other facilities requested. For example, we might use your contact details to grant access to one of our webinars.

    As a registered user of one of our products, we may use your personal information within that product — please refer to the privacy notice available within the product or our Business Product & Technical Support Privacy Notice for more details.

    Monitoring and improving our websites

    We use information such as how different people navigate our websites, how long they spend on particular pages and what content they download. This helps us improve the user experience by tailoring our website to match individual interests and preferences.

    Security and systems administration

    We also use this information for security and system administration to generate non-personalised data (such as statistics on the uptake of services and patterns of browsing). In addition, we may share this anonymous data with business contacts, selected third parties, sponsors and advertisers.

    Legal and regulatory purposes

    We may also need to use your personal information for legal and regulatory purposes.

    The kinds of personal information we use and where we get personal information

    Type of information

    Description

    Source

    Name and contact details

    Basic personal information about you and your workplace

    Usually provided by the individual via telephone, email, our websites or in person at an event

    Organisation-related details

    Your organisation, department and role

    Login credentials

    Username and password recorded when you sign up to any of our web-based services

    Provided by the user or AI-generated or by us (if we reset a password)

    Contact history

    Our engagements, such as information exchanged, meetings, events or webinars attended, emails opened, links clicked and contacts within TransUnion

    We produce these records

    Device information

    The type of device used to access our websites, its operating system, cookies, browser and IP address

    We produce this information

    Website usage

    Use of our websites, such as pages visited and content downloaded

    We need your personal information to provide our products correctly. You don’t have to provide us with personal information for technical support requests, but this may impede the help we can provide.

    How long we keep personal information

    Simply put, we keep personal information for as long as necessary. More technically, we retain it to fulfil the purpose(s) of its provision, to comply with applicable laws, and for as long as your consent to such purpose(s) remains valid after termination of our relationship.

     

    Our legal basis for handling personal information

    Legitimate interests
    The Protection of Personal Information Act (POPIA) allows personal information usage where necessary for legitimate purposes without undue adverse impact. We base most of our processing activities on the legitimate interests listed below.

    Interest

    Explanation

    Strategic customer engagement

     

     

     

    Develop and leverage our understanding of customers and suppliers and how they use our products and services

    Strategically targeted marketing

    Promote new and existing products and services to suitable current clients

    Develop new and improve existing products and services

    Help us remain competitive, differentiated and attractive to clients by providing world-class, future-fit solutions

    Monitor and secure our systems and data

    Fulfil our promise by keeping our systems and data secure

    Other legal bases

    Sometimes we process personal information on the following grounds:

    Grounds

    Examples

    Consent

    We’ll ask if you agree to us using your data in specified ways, such as when you tick a box showing you wish to receive marketing emails or telephone calls from us

    Contractual

    We may need to use your details to perform a contracted product or service

    Legal

    Regulators, government bodies and courts can order us to provide information and we may have to comply

    Who we share personal information with

    Our group of companies

    As stated, we share personal information among TransUnion RSA companies where appropriate. We have set out a list of current such companies below.

    Group Company

    Physical Address

    TransUnion Africa Holdings (Pty) Ltd

    TransUnion
    10th Floor,
    11 Alice Lane
    Sandton
    Johannesburg
    2196

    TransUnion Credit Bureau (Pty) Ltd

    TransUnion Africa (Pty) Ltd

    TransUnion Analytic and Decision Services (Pty) Ltd

    TransUnion Auto Information Solutions (Pty) Ltd

     

    Service providers

    We might provide information to third parties that help us achieve the purposes described above. For example:

    ·       Cloud-based services, such as Salesforce, to help host, manage and analyse our databases

    ·       Printing companies to produce and send direct mail or other correspondence

    ·       Market research companies to help us better understand our customers

    ·       Third parties that analyse or enhance the data and return the results to us

    These service providers can't use your information for their purposes or on behalf of other organisations unless you agree otherwise.

    Regulators

    We may sometimes need to pass personal information to a regulator, such as the Information Regulator or the National Credit Regulator.

    Your rights concerning personal information

    We outline your rights regarding the personal information we hold about you below.

    Access: You can access all information that we hold about you by contacting us through TUAPrivacy@transunion.com

    Correction/Destruction/Deletion: If the information we hold about you is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained lawfully, you have a right to ask us to correct it or delete it.

    Objection to processing: You may object (on reasonable grounds) to processing your personal information unless legislation provides for such processing.

    Objection to direct marketing: You may object to us using your personal information for direct marketing, and if you do, we will stop.

    Where to lodge a complaint

    We strive to deliver the highest levels of customer service. However, if you’re ever unhappy with us, please contact us so we can investigate.

    Location: 10th Floor, 11 Alice Lane, Sandton, 2196

    Postal Address: PO Box 4522, Johannesburg, 2000

    Telephone: +250 7889 33094

    You can also contact our Information Officer or Deputy Information Officer at TUAPrivacy@transunion.com


    You may complain to the Information Regulator:

    Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

    Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017

    Email: POPIAComplaints@inforegulator.org.za.

    Site: www.inforegulator.org.za

      May, 2024

      Version 3.0

      TransUnion Confidential—For Internal Use Only

       

      Introduction

      This privacy notice provides information about how we use and share personal information relating to consumers who contact us with an enquiry, request or complaint. You can find more detailed information at the TransUnion Privacy Center or in other privacy information you may have received.

      In Brief

      When you contact us with a request, complaint or enquiry, we will use your personal data in order to help us to respond to you.

      Sometimes this will mean sharing personal information with third parties. For example, if you dispute the accuracy of information on your credit report, we may need to contact the organisation who provided us with that information to check whether it is correct.

      This notice covers the following topics:

      1. Who we are and how to contact us
      2. How we use personal information
      3. Where we get personal information
      4. How long we keep personal information
      5. Our legal basis for handling personal information
      6. Who we share personal information with
      7. Where we store and send personal information
      8. Your rights concerning your personal information
      9. Where to lodge a complaint

      Who we are and how to contact us

      Information for Good®

      We're in an era of rapid digital transformation where consumers demand more access to seamless, personalised products and services online. But the currency of personal information that fuels this platform economic boom poses threats to individuals and endangers corporate security.

      Now more than ever — and likely more so in the future — consumers and corporates need new levels of trust and transparency.

      As a global information and insights company, TransUnion seeks to make trust possible. We do this by curating an accurate and comprehensive picture of each consumer so they're safely and reliably represented in the marketplace. This enables businesses and consumers to transact with confidence and achieve great things. We call this Information for Good.

      We're a group of companies with registered offices at TransUnion, 10th Floor, 11 Alice Lane, Sandton, Johannesburg, 2196.  Although we're part of a larger group, this notice covers only the activities of TransUnion companies within the Republic of South Africa.

       

      Contact details

      Contact us about personal information issues, including the contents of this notice via:

       

      How we use personal information

      Enquiries

      We use your personal information to deal with any issue or complaint you have raised (which we refer to as an “enquiry”). This might include contacting you for more information or tell you the outcome of your enquiry. Typical enquiries include:

      • Requests for access to personal information, to challenge the accuracy of personal data, or to request the erasure of personal information
      • Support requests for our consumer products
      • Complaints of any nature
      • General enquiries

      Identity verification

      When you contact us, we may need to verify your identity to ensure we don’t provide personal information to unauthorised parties.

