South Africa Privacy Centre

Business Product and Technical Support Privacy Notice

Introduction

 

This privacy notice provides information about how we use and share the personal information of people using our business products and technical support facilities. You can find more detailed information at the TransUnion Privacy Center or in other privacy information you may have received.

 

In Brief

We use personal information to:

  • administer your access to and monitor your use of our products.
  • provide information about your use of our products to the organisation you work for.

 

This notice covers the following topics:

  1. Who we are and how to contact us
  2. How we use personal information
  3. The kinds of personal information we use and where we get personal information
  4. How long we keep personal information
  5. Our legal basis for handling personal information
  6. Who we share personal information with
  7. Where we store and send personal information   
  8. How we protect personal information
  9. Your rights concerning your personal information
  10. Where to lodge a complaint
  11. Changes to this privacy notice

 

1.  Who we are and how to contact us

 

Information for Good®

We are in an era of rapid digital transformation where consumers demand more access to seamless, personalised products and services online. But the currency of personal information that fuels this platform economic boom poses threats to individuals and endangers corporate security.

Now more than ever — and likely more so in the future — consumers and corporates need new levels of trust and transparency.

As a global information and insights company, TransUnion seeks to make trust possible. We do this by curating an accurate and comprehensive picture of each consumer, so they're safely and reliably represented in the marketplace. This enables businesses and consumers to transact with confidence and achieve great things. We call this Information for Good.

We are a group of companies with registered offices at TransUnion, 10th Floor, 11 Alice Lane, Sandton, Johannesburg, 2196.  Although we are part of a larger group, this notice covers only the activities of TransUnion companies within the Republic of South Africa.

Contact details

Contact us about personal information issues, including the contents of this notice via:

Please refer to our Customer Service Privacy Notice for information on how we handle your personal information with complaints and enquiries.

 

2.  How we use personal information

 

Operating our products and administering accounts

We use personal information to operate our products and administer the accounts of people who use them.

Example: We hold username and password details to control access to products.

Security and breach reporting

We monitor access to our products to ensure only authorised people access our products and data. If we detect suspicious activity, we may suspend an account and investigate.

Feedback to clients

Sometimes we share data with clients (or their affiliates, business partners or group companies) about how their employees use our products. For example, how often and why a staff member uses a product. Clients may ask for this information in deciding whether to continue buying the product or staff management in checking whether products are being used properly.

If the information shows employee misconduct, an employer might use that information as part of a disciplinary process.

Example: A bank suspects an employee is performing unauthorised credit report searches and asks us for details of the searches conducted by that person. The bank uses this information to support its internal investigation into that employee’s actions.

Monitoring and improving our products

Information, such as how different people use our products, how long they spend on particular tasks and what sort of information they look for, helps us customise and improve our products. We also use this information for security and system administration and to generate non-personalised information for client use.

Product or systems development and testing

We may use personal information while developing or testing our products, systems and security measures. Where possible, we create pseudonyms or otherwise anonymise such data.

Providing technical support and responding to queries

If you contact us with a question about one of our product or services, we use your personal information to provide the answer. This includes contacting you about your request and sometimes about queries raised by other users.

Queries: legal and regulatory purposes

We may also need to use your personal information for legal and regulatory purposes.

Example: legal and regulatory purposes

If you make a complaint about us to our regulators, they will normally ask us to investigate your case. This will involve accessing your personal information. Similarly, if you start court proceedings against us, we will normally need to review how we have used your personal information to defend ourselves against your claim.

 

3.  The kinds of personal information we use and where we get personal information

 

We obtain and use information from various sources summarised in the following table:

Type of information

Description

Source

Basic information about you and how to contact you

Name, email address and job title

You or your employer when we set up your account or are told the information has changed

 

 

Login credentials

Username, password and other information controlling product access

Product usage

How and when you access and use the product, including dates and times, IP address, and how you use the product while logged in

Monitoring your product usage

Your requests and enquiries

Information you provide as part of a technical support query, request or enquiry

Directly from you

 

We need your personal information to provide our products correctly. You do not have to provide us with personal information for technical support requests, but this may impede the help we can provide.

 

4.  How long we keep personal information

 

Simply put, we keep personal information for as long as necessary. More technically, we retain it to fulfil the purpose(s) of its provision, to comply with applicable laws, and for as long as your consent to such purpose(s) remains valid after termination of our relationship.

