TransUnion Credit Information Services Limited (“TUCIS”, or “our” or “we” or “us”) is a selected Credit Reference Agency (“CRA”) under Credit Data Smart (also known as the Multiple Credit Reference Agencies (“MCRA”) Framework). In addition to existing applicable laws and regulations governing credit reference agencies, the operation and conduct of TUCIS as selected CRA is also contractually governed by the rules and guidance issued by the MCRA User Group, the administrative body of Credit Data Smart comprising representatives from the Industry Associations (The Hong Kong Association of Banks, The DTC Association (The Hong Kong Association of Restricted Licence Banks and Deposit-Taking Companies) and the Hong Kong S.A.R. Licensed Money Lenders Association Ltd., collectively).

We are committed to protecting your privacy, and support a general policy of openness about how we collect, use and disclose the personal data of Hong Kong consumers in accordance with appropriate standards under applicable privacy laws and regulations.

This privacy policy provides an overview of our business and explains how we collect, use and disclose personal data about consumers that appears in our database(s).

 

1. Where We Collect Your Personal Data

1.1 We may collect your personal data from various sources as summarized in the following table:

Type of personal data

Description

Source

Consumer credit data (including without limitation credit card and consumer loan data, hire purchase data and mortgage data)

 

1. Identifying information: name, address history, contact number history, identity document numbers; and

2. Credit account information: Open and closed accounts, past due accounts and amounts.

Credit providers who are approved to participate in Credit Data Smart and provide your consumer credit data to the Credit Data Smart platform.

Score

Scores in relation to credit, affordability, fraud, identity, collections and insolvency.

By running credit reference data through using our algorithm.

Enquiry information

1. Credit application enquiry information: enquiries from credit providers regarding your applications for credit; and

2. Other enquiry information: review checks by credit providers.

When credit providers access our services.

Public record and related data

1. Public information relating to action for recovery of debt, judgments for monies owed and bankruptcies; and

2. Any information permitted by law.

Public registrars and publicly available information.

Account information

1. First and last name;

2. Date of birth;

3. Identity document number;

4. Contact number;

5. Address;

6. Email address;

7. Account ID and password; and

8. Credit card information.

When you access, use or purchase any services, products (as defined under our Service Agreement) or functions in the Site or TransUnion Mobile.

Basic contact information

Name, email address and job title.

When you contact us or when we subsequently request it to proceed your written inquiry, service appointment, newsletter subscription, data subject request and job application.

Proof of identity or authority and other supporting documentation

To prove your identity by authenticating your biometric data. If you enquire on someone else’s behalf, we may ask for proof of authority, such as a power of attorney. Sometimes we may require additional supporting documentation.

Employee information

Employment and educational history, background checks, performance appraisals, IP addresses and biometric data (optional).

Information gathered in dealing with your enquiry or complaint

Dealing with an enquiry involves investigating the circumstances. This type of information depends on the enquiry or complaint.

Internal records and external organizations, such as clients and suppliers.

Our response and other correspondence

Our response to and other correspondence relating to your enquiry or complaint.

We produce this ourselves.

CCTV footage

Images and videos recorded by on-premises CCTV cameras.

CCTV cameras installed in our business premises.

Audit information pertaining personal data

To authenticate activity logs and monitor performance of service contracts.

External service providers who process personal data on behalf of us.

 

2. How We Use and Disclose Your Personal Data

2.1 The use of consumers’ personal data is limited to purposes which have been disclosed to consumers by the Credit Data Smart Subscribed Members, or for purposes which are otherwise permitted by the laws. We disclose personal data in compliance with applicable laws and regulations primarily by means of credit reports to consumers, Credit Data Smart Subscribed Members, and other third parties as authorized and consented by you.

2.2. Specifically, we use and disclose personal data in the following circumstances:

  1. to compute and provide consumer credit data and related services directly to consumers who have requested for such services;
  2. to verify and authenticate your identity, administer your access to and monitor your use of our services and products;
  3. to manage our relationship with, and to promote our services and products to, our customers and potential customers;
  4. to customize and improve your web site and/or customer service experience;
  5. to process data correction requests and other related disputes;
  6. to provide services, solutions or products to the Credit Data Smart Subscribed Members you may be dealing with;
  7. to help ensure safety of our staff and visitors and the security of our information and assets;
  8. to comply with legal and regulatory requirements, support legal process served on us (such as a subpoena or court warrant), and protect our legitimate interests in compliance with applicable laws.