      Example: identity verification

      If someone contacts us and asks us for a copy of your credit report, we’ll check that it’s you (or someone authorised by you) asking for it. We may ask for evidence of identity such as copies of your driving license or a bank statement.

      It’s important to do this because the information in your credit report is valuable and could be used to impersonate you if it were to fall into the wrong hands.

      Feedback

      We may ask you to provide us with feedback or to leave a review about the service you received. Your feedback helps us to improve our services.

      Products and services

      We use aggregated statistics about enquiries, requests and complaints to help manage our services and identify potential problems. Some enquiries lead to changes to the personal information we use in our products and services.

      Constant improvement

      We use information from complaints and requests to help understand what went wrong, fix any problems, and improve how we deal with similar issues.

      Legal and regulatory purposes

      We may use personal information for legal and regulatory purposes. This might include responding to complaints or enquiries from you or a regulator about how we have handled your enquiry or used your personal information.

      Kinds of personal information we use and where we get it

      We obtain and use information from various sources summarised in the following table:

      Type of Information

      Description

      Source

      Basic contact information.

      Name, email address and job title

      You provide this information when you make an enquiry or when we subsequently request it.

      Your enquiry.

      Any enquiry you make

      Proof of identity or authority and other supporting documentation.

      To prove your identity. If you enquire on someone else’s behalf, we may ask for proof of authority, such as a power of attorney. Sometimes we may require additional supporting documentation.

      Information gathered in dealing with your enquiry.

      Dealing with an enquiry involves investigating the circumstances. This type of information depends on the enquiry.

      Internal records and external organisations, such as clients and suppliers.

      Our response and other correspondence.

      Our response to and other correspondence relating to your enquiry.

      We produce this ourselves.

      Website usage.

      If you access or submit information through our website, we record information such as IP address, operating system and browser type.

      We gather this through the website.

      How long we keep personal information

      Simply put, we keep personal information for as long as necessary. More technically, we retain it to fulfil the purpose(s) of its provision, to comply with applicable laws, and for as long as your consent to such purpose(s) remains valid after termination of our relationship.

      You are free to choose whether you give us your personal information. However, if you don’t provide the information we need, this may limit our ability to help.

      Our legal basis for handling personal information

      Legitimate interests
      The Protection of Personal Information Act (POPIA) allows personal information usage where necessary for legitimate purposes without undue adverse impact. We base most of our processing activities on the legitimate interests listed below.

      Interest

      Explanation

      Security

      To keep your personal information secure

      Reputation and service improvement

      Manage enquiries quickly and efficiently to build our business reputation

      Other legal bases

      Legal - Regulators, government bodies and courts can order us to provide information and we may have to comply.

      Who we share personal information with

      Our group of companies

      As stated, we share personal information among TransUnion RSA companies where appropriate. We have set out a list of current such companies below.

      Group Company

      Physical Address

      TransUnion Africa Holdings (Pty) Ltd

      TransUnion
      10th Floor,
      11 Alice Lane
      Sandton
      Johannesburg
      2196

      TransUnion Credit Bureau (Pty) Ltd

      TransUnion Africa (Pty) Ltd

      TransUnion Analytic and Decision Services (Pty) Ltd

      TransUnion Auto Information Solutions (Pty) Ltd

       

      Service providers

      Our clients and we might provide information to third parties that help us achieve the purposes described above.

      Data suppliers and other third parties

      If your enquiry is about data supplied to us by third parties, we might provide them with your personal information to help manage your enquiry. For example, if you dispute the accuracy of an entry on your credit file, we may contact the provider of that information to check whether its validity.

      These service providers can’t use your information for their purposes or on behalf of other organisations unless you agree otherwise.

      Where we store and send personal information

      We sometimes make use of Service Providers that are situated outside of South Africa, e.g. India, UK and US.  We will not transfer personal information to a country lacking laws that provide an adequate level of information protection — unless we have an agreement with the recipient requiring measures that offer a similar level of protection as POPIA in South Africa.

      Your rights concerning personal information

      We outline your rights regarding the personal information we hold about you below.

      Access: You can access all information that we hold about you by contacting us through TUAPrivacy@transunion.com

      Correction/Destruction/Deletion: If the information we hold about you is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained lawfully, you have a right to ask us to correct it or delete it.

      Objection to processing: You may object (on reasonable grounds) to processing your personal information unless legislation provides for such processing.

      Objection to direct marketing: You may object to us using your personal information for direct marketing, and if you do, we will stop.

      Where to lodge a complaint

      We strive to deliver the highest levels of customer service. However, if you’re ever unhappy with us, please contact us so we can investigate.

      Location: 10th Floor, 11 Alice Lane, Sandton, 2196

      Postal Address: PO Box 4522, Johannesburg, 2000

      Telephone: +250 7889 33094

      You can also contact our Information Officer or Deputy Information Officer at TUAPrivacy@transunion.com


      You may complain to the Information Regulator:

      Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

      Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017

      Email: POPIAComplaints@inforegulator.org.za.

      Site: www.inforegulator.org.za  

        May, 2024

        Version 3.0

        TransUnion Confidential—For Internal Use Only

         

        Introduction

         

        This privacy notice provides information about how we use and share the personal information we obtain during the job application process.

        This notice covers the following topics:

        1. Who we are and how to contact us
        2. How we use personal information
        3. Where we get personal information
        4. How long we keep personal information
        5. Our legal basis for handling personal information
        6. Who we share personal information with
        7. Where we store and send personal information
        8. Your rights concerning your personal information
        9. Where to lodge a complaint

         

        Who we are and how to contact us

         

        Information for Good®

        We're in an era of rapid digital transformation where consumers demand more access to seamless, personalised products and services online. But the currency of personal information that fuels this platform economic boom poses threats to individuals and endangers corporate security.

        Now more than ever — and likely more so in the future — consumers and corporates need new levels of trust and transparency.

        As a global information and insights company, TransUnion seeks to make trust possible. We do this by curating an accurate and comprehensive picture of each consumer so they're safely and reliably represented in the marketplace. This enables businesses and consumers to transact with confidence and achieve great things. We call this Information for Good.

        We're a group of companies with registered offices at TransUnion, 10th Floor, 11 Alice Lane, Sandton, Johannesburg, 2196.  Although we're part of a larger group, this notice covers only the activities of TransUnion companies within the Republic of South Africa.

         

        Contact details

         

        Contact us about personal information issues, including the contents of this notice via:

        How we use personal information

         

        Managing end-to-end recruitment

        TransUnion personnel involved in the recruitment process and relevant third parties may communicate with you on a strict need-to-know basis. We do this to show how we conducted the application and recruitment process and arrived at our decision.

        Screening checks

        TransUnion holds highly confidential data that is subject to stringent legal and regulatory responsibilities. Therefore, we undertake identity verification checks and employment screening to protect the interests of TransUnion, its parent company, clients, partners, and other stakeholders, including consumers and third parties.