 

5.  Our legal basis for handling personal information

 

Legitimate interests

The Protection of Personal Information Act (POPIA) allows personal information usage where necessary for legitimate purposes without undue adverse impact. We base most of our processing activities on the legitimate interests listed below.

Interest

Explanation

Market our products and services

To allow our business to reach the maximum number of clients

Develop and improve our products and services

To help us remain competitive, differentiated and attractive to clients

Monitor and secure our systems and data

To fulfil our promise by keeping our systems and our data safe and secure

Maintain our client relationships

To build trust with our clients and business partners by outperforming and over-delivering

Entrench our commercial interests

To earn sustainable revenue through the efficient and effective provision of competitive products and services

 

6.  Who we share personal information with

 

Our group of companies

Where appropriate, we share personal information within the TransUnion group of companies for legitimate business purposes related to our business products and technical support services. The current TransUnion group companies in South Africa include:

Group Company

Physical Address

TransUnion Africa Holdings (Pty) Ltd

TransUnion
10th Floor,
11 Alice Lane
Sandton
Johannesburg
2196

TransUnion Credit Bureau (Pty) Ltd

TransUnion Africa (Pty) Ltd

TransUnion Analytic and Decision Services (Pty) Ltd

TransUnion Auto Information Solutions (Pty) Ltd

 

Access to personal information within the group is limited to authorised personnel who require it to perform specific business or technical support functions.

 

7.  Where we store and send personal information

 

Clients

Where required and where permitted by law, we may share limited usage information relating to a TransUnion business product with a client, including an employer, its affiliates, business partners, or other TransUnion group companies

Service providers

We may share personal information with trusted third‑party service providers who assist us in operating our business products and providing technical support. These service providers process personal information only on our instructions and are contractually required to protect it in accordance with POPIA.

Third-party usage

We may use third‑party service providers, such as email broadcasting services, to send service‑related communications. These providers may not use personal information for their own purposes or on behalf of other organisations unless you have agreed otherwise.

In some cases, we may share personal information with service providers or other TransUnion group companies to resolve technical support requests or respond to further enquiries

Cross-border transfers

Where personal information relating to our business products or technical support services is transferred outside South Africa, we ensure that such transfers comply with POPIA. This includes transferring information only to countries that have adequate data protection laws or where appropriate safeguards, such as contractual protections, are in place to ensure that personal information is afforded a level of protection substantially similar to that provided under POPIA.

Regulators and law enforcement

We may disclose personal information to regulators, government authorities, or law enforcement agencies where required by law or where necessary to protect our legitimate interests, in compliance with applicable laws and POPIA.

 

8.  How we protect personal information

 

In relation to our business products and technical support services, we apply appropriate and reasonable technical and organisational measures to protect personal information from loss, unauthorised access, disclosure, or misuse, in line with POPIA. Access is limited to authorised personnel who require the information to provide these services and is regularly reviewed to ensure continued security

 

9.  Your rights concerning personal information

 

We outline your rights regarding the personal information we hold about you below.

Access: You can access all information that we hold about you by contacting us through TUAPrivacy@transunion.com

Correction/Destruction/Deletion: If the information we hold about you is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully, you have a right to ask us to correct it or delete it.

Objection to processing: You may object (on reasonable grounds) to processing your personal information unless legislation provides for such processing.

Objection to direct marketing: You may object to us using your personal information for direct marketing, and if you do, we will stop.

 

10.  Where to lodge a complaint

 

We strive to deliver the highest levels of customer service. However, if you are ever unhappy with us, please contact us so we can investigate.

Location: 10th Floor, 11 Alice Lane, Sandton, 2196

Postal Address: PO Box 4522, Johannesburg, 2000

Telephone: 0861 482 482

You can also contact our Information Officer or Deputy Information Officer at TUAPrivacy@transunion.com


You may complain to the Information Regulator:

Physical Address: Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg

Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017

Email: POPIAComplaints@inforegulator.org.za.

Site: www.inforegulator.org.za  

 

11.  Changes to this privacy notice

 

We may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or operational needs. Where material changes are made, we will take reasonable steps to inform individuals, which may include updating this notice on our website or communicating changes through appropriate channels. 

The most current version of this Privacy Notice will always be available, and the effective date at the bottom of the notice indicates when the latest version came into effect. 

Effective date: May 2026