This privacy notice provides information about how we use and share the personal information of people using our business products and technical support facilities. You can find more detailed information at the TransUnion Privacy Center or in other privacy information you may have received.
In Brief
We use personal information to:
This notice covers the following topics:
Information for Good®
We are in an era of rapid digital transformation where consumers demand more access to seamless, personalised products and services online. But the currency of personal information that fuels this platform economic boom poses threats to individuals and endangers corporate security.
Now more than ever — and likely more so in the future — consumers and corporates need new levels of trust and transparency.
As a global information and insights company, TransUnion seeks to make trust possible. We do this by curating an accurate and comprehensive picture of each consumer, so they're safely and reliably represented in the marketplace. This enables businesses and consumers to transact with confidence and achieve great things. We call this Information for Good.
We are a group of companies with registered offices at TransUnion, 10th Floor, 11 Alice Lane, Sandton, Johannesburg, 2196. Although we are part of a larger group, this notice covers only the activities of TransUnion companies within the Republic of South Africa.
Contact details
Contact us about personal information issues, including the contents of this notice via:
Please refer to our Customer Service Privacy Notice for information on how we handle your personal information with complaints and enquiries.
Operating our products and administering accounts
We use personal information to operate our products and administer the accounts of people who use them.
Example: We hold username and password details to control access to products.
Security and breach reporting
We monitor access to our products to ensure only authorised people access our products and data. If we detect suspicious activity, we may suspend an account and investigate.
Feedback to clients
Sometimes we share data with clients (or their affiliates, business partners or group companies) about how their employees use our products. For example, how often and why a staff member uses a product. Clients may ask for this information in deciding whether to continue buying the product or staff management in checking whether products are being used properly.
If the information shows employee misconduct, an employer might use that information as part of a disciplinary process.
Example: A bank suspects an employee is performing unauthorised credit report searches and asks us for details of the searches conducted by that person. The bank uses this information to support its internal investigation into that employee’s actions.
Monitoring and improving our products
Information, such as how different people use our products, how long they spend on particular tasks and what sort of information they look for, helps us customise and improve our products. We also use this information for security and system administration and to generate non-personalised information for client use.
Product or systems development and testing
We may use personal information while developing or testing our products, systems and security measures. Where possible, we create pseudonyms or otherwise anonymise such data.
Providing technical support and responding to queries
If you contact us with a question about one of our product or services, we use your personal information to provide the answer. This includes contacting you about your request and sometimes about queries raised by other users.
Queries: legal and regulatory purposes
We may also need to use your personal information for legal and regulatory purposes.
Example: legal and regulatory purposes
If you make a complaint about us to our regulators, they will normally ask us to investigate your case. This will involve accessing your personal information. Similarly, if you start court proceedings against us, we will normally need to review how we have used your personal information to defend ourselves against your claim.
We obtain and use information from various sources summarised in the following table:
Type of information | Description | Source |
Basic information about you and how to contact you | Name, email address and job title | You or your employer when we set up your account or are told the information has changed
|
Login credentials | Username, password and other information controlling product access | |
Product usage | How and when you access and use the product, including dates and times, IP address, and how you use the product while logged in | Monitoring your product usage |
Your requests and enquiries | Information you provide as part of a technical support query, request or enquiry | Directly from you |
We need your personal information to provide our products correctly. You do not have to provide us with personal information for technical support requests, but this may impede the help we can provide.
Simply put, we keep personal information for as long as necessary. More technically, we retain it to fulfil the purpose(s) of its provision, to comply with applicable laws, and for as long as your consent to such purpose(s) remains valid after termination of our relationship.
Legitimate interests
The Protection of Personal Information Act (POPIA) allows personal information usage where necessary for legitimate purposes without undue adverse impact. We base most of our processing activities on the legitimate interests listed below.
Interest | Explanation |
Market our products and services | To allow our business to reach the maximum number of clients |
Develop and improve our products and services | To help us remain competitive, differentiated and attractive to clients |
Monitor and secure our systems and data | To fulfil our promise by keeping our systems and our data safe and secure |
Maintain our client relationships | To build trust with our clients and business partners by outperforming and over-delivering |
Entrench our commercial interests | To earn sustainable revenue through the efficient and effective provision of competitive products and services |
Our group of companies
Where appropriate, we share personal information within the TransUnion group of companies for legitimate business purposes related to our business products and technical support services. The current TransUnion group companies in South Africa include:
Group Company | Physical Address |
TransUnion Africa Holdings (Pty) Ltd | TransUnion |
TransUnion Credit Bureau (Pty) Ltd | |
TransUnion Africa (Pty) Ltd | |
TransUnion Analytic and Decision Services (Pty) Ltd | |
TransUnion Auto Information Solutions (Pty) Ltd |
Access to personal information within the group is limited to authorised personnel who require it to perform specific business or technical support functions.
Clients
Where required and where permitted by law, we may share limited usage information relating to a TransUnion business product with a client, including an employer, its affiliates, business partners, or other TransUnion group companies
Service providers
We may share personal information with trusted third‑party service providers who assist us in operating our business products and providing technical support. These service providers process personal information only on our instructions and are contractually required to protect it in accordance with POPIA.
Third-party usage
We may use third‑party service providers, such as email broadcasting services, to send service‑related communications. These providers may not use personal information for their own purposes or on behalf of other organisations unless you have agreed otherwise.
In some cases, we may share personal information with service providers or other TransUnion group companies to resolve technical support requests or respond to further enquiries
Cross-border transfers
Where personal information relating to our business products or technical support services is transferred outside South Africa, we ensure that such transfers comply with POPIA. This includes transferring information only to countries that have adequate data protection laws or where appropriate safeguards, such as contractual protections, are in place to ensure that personal information is afforded a level of protection substantially similar to that provided under POPIA.
Regulators and law enforcement
We may disclose personal information to regulators, government authorities, or law enforcement agencies where required by law or where necessary to protect our legitimate interests, in compliance with applicable laws and POPIA.
In relation to our business products and technical support services, we apply appropriate and reasonable technical and organisational measures to protect personal information from loss, unauthorised access, disclosure, or misuse, in line with POPIA. Access is limited to authorised personnel who require the information to provide these services and is regularly reviewed to ensure continued security
We outline your rights regarding the personal information we hold about you below.
Access: You can access all information that we hold about you by contacting us through TUAPrivacy@transunion.com
Correction/Destruction/Deletion: If the information we hold about you is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully, you have a right to ask us to correct it or delete it.
Objection to processing: You may object (on reasonable grounds) to processing your personal information unless legislation provides for such processing.
Objection to direct marketing: You may object to us using your personal information for direct marketing, and if you do, we will stop.
We strive to deliver the highest levels of customer service. However, if you are ever unhappy with us, please contact us so we can investigate.
Location: 10th Floor, 11 Alice Lane, Sandton, 2196
Postal Address: PO Box 4522, Johannesburg, 2000
Telephone: 0861 482 482
You can also contact our Information Officer or Deputy Information Officer at TUAPrivacy@transunion.com
You may complain to the Information Regulator:
Physical Address: Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg
Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017
Email: POPIAComplaints@inforegulator.org.za.
Site: www.inforegulator.org.za
We may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or operational needs. Where material changes are made, we will take reasonable steps to inform individuals, which may include updating this notice on our website or communicating changes through appropriate channels.
The most current version of this Privacy Notice will always be available, and the effective date at the bottom of the notice indicates when the latest version came into effect.
Effective date: May 2026