        Additional information

        These checks are mandatory for your application and need to be complete before employment begins. To complete these checks, you may need to present specific documentation, provide additional details, and sign authorisations or acknowledgements. (Further details will be provided with any offer of employment).

        We’re mindful of your privacy and will only perform these checks at the appropriate application stage.

        Kinds of personal information and where we get it

         

        We obtain and use information from various sources summarised in the following table:

        Type of Information

        Description

        Source

        Basic contact information.

        Name, email address and job title

        You provide this information when you make an enquiry or when we subsequently request it.

        Your enquiry.

        Any enquiry you make

        Proof of identity or authority and other supporting documentation.

        To prove your identity. If you enquire on someone else’s behalf, we may ask for proof of authority, such as a power of attorney. Sometimes we may require additional supporting documentation.

        Information gathered in dealing with your enquiry.

        Dealing with an enquiry involves investigating the circumstances. This type of information depends on the enquiry.

        Internal records and external organisations, such as references and and suppliers.

        Our response and other correspondence.

        Our response to and other correspondence relating to your enquiry.

        We produce this ourselves.

        Website usage.

        If you access or submit information through our website, we record information such as IP address, operating system and browser type.

        We gather this through the website.

         

        How long we keep personal information

         

        We’ll keep your personal information for as long as we handle your application and for an additional period after completion. That period depends on the following purposes:

        • Showing we have processes to deal with enquiries, requests and complaints fairly and under our regulatory requirements
        • Responding to you or a regulator about how we dealt with your request and to show we dealt with it appropriately
        • Defending any potential legal claims or regulatory action that might arise because of the request

         

        Our legal basis for handling personal information

         

        Legitimate interests
        The Protection of Personal Information Act (POPIA) allows personal information usage where necessary for legitimate purposes without undue adverse impact. We base most of our processing activities on the following legitimate interests:

        • Administering and managing the recruitment process
        • Assessing and confirming an applicant’s suitability for employment
        • Deciding whom to offer a job
        • Keeping records of this process to explain or justify our decision

        Consent
        We sometimes rely on consent to process personal information, but this is relatively rare.

        Who we share personal information with

         

        Our group of companies

        As stated, we share personal information among TransUnion RSA companies where appropriate. We have set out a list of current such companies below.

        Group Company

        Physical Address

        TransUnion Africa Holdings (Pty) Ltd

        TransUnion
        10th Floor,
        11 Alice Lane
        Sandton
        Johannesburg
        2196

        TransUnion Credit Bureau (Pty) Ltd

        TransUnion Africa (Pty) Ltd

        TransUnion Analytic and Decision Services (Pty) Ltd

        TransUnion Auto Information Solutions (Pty) Ltd

         

        Service providers

        We may provide information to third parties who help us use it for purposes described above.

        We may host our information database with third parties and use a third-party broadcasting service to send you emails or SMS messages.

        These service providers may not use your information for their purposes or on behalf of other organisations unless you agree.

         

        Where we store and send personal information

         

        We sometimes make use of Service Providers that are situated outside of South Africa, e.g. India, UK and US.  We will not transfer personal information to a country lacking laws that provide an adequate level of information protection — unless we have an agreement with the recipient requiring measures that offer a similar level of protection as POPIA in South Africa.

        Your rights concerning personal information

         

        We outline your rights regarding the personal information we hold about you below.

        Access: You can access all information that we hold about you by contacting us through TUAPrivacy@transunion.com

        Correction/Destruction/Deletion: If the information we hold about you is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained lawfully, you have a right to ask us to correct it or delete it.

        Objection to processing: You may object (on reasonable grounds) to processing your personal information unless legislation provides for such processing.

        Objection to direct marketing: You may object to us using your personal information for direct marketing, and if you do, we will stop.

        Where to lodge a complaint

         

        We strive to deliver the highest levels of customer service. However, if you’re ever unhappy with us, please contact us so we can investigate.

        Location: 10th Floor, 11 Alice Lane, Sandton, 2196

        Postal Address: PO Box 4522, Johannesburg, 2000

        Telephone: +250 7889 33094

        You can also contact our Information Officer or Deputy Information Officer at TUAPrivacy@transunion.com


        You may complain to the Information Regulator:

        Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

        Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017

        Email: POPIAComplaints@inforegulator.org.za.

        Site: www.inforegulator.org.za

        TransUnion Data Processing Policy For The Protection of Personal Information

        Introduction

        TransUnion is a credit bureau registered in accordance with the provisions of the National Credit Act 34 of 2005 (Registration Number NCRCB4). Its operations are regulated by the NCA and by other applicable Laws, including the Protection of Personal Information Act 4 of 2013. TransUnion protects the integrity of all information housed by it, keeping such information secure. TransUnion is sensitive to the issues regarding privacy of information.

        Furthermore, TransUnion is a member of the following industry associations –

        • Credit Bureau Association (“CBA”): A voluntary industry body in the Republic of South Africa, representing the majority of credit bureaus within South Africa. The CBA operates in the industry in accordance with the NCA, as regulated by the National Credit Regulator, and related laws. The CBA’s mandate is to provide a framework for a sustainable and well-functioning credit information system by facilitating fair practice within the credit bureau industry and by promoting transparency, accountability, high-quality credit reporting and sound business practices. TransUnion is also subject to the CBA industry Code of Conduct, which has been issued by the Information Regulator in terms of the Protection of Personal Information Act.
        • South African Credit and Risk Reporting Association (“SACRRA”): A not-for-profit voluntary association of members who share credit and risk performance data of their customers (which information is known as “Payment Profile Information”). SACRRA provides the framework to facilitate the sharing of Payment Profile Information at its associate member credit bureaus enabling its members to comply with credit information sharing provisions of the NCA as well as the provisions for performing credit and risk assessments and affordability calculations.

        TransUnion is committed to conducting its operations in an ethical manner and in compliance with all applicable Laws and association/industry policy directives and guidelines. To successfully ensure this, it is vital that all entities doing business with TransUnion ascribe to the same standards. Accordingly, TransUnion has set out, in this policy, obligations that need to be adhered to when an entity processes (including but not limited to the receipt and usage of), Personal Information from or supplies Personal Information to TransUnion.

        NOTE: This policy may be updated from time to time to reflect any amendments made to applicable Laws or association/industry policy directives and guidelines.

        1. Purpose of policy

          To outline obligations for protecting the integrity and confidentiality of information that is transmitted to and from TransUnion’s systems, as required by applicable Laws and associations relevant to the information services and risk services industry.