2.3 We also share personal data with the Credit Data Smart Subscribed Members for the purposes described in Section 2.2 above. The Credit Data Smart Subscribed Members will each have their own privacy notices which will provide more information about how they (specifically) use the data we supply.

2.4 We may disclose your personal data to third parties who help us use it for the purposes described in Section 2.2, including but not limited to our service provider TransUnion Limited. These service providers are prohibited from using your personal data for their own purposes unless you have been notified of this purpose or given your consent.

2.5 We may also share anonymized information with other third parties, but only where the information cannot realistically be identified as relating to you.

 

3. Retention of Your Personal Data

3.1 We keep personal data only for as long as is necessary for the purposes for which it is held, subject to legal, statutory and regulatory requirements mandating the retention of data.

3.2 For more information about data retention, please review our General FAQs.

 

4. Security of Your Personal Data

4.1 We take the protection of personal data seriously. We have adopted appropriate physical, electronic, and managerial procedures to secure your personal data and are committed to working with our customers and Credit Data Smart Subscribed Members to protect the security of personal data during any transfer to or from us. We have also instituted a number of safeguards to identify and help prevent the fraudulent use of your credit data and other personal data.

4.2 For more information about our security practices, please review our General FAQs  and Security Policy.



5. Access and Correction of Your Personal Data

5.1 For credit report, pursuant to the Credit Data Smart (MCRA) rules, you are entitled to ask for a copy of your credit report, free of charge, once every 12 months. You are also entitled to ask for a copy of your credit report, free of charge, within 30 business days of a refusal of credit by a Credit Data Smart Subscribed Member to whom we have provided your credit report. Other than the free credit reports, you may also request a copy of your credit report at any other time at a prescribed fee.

5.2 When gathering personal data, we work with the Credit Data Smart Subscribed Members to increase their awareness of the importance of providing only personal data that is accurate, complete, and up-to date. However, we cannot alter the data reported by the Credit Data Smart Subscribed Members, unless the data is determined to be wrong, incomplete or otherwise inaccurate. If you do not agree with the accuracy of the data we have on file, we have procedures to verify such data and, where appropriate, to amend or correct it. We also have established complaint procedures to address consumer concerns and to appropriately investigate and address inquiries and complaints.

5.3 Requests to access or correct your personal data provided to us can be made by email to hkcontact@transunion.com, by calling our Consumer Services and Operations Department at (852) 2577-1816, or by post to our office address, Suite 811, 8th Floor, Tower 5, The Gateway, 15 Canton Road, Tsim Sha Tsui, Kowloon, Hong Kong.

 

6. Changes to this Privacy Policy

6.1 We reserve the right to modify this privacy policy at any time without notice. The privacy policy posted at any time via the Site or TransUnion Mobile shall be deemed to be the privacy policy then in effect.

6.2 For enquiries regarding this privacy policy, please contact our Data Protection Officer at hkcontact@transunion.com or by post to our office address at Section 5.3 above.

 

7. English Version to Prevail

7.1 In the event of any ambiguity or inconsistencies between the English and Chinese versions of this privacy policy, the English version shall prevail.

 

 

 

Updated as of 1st of November 2023
v.1.0

    TransUnion Limited (“TUHK”, or “our” or “we” or “us”) is committed to protecting your privacy, and supports a general policy of openness about how our collection, use and disclosure of the personal data comply with the requirements of the Personal Data (Privacy) Ordinance of Hong Kong.

    This privacy policy provides an overview of our business and explains how we collect, use and disclose personal data we receive during daily operations, including TransUnion Hong Kong mobile application (“TransUnion Mobile”) or web site, (the “Site”).

    1. Where We Collect Your Personal Data

    1.1 We may collect your personal data from various sources as summarized in the following table:

    Type of personal data

    Description

    Source

    Consumer data

    1. Identifying information: name, email address, contact number, identity document numbers; and

    2. Details of payments and transactions.

    When you access, use or purchase any services, products (as defined under our Service Agreement).

    Consumer credit data (including without limitation credit card and consumer loan data, hire purchase data and mortgage data)

    1. Identifying information: name, address history, contact number history, identity document numbers; and

    2. Credit account information: Open and closed accounts, past due accounts and amounts.

    When you consent to us for obtaining your individual credit report from TransUnion Credit Information Services Limited (“TUCIS”), the selected credit reference agency under Credit Data Smart (also known as the Multiple Credit Reference Agencies Framework).