        2. Application of policy

          1. This policy is applicable to all entities who (a) procure and/or use and/or process Personal Information from TransUnion (whether directly OR through an authorised TransUnion channel partner / reseller) and who (b) supply information to TransUnion (whether directly OR through an authorised TransUnion channel partner / reseller) – such parties referred to hereafter as an “Applicable Party”.
          2. The terms of this policy shall be deemed to form part of the Applicable Party’s contract with TransUnion or with a TransUnion channel partner / TransUnion reseller (as the case may be) as if specifically incorporated therein. A breach of any obligation by the Applicable Party herein (and a contravention of the National Credit Act and/or Protection of Personal Information Act) shall therefore be regarded as a breach of the contract concluded with TransUnion or the channel partner/reseller; and shall be managed as such. Therefore, this policy shall continue to be of force and effect for as long as the either Party remains in possession of any Personal Information of the Data Subjects, regardless of the termination of any agreement or contract with TransUnion.
          3. In the event of a conflict between the provisions of this policy and any other agreement between TransUnion and the Applicable Party; and, any applicable agreement in place between an authorised TransUnion channel partner / reseller and the Applicable Party, the provisions of this Agreement will take precedence in regard to all aspects pertaining to any processing of Personal Information.
        3. Definitions

          For purposes of this policy, capitalised terms shall have the meanings ascribed to them below –

          1. Data Subject” means any person(both individual and juristic entity and/or the like) to whom the specific Personal Information relates, as contemplated in POPIA;
          2. Laws” means all laws, regulations, by-laws, rules, directives, guidelines, circulars, orders and other requirements of any government or any government agency, body or authority, including any regulator or court;
          3. NCA” means the National Credit Act No. 34 of 2005 together with the Regulations, as amended from time to time;
          4. Operator” has the meaning set out in POPIA and for purposes of this policy means the Party who Processes Personal Information on behalf of the other Party or any authorised subcontractor of either of the Parties;
          5. PAIA” means the Promotion of Information Access to Information Act 2 0f 2000, together with the Regulations, as amended from time to time;
          6. Party” or “Parties” means either the Applicable Party or TransUnion or both, as the context may require;
          7. Payment Profile Information” means the payment history and financial information relating to a debt or credit transaction, including relevant payment dates, both negative and positive information and/or signs depicting action taken in respect of such debt or credit transaction;
          8. Personal Information” shall have the meaning set out in section 1 of POPIA, and includes special personal information as defined in section 26 of POPIA and relates to the Personal Information of which either Party is the Responsible Party in relation to which TransUnion renders the services to the Applicable Party;
          9. POPIA” means Protection of Personal Information Act No. 4 of 2013 together with the Regulations, as amended from time to time;
          10. Processing” or “Process” shall have the meaning set out in POPIA;
          11. Regulations” means the National Credit Regulations promulgated in terms of the NCA and POPIA from time to time;
          12. Responsible Party” shall have the meaning ascribed thereto in POPIA, and for purposes of this Agreement shall mean either Party as the context may require;
          13. TransUnion” means TransUnion Africa (Pty) Limited, registration number 1992/007124/07, a private company with limited liability, as well as all subsidiaries thereof, including TransUnion Credit Bureau, registration number 2004/007773/04, duly registered with the NCR (under registration number NCRCB4).
        4. Compliance with laws and associated bodies

          In its dealings with TransUnion and usage of TransUnion’s service offerings, the Applicable Party shall at all times comply with the requirements for the receipt, compilation and reporting of information as prescribed by the NCA and other applicable Laws and associated bodies.

        5. Information security

          1. The Applicable Party shall ensure that all persons accessing TransUnion’s services on its behalf have been duly authorised by the Applicable Party to do so. In addition, the Applicable Party shall ensure that only it or its authorised representatives have access to any PIN and/or password PIN issued for the purposes of requesting TransUnion services. The Applicable Party shall be liable for transactions, fees and other costs arising out of the use by any person of TransUnion’s services via the PIN and/or Password whether or not such use is or has been authorised by the Applicable Party.
          2. The Applicable Party shall immediately notify TransUnion in writing of any breach or attempted breach of security of which the Applicable Party may become aware or ought to have become aware of and the Applicable Party shall take reasonable steps to prevent a recurrence thereof and to mitigate the effects of such breach. TransUnion shall be entitled to fully investigate such breach or attempted breach and the Applicable Party shall give TransUnion its full co-operation with such investigation. Furthermore, the Applicable Party shall be liable for transactions, fees and other costs arising out of the use by any person of the TransUnion services including use of such services arising from a security breach in accordance with applicable Laws.
          3. The Applicable Party shall install, implement and maintain the necessary software and IT security systems to ensure that no destructive elements are introduced into TransUnion’s systems. Destructive Elements means code that –
            • is intentionally designed to disrupt, disable, harm or otherwise impede in any manner, including aesthetic disruptions or distortions, the operation of TransUnion’s software, hardware, computer systems or networks, or any other associate hardware, software, firmware, computer system or network used in relation to TransUnion’s services; or
            • would disable TransUnion’s software, hardware, computer systems or network or impair in any way their operation based on the elapsing of a period of time, exceeding the authorised number of copies, advancement to particular date or numeral; or
            • would permit an unauthorised person to access TransUnion’s software, hardware, computer systems or network of and/or of third parties to cause a disruption, disablement, harm or impairment, or which contains any other similar harmful, malicious or hidden procedures, routines or mechanisms which would cause such programs to cease functioning; or that can cause damage to data, storage media, programs, equipment or communications, or otherwise interfere with the operations thereof.
        6. Consents

          The Applicable Party -

          1. shall ensure that prior to submitting to and/or requesting any information from TransUnion (whether directly or via a TransUnion channel partner or TransUnion reseller) it shall have validly obtained all consents (whether from natural or juristic persons – as applicable) that may be required in terms of the NCA and POPIA or any other applicable Laws to submit, request and/or receive such information;
          2. shall obtain upfront, written, express, ongoing and lawfully valid consent in respect of any requests for TransUnion to provide monitoring and account management services; and
          3. shall retain and store all consents obtained and be able to make same available to TransUnion without delay if ever requested.
        7. Submission of data to TransUnion

          1. The Applicable Party shall ensure that any information requested from or submitted to TransUnion, whether directly or indirectly -
            1. shall contain, in relation to a natural person, the minimum criteria as set out in Regulation 19(1) of the NCA; and
            2. shall contain, in relation to a juristic person, the juristic person’s registered and trading name; registration number, registered address, physical and postal address.
          2. When submitting any information to TransUnion, whether directly or indirectly, the Applicable Party shall -
            1. be lawfully entitled to submit such information to TransUnion;
            2. ensure that all information reported to TransUnion is accurate, up-to-date, relevant, complete, valid and not duplicated;
            3. submit only information which falls in the permitted categories set out in Regulation 18(6) of the NCA;
            4. before submitting adverse credit information, (a) ensure that the minimum monthly or such other instalment payments have not been paid for a period of at least three consecutive billing cycles in accordance with Regulation 19(7) of the NCA; and give its customers twenty business days’ written notice, as required by Regulation 19(4), of its intention to submit adverse information regarding the customer before such information is submitted to TransUnion.
          3. The Applicable Party shall under no circumstances submit the following information to TransUnion –
            1. information in respect of a debt that has prescribed in terms of the Prescription Act, No. 68 of 1969, including any information relating to the collection or re-activation of such debt;
            2. duplicate listings –
            3. listings in relation to SABC television licences, e-Tolls, road traffic fines;
            4. cost orders;
            5. disputed adverse credit information – that is a default listing relating to an outstanding amount that had been disputed by a person prior to the date of the submission of the disputed adverse information (i.e. where such dispute had not been resolved at the time of listing). For purposes of this obligation, “disputed” refers to any instance where it can be proven that a person had communicated to the Applicable Party an uncertainty around being liable for the whole or part of the relevant debt, whether or not through the institution of legal proceedings; and
            6. information which the Applicable Party had already submitted to TransUnion in respect of a person, which information the person had successfully challenged in accordance with the information challenge process provided for in the NCA. For purposes of clarity, the Applicable Party shall not be entitled to modify the successfully challenged information in any way so as to resubmit same.
          4. The Applicable Party will fully and timeously co-operate with TransUnion’s requests for credible evidence related to an adverse credit listing when that listing has been challenged as part of any Personal Information challenge (including but not limited to Data Subject access requests, queries or challenges as contemplated in NCA, PAIA, POPIA or any other applicable Laws) process provided for in the NCA. Should an Applicable Party fail to respond to TransUnion within the legislated period set out in the NCA, the adverse listing in dispute will be permanently removed from the relevant person’s credit profile.
        8. Use of information

          1. All information received as part of services provided by TransUnion shall:
            1. be used by the Applicable Party solely and exclusively for a purpose permitted in terms of the NCA and POPIA. The Applicable Party shall not, whether directly or indirectly, sell or use any such information for any commercial purpose; and
            2. be for the Applicable Party's exclusive one-time use, which usage shall be strictly related to the lawful purpose for which the service is intended.
          2. The Applicable Party shall only access a person’s information for the purposes of assessing an employment application where that person has (a) consented to such access; AND (b) is being considered for a position that requires honesty in dealing with cash or finances, and where the job description of such position has been clearly outlined in the applicable contract of employment.
          3. In the event that TransUnion is entitled to procure and supply payslip and salary information, the Applicable Party -
            1. acknowledges that payslip and salary information may only be requested and used for lawful purposes.
            2. shall, where it has requested such information from TransUnion, have obtained the prior written consent necessary to authorise TransUnion to access and retrieve a person’s payslip and salary information (a) from the relevant payroll companies, or (b) from TransUnion, for any lawful purpose (as the case may be); and
            3. shall not share, distribute, alter or disseminate the payslip and salary information received by it from TransUnion to any third party whatsoever.
          4. The Applicable Party acknowledges that the information supplied to it pursuant to a testing request will contain information that is regulated by Laws. This test data shall be used by the Applicable Party solely and exclusively for the purpose of the test and the Applicable Party shall not share the test data with or distribute that data to any third party. The Applicable Party shall not, whether directly or indirectly, use the test data for internal business or operational purposes or sell/use the test data for any purpose whatsoever. The Applicable Party shall destroy the test data upon completion of the testing exercise shall provide TransUnion with written confirmation of the destruction. The Applicable Party shall furthermore be able to evidence the destruction to TransUnion should TransUnion request such evidence.
        9. The parties obligation concerning protection of personal information

          1. It is recorded that, pursuant to the obligations under this policy, either Party will Process Personal Information of Data Subjects in connection with and for the purposes of the provision of TransUnion’s services and will act as the other Party’s Operator.
          2. Unless required by Law, each Party shall Process the Personal Information only:
          3. in compliance with this policy;
          4. for the purposes connected with the provision of the Services as provided for in any agreement or contract with TransUnion or as specifically otherwise instructed or authorised by the other Party in writing;
          5. to the extent permissible in terms of applicable Laws; and
          6. The Parties shall treat the Personal Information that comes to their knowledge or into their possession as confidential and shall not disclose it without the prior written consent of the other Party, unless permissible by law.
          7. Without limiting the either Party’s obligations under this policy, each Party shall comply with applicable industry or professional rules, regulations, and Laws (including any applicable technical or organizational security measures) as regards to the safeguarding of Personal Information.
          8. Each Party shall:
            1. take steps to keep abreast and ensure that it and its Staff comply fully with all applicable laws and regulations that are applicable to the Services;
            2. limit the Processing of and access to the Personal Information to those Staff who need to know the Personal Information to enable the rendering of the Services;
            3. deal promptly, but at all times without exceeding 5 (five) business days, with all reasonable inquiries from the other Party relating to its Processing of the Personal Information;
            4. immediately inform the other Party of its inability to comply with the other Party’s instructions and this clause 9, in which case the other Party is entitled to suspend the other’s Processing of Personal Information and/or terminate any agreement or contract with TransUnion; and
            5. provide the other with full co-operation and assistance in relation to any requests for access to, correction of or complaints made by the Data Subjects relating to their Personal Information.
          9. Each Party (the “Notifying Party”) shall notify the other Party in writing:
            1. within 1 (one) business day or otherwise as soon as reasonably possible, if any Personal Information under the control of the Notifying Party as a result of any agreement or contract between Parties has been or may reasonably believe to have been accessed or acquired by an unauthorised person or if a breach has occurred with reference to the Notifying Party’s use of the Personal Information under this policy, furnish the other Party with details of the Data Subjects affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the Personal Information as well as with daily reports on progress made at resolving the compromise;
            2. of any request by a Data Subject for correction of the Personal Information, or complaints received by the Notifying Party, relating to any Personal Information submitted by the other Party in relation to that Data Subject’s obligations in terms of POPIA and provide the other Party with full details of such request or complaint; and
            3. to the extent lawfully permissible, promptly of any legally binding request for disclosure of Personal Information or any other notice or communication that relates to the Processing of the Personal Information from any supervisory or governmental body.
          10. Each Party acknowledges and agrees that the other Party retains all right, title and interest in and to the Personal Information.
        10. Audit rights

          1. TransUnion shall have the right to audit the Applicable Party’s Processing facilities in respect of the services, upon separate and specific written policy regarding such audit first being reached with the other Party on each occasion, at least once per year or if there is a reasonable suspicion that the Applicable Party is not complying with the provisions of this policy or where there is a suspicion that the confidentiality, integrity and accessibility of Personal Information is likely to be compromised. The Party being audited shall offer reasonable assistance and co-operation to the other Party and/or its auditors or inspectors in the carrying out of such auditing exercise. Nothing in this clause 10 should be read as providing either Party with unlimited access to audit the other Party without just cause. If an audit takes place, TransUnion shall have no right of access to any confidential information of the Applicable Party’s clients or to any confidential information in general (including Personal Information TransUnion is not responsible for in terms of POPIA or the NCA.
        11. Return and retention of personal information

          1. Each Party (“requesting Party”) may, at any time on written request to the other Party, require, where it is practically and lawfully possible, that (a) the other Party immediately return to it any Personal Information and may, in addition, require that the other Party furnish a written statement to the effect that upon such return, it has not retained in its possession or under its control, whether directly or indirectly, any such Personal Information or material; or (b) as and when required by the requesting party on written request, destroy all such Personal Information and material and furnish TransUnion with a certificate of destruction to the effect that the same has been destroyed. Where, by the nature of the services that the other Party provides to different clients, the return of information or destruction thereof is not possible, the Party shall provide the requesting Party with written reasons as to why this is the case and seek to reach written policy with the requesting Party as to how to regulate the relevant Personal Information going forward.
          2. Each Party shall comply with any request in terms of this clause 11 within 7 (seven) days of receipt of such request.
        12. Indemnities