    Business contact information

    Name, job title, email address, contact number, account information.

    When you contact us or when we subsequently request it to proceed your written inquiry, service appointment, newsletter subscription, data subject request and job application.

    Proof of identity or authority and other supporting documentation

    To prove your identity by authenticating your biometric data. If you enquire on someone else’s behalf, we may ask for proof of authority, such as a power of attorney. Sometimes we may require additional supporting documentation.

    Employee information

    Employment and educational history, background checks, performance appraisals, IP addresses and biometric data (optional).

    Information gathered in dealing with your enquiry or complaint

    Dealing with an enquiry involves investigating the circumstances. This type of information depends on the enquiry or complaint.

    Internal records and external organizations, such as clients and suppliers.

    Our response and other correspondence

    Our response to and other correspondence relating to your enquiry or complaint.

    We produce this ourselves.

    CCTV footage

    Images and videos recorded by on-premises CCTV cameras.

    CCTV cameras installed in our business premises.

     

    2. How We Use and Disclose Your Personal Data

    2.1 The use of your personal data is limited to purposes which have been disclosed before or at the time of data collection, or for purposes which are otherwise permitted by the laws.

    2.2 Specifically, we use and disclose personal data in the following circumstances:

    Type of personal data

    Purposes of use of personal data

    Consumer data

    1. Providing services, facilities and goods.

    2. Payments and billing.

    3. Research and development of products.

    4. Conducting surveys and analytics.

    Consumer credit data

    1. Compiling credit report with credit data from TUCIS.

    2. Providing you access to your individual credit report via TransUnion Mobile and the Site.

    Business contact information

    1. Business communications and relationship management.

    2. Engagement of contractors, subcontractors or other service providers.

    3. Payments and billing.

    Employee information

    Recruitment and human resources management, relating to such matters as employees’ appointment, employment benefits, payments, termination, performance appraisal and discipline, etc.

    Proof of identity or authority and other supporting documentation

    To verify and authenticate identity before granting access or making corrections to your personal data.

    Information gathered in dealing with your enquiry or complaint

    Processing your enquiry or complaint.

    Our response and other correspondence

    CCTV footage

    Ensuring safety of our staff and visitors and the security of our information and assets.

    2.3 We may provide you with additional privacy notices where we believe that it is appropriate to do so. Those additional notices supplement and should be read together with this Privacy Policy.

    2.4 We will disclose personal data when authorized or required by law, regulations or rules, for example, in response to a court order or requests from law enforcement agencies or regulatory authorities.

    2.5 We may also disclose your personal data to third parties who help us use it for the purposes described in Section 2.2. These service providers are prohibited from using your personal data for their own purposes unless you have been notified of this purpose or given your consent.

    2.6 We may also share anonymized information with other third parties, but only where the information cannot realistically be identified as relating to you.

    3. Retention of Your Personal Data

    3.1 We keep personal data only for as long as is necessary for the purposes for which it is held, subject to legal, statutory and regulatory requirements mandating the retention of data.

    4. Security of Your Personal Data

    4.1 We take the protection of personal data seriously. We have adopted appropriate physical, electronic, and managerial procedures to protect personal data against unauthorized or accidental access, processing, erasure or other use.

    5. Access and Correction of Your Personal Data

    5.1 You have rights to ascertain whether we hold personal data relating to you, to obtain a copy of those data, and to correct any data that is inaccurate.

    5.2 Requests to access or correct your personal data provided to us can be made to our Data Protection Officer at dpotuhk@transunion.com or by post to our office address, 8th Floor, Tower 5, The Gateway, 15 Canton Road, Tsim Sha Tsui, Kowloon, Hong Kong.

    6. Changes to this Privacy Policy

    6.1 We reserve the right to modify this privacy policy at any time without notice. The privacy policy posted at any time shall be deemed to be the privacy policy then in effect.

    6.2 For enquiries regarding this privacy policy, please contact our Data Protection Officer at dpotuhk@transunion.com or by post to our office address at Section 5.2 above.

    7. English Version to Prevail

    7.1 In the event of any ambiguity or inconsistencies between the English and Chinese versions of this privacy policy, the English version shall prevail.

     

    Updated as of 1st day of November, 2023
    v.1.0