          1. Subject to the provisions contained in the Any agreement or contract with TransUnion, each Party hereby indemnifies and holds the other Party harmless from any and all losses arising from any claim or action brought against the other Party arising from or due to the one’s Party’s breach of its obligations set out in this policy or any law with respect to the protection of Personal Information.
        13. Confidentiality

          1. The Parties agree and undertake –
            1. Except as permitted by this policy, not to disclose or publish any Confidential Information (which for purposes of this clause shall mean any information or data (a) which by its nature or content is identifiable as confidential and/or proprietary to either Party and/or any third party; or (b) which is provided or disclosed in confidence by the one Party (“Disclosing Party”) to the other Party (“Receiving Party”); and (c). which Disclosing Party or any person acting on its behalf may disclose or provide to Receiving Party or which may come to the knowledge of Receiving Party by whatsoever means) in any manner for any reason or purpose whatsoever without the prior written consent of the other Party and provided that in the event of the Confidential Information being proprietary to a third party, it shall also be incumbent on the Parties to obtain the consent of such third party;
            2. Except as permitted by this policy, not to utilise, employ, exploit or in any other manner whatsoever use the Confidential Information for any purpose whatsoever without the prior written consent of the other Party and provided that in the event of the Confidential Information being proprietary to a third party, it shall also be incumbent on the Applicable Party to obtain the consent of such third party;
            3. To restrict the dissemination of the Confidential Information to only those of each Party’s staff who are actively involved in activities for which use of Confidential Information is authorised and then only on a “need to know” basis and each Party shall initiate, maintain and monitor internal security procedures reasonably acceptable to the other to prevent unauthorised disclosure by its staff; and
            4. To take all practical steps, both before and after disclosure, to impress upon its staff who are given access to Confidential Information the secret and confidential nature thereof.
          2. The obligations of each Party with respect to each item of Confidential Information shall endure for an indefinite period from receipt of that item of Confidential Information. The obligations referred to in this clause 13 shall endure notwithstanding any termination of this policy, any other policy entered into between the Parties or any discussions between the Parties.
          3. Each Party hereby indemnifies and holds the harmless from any and all losses arising from, or in connection with, any claim or action arising from the other Party’s breach of any obligation with respect to Confidential Information.
        14. Breach and termination

          1. In the event of either of the Parties committing a breach of any of the conditions of this policy and failing to remedy such breach within 7 (seven) Business Days of receipt of a notice from the other Party requesting it to remedy such breach, then the other Party shall be entitled to cancel this entire policy forthwith and claim such losses as it may have suffered. In the event of termination of this policy, the Party terminating this policy shall have a right to also exercise its rights of termination under any agreement or contract with TransUnion.
          2. Notwithstanding anything to the contrary contained in this policy, the Parties shall be entitled to terminate this policy by mutual policy in writing.
          3. The provisions of this clause 14 shall not affect or prejudice any other rights/remedies which the Parties may have in law or in any other written agreement or contract between the Parties.
        15. Payment profile information

          1. Payment Profile Information may be requested by an Applicable Party who is a SACRRA member or is entitled to such information in terms of Regulation 19(13) and the related NCR guideline; provided that all SACRRA rules and standard operating procedures and/or the provisions of Regulation 19(13), regulating the supply of that information, are complied with (as may be applicable in the circumstances).
          2. Where supplying Payment Profile Information, the Applicable Party shall ensure compliance with Regulation 19(13), including the related NCR guideline, and/or, to the extent applicable, the SACRRA data access protocols and data access standard operating procedures as published and updated by SACRRA from time to time.
        16. Removal of adverse listings

          1. To the extent required by the NCA, adverse credit information must be removed from a person’s credit profile if that person has paid up the debt associated with that listing. The Applicable Party shall provide TransUnion with details regarding settlement of any obligations under a credit agreement within seven days of settlement of such obligation.
          2. To the extent required by the NCA, judgments must be removed from a person’s credit profile if that person has settled the capital amount of the judgment. The Applicable Party shall upon settlement by the person of the capital amount of a judgment advise TransUnion within seven days of settlement of such obligation
          3. An Applicable Party shall only be entitled to remove a default listing if it is factually incorrect, related to fraud or a duplicate listing.
          4. The Applicable Party shall not, unless lawfully entitled to do so, take an upfront fee in order to remove adverse credit information from a person’s credit profile.
        17. Information requested in respect of juristic persons and their principals.

          1. The Applicable Party acknowledges that in the event that it requests information in relation to any juristic person/s, the relevant report to be provided to it may contain information relating to that juristic person’s directors, senior leadership and/or key stakeholders in the business (“Principals”). The Applicable Party shall be (a) fully authorised, as required by all applicable Laws, to obtain the information in respect of the Principals; and (ii) in the event that it requests information relating to both juristic persons and their Principals, be fully compliant with the requirements as set out in Regulation 18(5) of the NCA. It shall furthermore have obtained all required consents for obtaining and having sight of information regarding the Principals.
        18. Consequences of termination

          1. The termination of this policy shall not affect the rights of either of the Parties that accrued before termination of this policy or which specifically survives the termination of the policy.
          2. Upon termination of this policy and upon request by either Party, the other Party shall return or destroy any material containing, pertaining or relating to the Personal Information disclosed pursuant to this policy to the requesting Party. Such request will be regulated in accordance with clause 18 and/applicable Laws pertaining to the Processing of Personal Information.
        19. Waiver

          1. Failure or delay by either Party in exercising any right will not constitute a waiver of that right.
          2. No waiver of any of right under this policy will be binding unless it is in writing and signed by the Party waiving the right.
        20. Severability

          1. If any part of this policy is found to be invalid or unenforceable, it shall be severed from the remainder of this policy, which shall remain valid and enforceable.

        Version: 2.0
        Date adopted: 16 June 2021

        Internet Information.

        When you visit and use any Products or functions in the TransUnion Site, we may collect behavioural data and general internet data, including your internet protocol ("IP") address, metadata, location data, date and time you visit. As part of this:

        • We set a "cookie" on your computer to recognise you when you visit, and collect information (like your page visits and preferences) for statistical purposes and to study how people use the site to improve the user experience. We may provide such data to outside vendors for the same reasons. We store no personal information in cookies. You can reject cookies by setting the preference in your web browser, but you might not be able to apply for credit reports online. For more information about cookies, visit: http://www.cookiecentral.com/n_cookie_faq.htm.
        • TransUnion uses two different cookies. One type "recognises" you whenever you return using the same computer, so you don't have to re-enter personal information. If you set your web browser to not accept or delete this cookie, you can still access our products and services if you re-enter personal information each time you visit. The second type of cookie processes each step of your transactions with us. If you refuse to accept this type of cookie, you can’t access our products and services. Most web browsers auto-delete this type of cookie when you end your session.
        • We may use third-party advertising companies to serve ads on the TransUnion Site or on other sites we use for advertising. These companies may use cookies and action tags (also known as single-pixel gifs or web beacons) to measure advertising effectiveness. They may not use the information we share for any other purpose. Any information collected via cookies and action tags is anonymous.
        • We may use Google Analytics or similar analytical tools to optimise and personalise the advertisements and customer experiences we offer.
        • The data we collect to enhance your user experience includes the IP address of your computer and the pages you visit but excludes any personal information. We only link the IP address to your information to authenticate and protect your personal information. We receive anonymous data from other websites displaying our advertisements to help us understand how visitors to our site responded to those ads and enhance our campaigns. You can opt out of this data collection and sharing activity by following the procedures under the Browser Opt-Out and Privacy Center information sections on google.com.
        • Behavioural data is the information used to enhance the relevance of personalised offers from TransUnion and our trusted partners. This data includes your interaction with our products and services, such as searches, transactions and purchase history. We keep all such data in our secure server and do not share it with any third parties.

        Welcome to the transunion.co.za and mytransunion.co.za website

        Notice: Your use of this web site beyond the home page constitutes acceptance of the Terms of Use.

        Acceptance of the terms

        Please read the following information carefully before using this web site. By accessing or using the web site, you acknowledge that you have read, understood, and agree to the TransUnion General Terms of Use and where applicable the Product Terms of Use (collectively the “Terms of Use”). If you do not agree with the Terms of Use, do not use this web site. We reserve the right, in our sole discretion, to modify or update these Terms of Use at any time. Please check the Terms of Use each time you visit our web site for the most current information.

        These Terms of Use apply to the transunion.co.za and mytransunion.co.za web sites (collectively “TransUnion Site”). If you decide to order any information, product or services (collectively “Services”) from TransUnion, such order or purchase will additionally be governed by the Product Terms of Use. If the Terms of Use is not consistent with the specific terms that apply to the TransUnion Services offered through this web site or any designated TransUnion sales- or service channel, then the specific Product Terms of Use that apply to these Services will apply.

        Use of the Website

        By accessing and or subscribing to any Services via the TransUnion Site, you warrant and represent that you are legally entitled to do so and that you have the requisite capacity to conclude a legally binding transaction with TransUnion. You further warrant that you will not use the TransUnion Site, Services, or any information made available to you by TransUnion pursuant to your use of the website for any purpose that is unlawful or prohibited under South African or international law or in any way that is in contravention of these Terms of Use or the specific Product Terms of Use.

        While you are on the TransUnion Site or are using or accessing our product offerings, we may collect certain data about your use of the site and the products. By accessing or viewing any of our sites, you understand that we will be collecting this data. If you do not want us to collect data about you, then do not access any of our Sites and do not enroll in, purchase, or use any of our products or services.

        Privacy

        Please review the TransUnion Privacy Policy to understand our practices. By using the TransUnion Site or purchasing our Services, you agree that we may use and share your personal information in accordance with the terms of our Privacy Policy.

        Disclaimer of Warranties and Liability

        This TransUnion Site, including all content, information, products or services made available to you or, or accessed through the TransUnion Site, is provided to you “as is”. Use of the TransUnion Site, the content and the services are at your own risk.

        Neither TransUnion nor its suppliers make any warranties, representations, statements or guarantees (whether express, implied in law or residual) regarding the TransUnion Site and the Services or that the Services advertised on the website are appropriate for use in any jurisdiction.

        Neither TransUnion nor its suppliers make any representations, warranties or conditions about the quality, accuracy, reliability, completeness, or timeliness of the site, the content or the services. TransUnion and/or its suppliers do not assume any responsibility for any errors, omissions or inaccuracies in the site, the content or the services.

        Neither TransUnion nor its directors shall be responsible for and disclaims all liability for any loss, liability, damage (whether direct, indirect or consequential) and/or expense of any nature whatsoever which may be suffered by you or any third party, as a result of or which may be attributable, directly or indirectly, to your access and use of the TransUnion Site and/or any information contained on or received via the TransUnion Site, your use of the Services and/or your reliance on any information offered via the TransUnion Site or Services.


        Without limiting the generality of the aforegoing, neither TransUnion nor its directors shall be liable for any loss of business, loss of data and/or loss of profits, any failure and/or unavailability of the website for any reason whatever and/or the failure/delay by any third party service provider to render any service/s which are necessary to ensure the availability of the website. You hereby indemnify TransUnion and its directors against any loss, liability, damage (whether direct, indirect or consequential) or expense of any nature whatsoever which may be suffered by you or any third party as a result of or which may be attributable directly or indirectly to the aforesaid.

        TransUnion shall furthermore not be liable to you or any third party for any loss or damage of whatsoever nature in the event that you request that an order is stopped or cancelled

        The content is provided for informational purposes only and is not intended to provide financial advice to you. You should seek the advice of professionals regarding the evaluation and verification of any content provided on the site and, in any event, prior to making any financial decisions based on such content.

        You are advised that TransUnion reserves the right, in its sole discretion, to withdraw or terminate any Services offered to you in terms of the subscription for any reason, at any time and without incurring loss or penalty.

        Policy on Links to the TransUnion Web Site

        You are given a limited, non-exclusive right to create a hypertext link to the TransUnion Site (www.transunion.co.za and www.mytransunion.co.za). However, you may not portray TransUnion or any of its Services in a false or offensive manner. Also, you may not misrepresent your relationship with TransUnion or imply that TransUnion sponsors, endorses, or is affiliated with your web site or products. You may not replicate, modify, or alter the appearance or content of this web site. You may not use, frame, or utilize framing techniques to enclose any TransUnion Trademarks or any of the content of this web site. Except as stated above, you are not given any other right or license to (i) the content of this web site or (ii) any intellectual property or proprietary rights of TransUnion. This limited linking right may be taken away from you at any time at our discretion.

        Policy on Links to Third Party Web Sites

        This web site may contain links to third party web sites. TransUnion does not represent, guarantee, or endorse any web site that you may access from this web site. In addition, if we provide a link to a web site, we do not represent, guarantee, or endorse the company or any of its offerings. Links contained on this web site are provided solely as a convenience to you. When you access a non-TransUnion web site, please understand that the linked site and its content are not under our control. TransUnion is not responsible for web casting or any other form of transmission received from any linked sites. You are responsible for protecting your system from viruses and other invasive items. When visiting external links you must refer to that external terms and conditions of use.

        Unsolicited Idea Submission Policy

        When you provide us with comments, suggestions, or ideas (collectively "Feedback"), such Feedback is not considered confidential and becomes the property of TransUnion. We are not obligated to you if you provide such Feedback. We are free to use, copy, or distribute the Feedback to others for any purpose.

        International Use

        Because you can access this web site internationally, you agree to follow all local rules regarding the internet, data, e-mail, and privacy. You specifically agree to follow all laws that apply to transmitting technical data exported from the South Africa or the country of your residence.

        Notices

        The address for service of any notices or communication relating to these Terms of Use including the giving of any notice, the payment of any sum, or the serving of any legal process, is:

        TransUnion, 10th Floor, 11 Alice Lane, Sandton, Johannesburg 2196, South Africa.

        Telephone number: (011) 214 6000

        No legal service shall be validly affected by email.

        TransUnion shall be entitled to vary its physical address for service to any other physical address within the Republic of South Africa, by giving notice to you by way of updating these Terms of Use.

        Indemnification

        You agree to reimburse TransUnion, its officers, employees, agents, and partners for all losses, damages, and costs, including reasonable attorney's fees, resulting from your violation of these Terms of Use.

        Consumer Protection Information

        In compliance with section 43(1) of the Electronic Communications and Transactions Act 25 of 2002 ("ECTA"), your attention is drawn to the following:

        • Full name and legal status: TransUnion Africa (Proprietary) Limited, a private company incorporated in accordance with the laws of the Republic of South Africa
        • Registration number: 1992/007124/07
        • Place of registration: Johannesburg, South Africa
        • Registered physical address: TransUnion, 10th Floor, 11 Alice Lane, Sandton, Johannesburg 2196, South Africa
        • Telephone number: (011) 214 6000
        • Email address: info@transunion.co.za
        • Physical address for receipt of legal service of documents: TransUnion, 10th Floor, 11 Alice Lane, Sandton, Johannesburg 2196, South Africa
        • Description of the main characteristics of the service/s offered by TransUnion: Credit information services
        • Manner of payment: Electronically by credit card, debit order
        • Terms of the agreement: The terms of the agreement between yourself and TransUnion is governed by these terms, the application form and TransUnion's Standard Subscriber Terms and Conditions. TransUnion makes no representations and gives no warranties and/or guarantees of whatever nature, whether express, implied in law, or residual, in respect of these terms, the service/s and/or the accuracy or correctness of the information delivered to you or any part thereof
        • Time within which the service/s will be delivered: As soon as is reasonably possible after TransUnion accepts to comply with your order
        • Return and refund policy: By nature of the service/s, no information provided to you by TransUnion may be returned, and no monies paid by you to TransUnion in respect of the service/s will be refunded to you, unless it is established to the satisfaction of TransUnion that the information provided to you was loaded incorrectly by TransUnion
        • Security procedures and privacy policy of TransUnion in respect of payment, payment information and personal information: TransUnion utilizes a payment system that is sufficiently secure with reference to accepted technological standards as at the date of these terms, given the type of transaction to be concluded between you and TransUnion.
        • Cooling-off period: In terms of section 42(2)(f)(iii) of ECTA, no cooling-off period applies in respect of any service/s ordered via the website, as the information ordered and delivered to you by TransUnion cannot, by its nature, be returned
        • Membership / Affiliations: TransUnion is a member of the Credit Bureau Association (CBA) as well as the South African Credit and Risk Reporting Association (SACRRA) and subscribes to the respective codes of conduct. It is also registered with the NCR as a credit bureau with registration numbers NCRCB04

        Use of Information, including in terms of the Protection of Personal Information Act, 4 of 2013

        TransUnion conducts its business in accordance with the National Credit Act and the relevant membership bodies’ codes of conduct and considers it imperative to protect the privacy interests of consumers. Please see our detailed Privacy and Security Policy available on our website by clicking on this link.

        By accepting these terms and conditions, you expressly acknowledge, agree and consent to TransUnion using your confidential information to :

        • record, process, continuously maintain and update your information;
        • create a new credit record;
        • update an existing credit record;
        • monitor and subsequently update the current and future credit activity on your credit record;
        • create and maintain new products (for scoring and other statistical models);
        • perform statistical analysis,
        • validate and verify information on your credit record, at TransUnion’s discretion and against any relevant source;
        • distribute TransUnion marketing material;
        • make my credit record available to TransUnion’s subscribers, upon request and where such subscriber fulfils the legal requirements justifying such disclosure.

        Copyright, Trademarks and intellectual Property Rights

        Copyright and Intellectual Property Rights in all materials, texts, drawings and data made available on the website (collectively "the Materials") are owned by TransUnion, alternatively TransUnion is the lawful user thereof, and are protected by both South African and international intellectual property laws. Accordingly, any unauthorized copying, reproduction, retransmission, distribution, dissemination, sale, publication, broadcast or other circulation or exploitation of such Materials or any component thereof will constitute an infringement of such copyright and other intellectual property rights; save that you may use the Materials or any component thereof for your own internal purposes and for the purposes of ordering Services from TransUnion.


        The trademarks, names, logos and service marks (collectively "trademarks") displayed on this website are registered and unregistered trademarks of TransUnion. Nothing contained on this website should be construed as granting any license or right to use any trademark without the prior written permission of TransUnion.

        Online advertising

        TransUnion engages third parties that help it deliver its banner advertisements and other online communications. The third parties may collect and use information about TransUnion customers to help us understand the offers, promotions, and types of advertising that are most appealing to its customers. The personal information they collect is aggregated and cannot be linked to a person.

        Framing

        No person, business or website may frame the site of TransUnion or any of the pages on this site in any way whatsoever.

        Crawlers and Spiders

        No person, business or website may use any technology to search and/or gain information from TransUnion's website without its prior written consent.

        General

        These Terms of Use, and where applicable the Product Terms of Use and/or TransUnion's Standard Services (Subscriber) Terms and Conditions constitute the sole record of the agreement between you and TransUnion in relation to the subject matter hereof. Neither you nor TransUnion shall be bound by any express tacit nor implied representation, warranty, promise or the like not recorded herein. These terms and conditions supersede and replace all prior commitments, undertakings or representations, whether written or oral, between you and TransUnion in respect of the subject matter hereof. No indulgence or extension of time which either you or TransUnion may grant to the other will constitute a waiver of or, whether by estoppels or otherwise, limit any of the existing or future rights of the grantor in terms hereof, save in the event or to the extent that the grantor has signed a written document expressly waiving or limiting such rights.

        TransUnion shall be entitled to cede, assign and delegate all or any of its rights and obligations in terms of these terms.

        All provisions of these terms and conditions are, notwithstanding the manner in which they have been grouped together or linked grammatically, severable from each other. Any provision of these terms and conditions which is or becomes unenforceable in any jurisdiction, whether due to voidness, invalidity, illegality, unlawfulness or for any reason whatever, shall, in such jurisdiction only and only to the extent that it is so unenforceable, be treated as pro non scripto and the remaining provisions of these terms and conditions shall remain in full force and effect.

        Should TransUnion be prevented from fulfilling any of its obligations to you as a result of any event of force majeure, then those obligations shall be deemed to have been suspended to the extent that and for as long as TransUnion is so prevented from fulfilling them and your corresponding obligations shall be suspended to the corresponding extent. In the event that force majeure continues for more than fourteen days after it has fist occurred then TransUnion shall be entitled (but not obliged) to terminate all of its rights and obligations in terms of or arising out of these terms by giving notice to you. An "event of force majeure" shall mean any event or circumstance whatsoever which is not within the reasonable control of including, without limitation, vis major, casus fortuitus, any act of God, strike, theft, riots, explosion, insurrection or other similar disorder, war (whether declared or not) or military operations, the downtime of any external telecommunications line, power failure, international restrictions, any requirement of any international authority, any requirement of any government or other competent local authority, any court order, export control or shortage of transport facilities.

        These terms shall be governed by and construed in accordance with the laws of the Republic of South Africa without giving effect to any principles of conflict of law. You hereby consent to exclusive jurisdiction of the Witwatersrand Local Division of the High Court of South Africa in respect of any disputes arising in connection with the Services referred to herein, or the terms or any matter related to or in connection therewith.

        Last revised - May 2018
        TransUnion